backend_routes.md - Shununit6/TravelerNote GitHub Wiki
API-Routes
This web app uses the following API routes to dynamically update the page to create a single-page-app-like feel for the user for specific features.
USER AUTHENTICATION/AUTHORIZATION
All endpoints that require authentication
All endpoints that require a current user to be logged in.
- Request: endpoints that require authentication
- Error Response: Require authentication
-
Status Code: 401
-
Headers:
- Content-Type: application/json
-
Body:
{ "message": "Authentication required" }
-
All endpoints that require proper authorization
All endpoints that require authentication and the current user does not have the correct role(s) or permission(s).
- Request: endpoints that require proper authorization
- Error Response: Require proper authorization
-
Status Code: 403
-
Headers:
- Content-Type: application/json
-
Body:
{ "message": "Forbidden" }
-
Get the Current User
Returns the information about the current user that is logged in.
-
Require Authentication: false
-
Request
-
Method: GET
-
URL: /api/session
-
Body: none
-
-
Successful Response when there is a logged in user
-
Status Code: 200
-
Headers:
- Content-Type: application/json
-
Body:
{ "user": { "id": 1, "firstName": "John", "lastName": "Smith", "email": "[email protected]", "username": "JohnSmith" } }
-
-
Successful Response when there is no logged in user
-
Status Code: 200
-
Headers:
- Content-Type: application/json
-
Body:
{ "user": null }
-
Log In a User
Logs in a current user with valid credentials and returns the current user's information.
-
Require Authentication: false
-
Request
-
Method: POST
-
URL: /api/session
-
Headers:
- Content-Type: application/json
-
Body:
{ "credential": "[email protected]", "password": "secret password" }
-
-
Successful Response
-
Status Code: 200
-
Headers:
- Content-Type: application/json
-
Body:
{ "user": { "id": 1, "firstName": "John", "lastName": "Smith", "email": "[email protected]", "username": "JohnSmith" } }
-
-
Error Response: Invalid credentials
-
Status Code: 401
-
Headers:
- Content-Type: application/json
-
Body:
{ "message": "Invalid credentials" }
-
-
Error response: Body validation errors
-
Status Code: 400
-
Headers:
- Content-Type: application/json
-
Body:
{ "message": "Bad Request", // (or "Validation error" if generated by Sequelize), "errors": { "credential": "Email is required", "password": "Password is required" } }
-
Sign Up a User
Creates a new user, logs them in as the current user, and returns the current user's information.
-
Require Authentication: false
-
Request
-
Method: POST
-
URL: /api/users
-
Headers:
- Content-Type: application/json
-
Body:
{ "firstName": "John", "lastName": "Smith", "email": "[email protected]", "username": "JohnSmith", "password": "secret password" }
-
-
Successful Response
-
Status Code: 200
-
Headers:
- Content-Type: application/json
-
Body:
{ "user": { "id": 1, "firstName": "John", "lastName": "Smith", "email": "[email protected]", "username": "JohnSmith" } }
-
-
Error response: User already exists with the specified email
-
Status Code: 500
-
Headers:
- Content-Type: application/json
-
Body:
{ "message": "User already exists", "errors": { "email": "User with that email already exists" } }
-
-
Error response: User already exists with the specified username
-
Status Code: 500
-
Headers:
- Content-Type: application/json
-
Body:
{ "message": "User already exists", "errors": { "username": "User with that username already exists" } }
-
-
Error response: Body validation errors
-
Status Code: 400
-
Headers:
- Content-Type: application/json
-
Body:
{ "message": "Bad Request", // (or "Validation error" if generated by Sequelize), "errors": { "email": "Invalid email", "username": "Username is required", "firstName": "First Name is required", "lastName": "Last Name is required" } }
-
PLANS
Get all plans
Returns all the plans.
- Require Authentication: false
GET /api/plans
Get all Plans created by the Current User
Returns all the plans that are created by the Current User.
- Require Authentication: true
GET /api/plans/current
Get details of a Plan from an id
Returns the details of a plan specified by its id.
- Require Authentication: false
GET /api/plans/:planId
Create a Plan
Creates and returns a new plan.
- Require Authentication: true
POST /api/plans
Edit a Plan
Updates and returns an existing plan.
- Require Authentication: true
- Require proper authorization: Plan must be created by the current user
PUT /api/plans/:planId
Delete a Plan
Deletes an existing plan: A logged in user may delete one of their own Plans, removing it from the list of visible Plans without causing a refresh/redirect.
- Require Authentication: true
- Require proper authorization: Plan must be created by the current user
DELETE /api/plans/:planId
EXPENSES
Get all Expenses
Returns all the expenses.
- Require Authentication: false
GET /api/expenses
Get all Expenses created by the Current User
Returns all the expenses that are created by the Current User.
- Require Authentication: true
GET /api/expenses/current
Get details of an Expense from an id
Returns the details of an expense specified by its id.
- Require Authentication: false
GET /api/expenses/:expenseId
Create an Expense
Creates and returns a new expense.
- Require Authentication: true
POST /api/expenses
Edit an Expense
Updates and returns an existing expense.
- Require Authentication: true
- Require proper authorization: Expense must be created by the current user
PUT /api/expenses/:expenseId
Delete an Expense
Deletes an existing expense: A logged in user may delete one of their own Expense, removing it from the list of visible Expenses without causing a refresh/redirect.
- Require Authentication: true
- Require proper authorization: Expense must be created by the current user
DELETE /api/expenses/:expenseId
PLACES
Get all Places
Returns all the places.
- Require Authentication: false
GET /api/places
Get all Places created by the Current User
Returns all the places that are created by the Current User.
- Require Authentication: true
GET /api/places/current
Get details of a place from an id
Returns the details of a place specified by its id.
- Require Authentication: false
GET /api/places/:placeId
Create a Place
Creates and returns a new place.
- Require Authentication: true
POST /api/places
Edit a Place
Updates and returns an existing place.
- Require Authentication: true
- Require proper authorization: Place must be created by the current user
PUT /api/places/:placeId
Delete an Place
Deletes an existing place: A logged in user may delete one of their own Place, removing it from the list of visible Places without causing a refresh/redirect.
- Require Authentication: true
- Require proper authorization: Place must be created by the current user
DELETE /api/places/:placeId
STORIES
Get all stories
Returns all the stories.
- Require Authentication: false
GET /api/stories
Get all Stories created by the Current User
Returns all the Stories that are created by the Current User.
- Require Authentication: true
GET /api/Stories/current
Get details of a Story from an id
Returns the details of a story specified by its id.
- Require Authentication: false
GET /api/stories/:storyId
Create a Story
Creates and returns a new story.
- Require Authentication: true
POST /api/stories
Edit a Story
Updates and returns an existing story.
- Require Authentication: true
- Require proper authorization: Story must be created by the current user
PUT /api/stories/:storyId
Delete a Story
Deletes an existing story: A logged in user may delete one of their own Stories, removing it from the list of visible Stories without causing a refresh/redirect.
- Require Authentication: true
- Require proper authorization: Story must be created by the current user
DELETE /api/stories/:storyId
LIKES
Get all Likes
Returns all the likes of a story.
- Require Authentication: false
GET /api/stories/:id/likes
Like or unlike a story
- A logged in user can like or unlike a story with visible confirmation without causing a refresh/redirect.
POST /api/stories/:id/likesDELETE /api/stories/:id/likes