Skip to content

README.md

Latest commit

 

History

History
89 lines (63 loc) · 3.82 KB

README.md

File metadata and controls

89 lines (63 loc) · 3.82 KB

Social Media API Backend

This is a simple API backend for a social media app. Its features include:

  • User registration and deletion.
  • Post creation, deletion, (un)liking, and flagging.
  • A simple content filter that checks and prevents publishing of posts if they contain certain prohibited words.
  • Admin users with permission to delete posts, delete users, and review flagged posts.

This API uses Node/Express.js for the backend and MongoDB for the database.

Security

This API uses the following precautions to ensure user safety:

  • Passwords are hashed using the bcrypt library and stored in the database in their encrypted form. The hash function is one-way, so a bad actor with access to the database wouldn't be able to reverse-engineer passwords.
  • Session cookies are encrypted using the JSON Web Token protocol. This involves signing with a server-defined secret to allow detection of modified session cookies.
  • Sessions only last for a server-defined amount of time. This reduces the probability of a session replay attack by invalidating session cookies while not in use.
  • To create an admin account, a user must provide the server-defined admin secret alongisde their account registration information.

Available Routes

This API exposes the following routes and methods:

User Routes

  • POST /api/users: Register a new user
  • GET /api/users/[id]: Retrieve user information by ID
  • DELETE /api/users/[id]: Delete a user by ID
  • GET /api/users/[id]/posts: Retrieve a user's posts

Post Routes

  • POST /api/posts: Create a new post
  • GET /api/posts/[id]: Retrieve a post by ID
  • DELETE /api/posts/[id]: Delete a post by ID
  • POST /api/posts/[id]/like: Like a post
  • DELETE /api/posts/[id]/like: Unlike a post
  • GET /api/posts/[id]/flag: Obtain a post's flags (admins only)
  • POST /api/posts/[id]/flag: Flag a post for review

Session Routes

  • POST /api/sessions: Log in and create a new session
  • DELETE /api/sessions: Log out and delete the current session

Check out the full documentation.

Setup

To set up the project, follow these steps:

  1. Clone the repository:

    git clone https://github.com/NajmKHoda/social-api.git
cd social-api

  2. Install dependencies using npm:

    npm install

  3. Set up the database:

    Head to the MongoDB website and create an account. Then, follow the instructions of this article to create a database using MongoDB Atlas. Obtain the URI provided by Atlas for your cluster by selecting Connect on the project overview page and following the instructions.

  4. Set up environment variables:

    Create a .env file in the root directory. The .env file MUST declare the following variables:

    MONGODB_URI= # URI provided by MongoDB Atlas

ADMIN_SECRET= # Secret for admin account creation

SESSION_SECRET= # Signing secret for session cookies
SESSION_DURATION= # Length of a session, in seconds
SESSION_ISSUER= # Name of the app providing the session

    You can also declare a PORT variable if you want to bind to a port other than 8000. You may refer to .env.example for a template.

  5. (optional) Configure prohibited words:

    The /config/disallowedWords.txt file contains the list of all words (each on their own line) used by the content filter. If a post contains any word in this list, it is not published. Feel free to change this list to suit your needs.

  6. Start the server:

    npm start

Your API server should now be running.