In completing this assignment you MAY use/access the following resources:
You may NOT use/access:
- Resources not expressly listed above, including, but not limited to,
the following ...
- Source code not provided as part of this assignment. (Obviously, this
includes, but is not limited to, source code written by other students
whether current or in the past).
- Code-generating tools (of which ChatGPT is one example).
- Any web sites not directly linked to from the homework assignment.
Failure to abide by these guidelines will result in a zero for the assignment
and the incident will be reported to the university provost as a violation of
the university academic integrity policy. A second incident of academic
dishonesty (whether from this course or another computer science course) will
result in an F in the course.
In this assignment you will be starting with the working REST API created
in homework 10. When the assignment is finished your API will honor
the same routes before, but will require authentication as outlined below.
This will also require some new routes for actions of registering and
logging in.
Begin by copying all files and directories from hw10 to hw11
directory of your web space on the csci server.
Then follow the steps presented in class and in the SayIt video
to add the following new endpoints. NOTE: In order to facilitate grading you
need to use the following route names exactly:
- POST /api/register
- Customize the built-in RegisterController to
accept a name, email, password, and confirmed password to establish a
new account in the application. All fields should be validated as in
the non-API version of the application. A failing request should return
a status code of 400 with a properly formatted JSON error string.
If successful a 201 status code should be returned along with a JSON
string formatted as follows:
{
"data": {
"name": "Freddy Man",
"email": "mary6@fun.com",
"updated_at": "2020-02-21 23:38:21+0000",
"created_at": "2020-02-21 23:38:21+0000",
"user_id": 22,
"api_token": "4h2JlB84N4E2pJK80OTLuJ8Uo92bn8NYsTzkIgHk5v6dJLncAN78ORX0jYlr"
}
}
- POST /api/login
- Customize the built-in LoginController to
accept an email and password to be checked against the database.
All fields should be validated as in the non-API version of the
application. A failing request should return a status code of 400 with a
properly formatted JSON error string. If successful a 201 status code
should be returned along with a JSON string formatted as follows:
{
"data": {
"user_id": 22,
"email": "mary6@fun.com",
"name": "Freddy Man",
"email_verified_at": null,
"updated_at": "2020-02-21 23:41:21+0000",
"created_at": "2020-02-21 17:38:21-0600",
"api_token": "4W6Jxeo8j4nV1AH1oh5t02bscDksH8Q7DGHqjxsII3zWcaF0DbRMOXft5QWj"
}
}
- POST /api/logout
- A logout request will require a Bearer token
(provided from a valid login request) in order to be successful. If
the Bearer token belongs to a logged in user then that user should
be logged out (by storing a NULL value in their
api_token
field in the database). A failed logout attempt should return
a status code of 400 with a properly formatted JSON error string. If
successful a 200 status code should be returned along with a JSON string
formatted as follows:
{
"data": "User logged out."
}
In addition to the new endpoints given above the application should use
modified routes and middleware to enact the following authentication
requirements for the previously existing routes. NOTE: All authentication
is through the user of a Bearer token provided in the header of a
request.
- GET /api/books
- Any user, authenticated or not should be able to
access this route.
- GET /api/books/{id}
- Only users with a valid login token can access
this route.
- POST /api/books
- Only users with a valid login token can access
this route.
- PUT /api/books/id
- Only users with a valid login token who also
created this book can access this route.
- DELETE /api/books/id
- Only users with a valid login token who also
created this book can access this route.