Backend Server Functionalities - april1703/SpotiReels GitHub Wiki

SpotiReels communicates with a backend server to maintain the correct access control and save user preferences. The backend's job is to communicate with the different SQL containers in order to keep data up to date, and ensure users have proper authentication. This page goes into each function in the backend, what it expects, what it does, and what it returns.

Spotify API Authentication and Health Check

<>

SQL Database Connection and Health Check

This piece of code establishes a connection function for the SQL database and tests if the connection is healthy.

Owner: Sadie Ann

User Management POST Calls

This section discusses the different functions that work with requests to the "users" database.

Owner: Sadie Ann

Registration

Request: "/register" params(username:String, spotifyUsername:String, email:String, password:String)
Return: HTTP confirmation with a status and message:
- 200:OK
- 403:INVALID CHARACTERS
- 409:ALREADY EXISTS ERROR
- 500:NETWORK ERROR

The registration function creates a new entry into the "users" database, and inserts the new user's data into it's own table. The function will also establish a unique 12-character salt and a hash for the password using Crypto and BCrypt, respectively. All preferences on registration are set to default (ie. isDarkMode = False, isExplicit = False).

Login

Request: "/login" params(username:String, password:String)
Return: HTTP confirmation with a status and message:
- 200:OK
- 403:INVALID CHARACTERS | INCORRECT PASSWORD
- 404:USER NOT FOUND
- 500:NETWORK ERROR

The login function searches the SQL database for an existing user, and retrieves that user's unique salt and hashed password. Then, the function recreates the password by concatenating the salt with the entered password and the server's pepper, and compares the resulting hash to the one in the database.

Change Password

Request: "/changePassword" params(username:String, currentPassword:String, proposedPassword:String)
Return: HTTP confirmation with a status and message:
- 200:OK
- 403: INVALID CHARACTERS | INCORRECT PASSWORD
- 404: USER NOT FOUND
- 500: NETWORK ERROR

The change password function searches the SQL database for a user, and retrieves that user's unique salt and hashed password. Similarly to the login function, the password is recreated by concatenating the user's salt with the entered password and the server's pepper, and the resulting hash is compared to the one in the database. If these match, a new 12-character salt is created for the user, and the user's previous salt and hashed password are replaced by the new salt and the resulting hash of the new salt concatenated with the new password and the server's pepper.

Change Explicit

Request: "/changeExplicit" params(username:String, isExplicitRequest:String(TRUE|FALSE))
Return: HTTP confirmation with a status and message:
- 200:OK
- 500:NETWORK ERROR

The change explicit function changes the boolean value of the user's "isExplicit" field.

Change Lighting Mode

Request: "/changeLightingMode" params(username:String isLightingModeRequest:String(TRUE|FALSE))
Return: HTTP confirmation with a status and message:
- 200:OK
- 500:NETWORK ERROR

The change lighting mode function changes the boolean value of the user's "isDarkMode" field.

Following Management POST/GET Calls

This section discusses the different functions that work with requests to the "following" table.

Owner: Sadie Ann

Add Following

Request: "/addFollowing" params(username:String, following_username:String)
Return: HTTP confirmation with a status and message:
- 200:OK
- 403:INVALID CHARACTERS
- 409:ALREADY FOLLOWING
- 500:NETWORK ERROR

The add following function adds a new entry into the following table, in such a way that the username is the user and the following_username is who the user wants to follow.

Remove Following

Request: "/removeFollowing" params(username:String, following_username:String)
Return: HTTP confirmation with a status and message:
- 200:OK
- 403:INVALID CHARACTERS
- 500:NETWORK ERROR

The remove following function removes an entry from the following table, in such a way that the username is the user and the following_username is who the user wants to stop following.

Get Following List

Request: "/getFollowing" params(username:String)
Return: HTTP confirmation with a status and a message/SQL list (on 200)
- 200:OK, SENT LIST
- 403:INVALID CHARACTERS
- 404:USER NOT FOUND
- 500:NETWORK ERROR

The get following function takes a user and searches for all instances of that username in the following SQL table, such that what is returned is a list of tuples of the user and who that user is following. If the user isn't following anyone, or any other error occurs, a message is sent instead.

