This document management system is a full stack application that manages documents, users and user roles.
It also provides restful APIs for users to create and manage documents giving different privileges based on user roles and managing authentication of users with JsonWebToken.
The API has routes, each dedicated to a single task that uses HTTP response codes to indicate API status and errors.
The following features make up the Document Management System API:
-
It uses JSON Web Token (JWT) for authentication.
-
It generates a token on successful login or account creation and returns it to the consumer.
-
It verifies the token to ensures a user is authenticated to access protected endpoints.
-
It allows users to be created.
-
It allows users to login and obtain a token
-
It allows authenticated users to retrieve and update their information.
-
It allows the admin to manage users.
-
It allows for assignment of roles to users
-
It allows new documents to be created by authenticated users.
-
It ensures all documents are accessible based on the permission specified.
-
It allows admin users to be able to delete documents.
-
It ensures users can delete, edit and update documents that they own.
-
It allows users to retrieve all documents they own as well as public documents.
- It allows users to search public documents for a specified search term.
- It allows admin to retrieve all documents that matches search term.
- It allows admin to search users based on a specified search term
| EndPoint | Functionality |
|---|---|
| POST /users/login | Logs a user in. |
| POST /users/logout | Logs a user out. |
| POST /users | Creates a new user. |
| GET /users | Find matching instances of user. |
| GET /users/profile | Gets the logged in user's profile |
| GET /users?search=:word | Search the users base on search query param |
| GET /users?limit=:num | Limits the users return, defaults to ten |
| GET /users?limit=:limit=:num&offset=:num | Sets the next users to get |
| GET /users/:id | Gets a single user. |
| PUT /users/:id | Update user. |
| DELETE /users/:id | Delete user. |
| POST /documents | Creates a new document instance. |
| GET /documents | Find matching instances of document. |
| GET /documents?search=:word | Search the documents base on the query param |
| GET /documents?limit=:num | Limits the documents return, defaults to ten |
| GET /documents?limit=:num&offset=:num | Sets the next documents to get |
| GET /documents/:id | Find document. |
| PUT /documents/:id | Update document attributes. |
| DELETE /documents/:id | Delete document. |
Roles- roleId 1 is an admin role
- roleId 2 is a regular user
Access- accessId 1 is public
- accessId 2 is private
- accessId 3 is role
Endpoint for Users API.
- Endpoint: POST:
/users - Body
(application/json)
{
"username": "uniqueuser",
"firstName": "Unique",
"lastName": "User",
"email": "[email protected]",
"RoleId": 1,
"password": "password"
}- Status:
201: Created - Body
(application/json)
{
"user": {
"id": 141,
"username": "uniqueuser",
"firstName": "Unique",
"lastName": "User",
"email": "[email protected]",
"RoleId": 1,
"password": "password",
"createdAt": "2017-02-19T17:34:19.992Z",
"updatedAt": "2017-02-19T17:34:19.992Z"
},
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJVc2VySWQiOjE0MSwiUm9sZUlkIjoxLCJpYXQiOjE0ODc1MjU2NjAsImV4cCI6MTQ4NzY5ODQ2MH0.ddCQXZB2_woJ32xZNHqPBhNXfjBRg6T3ZsSmF8GCplA",
"expiresIn": "2 days"
}- Endpoint: GET:
/users - Requires: Authentication, Admin Role
- Status:
200: OK - Body
(application/json)
[{
"id": 140,
"username": "nypd",
"firstName": "sugar",
"lastName": "ray",
"email": "[email protected]",
"RoleId": 1,
"password": "$2a$08$ErbiyXkXAXsGXLoG2VOIIucUwzaCXGJz.d5YKkL/0SQIM3xhdbib2",
"createdAt": "2017-02-17T19:41:30.837Z",
"updatedAt": "2017-02-17T19:41:30.837Z"
},
{
"id": 141,
"username": "uniqueuser",
"firstName": "Unique",
"lastName": "User",
"email": "[email protected]",
"RoleId": 1,
"password": "$2a$08$eggCuipNKnau7CJcxGVaUeEssqo5OjbQedfV1.gGNT2GNTyloD6MS",
"createdAt": "2017-02-19T17:34:19.992Z",
"updatedAt": "2017-02-19T17:34:19.992Z"
}]Endpoint for document API.
