Skip to content

API

Jump to bottom
Max H edited this page Feb 2, 2022 · 27 revisions

In the following article, the API is documented. The attribute role definies, which User-Role can access the individual interface.

JWT for Authentication

To authenticate a user, they must send a JWT with each request.
To send the JWT, the header Authorization must be set with the following format: Bearer <token>.
The JWT is signed with a random 64-Byte Token, which will be regenerated at every restart of the server.
It expires after 12 Hours.

Payload of the JWT 

{
  "id":user_id,
  "username":"username",
  "fullname":"fullname",
  "role":"student"|"teacher"|"administrator",
  "exp":time_to_expire
}

Middleware

The middleware verifies and decodes the delievered JWT, if the request is not to /user/login.
If the JWT could not be verified, a response with the HTTP-Status 401 and the message Invalid JWT is send.

/user

POST /user/register

Register a new user

Roles

administrator

Request-Data

{
  "username":"username",
  "password":"password",
  "role":"student"|"teacher"|"administrator",
  "fullname":"fullname",
  "address":"address",
  "matriculationNumber":"matriculationNumber",
  "mail":"[email protected]"
}

It may be noticed, that the role will default to student, if none of the role listed above is used.

Response-Data

On success returns the HTTP-Status 200.
On failure returns the HTTP-Status 403.

POST /user/login

Try to login a user

Roles

Unauthenticated users

Request-Data

{
  "username":"username",
  "password":"password
}

Response-Data

On success returns the HTTP-Status 200 and a JWT for authentication.
On failure returns the HTTP-Status 403 and the message Wrong username or password.

POST /user/delete

Deletes a user from the repository

Roles

administrator

Request-Data

{
  "username":"username"
}

Response-Data

On success returns the HTTP-Status 200 and the message The user has been deleted.
On failure returns the HTTP-Status 500 and the message The user could not be deleted.

POST /user/changePassword

Change the password of the given user

Roles

student & teacher may only change their own password. administrator may change their own password as the password of other users.

Request-Data

{
  "username":"username",
  "password":"password
}

Response-Data

On success returns the HTTP-Status 200 and the message The password has been changed.
On failure returns the HTTP-Status 500 and the message Password could not be changed.

GET /user/getAll

Get all users

Roles

administrator

Request-Data

No request data

Response-Data

An array of the following JSON-Objects

{
    "id": 5,
    "fullname": "fullname",
    "address": "address",
    "matriculationNumber": "matriculationNumber",
    "mail": "[email protected]",
    "userId": {
        "id": 14,
        "username": "username",
        "isTeacher": false|true,
        "isAdministrator": false|true
    }
}

Clone this wiki locally