API Docs

This page describes all the data types and the endpoints that the backend uses

Data Types

All data types are represented by JSON Objects. All of the endpoints require the Content-Type header to be application/json.

User

The id field is not required when creating a new user. However, it is returned by the server on a show user or a show all call. It is also required by the update call. Password is not a field stored in the database. However, setting that field updates related fields in the database. Secret Answer field basically behaves the same as password. Avatar URL is not directly set in the signup.

{"id":Integer, "email": String, "password": String, "fullName": String, "bio": String, "userType": Integer, "dietType": Integer, "secretQuestion": String, "secretAnswer": String, "avatarUrl": String, "isBanned": Boolean}

User Type Values

• 0 : Regular(default)
• 1 : Admin
• 2 : Food Server

Diet Type Values

• 0 : Omnivore(default)
• 1 : Egg+Diary vegetarian
• 2 : No mushroom or red meat
• 3 : Began
• 4 : Paleo

Access Token

Only returned by the login call. No need to post that.

{"accessToken": String, "userId": Integer, "creationTime": String, "lastAccessTime": String}

For the endpoints that require Authentication, you need to set the Authorization header to "Bearer $token" to authenticate.

Login Credentials

Only posted to the login call.

{"email": String, "password": String}

Answer Credentials

Only posted to the reset password call

{"answer": String, "userId": Integer}

Endpoints

All endpoints start with /api/. POST calls that take an input require their input to be in the request body.

Signup

POST /api/user

Takes: User

Returns: The created User object, with the id set.

Update User

POST /api/user/update

Takes: User

Returns: The updated User

This call requires all the fields of the user be present in the request body. Returns a not authorized response if the token given is not valid. Doesn't modify the user object if the given token is for a different user.

List All Users

GET /api/user

Returns: A list of Users

Show one user

GET /api/user/:id

Returns: A user Object, if one with the given id exists. If not, a 404 response is returned.

Gets one user

POST /api/user/byEmail

Takes: A single JSON String, the email address Returns: A user object, just like getting one by id

Ban user

POST /api/user/ban/:id

Requires authorization. Checks if the logged in user is an admin, if it is, bans the user with the given id.

Takes and Returns: Nothing

Reset Password

Takes: Answer Credentials

Uses the same hashing mechanism as the password system. If the given secret answer matches the one provided by the user, a random password is generated, the user's password is set to that, and a mail containing the new password is sent to the user.

Login

POST /api/session/login

Takes: Login Credentials Returns: Access Token if the attempt is successful. A Not Authorized (403, I think) response if it is unsuccessful.

Logout

POST /api/session/logout

Returns an empty response if the given access token is valid, and then deletes it. Returns a not authorized response if the given token is invalid.

Show current user

GET /api/session/currentUser

Returns the User object referenced by the current Access Token if it is valid. Can be used at startup to check if the token is valid.