# VERIFICATION #### REST API Endpoints **Middleware** When a user makes an HTTPS request, session middleware checks the token. Using that token, we determine if a route is accessible to the current user, as some routes might be public or session-based **1. User Login** * **HTTP Request Type:** POST * **Route:** `/firestapi/account/login` * **URL / Body Parameters:** * `email`: String * `password`: String * **Info:** This endpoint logs a user in based on the email and password. If login is successful, a token is received and set as a browser cookie to be authenticated on every request. **HTTPS Body Example:** json ``` { "email": "runzho.li@fundamentalinteractions.com", "password": "Test123!" } ``` **2. User Logout** * **HTTP Request Type:** POST * **Route:** `/firestapi/account/logout` * **URL / Body Parameters:** None * **Info:** This endpoint deletes the token cookie if it exists. **3. Check Login Status** * **HTTP Request Type:** GET * **Route:** `/firestapi/account` * **URL / Body Parameters:** None * **Info:** This endpoint checks if the user is logged in or not #### Example Implementation in Express.js Here's an example of how you might implement these endpoints in an Express.js application: javascript ```javascript const express = require('express'); const bodyParser = require('body-parser'); const cookieParser = require('cookie-parser'); const session = require('express-session'); const app = express(); app.use(bodyParser.json()); app.use(cookieParser()); app.use(session({ secret: 'your_secret_key', resave: false, saveUninitialized: true, cookie: { secure: true } // Use secure cookies in production })); // Dummy user data for demonstration purposes const users = [ { email: 'runzho.li@fundamentalinteractions.com', password: 'Test123!' } ]; // Login endpoint app.post('/firestapi/account/login', (req, res) => { const { email, password } = req.body; const user = users.find(u => u.email === email && u.password === password); if (user) { req.session.token = 'your_generated_token'; // Generate and set your token here res.cookie('token', 'your_generated_token', { httpOnly: true, secure: true }); res.status(200).send('Logged in successfully'); } else { res.status(401).send('Invalid email or password'); } }); // Logout endpoint app.post('/firestapi/account/logout', (req, res) => { res.clearCookie('token'); req.session.destroy(err => { if (err) { return res.status(500).send('Could not log out'); } else { return res.status(200).send('Logged out successfully'); } }); }); // Check login status endpoint app.get('/firestapi/account', (req, res) => { if (req.session.token) { res.status(200).send('Logged in'); } else { res.status(401).send('Not logged in'); } }); // Middleware to check token function checkToken(req, res, next) { const token = req.cookies.token || ''; if (token) { // Validate token here (e.g., using JWT) next(); } else { res.status(403).send('Forbidden'); } } // Apply middleware to protected routes app.use('/firestapi/account', checkToken); const PORT = process.env.PORT || 3000; app.listen(PORT, () => { console.log(`Server is running on port ${PORT}`); }); ``` This example sets up the three specified routes using Express.js, handles user login by setting a session token and cookie, checks login status, and provides a logout endpoint to clear the session and token cookie.