A blog REST api allowing multiple users, admins, posts, and comments. Implements modern JWT-based authentication and authorization. Fully tested.
-
Clone this repository and change directory into the folder
-
Using SSH
git clone [email protected]:scottBowles/blog-api.git cd blog
-
Using https
git clone https://github.com/scottBowles/blog-api.git cd blog
-
-
Install dependencies
npm i
-
Configure environment variables
Create a filed named
.envin the /blog directory with environment variables. For this you will need to set up your MongoDB databases (a dev db and a test db) and retrieve the connection URIs. The URIs will look something like this:mongodb+srv://[username]:[password]@cluster0.g79of.mongodb.net/[database_name]?retryWrites=true&w=majorityThe file's contents should include the following variables. Variables are defined in the format
key=value, with no quotation marks:PORT=3000 PORT_TEST=5000 DB_URI={Dev DB Connection URI} DB_URI_TEST={Test DB Connection URI} JWT_PRIVATE_KEY=aPasskeyOfYourChoiceDefinedOnlyHere -
Success!
Start the server with
npm startand access the api athttp://localhost:3000/Run tests with
npm test
| Attribute | Constraints | Description | Type |
|---|---|---|---|
| firstName | required; minimum 1 char; maximum 255 char | User first name | string |
| lastName | required; minimum 1 char; maximum 255 char | User last name | string |
| required; unique; valid email; maximum 255 char | User email address | string | |
| password | required; minimum 8 char; maximum 255 char | User password | string |
| isAdmin | optional | Defaults to false. Determines whether user has admin permissions. | boolean |
| Attribute | Constraints | Description | Type |
|---|---|---|---|
| title | optional; minimum 1 char; maximum 255 char | Title for post | string |
| text | optional; minimum 1 char; maximum 255 char | Body of the post | string |
| isPublished | optional; valid email; maximum 255 char | Defaults to false. When isPublished is false, the post will only be return in requests made by the post's user and admin users. See below for details on specific endpoints. | boolean |
| user | required; unique; 16 char objectID | User password | string |
| Attribute | Constraints | Description | Type |
|---|---|---|---|
| text | required; minimum 1 char; maximum 255 char | Comment text | string |
| author | required; minimum 1 char; maximum 255 char | Comment author's name or handle | string |
| optional; valid email; maximum 255 char | Comment author's email address | string | |
| post | required; unique; 16 char objectID | Post to which the comment belongs | string |
Available Methods
| Method | Endpoint | Description |
|---|---|---|
| GET | /users | Get all users |
| POST | /users | Register a new user |
| GET | /users/{userid} | Get information about a specific user |
| PUT | /users/{userid} | Update information about a specific user |
| DELETE | /users/{userid} | Remove a user |
| GET | /users/{userid}/posts | Get a specific user's posts |
Available Methods
| Method | Endpoint | Description |
|---|---|---|
| GET | /posts | Get all posts |
| POST | /posts | Create a new post |
| GET | /posts/{postid} | Get a specific post |
| PUT | /posts/{postid} | Edit a specific post |
| DELETE | /posts/{postid} | Remove a specific post |
| POST | /posts/{postid}/publish | Publish an unpublished post |
| POST | /posts/{postid}/unpublish | Unpublish a published post |
| GET | /posts/{postid}/comments | Get the comments on a specific post |
| POST | /posts/{postid}/comments | Add a comment on a specific post |
| GET | /posts/{postid}/comments/{commentid} | Get a specific comment |
| PUT | /posts/{postid}/comments/{commentid} | Update a specific comment |
| DELETE | /posts/{postid}/comments/{commentid} | Remove a specific comment |
Available Methods
| Method | Endpoint | Description |
|---|---|---|
| GET | /me | Get the logged in user's information |
| POST | /login | Log in a user |
Get all users
| Query String | Description | Type |
|---|---|---|
| limit | Response will return at most the limit number of users | number |
| skip | Query will skip the provided number of users (ordered by registration) | number |
An array of users
curl --location --request GET 'http://localhost:3000/users'[
