When sending the password reset email , would be nice to have a proper email template instead of having just plain text email sent to the user.

For the reference on the email template the confirm email template can be used.

As for the images/logos any placeholder (no explicit content allowed) image will be fine until the proper banners and logos are created.

Here is a screenshot of the email confirmation template:

To create email templates you can use services such as Mailchimp to create templets using their UI tools and than export it as single html file.

Create a middleware for protected routes that need to verify JWT before any action is taken so we can prevent any unauthorized access and malicious attempts

When the user deletes their account, would be nice to have a proper email template instead of having just plain text email sent to the user.

For the reference on the email template the confirm email template can be used.

As for the images/logos any placeholder (no explicit content allowed) image will be fine until the proper banners and logos are created.

Here is a screenshot of the email confirmation template:

To create email templates you can use services such as Mailchimp to create templets using their UI tools and than export it as single html file.

Describe the bug
When calling the save method there is a SQL error thrown because the password column value doesn't get set.

SQLSTATE[23502]: Not null violation: 7 ERROR: null value in column "password" violates not-null constraint

The issue is in Entities.php:80

Just removing the ReflectionProperty::IS_PUBLIC parameter fixes the issue on the register endpoint but not sure if it breaks anything else.

To Reproduce

$user = new UserEntity();
$user->name = "Tester Test";
$user->email = "[email protected]";
$user->username = "test";
$user->set_password("test123");
$user->save();

Expected behavior
A new user gets added to the database or an existing one gets updated.

Whenever the delete method is called for entities, we should also check if there are any files associated with that entity and if there are, we should remove the from the disk.

• When a user deletes their account it should remove their profile image if it exists #207
• When a user updated their profile image, remove the old one if it exists #210
• #218

Currently when using the Validation class from the Core\Utility\Validation.php you can only validate data available to you from the Request class which covers all the request body data, but sometimes there is a need to validate some custom data that may not be present in the Request class.

What I'd like to be able to do is, specify the value I want to validate instead of using just the Request class as an argument.

Currently when calling the Validation class we do:

Validation::validate([
		["restaurantID" => [ValidationRules::REQUIRED, ValidationRules::VALID_UUID]],
		["ratingID" => [ValidationRules::REQUIRED, ValidationRules::NUMERIC]]
], $request);

but what I'd like to be able to do is

Validation::validate([
		["restaurantID" => [ValidationRules::REQUIRED, ValidationRules::VALID_UUID]],
		["ratingID" => [ValidationRules::REQUIRED, ValidationRules::NUMERIC]],
                ["name" => [ValidationRules::REQUIRED],
                ["email" => [ValidationRules::REQUIRED, ValidationRules::VALID_EMAIL],
], $request, ["name" => $name, "email" => $email]);

It would be nice if we're able to keep the old functionality as is, but also extend it to support this new one

When generating a new access token Math.floor is used to round and update expiry time longer by 2 hours.

This should be reconsider and created in a way were we do not need to relay on the Math functions so that the validity of token can be verified better

There needs to be a refresh token generated for a user when they login and stored in the database so that it can be revoked later but while it is active be used to generate a new access token that will allow the user access to the API.

• Generate refresh token
• Store the token in the database
• Create refresh token endpoint ( /token maybe)
• Validate that the refresh token is valid on request to that endpoint
• Return new access token as a response
• Create invalidate / revoke token endpoint (/token again but with delete request to it or maybe /logout )

@all-contributors please add @negue for ideas and help

With the user profile being load from the API there is no need to sto so much information in the token anymore.

Now it would be better if the token only contained the user guid, power level and maybe a full name.

Is your feature request related to a problem? Please describe.
When using the Validation class we have the ability to validate values to make sure they are of a numeric type, but we are missing options for validating if that value is also constrained in a certain range as well.

Describe the solution you'd like
To have new ValidationRules such as ValidationRules::MINIMUM_VALUE, ValidationRules::MAXIMUM_VALUE, ValidationRules::IN_RANGE

Usage examples

Validation::validate([
  ["restaurantID" => [ValidationRules::REQUIRED, ValidationRules::VALID_UUID]],
  ["ratingID" => [
    ValidationRules::REQUIRED, 
    ValidationRules::NUMERIC, 
    [ValidationRules::MINIMUM_VALUE => 0],
    [ValidationRules::MAXIMUM_VALUE => 100],
    [ValidationRules::IN_RANGE => [0, 100]],
 ]
], $request);

@all-contributors please add @negue for idea and help

Create an API endpoint for user registration.

This module is not yet developed, but once it does get developed we need to implement the functionality that will allow us to remove any images associated with a review when that review gets deleted. This might also happen when someone deletes a restaurant as well, because in that case all the reviews linked to it would be deleted as well so we need to make sure that images get deleted as well. This issue will be updated once the reviews modules gets created

There needs to exists a documentation of all API endpoints with description of them and their parameters, also certain routes are only available to certain users so that should be noted in the documentation as well.

Suggestions for API documentation tools/libraries:

• Postman
• Swagger

Here are some articles that might be a good starting point:

Express API with autogenerated OpenAPI doc through Swagger | Dev.to
How we use Open API v3 specification to auto-generate API documentation, code-snippets and clients | Medium

Any feedback and/or helps is much appreciated on this.

There should be tests created for all the API routes.

Some resources for it:

Testing ExpressJS REST API with Mocha and Chai | Medium
How to Test Nodejs Code and RESTful API | CodeForGeek
Testing NodeJs/Express API with Jest and Supertest | Dev.to
Mocking ExpressJS Request and Response objects | ITNEXT

The projects programming language has changed from typescript to php so these links are no longer useful.
New links:

• Testing your API with PHPUnit
• Using Guzzle and PHPUnit for REST API Testing
• PHPUnit

As always any help and/or feedback is welcomed :)

Describe the bug
When you try to delete a user account with no image set, it throws an error because it tries to delete folder as the full path isn't provided

To Reproduce

• Crete an account
• Login to that account
• Delete the account

Expected behavior
For the account to be deleted without throwing an error

When a users updates their profile image the old profile image should be removed from the disk, but at the moment it stays there if the new image has a different extension than the previous one.