This document describes the RESTful API endpoints available in the vulnerable-node application.
All API endpoints are prefixed with /api.
The authentication endpoint allows you to validate user credentials.
Authenticate a user with username and password.
Request Body:
{
"username": "admin",
"password": "admin"
}Success Response (200):
{
"success": true,
"message": "Authentication successful",
"user": {
"name": "admin"
}
}Error Response (401):
{
"success": false,
"error": "Invalid credentials"
}Error Response (400):
{
"success": false,
"error": "Username and password are required"
}Get a list of all products.
Success Response (200):
{
"success": true,
"products": [
{
"id": 0,
"name": "Product Name",
"description": "Product description",
"price": 100,
"image": "image-url"
}
]
}Error Response (500):
{
"success": false,
"error": "Error message"
}Search for products by name or description.
Query Parameters:
q(required): Search query string
Success Response (200):
{
"success": true,
"products": [
{
"id": 0,
"name": "Product Name",
"description": "Product description",
"price": 100,
"image": "image-url"
}
],
"query": "search term"
}Error Response (400):
{
"success": false,
"error": "Query parameter \"q\" is required"
}Get details of a specific product by ID.
URL Parameters:
id: Product ID
Success Response (200):
{
"success": true,
"product": {
"id": 0,
"name": "Product Name",
"description": "Product description",
"price": 100,
"image": "image-url"
}
}Error Response (404):
{
"success": false,
"error": "Product not found"
}Create a new purchase.
Request Body:
{
"mail": "user@example.com",
"address": "123 Main St",
"ship_date": "2024-01-01",
"phone": "555-1234",
"product_id": 1,
"product_name": "Product Name",
"username": "john",
"price": 100
}Success Response (201):
{
"success": true,
"message": "Product purchased successfully"
}Error Response (400):
{
"success": false,
"error": "Missing parameter 'field_name'"
}or
{
"success": false,
"error": "Invalid mail format"
}Error Response (500):
{
"success": false,
"error": "Error message"
}Get all purchases for a specific user.
Query Parameters:
username(required): Username to retrieve purchases for
Success Response (200):
{
"success": true,
"purchases": [
{
"id": 1,
"product_id": 1,
"product_name": "Product Name",
"user_name": "john",
"mail": "user@example.com",
"address": "123 Main St",
"phone": "555-1234",
"ship_date": "2024-01-01",
"price": 100
}
]
}Error Response (400):
{
"success": false,
"error": "Query parameter \"username\" is required"
}Error Response (500):
{
"success": false,
"error": "Error message"
}Get all products:
curl http://localhost:3000/api/productsSearch for products:
curl "http://localhost:3000/api/products/search?q=laptop"Get a specific product:
curl http://localhost:3000/api/products/1Authenticate:
curl -X POST http://localhost:3000/api/auth \
-H "Content-Type: application/json" \
-d '{"username": "admin", "password": "admin"}'Create a purchase:
curl -X POST http://localhost:3000/api/purchases \
-H "Content-Type: application/json" \
-d '{
"mail": "user@example.com",
"address": "123 Main St",
"ship_date": "2024-01-01",
"phone": "555-1234",
"product_id": 1,
"product_name": "Product Name",
"username": "john",
"price": 100
}'Get user purchases:
curl "http://localhost:3000/api/purchases?username=john"All API endpoints return JSON responses with the following structure:
- Success responses include a
success: truefield - Error responses include a
success: falsefield and anerrorfield with the error message - HTTP status codes are used appropriately:
- 200: Success
- 201: Created
- 400: Bad Request
- 401: Unauthorized
- 404: Not Found
- 500: Internal Server Error