- Endpoint: GET:
/documents - Requires: Authentication, Admin Role
- Status:
200: OK - Body
(application/json)
[{
"id": 10,
"title": "Another Day",
"content": "This is the day that the Lord has made",
"accessId": 1,
"ownerId": 21,
"createdAt": "2017-02-17T17:40:45.146Z",
"updatedAt": "2017-02-17T17:40:45.146Z"
},
{
"id": 11,
"title": "Private",
"content": "Never hidden from admin eyes",
"accessId": 2,
"ownerId": 1,
"createdAt": "2017-02-06T22:55:43.747Z",
"updatedAt": "2017-02-06T22:55:43.747Z"
}]- Endpoint: POST:
/documents - Requires: Authentication
- Body
(application/json)
{
"title": "Random Title",
"content": "Just some text here",
"accessId": 3
}- Status:
201: Created - Body
(application/json)
{
"id": 1,
"title": "Random Title",
"content": "Just some text here",
"ownerId": 1,
"accessId": 3,
"createdAt": "2017-02-05T05:51:51.217Z",
"updatedAt": "2016-02-05T05:51:51.217Z"
}- Endpoint: GET:
/documents/:id - Requires: Authentication
- Status:
200: OK - Body
(application/json)
{
"id": 1,
"title": "Random Title",
"content": "Just some text here",
"ownerId": 1,
"accessId": 3,
"createdAt": "2017-02-05T05:51:51.217Z",
"updatedAt": "2016-02-05T05:51:51.217Z"
}- Endpoint: PUT:
/documents/:id - Requires: Authentication
- Body
(application/json):
{
"title": "Updated Title",
}- Status:
200: OK - Body
(application/json)
{
"id": 1,
"title": "Updated Title",
"content": "Just some text here",
"ownerId": 1,
"accessId": 3,
"createdAt": "2017-02-05T05:51:51.217Z",
"updatedAt": "2016-02-05T05:51:51.217Z"
}- Endpoint: DELETE:
/documents/:id - Requires: Authentication
- Status:
200: OK - Body
(application/json)
{
"message": "Document successfully deleted"
}- Endpoint: GET:
/search/documents/?search=searchterm - Requires: Authentication
- Status:
200: OK - Body
(application/json)
[{
"id": 10,
"title": "Another Day",
"content": "This is the day that the Lord has made",
"accessId": 1,
"ownerId": 21,
"createdAt": "2017-02-17T17:40:45.146Z",
"updatedAt": "2017-02-17T17:40:45.146Z"
},
{
"id": 11,
"title": "Private",
"content": "Never hidden from admin eyes",
"accessId": 2,
"ownerId": 1,
"createdAt": "2017-02-06T22:55:43.747Z",
"updatedAt": "2017-02-06T22:55:43.747Z"
}]- Endpoint: GET:
/search/users/?search=searchterm - Requires: Authentication, Admin Role
- Status:
200: OK - Body
(application/json)
[{
"id": 140,
"username": "nypd",
"firstName": "sugar",
"lastName": "ray",
"email": "[email protected]",
"RoleId": 1,
"password": "$2a$08$ErbiyXkXAXsGXLoG2VOIIucUwzaCXGJz.d5YKkL/0SQIM3xhdbib2",
"createdAt": "2017-02-17T19:41:30.837Z",
"updatedAt": "2017-02-17T19:41:30.837Z"
},
{
"id": 141,
"username": "uniqueuser",
"firstName": "Unique",
"lastName": "User",
"email": "[email protected]",
"RoleId": 1,
"password": "$2a$08$eggCuipNKnau7CJcxGVaUeEssqo5OjbQedfV1.gGNT2GNTyloD6MS",
"createdAt": "2017-02-19T17:34:19.992Z",
"updatedAt": "2017-02-19T17:34:19.992Z"
}]- JavaScript (ES6)
- Node.js
- Express
- Postgresql
- Sequelize ORM
- React
- Materialize CSS
- Postgresql and
- Node.js >= v6.8.0.
- Clone this repository from a terminal
https://github.com/andela-aalabi/DMS-papyrus.git. - Move into the project directory
cd dms - Install project dependencies
npm install - Create Postgresql database and run migrations
npm undoandnpm redo. - Start the express server
npm start. - Run test
npm test. - Make changes and commit your changes
- git push and make a pull request to my repo
- Fork or clone the repo to your computer.
- Change directory: cd dms
- Run npm install
- Create a feature branch and work on it.
- Push to the remote branch.
- Open a Pull Request to development branch.