Day 15 Lab
Implement a fully functional, authenticated and authorized API Server using the latest coding techniques
Over the course of the previous 2 blocks, you have separately created an auth-server and an api-server
In this project, the core requirement is to marry those 2 servers to create a single, authenticated API server.
Refer to Getting Started in the lab submission instructions for complete setup, configuration, deployment, and submission instructions.
- API Routes must now be protected with the proper permissions based on user capability
app.get(...)should should not require authenticationapp.post(...)should require thecreatecapabilityapp.put(...)should require theupdatecapabilityapp.patch(...)should require theupdatecapabilityapp.delete(...)should require thedeletecapability
- Clean and modularize Auth Middleware
- Clean/Tighten the Auth Model
- Stretch Goal
- Multiple OAuth Providers Support
- Create an abstraction for the
oauthroute
Implementation Notes/Advice
- Use the code you've already written for the
auth-serverand theapi-server! - Add the
authmodule/folder from theauth-serverto the API server - Import and use the auth routes in the API server
- Create users and roles in the mongo database
- Tests from both previous servers should work in the new merged server...
- 100% Test Coverage Goal For:
- Auth router
- Signup
- Sign In via username/password or Token
- Model Finder Middleware
- Auth Middleware
- Protected Routes
- OAuth Chooser
- API Routes
- Make assertions on the data shapes returned from the API routes
- Auth router
Refer to the the lab submission instructions for the complete lab submission process and expectations