{
"_id": "604d8dc8a9c87361f984d130",
"firstName": "Malcolm",
"lastName": "Reynolds",
"email": "[email protected]",
"__v": 0,
"fullName": "Malcolm Reynolds",
"id": "604d8dc8a9c87361f984d130"
},
{
"_id": "604d8e23a9c87361f984d131",
"firstName": "Inara",
"lastName": "Serra",
"email": "[email protected]",
"__v": 0,
"fullName": "Inara Serra",
"id": "604d8e23a9c87361f984d131"
},
{
"_id": "604d8e60a9c87361f984d132",
"firstName": "Zoe",
"lastName": "Washburne",
"email": "[email protected]",
"__v": 0,
"fullName": "Zoe Washburne",
"id": "604d8e60a9c87361f984d132"
}
]Register a new user
| Request Body | Required / Optional | Description | Type |
|---|---|---|---|
| firstName | Required | User first name. Must be between 1 and 255 characters. | string |
| lastName | Required | User last name. Must be between 1 and 255 characters. | string |
| Required | User email. Must be unique and at most 255 characters. | string | |
| password | Required | User password. Must be between 8 and 255 characters. | string |
The newly registered user with password omitted
curl --location --request POST 'http://localhost:3000/users/' \
--header 'Content-Type: application/json' \
--data-raw '{
"firstName": "Hoban",
"lastName": "Washburne",
"email": "[email protected]",
"password": "washPassword"
}'{
"_id": "604d902aa9c87361f984d134",
"firstName": "Hoban",
"lastName": "Washburne",
"email": "[email protected]",
"fullName": "Hoban Washburne"
}Get information about a specific user
| Path | Description |
|---|---|
| userid | The user's unique id. This will be a 16-character-long string. To get the information for the logged in user, /me may also be used for convenience |
The requested user
curl --location --request GET 'http://localhost:3000/users/604d8dc8a9c87361f984d130'{
"_id": "604d8dc8a9c87361f984d130",
"firstName": "Malcolm",
"lastName": "Reynolds",
"email": "[email protected]",
"isAdmin": true,
"__v": 0,
"fullName": "Malcolm Reynolds",
"id": "604d8dc8a9c87361f984d130"
}Update information about a specific user. Logged-in users who are not admins may update their own information only.
| Path | Description |
|---|---|
| userid | The user's unique id. This will be a 16-character-long string. |
| Request Body | Required / Optional | Description | Type |
|---|---|---|---|
| firstName | Optional | User first name. Must be between 1 and 255 characters. | string |
| lastName | Optional | User last name. Must be between 1 and 255 characters. | string |
| Optional | User email. Must be unique and at most 255 characters. | string | |
| password | Optional | User password. Must be between 8 and 255 characters. | string |
| Header | Required / Optional | Description |
|---|---|---|
| x-auth-token | Required | A valid JSON Web Token, which may be acquired at registration, or with the /login endpoint |
The updated user
curl --location --request PUT 'http://localhost:3000/users/604d8dc8a9c87361f984d130' \
--header 'x-auth-token: {jsonwebtoken from registration or login}' \
--header 'Content-Type: application/json' \
--data-raw '{
"email": "[email protected]"
}'{
"_id": "604d8dc8a9c87361f984d130",
"firstName": "Malcolm",
"lastName": "Reynolds",
"email": "[email protected]",
"fullName": "Malcolm Reynolds"
}Remove a user. Logged-in users who are not admins may remove their own information only.
| Path | Description |
|---|---|
| userid | The user's unique id. This will be a 16-character-long string. |
| Header | Required / Optional | Description |
|---|---|---|
| x-auth-token | Required | A valid JSON Web Token, which may be acquired at registration, or with the /login endpoint. Token must be for either an admin or the user being deleted |
The deleted user
curl --location --request DELETE 'http://localhost:3000/users/604d902aa9c87361f984d134' \
--header 'x-auth-token: {jsonwebtoken}'{
"_id": "604d902aa9c87361f984d134",
"firstName": "Hoban",
"lastName": "Washburne",
"email": "[email protected]",
"__v": 0,
"fullName": "Hoban Washburne",
"id": "604d902aa9c87361f984d134"
}Get a specific user's posts. Non-admins will receive only published posts, unless logged in and querying their own userid, in which case unpublished posts will be included as well. Admins will receive both published and unpublished posts regardless.
| Path | Description |
|---|---|
| userid | The user's unique id. This will be a 16-character-long string. |
| Query String | Description | Type |
|---|---|---|
| limit | Response will return at most the limit number of posts | number |
| skip | Query will skip the provided number of posts (ordered by date of creation) | number |
| Header | Required / Optional | Description |
|---|---|---|
| x-auth-token | Optional | A valid JSON Web Token, which may be acquired at registration, or with the /login endpoint |
The user's posts. Returns all posts for admins and logged in users querying their own posts. Returns only published posts for everyone else.
curl --location --request GET 'http://localhost:3000/users/604e5d8458d0b87135a69402/posts'[
{
"isPublished": true,
"_id": "604e634248484473c282b1dd",
"title": "Terrifying Space Monkeys?",
"text": "Look, I had to rewire the grav thrust because somebody won't replace that crappy compression coil.",
"user": "604e5d8458d0b87135a69402",
"createdAt": "2021-03-14T19:25:54.716Z",
"updatedAt": "2021-03-14T19:25:54.716Z",
"__v": 0
},
{
"isPublished": true,
"_id": "604e645948484473c282b1df",
"title": "Buffet Table?",
"text": "Well how can we be sure, unless we question it?",
"user": "604e5d8458d0b87135a69402",
"createdAt": "2021-03-14T19:30:33.892Z",
"updatedAt": "2021-03-14T19:30:33.892Z",
"__v": 0
}
]curl --location --request GET 'http://localhost:3000/users/604e5d8458d0b87135a69402/posts' \
--header 'x-auth-token: {jsonwebtoken}'[
{
"isPublished": true,
"_id": "604e634248484473c282b1dd",
"title": "Terrifying Space Monkeys?",
"text": "Look, I had to rewire the grav thrust because somebody won't replace that crappy compression coil.",
"user": "604e5d8458d0b87135a69402",
"createdAt": "2021-03-14T19:25:54.716Z",
"updatedAt": "2021-03-14T19:25:54.716Z",
"__v": 0
},
{
"isPublished": false,
"_id": "604e638648484473c282b1de",
"title": "Simon",
"text": "How clueless can he be!?",
"user": "604e5d8458d0b87135a69402",
"createdAt": "2021-03-14T19:27:02.729Z",
"updatedAt": "2021-03-14T19:27:02.729Z",
"__v": 0
},
{
"isPublished": true,
"_id": "604e645948484473c282b1df",
"title": "Buffet Table?",
"text": "Well how can we be sure, unless we question it?",
"user": "604e5d8458d0b87135a69402",
"createdAt": "2021-03-14T19:30:33.892Z",
"updatedAt": "2021-03-14T19:30:33.892Z",
"__v": 0
}
]Get all posts. By default this will only return published posts.
| Query String | Description | Type |
|---|---|---|
| limit | Response will return at most the limit number of posts | number |
| skip | Query will skip the provided number of posts (ordered by date of creation) | number |
| includeunpublished | Includes unpublished posts if and only if logged-in user is an admin | boolean |
| Header | Required / Optional | Description |
|---|---|---|
| x-auth-token | Optional | A valid JSON Web Token, which may be acquired at registration, or with the /login endpoint |
All published posts. Unpublished posts may be included for admins by using the includeunpublished query string.
