Small example app to manage a training center :
- Members have a role (student or coach)
- Each role has specific permissions
- Students can register into a Training (ex: "Python")
- Trainings contain Modules (ex: "Introduction to Python")
- Modules contain Lessons (ex: "Loops & flow structures")
- API requires an auth token, which you can get through the
/login
endpoint
- Create the database in PostgreSQL
- Copy
.env.example
as .env
and change DB host/user/password
- Run
npm install
# development mode
$ npm run start:dev
# production mode
$ npm run start:prod
This repo also contains :
/curl_examples
: cURL scripts to test any endpoint of the API
/documentation
: auto-generated documentation
/docs
:
/cdm
: Conceptual Data Model
install.md
, postgresql.md
and run.md
: command-line reference for installing the app, creating the PostgreSQL user account, and running the app
rbac.png
: list of permissions for each role
POST
/login
(login with username & password, and get back an auth token)
name |
type |
data type |
description |
name |
required |
string |
username |
password |
required |
string |
password |
http code |
content-type |
response |
200 |
application/json |
|
TODO |
application/json |
|
curl -X GET -H "Content-Type: application/json" http://localhost:3000/login
GET
/user/{id}
(get a specific User)
name |
type |
data type |
description |
id |
required |
int |
User id |
http code |
content-type |
response |
200 |
application/json |
User |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/user/1
GET
/user/list
(get all Users. limit=1000)
None
http code |
content-type |
response |
200 |
application/json |
User[] |
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/user/list
POST
/user/signup
(create/signup a new User)
name |
type |
data type |
description |
roleId |
required |
int |
N/A |
name |
required |
string |
username |
password |
required |
string |
password (will be hashed) |
http code |
content-type |
response |
201 |
application/json |
User |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/user/signup
DELETE
/user/{id}
(delete a User)
name |
type |
data type |
description |
id |
required |
int |
User id |
http code |
content-type |
response |
200 |
application/json |
User |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/user/1/delete
PUT
/user/{id}/setrole
(update a User's role)
name |
type |
data type |
description |
id |
required |
int |
User id |
roleId |
required |
int |
roleId of the new role |
http code |
content-type |
response |
200 |
application/json |
User |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/user/1/setrole
GET
/training/{id}
(get a specific Training)
name |
type |
data type |
description |
id |
required |
int |
Training id |
http code |
content-type |
response |
200 |
application/json |
Training |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/training/1
GET
/training/list
(get all Trainings. limit=1000)
None
http code |
content-type |
response |
200 |
application/json |
Training[] |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/training/list
POST
/training/create
(create a new Training)
name |
type |
data type |
description |
name |
required |
string |
Name of the Training |
modules |
required |
int[] |
Array of Module ids to include in this Training |
coachId |
required |
int |
User ID of the coach assigned to this module |
http code |
content-type |
response |
201 |
application/json |
Training |
TODO |
application/json |
|
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/training/create
DELETE
/training/{id}
(delete a Training)
name |
type |
data type |
description |
id |
required |
int |
Training id |
http code |
content-type |
response |
200 |
application/json |
Training |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/training/1/delete
PUT
/training/{id}/update
(update a Training. Can add or delete associated Modules)
name |
type |
data type |
description |
name |
optional |
string |
Training id |
addModules |
optional |
int[] |
list of Modules to add to this Training |
deleteModules |
optional |
int[] |
list of Modules to delete from this Training |
http code |
content-type |
response |
200 |
application/json |
Training |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/training/1/update
GET
/module/{id}
(get a specific Module)
name |
type |
data type |
description |
id |
required |
int |
Module id |
http code |
content-type |
response |
200 |
application/json |
Module |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/module/1
GET
/module/list
(get all Modules. limit=1000)
None
http code |
content-type |
response |
200 |
application/json |
Module[] |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/module/list
POST
/module/create
(create a new Module)
name |
type |
data type |
description |
name |
required |
string |
Name of the Module |
lessons |
optional |
int[] |
Array of Lessons to include in this Module |
http code |
content-type |
response |
201 |
application/json |
Module |
TODO |
application/json |
|
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/module/create
