This is the back-end server created to accompany the Front End of a Question Box Single Web Application designed to promote a peer-to-peer, culturally appropriate approach to Sex Education in Refugees and New Germans.
The back-end consist of a REST-like API that interfaces with the front-end for receiving questions, updating questions details, registering users for notifications, and submit those notifications via email and/or Web Push protocols.
Management of content is done through user profiles (Ambassadors, people who answer, and Administrators), which can login using JSON Web Tokens.
- Prerequisites
- Getting Started
- Running tests
- Environment Variables
- API End-Points
- Multilanguage
- Technology
- Get in Touch
- Acknowledgements
- Team
- License
- Funding
The back-end requires you to have node.js ^8.10 and npm ^3.5.2 installed in your server.
First, download or clone this repository.
git clone https://github.com/Benatna/question-box-backend.git
After downloaded, access the downloaded folder and install the required dependencies.
cd question-box-backend
npm install
You will also want to create a file with environment variables.
nano .env
You can see the list of required environment variables and their definition here.
With all dependencies installed and environment variables defined, the application can be started:
npm run start
This will start the application using the included nodemon.json configuration.
You can run the tests by executing the following command:
npm run test
Tests are carried in every single end-point of the API.
IMPORTANT: No automatic testing is developed for Email notifications and Web Push. These behaviors must be tested manually, but they should work out-of-the-box.
| Variable | Example | Comments |
|---|---|---|
| NODE_ENV | NODE_ENV=production |
responds to test or not test |
| PORT | PORT=3000 |
If not defined, runs in 3000 |
| LOWDBFILE | LOWDBFILE=db.json |
Location of JSON DB file |
| CRYPTRKEY | CRYPTRKEY=OwE49wsPcN |
Key for encryption of emails in the database |
| JWT_KEY | JWT_KEY=FOOUE8Kyqo |
Encryption key for the JSON Web Tokens |
| ADMIN_EMAIL | [email protected] |
Used for the creation of default administrator account, push notifications, email transporter |
| ADMIN_PASSWORD | ADMIN_PASSWORD=jyLouM2Gci |
Used for the creation of default administrator account |
| WEBSITE_URL | WEBSITE_URL=https://www.yourdomain.com |
Used for the email and push notifications |
| EMAIL_PASSWORD | EMAIL_PASSWORD=YEDZ1yRfz12 |
Required for the email transporter. It pairs with ADMIN_EMAIL |
| EMAIL_PORT | EMAIL_PORT=465 |
Required for the email transporter |
| EMAIL_SECURE | EMAIL_PORT=true |
true for 465, false for other ports |
| VAPIDKEY_PUBLIC | VAPIDKEY_PUBLIC=BCv-0bxPV_RQj(..) |
For generating VAPID keys follow these instructions |
| VAPIDKEY_PRIVATE | VAPIDKEY_PRIVATE=JONfGPAp9i(..) |
For generating VAPID keys follow these instructions |
The API hosts two main routes: questions and users. Both are differentiated between Public and Private routes.
| Method | End-Point | Request Body | Successful Response | Description |
|---|---|---|---|---|
| POST | /users/login | email, password | JSON Web Token | Checks if user/password combination is correct and returns a web token |
| GET | /users/ambassadors | ambassadors array | Returns public information of ambassadors | |
| GET | /questions/ | questions array | Returns all answered questions | |
| POST | /questions/ | question object | created question object | Send a new question to the server |
| PATCH | /questions/:id/ | question object | updated question object | Update details of a specific question |
| PATCH | /questions/:id/update_views/ | updated question object | Increments the number of views of the question in the database | |
| POST | /questions/:id/subscribe/email/ | question id, email | question id and email | Creates an email notification event in the database |
| POST | /questions/:id/subscribe/push/ | question id, subscription event | message: "Subscription successful" | Registers a push notification subscription in the database |
All private routes require a valid JSON Web Token in the header as authentication.
| Method | End-Point | Request Body | Successful Response | Permission | Description |
|---|---|---|---|---|---|
| POST | /users/register/ | email, role, password, age, name, picture, location, bio | message: "User created." | Administrators | Creates a new account |
| PATCH | /users/update/ | email, new_email, new_password, role, age, name, picture, location, bio | message: "User updated." | Administrators, the user itself | Modifies an user account. It fails if no other administrator exists |
| DELETE | /users/delete/ | message: "User deleted." | Administrators, the user itself | Deletes an user. It fails if no other administrator exists | |
| GET | /questions/all/ | questions array | Ambassadors, administrators | Lists all questions, even unanswered ones | |
| GET | /questions/:id/ | question object | Ambassadors, administrators | Get all details about the question submitted | |
| PATCH | /questions/:id/modify | question object | question object | Ambassadors, administrators | Modify the question's details |
| DELETE | /questions/:id/ | message: "Question Deleted." | Ambassadors, administrators | Delete specific question | |
| PUT | /questions/:id/answer | answer object | question object | Ambassadors, administrators | Answer or update a previous answer |
| DELETE | /questions/:id/answer | question object | Ambassadors, administrators | Delete a previous answer |
The application can serve static files uploaded to the /static/ folder, and accessed through the /static/ route.
The application comes bundled to work in German and English out-of-the-box. Additional language must be hard-coded for now.
The application comes bundled with lowdb, ready to run out-of-the-box. However, if a more complex Database solution is required, only models need to be changed.
Emails are encrypted using cryptr and passwords are hashed and then stored using bcrypt.
Push notifications are implemented using the node.js package web-push. You can read more information about its usage in the project's github.
Email notifications are implemented using the node.js package nodemailer. You can find more information about its usage and configuration in the project's homepage.
If you need any help and/or want to get in touch with us, don't hesitate to Submit an Issue, and/or contact us at [email protected], or via Facebook and Twitter.
Thanks to Ahmad, Ahmed, Nickhil, Zain and Zeina for their support, hard work, and insights during the development and deployment of this solution.
This project was created in six months for the beautiful team of:
- Cornelia Blum: Lead.
- Pedro Poblete Lasserre: Coder.
- Hector Pahaut: Designer.
- Pooja Veerappa: User Researcher.
- Juli Maier: Mentor.
This project is licensed under the MIT License - see the LICENSE file for details.
Funding for the initial development of this project came from the Prototype Fund, an initiative of the German Federal Ministry of Education and Research.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent