UNPKG

minapi

Version:

Minimum viable API w/ authentication and permissions, CRUD and resource management

github.com/avenuedigital/MinAPI

avenuedigital/MinAPI

120 lines (118 loc) 3.57 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
module.exports = { "name": 'api.entreheart.com', "auth": { _verify: { _email: true, _sms: false, }, _env: { getSecret: () => process.env.AUTH_SECRET, }, }, "models": [ { _name: 'user', _label: ['User', 'Users'], _collection: 'user', _values: { _id: ['ObjectId', 'r,u,d'], /* for r, u, d, simply for where -- what about safe views, data returns? */ email: ['String', 'c,r,u', ['email']], email_verified: ['Boolean', 'c,r,u'], sms: ['String', 'c,r,u', ['email']], sms_verified: ['Boolean', 'c,r,u'], password_hash: ['String', 'c,r,u', ['_default', 'test']], first_name: ['String', 'c,r,u', ['first']], last_name: ['String', 'c,r,u', ['last']], display_name: ['String', 'c,r,u', ['name']], role: ['String', 'c,r,u'], }, }, { _name: 'organization', _label: ['Organization', 'Organizations'], _collection: 'organization', _values: { _id: ['ObjectId', 'r,u,d'], name: ['String', 'c,r,u', ['sentence', { words: 3 }]], active: ['Boolean', 'c,r,u'], professor_id: ['ObjectId', 'c,r'], student_ids: ['Array(ObjectId)', 'c,r,u'], }, }, { _name: 'group', _label: ['Group', 'Groups'], _collection: 'group', _values: { _id: ['ObjectId', 'r,u,d'], name: ['String', 'c,r,u', ['sentence', { words: 2 }]], student_ids: ['Array(ObjectId)', 'c,r,u'], organization_id: ['ObjectId', 'c,r'], author_id: ['ObjectId', 'c,r'], }, }, { _name: 'student', _label: ['Student', 'Students'], _collection: { _name: 'user', _filter: { role: 'student' }, }, _values: { _id: ['ObjectId', 'r,u,d'], first_name: ['String', 'c,r,u', ['first']], last_name: ['String', 'c,r,u', ['last']], display_name: ['String', 'c,r,u', ['name']], }, } ], "routes": () => { const where = '_id' const professor = {and: [ `@user.role=professor`, `@user._id=@organization.professor_id`]} const allProfessors = `@user.role=professor` const students = `@user._id=in=@organization.student_ids` const studentAuthor = collection => `@user._id=@${collection}.author_id` const group = `@user._id=in=@group.student_ids` return [ { _id: "/organizations(organization)", _create: { allow: allProfessors }, _readAll: { allow: professor }, _read: { where, allow: {or: [professor, students] }}, _update: { where, allow: professor }, _delete: { where, allow: professor }, }, { _id: "organizations/groups(group)", _create: { allow: {or: [professor, students] }}, _readAll: { allow: {or: [professor, students] }}, _read: { where, allow: {or: [professor, students] }}, _update: { where, allow: {or: [professor, group] }}, _delete: { where, allow: {or: [professor, group] }}, }, { _id: "/students(student)", _readAll: { where: { '_token' : ['_id', 'first_name', 'last_name', 'email']}, allow: professor }, _read: { where, allow: professor }, }, { _id: "organizations/students(student)", _readAll: { where: { '_token' : ['_id', 'first_name', 'last_name', 'email']}, allow: {or: [professor, students] }, filter: students }, _read: { where, allow: {or: [professor, students] }, filter: students }, }, ] }, "notifications": { _active: { "email": 'postmark', }, _providers: { "postmark": { _env: { getToken: () => process.env.POSTMARK_SERVER_API_TOKEN, getFrom: () => process.env.EMAIL_FROM, }, }, }, }, }