Find Users

Request: "/searchUser" params(query:String)
Return: HTTP confirmation with a status and a message/JSON body (on 200)
- 200:OK, SENT LIST
- 403:INVALID CHARACTERS
- 404:NO RESULTS FOUND
- 500: DATABASE ERROR

The find users function takes a string and searches the users table for instances of said substring in the "username" variable, such that what is returned is a list of users whose usernames contain "query" as a substring.

Playlist POST Calls

This section discusses the different functions that work with requests to the playlist tables.

Add To Playlist

Request: "/addToPlaylist" params(username:String, playlist_name:String, song_name:String)
Return: HTTP confirmation with a status and a message
- 200:OK
- 403:INVALID CHARACTERS
- 500:DATABASE ERROR

The add to playlist function takes a user, the target playlist, and the name of a song, and stores this information in the playlist_contents SQL database, such that the song is now associated with the infinitely scaling playlist.

Remove From Playlist

Request: "/removeFromPlaylist" params(username:String, playlist_name:String, song_name:String)
Return: HTTP confirmation with a status and a message
- 200:OK
- 403:INVALID CHARACTERS
- 500:DATABASE ERROR

The remove from playlist function takes a user, the target playlist, and the name of a song, and removes any instances of these three from the playlist_contents database, such that the song is no longer associated with that playlist.

Get playlist

Request: "/getPlaylist" params(username:String, playlist_name:String)
Return: HTTP confirmation with a status and a message/JSON body (on 200)
- 200:OK, SENT LIST
- 403:INVALID CHARACTERS
- 404:NOT FOUND
- 500:DATABASE ERROR

The get playlist function takes a user and a playlist name, and retrieves all the associated songs. This is then returned (on 200) as a JSON object.

Liked List POST Calls

This section discusses the different functions that work with requests to the liked songs table.

Add To Liked

Request: "/addLiked" params(username:String, song_name:String)
Return: HTTP confirmation with a status and a message
- 200:OK
- 403:INVALID CHARACTERS
- 500:DATABASE ERROR

The add to liked function takes a user and a song, and adds an instance of these two to the liked table, such that the song is associated with the user's infinitely-scaling liked songs list.

Remove From Liked

Request: "/removeLiked" params(username:String, song_name:String)
Return HTTP confirmation with a status and a message
- 200:OK
- 403:INVALID CHARACTERS
- 500:DATABASE ERROR

The remove from liked function takes a user and a song, and removes any instances of these two from the liked table, such that the song is no longer associated with the user's liked songs list.

Get Liked

Request: "/getLiked" params(username:String)
Return HTTP confirmation with a status and a message/JSON body (on 200)
- 200:OK, LIST SENT
- 403:INVALID CHARACTERS
- 404:NOT FOUND
- 500:DATABASE ERROR

The get liked function takes a user and returns all the songs associated with this user's liked songs list. This is then returned (on 200) as a JSON object.

Post POST Calls

This section discusses the different functions that work with requests to the posts table.

Create Post

Request: "/createPost" params(username:String, song_title:String, post_body:String)
Return HTTP confirmation with a status and a message
- 200:OK
- 403:INVALID CHARACTERS
- 500:DATABASE ERROR

The create post function takes a user, a song title, and a post body (or description) and creates a new entry in the post table.

Get Following Posts

Request: "/getFollowingPost" params(username:String)
Return HTTP confirmation with a status and a message/JSON body (on 200)
- 200:OK, LIST SENT
- 403:INVALID CHARACTERS
- 404:NO POSTS FOUND
- 500:DATABASE ERROR

The get following posts function takes a user, finds who the user is following, and retrieves all the following's posts, sorted by timestamp.

Other Functions

This section discusses the different private helper functions in the backend

Owner: Sadie Ann

Regex Check

Params: listOfItems:String[]
Return: Boolean

The check regex function takes in an array of strings and checks them for any instances of symbols/punctuation that may cause issues in the SQL database. If nothing untoward is found, the function returns false. If a string is found to contain such a symbol, the function returns true.