HW11: REST Authentication due Tue 09 Apr 13:20
Allowed and Disallowed Resources
In completing this assignment you MAY use/access the following resources:- The JavaScript Command Sheets handed out in Web 1 (and also available here: https://josephus.hsutx.edu/classes/all/javascriptcommandsheets/.
- Examples and sample code found here: https://josephus.hsutx.edu/classes/w2/source/.
- The VSCode editor with appropriate syntax highlighting and formatting plugins. You may not use any plugins that generate code, however.
- Video instructions provided in Canvas as part of this course. You MAY NOT USE any other video resources.
- The course notes that accompany the video instructions which can be found here: https://docs.google.com/presentation/d/113px2eo6b2rltW0cKty7782GpEFIYA4WyFlhE6ye5G4/edit?pli=1#slide=id.p
- The official JavaScript Documentation found here: https://developer.mozilla.org/en-US/docs/Web/JavaScript.
- The official PHP Documentation found here: https://www.php.net/docs.php
- The official jQuery Documentation found here: https://api.jquery.com/
- Any handouts provided by the instructor as part of this course.
- Your own course notes
- Your instructor
- Discussions about the assignment with other students as long as you never look at the code produced by another student and you never receive instructions about solving the homework. That is, discussions need to be about concepts and understanding the technologies and not about how to solve the particular problem posed in this assignment.
You may NOT use/access:
- Resources not expressly listed above, including, but not limited to, the following ...
- Source code not provided as part of this assignment. (Obviously, this includes, but is not limited to, source code written by other students whether current or in the past).
- Code-generating tools (of which ChatGPT is one example).
- Any web sites not directly linked to from the homework assignment.
Failure to abide by these guidelines will result in a zero for the assignment and the incident will be reported to the university provost as a violation of the university academic integrity policy. A second incident of academic dishonesty (whether from this course or another computer science course) will result in an F in the course.
Overview
In this assignment you will be starting with the working REST API created in homework 10. When the assignment is finished your API will honor the same routes before, but will require authentication as outlined below. This will also require some new routes for actions of registering and logging in.
Details
Begin by copying all files and directories from hw10 to hw11 directory of your web space on the csci server. Then follow the steps presented in class and in the SayIt video to add the following new endpoints. NOTE: In order to facilitate grading you need to use the following route names exactly:- POST /api/register
- Customize the built-in RegisterController to
accept a name, email, password, and confirmed password to establish a
new account in the application. All fields should be validated as in
the non-API version of the application. A failing request should return
a status code of 400 with a properly formatted JSON error string.
If successful a 201 status code should be returned along with a JSON
string formatted as follows:
{ "data": { "name": "Freddy Man", "email": "mary6@fun.com", "updated_at": "2020-02-21 23:38:21+0000", "created_at": "2020-02-21 23:38:21+0000", "user_id": 22, "api_token": "4h2JlB84N4E2pJK80OTLuJ8Uo92bn8NYsTzkIgHk5v6dJLncAN78ORX0jYlr" } } - POST /api/login
- Customize the built-in LoginController to
accept an email and password to be checked against the database.
All fields should be validated as in the non-API version of the
application. A failing request should return a status code of 400 with a
properly formatted JSON error string. If successful a 201 status code
should be returned along with a JSON string formatted as follows:
{ "data": { "user_id": 22, "email": "mary6@fun.com", "name": "Freddy Man", "email_verified_at": null, "updated_at": "2020-02-21 23:41:21+0000", "created_at": "2020-02-21 17:38:21-0600", "api_token": "4W6Jxeo8j4nV1AH1oh5t02bscDksH8Q7DGHqjxsII3zWcaF0DbRMOXft5QWj" } } - POST /api/logout
- A logout request will require a Bearer token
(provided from a valid login request) in order to be successful. If
the Bearer token belongs to a logged in user then that user should
be logged out (by storing a NULL value in their
api_tokenfield in the database). A failed logout attempt should return a status code of 400 with a properly formatted JSON error string. If successful a 200 status code should be returned along with a JSON string formatted as follows:{ "data": "User logged out." }
In addition to the new endpoints given above the application should use modified routes and middleware to enact the following authentication requirements for the previously existing routes. NOTE: All authentication is through the user of a Bearer token provided in the header of a request.
- GET /api/books
- Any user, authenticated or not should be able to
access this route.
- GET /api/books/{id}
- Only users with a valid login token can access
this route.
- POST /api/books
- Only users with a valid login token can access
this route.
- PUT /api/books/id
- Only users with a valid login token who also
created this book can access this route.
- DELETE /api/books/id
- Only users with a valid login token who also created this book can access this route.