Skip to content

thisago/restSpa

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

66 Commits
httpReqs
httpReqs
 
 
src
src
 
 
.env
.env
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
changelog.md
changelog.md
 
 
config.nims
config.nims
 
 
license
license
 
 
readme.md
readme.md
 
 
restSpa.nimble
restSpa.nimble
 
 

Repository files navigation

restSpa

SPA & REST template using Prologue, Norm and Karax

The template is not ready yet, but you can follow all changes on changelog

Stack

  • Nim (Programming language)
  • Norm (ORM)
  • Prologue (Backend framework)
  • Karax (Frontend framework)

Features

  • User manipulation in a SQLite DB
  • .env configs
  • REST API
  • SPA
  • 100% in Nim
  • Boilerplate free
  • A lot of abstractions

Routes

API

The API understands the body type as JSON, url-encoded and forms. Just specify the Content-Type

POST /api/signin - Login

Example:

POST /api/signin HTTP/1.1
Content-Type: application/json

{
  "username": "user",
  "password": "pass"
}

POST /api/signup - Create new account

Example:

POST /api/signup HTTP/1.1
Content-Type: application/json

{
  "username": "user",
  "email": "user@localhost",
  "password": "pass",
}

POST /api/logout

Example:

POST /api/logout HTTP/1.1
Cookie: session=<LOGGED SESSION>

POST /api/delUser - Delete current user

Example:

POST /api/delUser HTTP/1.1
Cookie: session=<LOGGED SESSION>

POST /api/activate - Activate the user

Example:

POST /api/activate HTTP/1.1
Content-Type: application/json

{
  "username": "user",
  "password": "pass",
  "code": "verification code",
}

GET /api/resend/{kind} - Resend emails

Example:

GET /api/resend/activation HTTP/1.1

Admin

POST /api/admin/getUser - Get any user data (admin)

Example:

POST /api/admin/getUser HTTP/1.1
Content-Type: application/json
Cookie: session=<ADMIN SESSION>

{
  "_username": "user" // Get using username
  // "_email": "user@localhost" // Get using email
}

POST /api/admin/editUser - Edit any user (admin)

Example: (can edit multiple fields at same time too)

POST /api/admin/getUser HTTP/1.1
Content-Type: application/json
Cookie: session=<ADMIN SESSION>

{
  "_username": "admin", // Edit using username
  // "_email": "admin@localhost", // Edit using email
  "rank": "urUser" // Can edit almost any field, in this case, we are removing admin privileges
}

POST /api/admin/delUser - Delete any user (admin)

Example:

POST /api/admin/getUser HTTP/1.1
Content-Type: application/json
Cookie: session=<ADMIN SESSION>

{
  "_username": "user", // Delete using username
  // "_email": "user@localhost", // Delete using email
}

Any API request can be made with application/json, application/x-www-form-urlencoded and multipart/form-data content types, just specify the Content-Type header

Setup

  1. Uncomment .env in .gitignore
  2. Replace all respSpa to your project name (including files/dirs names and inside files)
  3. Change the secretKey in .env
  4. Change the version, description and author in nimble file - Don't forget the credits ;)

Notes

  • In production disable the debug in .env

Style-guide and good practices

  • All procs starting with r_ is a route
  • All routes calls forceHttpMethod that checks if the route is called using the correct HTTP method (useful in development and helps identify the routes by reading the code)
  • In a if statement, try to put the error/fallback in the last
  • Imports sequence is: std, pkg and local (current project)
  • Each route file can have just one route
  • in routes dir can have just routes because the filename is same as route name

TODO

  • Hash the password
  • Add user permission levels
  • Add a route to delete user (for moderators?)
  • Add route to get the logged user data
  • Add login logging table
    • Add routes to get data (admin)
  • Add last ip in User
  • Add tests
  • Support id for querying (Users)
  • Add an error when no fields to edit was provided at /api/admin/editUser route
  • Do the frontend (break it in smaller tasks)
  • Fix email sending
  • Add user activation
  • Add user password reset
  • Add honeypots or captcha
  • Low priority: Add a temp block to multiple requests at same time to prevent DoS
  • Block use of certain usernames and add filters. Like special chars
  • Add a route to request new email validation Email resending
  • Fix API to be REST (Resources: IBM, RestfulAPI)
    • Statelessness - Remove session verification at API, use some API key
  • User activation as a code like Github
  • Split route function to a function that can be called with custom data
  • Fix file logging

License

MIT

About

SPA & REST base using Prologue, Norm and Karax. See the docs below

thisago.github.io/restSpa/theindex.html

Topics

api spa orm nim authentication frontend backend rest-api full-stack fullstack base server-base full-stack-application fullstack-nim

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Sponsor this project

Packages

No packages published

Contributors 2

  •  
  •  

Languages