curl --location --request GET 'http://localhost:3000/posts/'[
{
"isPublished": true,
"_id": "604e634248484473c282b1dd",
"title": "Terrifying Space Monkeys?",
"text": "Look, I had to rewire the grav thrust because somebody won't replace that crappy compression coil.",
"user": "604e5d8458d0b87135a69402",
"createdAt": "2021-03-14T19:25:54.716Z",
"updatedAt": "2021-03-14T19:25:54.716Z",
"__v": 0
},
{
"isPublished": true,
"_id": "604e645948484473c282b1df",
"title": "Buffet Table?",
"text": "Well how can we be sure, unless we question it?",
"user": "604e5d8458d0b87135a69402",
"createdAt": "2021-03-14T19:30:33.892Z",
"updatedAt": "2021-03-14T19:30:33.892Z",
"__v": 0
},
{
"isPublished": true,
"_id": "604e71ef9ba006741345437e",
"title": "I think we should call it your grave!",
"text": "Ah, curse your sudden but inevitable betrayal",
"user": "604e712f9ba006741345437c",
"createdAt": "2021-03-14T20:28:31.857Z",
"updatedAt": "2021-03-14T20:28:31.857Z",
"__v": 0
}
]curl --location --request GET 'http://localhost:3000/posts?includeunpublished=true' \
--header 'x-auth-token: {jsonwebtoken for admin user}'[
{
"isPublished": true,
"_id": "604e634248484473c282b1dd",
"title": "Terrifying Space Monkeys?",
"text": "Look, I had to rewire the grav thrust because somebody won't replace that crappy compression coil.",
"user": "604e5d8458d0b87135a69402",
"createdAt": "2021-03-14T19:25:54.716Z",
"updatedAt": "2021-03-14T19:25:54.716Z",
"__v": 0
},
{
"isPublished": false,
"_id": "604e638648484473c282b1de",
"title": "Simon",
"text": "How clueless can he be!?",
"user": "604e5d8458d0b87135a69402",
"createdAt": "2021-03-14T19:27:02.729Z",
"updatedAt": "2021-03-14T19:27:02.729Z",
"__v": 0
},
{
"isPublished": true,
"_id": "604e645948484473c282b1df",
"title": "Buffet Table?",
"text": "Well how can we be sure, unless we question it?",
"user": "604e5d8458d0b87135a69402",
"createdAt": "2021-03-14T19:30:33.892Z",
"updatedAt": "2021-03-14T19:30:33.892Z",
"__v": 0
},
{
"isPublished": true,
"_id": "604e71ef9ba006741345437e",
"title": "I think we should call it your grave!",
"text": "Ah, curse your sudden but inevitable betrayal",
"user": "604e712f9ba006741345437c",
"createdAt": "2021-03-14T20:28:31.857Z",
"updatedAt": "2021-03-14T20:28:31.857Z",
"__v": 0
}
]curl --location --request GET 'http://localhost:3000/posts?limit=2&skip=1'[
{
"isPublished": true,
"_id": "604e645948484473c282b1df",
"title": "Buffet Table?",
"text": "Well how can we be sure, unless we question it?",
"user": "604e5d8458d0b87135a69402",
"createdAt": "2021-03-14T19:30:33.892Z",
"updatedAt": "2021-03-14T19:30:33.892Z",
"__v": 0
},
{
"isPublished": true,
"_id": "604e71ef9ba006741345437e",
"title": "I think we should call it your grave!",
"text": "Ah, curse your sudden but inevitable betrayal",
"user": "604e712f9ba006741345437c",
"createdAt": "2021-03-14T20:28:31.857Z",
"updatedAt": "2021-03-14T20:28:31.857Z",
"__v": 0
}
]Create a new post. Requires a logged-in user, which will in turn be saved as the post's user.
| Request Body | Required / Optional | Description | Type |
|---|---|---|---|
| title | Optional | Post title. Must be between 1 and 255 characters long. | string |
| text | Optional | Post text. Must be between 1 and 99999 characters long. | string |
| isPublished | Optional | When false, post will only be visible to admins and the post's own user. | boolean |
| user | Optional | User optional for admins. If not included, or if logged in user is not an admin, the user field will be set to the logged-in user and needs not be otherwise included in the request. | string |
| Header | Required / Optional | Description |
|---|---|---|
| x-auth-token | Required | A valid JSON Web Token, which may be acquired at registration, or with the /login endpoint |
The newly created post
curl --location --request POST 'http://localhost:3000/posts' \
--header 'x-auth-token: {jsonwebtoken}' \
--header 'Content-Type: application/json' \
--data-raw '{
"title": "What'\''s that make us?",
"text": "Big damn heroes, sir.",
"isPublished": "true"
}'{
"isPublished": true,
"_id": "604e74d79ba006741345437f",
"title": "What's that make us?",
"text": "Big damn heroes, sir.",
"user": "604d8dc8a9c87361f984d130",
"createdAt": "2021-03-14T20:40:55.541Z",
"updatedAt": "2021-03-14T20:40:55.541Z",
"__v": 0
}Gets a single post. If the post is unpublished, it will only be accessible to admins and the post's user.
| Path | Description |
|---|---|
| postid | The post's unique id. This will be a 16-character-long string. |
| Header | Required / Optional | Description |
|---|---|---|
| x-auth-token | Optional | A valid JSON Web Token, which may be acquired at registration, or with the /login endpoint |
The post given in the postid path parameter
curl --location --request GET 'http://localhost:3000/posts/604e74d79ba006741345437f'{
"isPublished": true,
"_id": "604e74d79ba006741345437f",
"title": "What's that make us?",
"text": "Big damn heroes, sir.",
"user": "604d8dc8a9c87361f984d130",
"createdAt": "2021-03-14T20:40:55.541Z",
"updatedAt": "2021-03-14T20:40:55.541Z",
"__v": 0
}Updates a single post. Only accessible to admins and the post's user.
| Path | Description |
|---|---|
| postid | The post's unique id. This will be a 16-character-long string. |
| Request Body | Required / Optional | Description | Type |
|---|---|---|---|
| title | Optional | Post title. Must be between 1 and 255 characters long. | string |
| text | Optional | Post text. Must be between 1 and 99999 characters long. | string |
| isPublished | Optional | When false, post will only be visible to admins and the post's own user. To change only this property, /posts/{postid}/publish and /posts/{postid}/unpublish routes are included for convenience. |
boolean |
| (user) | (n/a) | (Post user cannot be changed. If it is included in the body it will be ignored.) | (n/a) |
| Header | Required / Optional | Description |
|---|---|---|
| x-auth-token | Required | A valid JSON Web Token, which may be acquired at registration, or with the /login endpoint |
The updated post given in the postid path parameter
curl --location --request PUT 'http://localhost:3000/posts/604e74d79ba006741345437f' \
--header 'x-auth-token: {jsonwebtoken}' \
--header 'Content-Type: application/json' \
--data-raw '{
"text": "Big damn heroes, sir. / Ain'\''t we just."
}'{
"isPublished": true,
"_id": "604e74d79ba006741345437f",
"title": "What's that make us?",
"text": "Big damn heroes, sir. / Ain't we just.",
"user": "604d8dc8a9c87361f984d130",
"createdAt": "2021-03-14T20:40:55.541Z",
"updatedAt": "2021-03-14T20:46:49.537Z",
"__v": 0
}Remove a user. Logged-in users may remove their own account only. Admins may remove any account.
| Path | Description |
|---|---|
| postid | The post's unique id. This will be a 16-character-long string. |
| Header | Required / Optional | Description |
|---|---|---|
| x-auth-token | Required | A valid JSON Web Token, which may be acquired at registration, or with the /login endpoint |
The deleted post
curl --location --request DELETE 'http://localhost:3000/posts/604e634248484473c282b1dd' \
--header 'x-auth-token: {jsonwebtoken}'{
"isPublished": true,
"_id": "604e634248484473c282b1dd",
"title": "Terrifying Space Monkeys?",
"text": "Look, I had to rewire the grav thrust because somebody won't replace that crappy compression coil.",
"user": "604e5d8458d0b87135a69402",
"createdAt": "2021-03-14T19:25:54.716Z",
"updatedAt": "2021-03-14T19:25:54.716Z",
"__v": 0
}Sets the isPublished attribute for the given post to true. Posts may be published by their own user or admins.
