VERIFICATION

REST API Endpoints

Middleware

When a user makes an HTTPS request, session middleware checks the token. Using that token, we determine if a route is accessible to the current user, as some routes might be public or session-based

1. User Login

• HTTP Request Type: POST

• Route: /firestapi/account/login

• URL / Body Parameters:

  • email: String

  • password: String

• Info: This endpoint logs a user in based on the email and password. If login is successful, a token is received and set as a browser cookie to be authenticated on every request.

HTTPS Body Example:

json

{ 
"email": "runzho.li@fundamentalinteractions.com", "password": "Test123!" 
}

2. User Logout

• HTTP Request Type: POST

• Route: /firestapi/account/logout

• URL / Body Parameters: None

• Info: This endpoint deletes the token cookie if it exists.

3. Check Login Status

• HTTP Request Type: GET

• Route: /firestapi/account

• URL / Body Parameters: None

• Info: This endpoint checks if the user is logged in or not

Example Implementation in Express.js

Here's an example of how you might implement these endpoints in an Express.js application:

javascript

const express = require('express');
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
const session = require('express-session');

const app = express();

app.use(bodyParser.json());
app.use(cookieParser());
app.use(session({
  secret: 'your_secret_key',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true } // Use secure cookies in production
}));

// Dummy user data for demonstration purposes
const users = [
  { email: 'runzho.li@fundamentalinteractions.com', password: 'Test123!' }
];

// Login endpoint
app.post('/firestapi/account/login', (req, res) => {
  const { email, password } = req.body;

  const user = users.find(u => u.email === email && u.password === password);
  if (user) {
    req.session.token = 'your_generated_token'; // Generate and set your token here
    res.cookie('token', 'your_generated_token', { httpOnly: true, secure: true });
    res.status(200).send('Logged in successfully');
  } else {
    res.status(401).send('Invalid email or password');
  }
});

// Logout endpoint
app.post('/firestapi/account/logout', (req, res) => {
  res.clearCookie('token');
  req.session.destroy(err => {
    if (err) {
      return res.status(500).send('Could not log out');
    } else {
      return res.status(200).send('Logged out successfully');
    }
  });
});

// Check login status endpoint
app.get('/firestapi/account', (req, res) => {
  if (req.session.token) {
    res.status(200).send('Logged in');
  } else {
    res.status(401).send('Not logged in');
  }
});

// Middleware to check token
function checkToken(req, res, next) {
  const token = req.cookies.token || '';
  if (token) {
    // Validate token here (e.g., using JWT)
    next();
  } else {
    res.status(403).send('Forbidden');
  }
}

// Apply middleware to protected routes
app.use('/firestapi/account', checkToken);

const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
  console.log(`Server is running on port ${PORT}`);
});

This example sets up the three specified routes using Express.js, handles user login by setting a session token and cookie, checks login status, and provides a logout endpoint to clear the session and token cookie.