DELETE
/module/{id}
(delete a Module)
name |
type |
data type |
description |
id |
required |
int |
Module id |
http code |
content-type |
response |
200 |
application/json |
Module |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/module/1/delete
PUT
/module/{id}/update
(update a Module. Can add or delete associated Lessons)
name |
type |
data type |
description |
name |
optional |
string |
Module id |
addLessons |
optional |
int[] |
list of Lessons to add to this Module |
deleteLessons |
optional |
int[] |
list of Lessons to delete from this Module |
http code |
content-type |
response |
200 |
application/json |
Module |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/module/1/update
GET
/lesson/{id}
(get a specific Lesson)
name |
type |
data type |
description |
id |
required |
int |
Lesson id |
http code |
content-type |
response |
200 |
application/json |
Lesson |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/lesson/1
GET
/lesson/list
(get all Lessons. limit=1000)
None
http code |
content-type |
response |
200 |
application/json |
Lesson[] |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/lesson/list
POST
/lesson/create
(create a new Lesson)
name |
type |
data type |
description |
name |
optional |
string |
Name of the Lesson |
content |
required |
string |
Content of the lesson |
http code |
content-type |
response |
201 |
application/json |
Lesson |
TODO |
application/json |
|
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/lesson/create
DELETE
/lesson/{id}
(delete a Lesson)
name |
type |
data type |
description |
id |
required |
int |
Lesson id |
http code |
content-type |
response |
200 |
application/json |
Lesson |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/lesson/1/delete
PUT
/lesson/{id}/update
(update a Lesson)
name |
type |
data type |
description |
name |
optional |
string |
Lesson id |
content |
optional |
string |
Lesson text content |
http code |
content-type |
response |
200 |
application/json |
Lesson |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/lesson/1/update
GET
/role/{id}
(get a specific Role)
name |
type |
data type |
description |
id |
required |
int |
Role id |
http code |
content-type |
response |
200 |
application/json |
Role |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/role/1
GET
/role/list
(get all Roles. limit=1000)
None
http code |
content-type |
response |
200 |
application/json |
Role[] |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/role/list
POST
/role/create
(create a new Role)
name |
type |
data type |
description |
name |
optional |
string |
Name of the Role |
permissions |
required |
int[] |
Array of Roles to include in this Role |
http code |
content-type |
response |
201 |
application/json |
Role |
TODO |
application/json |
|
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/role/create
DELETE
/role/{id}
(delete a Role)
name |
type |
data type |
description |
id |
required |
int |
Role id |
http code |
content-type |
response |
200 |
application/json |
Role |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/role/1/delete
PUT
/role/{id}/update
(update a Role. Can add or delete associated Permissions)
name |
type |
data type |
description |
name |
optional |
string |
Name of role |
addPermissions |
optional |
string |
List of Permissions to add to this Role |
deletePermissions |
optional |
string |
List of Permissions to remove from this Role |
http code |
content-type |
response |
200 |
application/json |
Role |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/role/1/update
GET
/permission/{id}
(get a specific Permission)
name |
type |
data type |
description |
id |
required |
int |
Permission id |
http code |
content-type |
response |
200 |
application/json |
Permission |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/permission/1
GET
/permission/list
(get all Permissions. limit=1000)
None
http code |
content-type |
response |
200 |
application/json |
Permission[] |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/permission/list
POST
/permission/create
(create a new Permission)
name |
type |
data type |
description |
name |
required |
string |
Name |
description |
required |
string |
Description |
http code |
content-type |
response |
201 |
application/json |
Permission |
TODO |
application/json |
|
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/permission/create
DELETE
/permission/{id}
(delete a Permission)
name |
type |
data type |
description |
id |
required |
int |
Permission id |
http code |
content-type |
response |
200 |
application/json |
Permission |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/permission/1/delete
PUT
/permission/{id}/update
(update a Permission)
name |
type |
data type |
description |
name |
optional |
string |
Permission name |
description |
optional |
string |
Permission description |
http code |
content-type |
response |
200 |
application/json |
Permission |
404 |
application/json |
{"code":"404","message":"Not Found"} |
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/permission/1/update