| Path | Description |
|---|---|
| postid | The post's unique id. This will be a 16-character-long string. |
| Header | Required / Optional | Description |
|---|---|---|
| x-auth-token | Required | A valid JSON Web Token, which may be acquired at registration, or with the /login endpoint |
The newly-published post
curl --location --request POST 'http://localhost:3000/posts/604e638648484473c282b1de/publish' \
--header 'x-auth-token: {jsonwebtoken}'{
"isPublished": true,
"_id": "604e638648484473c282b1de",
"title": "Simon",
"text": "How clueless can he be!?",
"user": "604e5d8458d0b87135a69402",
"createdAt": "2021-03-14T19:27:02.729Z",
"updatedAt": "2021-03-14T20:56:23.672Z",
"__v": 0
}Sets the isPublished attribute for the given post to false. Posts may be unpublished by their own user or admins.
| Path | Description |
|---|---|
| postid | The post's unique id. This will be a 16-character-long string. |
| Header | Required / Optional | Description |
|---|---|---|
| x-auth-token | Required | A valid JSON Web Token, which may be acquired at registration, or with the /login endpoint |
The newly-unpublished post
curl --location --request POST 'http://localhost:3000/posts/604e638648484473c282b1de/unpublish' \
--header 'x-auth-token: {jsonwebtoken}'{
"isPublished": false,
"_id": "604e638648484473c282b1de",
"title": "Simon",
"text": "How clueless can he be!?",
"user": "604e5d8458d0b87135a69402",
"createdAt": "2021-03-14T19:27:02.729Z",
"updatedAt": "2021-03-14T21:00:40.171Z",
"__v": 0
}Get the comments for the given post. Comments may only be retrieved for published posts.
| Path | Description |
|---|---|
| postid | The post's unique id. This will be a 16-character-long string. |
| Query String | Description | Type |
|---|---|---|
| limit | Response will return at most the limit number of comments | number |
| skip | Query will skip the provided number of comments (ordered by date of creation) | number |
All comments for the post indicated by postid in the path
curl --location --request GET 'http://localhost:3000/posts/604e638648484473c282b1de/comments'[
{
"_id": "604e7a0a9ba0067413454380",
"text": "Who, me?",
"author": "Dr. Simon Tam",
"email": "[email protected]",
"post": "604e638648484473c282b1de",
"createdAt": "2021-03-14T21:03:06.044Z",
"updatedAt": "2021-03-14T21:03:06.044Z",
"__v": 0
}
]Create a new comment for the given post. Comments may only be created for published posts.
| Path | Description |
|---|---|
| postid | The post's unique id. This will be a 16-character-long string. |
| Request Body | Required / Optional | Description | Type |
|---|---|---|---|
| text | Required | Comment text. | string |
| author | Required | Comment author - a name or handle for display. | string |
| Optional | An email address for the comment's author. | boolean | |
| (post) | (n/a) | (post will be set to the post retrieved by the postid Path) | n/a |
The newly-created comment
curl --location --request POST 'http://localhost:3000/posts/604e638648484473c282b1de/comments' \
--header 'Content-Type: application/json' \
--data-raw '{
"text": "Who, me?",
"author": "Dr. Simon Tam",
"email": "[email protected]",
"post": "604e638648484473c282b1de"
}'{
"_id": "604e7a0a9ba0067413454380",
"text": "Who, me?",
"author": "Dr. Simon Tam",
"email": "[email protected]",
"post": "604e638648484473c282b1de",
"createdAt": "2021-03-14T21:03:06.044Z",
"updatedAt": "2021-03-14T21:03:06.044Z",
"__v": 0
}Get a single comment.
| Path | Description |
|---|---|
| postid | The post's unique id. This will be a 16-character-long string. |
| commentid | The comment's unique id. This will be a 16-character-long string. |
The comment comment indicated by commentid in the path
curl --location --request GET 'http://localhost:3000/posts/604e74d79ba006741345437f/comments/604e7aa59ba0067413454381'{
"_id": "604e7aa59ba0067413454381",
"text": "Ain't we just",
"author": "Mal",
"email": "[email protected]",
"post": "604e74d79ba006741345437f",
"createdAt": "2021-03-14T21:05:41.997Z",
"updatedAt": "2021-03-14T21:05:41.997Z",
"__v": 0
}Update a single comment. Only accessible for admins.
