Skip to content

le-harivansh/minitick-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits

.husky

.husky

 
 

.yarn

.yarn

 
 

src

src

 
 

test

test

 
 

.env.example

.env.example

 
 

.eslintignore

.eslintignore

 
 

.eslintrc.js

.eslintrc.js

 
 

.gitignore

.gitignore

 
 

.lintstagedrc.json

.lintstagedrc.json

 
 

.prettierignore

.prettierignore

 
 

.prettierrc.json

.prettierrc.json

 
 

.yarnrc.yml

.yarnrc.yml

 
 

README.md

README.md

 
 

db.sh

db.sh

 
 

jest.config.ts

jest.config.ts

 
 

nest-cli.json

nest-cli.json

 
 

package.json

package.json

 
 

tsconfig.build.json

tsconfig.build.json

 
 

tsconfig.json

tsconfig.json

 
 

yarn.lock

yarn.lock

 
 

Repository files navigation

Minitick Server

This is the server of the minitick application. It takes care of: user registration, user authentication, user authorization, and tasks manipulation. The SPA of the minitick project can be found here.

Authentication

The authentication mechanism uses http-only secure cookies to store the JWT access-token and refresh-token.

Logging in

When the user logs in, the response will contain the following JWTs in http-only cookies:

  • access-token - Used to authenticate a user with the application;
  • refresh-token - Used to refresh access-tokens & refresh-tokens;
  • password-confirmation-token - Used to grant authorization to certain routes (/PATCH user & /DELETE user) that modify the user's data on the server.
Access-Token

An access-token is only valid for 15 minutes. This duration can be changed by modifying the JWT_ACCESS_TOKEN_DURATION environment variable. The access-token can be refreshed by POSTing an empty request - with a valid refresh-token - to /refresh/access-token. The resulting response will contain a new access-token cookie.

Refresh-Token

A refresh-token is valid for upto 1 week. This duration can be changed by modifying the JWT_REFRESH_TOKEN_DURATION environment variable. The refresh-token can be refreshed by POSTing an empty request - with a valid refresh-token - to /refresh/refresh-token. The resulting response will contain a new refresh-token cookie.

Password-Confirmation-Token

A password-confirmation-token is valid for only 5 minutes. This duration can be changed by modifying the JWT_PASSWORD_CONFIRMATION_TOKEN_DURATION environment variable. The password-confirmation-token can be refreshed by POSTing an empty request - with a valid access-token - to /refresh/password-confirmation-token. The resulting response will contain a new password-confirmation-token cookie.

Logging out

A user can log-out of the current session or other sessions it has with the application. This is done by passing a scope to /POST logout.

Tasks CRUD

A user can CREATE, READ, UPDATE, and DELETE any of its own tasks.

Installation

  • Clone the repository,
  • Add the required environment variables in a .env file (see .env.example),
  • Setup a mongodb server (see db.sh),
  • Run yarn start:dev (or another script depending on your needs. see scripts in package.json).

Test-Driven-Development

TDD was used to develop the application.

About

The server of the minitick application.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages