Open Source Development 2
References for this Part
Model Solutions Previous Lesson
OSD.1.0
JavaScript
Example 0. Testsuite. test-suite.js
|
|
Example 1. Rational. Rational.js
|
|
Example 2. Run Tests
|
|
Python
Example 3. Testsuite. testsuite.py
|
|
Example 4. Rational. Rational.py
|
|
Example 5. Run Tests
|
|
A FOSS Application to be Improved
Generating a Dynamic Express Site
Normally, probably, we generate dynamic, not static, sites. This is what most web development is about. Doing that we must reference a templating engine that is capable of interpolating variable dynamic data into an HTML5 template. Because there is a choice of templating engines we denominate one, pug. The default is, strangely, an ancestor of pug, jade that nobody uses any more.
Example 6. Create Dynamic Express Site
|
|
In your browser navigate to http://localhost:3000 and see the welcome page.
In order to be up-to-date with JavaScript and
practical work, first edit package.json
Example 7. Edited package.json
|
|
Lines 8 and 9 are new, and allow you to start
a testrun with npm test
. This will install
all dependencies, and then start the server.
Then modernize the first lines of the app.js
setup file so that all occurrences of var
are
replaced by const
. It must look similar to
the following:
Example 8. The First Lines of the Essential app.js
|
|
The first line is new, actually optional, but needed more often than not.
Requiring cors
, re https://www.npmjs.com/package/cors,
and helmet
, re https://www.npmjs.com/package/helmet
are essentially security related and should be
considered in any project.
I have ordered the lines so that the external requirements are sorted alphabetically. Makes them easier on the maintainers eye.
JWT, Json Web Tokens
In order to safeguard security in a web application the user must authenticate. For regular applications this results in the creation of a session. A session is signified by a token, a variable, that is created at succesful login, and it will exist until the user logs out. Its existence will be checked when privileged activities in the application require login.
When web applications are using the REST API, the users must still authenticate to achieve certain privileged permissions, but the session is sometimes replaced by a token that, by and large, has the same function as a session cookie. The formalities behind these token are found in [JSON Web Token (JWT) Response for OAuth Token Introspection)(https://www.rfc-editor.org/rfc/rfc9701.txt)
In node application we have an implementation
in https://www.npmjs.com/package/jsonwebtoken
that may be installed by npm i jsonwebtoken
.
The latter link has several usage examples. A token should be created at succesful authentication by code similar to
Example 9. Create Json Web Token. From coursecode/eduapi
|
|
Example 10. Verify Token
|
|
Both code fragments are from a controller function.
The variable process.env.SECRET
will be a cat’s
footprint kept in the .env
file of the
application.
ses
The rules for handing in assignments may be found in the README
Exercise DS.6.0
Todays exercise will consist of completing a partly done REST API application.
The skeleton application is to be forked from
https://codeberg.org/arosano/restapi.git
The Database sampleAPI.db
|
|
Completion means:
- In
routes/users.js
create whatever may be missing routes for- registering
- logging in
- Create controller function in
controllersworld.js
for adding a city to the database. Usage must require authentication, andadmin
privileges. - All reading and displaying of data must require authentication as at least a regular user.
- Only an
admin
may change the entries in theuser
table ie change profiles. Controller functions must be incontrollers.js
Logging in should mean receiving a token from the API server. You must rpobably save in in local storage, so that it can be used repeatedly until it’s expiration.
The architecture is MVC, Model-View-Controller. You must not change that.
Please keep the separation of functionality between the two routers.
This should probably be done in groups of two or three. Some research is expected. Take a couple of weeks to do it. And don’t forget that questions are welcome.