| Path | Description |
|---|---|
| postid | The post's unique id. This will be a 16-character-long string. |
| commentid | The comment's unique id. This will be a 16-character-long string. |
| Request Body | Required / Optional | Description | Type |
|---|---|---|---|
| text | Required | Comment text. | string |
| author | Required | Comment author - a name or handle for display. | string |
| Optional | An email address for the comment's author. | boolean | |
| (post) | (n/a) | (post will be set to the comment's original post and cannot be changed) | n/a |
| Header | Required / Optional | Description |
|---|---|---|
| x-auth-token | Required | A valid JSON Web Token, which may be acquired at registration, or with the /login endpoint |
The updated comment comment indicated by commentid in the path
curl --location --request PUT 'http://localhost:3000/posts/604e74d79ba006741345437f/comments/604e7aa59ba0067413454381' \
--header 'x-auth-token: {jsonwebtoken}' \
--header 'Content-Type: application/json' \
--data-raw '{
"email": "[email protected]"
}'{
"_id": "604e7aa59ba0067413454381",
"text": "Ain't we just",
"author": "Mal",
"email": "[email protected]",
"post": "604e74d79ba006741345437f",
"createdAt": "2021-03-14T21:05:41.997Z",
"updatedAt": "2021-03-14T21:16:37.470Z",
"__v": 0
}Removes a comment. Logged in users may remove comments on their own posts. Admins may remove any comment.
| Path | Description |
|---|---|
| postid | The post's unique id. This will be a 16-character-long string. |
| commentid | The comment's unique id. This will be a 16-character-long string. |
| Header | Required / Optional | Description |
|---|---|---|
| x-auth-token | Required | A valid JSON Web Token, which may be acquired at registration, or with the /login endpoint |
The deleted comment comment indicated by commentid in the path
curl --location --request DELETE 'http://localhost:3000/posts/604e74d79ba006741345437f/comments/604e7aa59ba0067413454381' \
--header 'x-auth-token: {jsonwebtoken}'{
"_id": "604e7aa59ba0067413454381",
"text": "Ain't we just",
"author": "Mal",
"email": "[email protected]",
"post": "604e74d79ba006741345437f",
"createdAt": "2021-03-14T21:05:41.997Z",
"updatedAt": "2021-03-14T21:16:37.470Z",
"__v": 0
}Get the logged in user's information.
| Header | Required / Optional | Description |
|---|---|---|
| x-auth-token | Required | A valid JSON Web Token, which may be acquired at registration, or with the /login endpoint |
The logged in user
curl --location --request GET 'http://localhost:3000/me' \
--header 'x-auth-token: {jsonwebtoken}'{
"_id": "604d8dc8a9c87361f984d130",
"firstName": "Malcolm",
"lastName": "Reynolds",
"email": "[email protected]",
"isAdmin": true,
"__v": 0,
"fullName": "Malcolm Reynolds",
"id": "604d8dc8a9c87361f984d130"
}Log in a user. Returns a JSON Web Token to be included in the x-auth-token header of requests.
| Request Body | Required / Optional | Description | Type |
|---|---|---|---|
| Required | User's email address, provided at registration or updated since. | string | |
| password | Required | User's password, provided at registration or updated since. | string |
A json web token for use in 'x-auth-token' request headers
curl --location --request POST 'http://localhost:3000/login' \
--header 'Content-Type: application/json' \
--data-raw '{
"email": "[email protected]",
"password": "riverPassword"
}'"eyJhbGciOiJLUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiI2MDRlYWQwYLc0Y2YwOTdjZTlkZjgxZD4iLCJpYXQiOjE2MTU3Njg4NzN9.ZKoc-bCCqpL421PHt_3vDzPtdg-Tv0jcTFh48VPt-ZU"
(Note: This is not the actual token response for the above response. Just an example of what your json web token will look like, give or take.)