The API was built with a focus on performance, intuitiveness and ease of use with the clients in mind. It uses:
- RESTful architecture fully decoupled from clients
- CRUD routes with ACL based on token scope and resource ownership
- OAuth 2 flow with the following grant types:
- Authorization Code for third party clients
- Authorization Code or Resource Owner Password Credentials for first party clients
- auth security
- every request (except
/) requires token authorization - passwords are encrypted with the PBKDF2 function
- a 256-bit key is derived with
sha256using a 256-bit salt in 8192 iterations => encryption is both fast and secure - passwords NEVER leave the API server
- a 256-bit key is derived with
- every request (except
- implement a socket-based messaging system with hapi-io
- expose RethinkDB post feeds (through sockets)
- use SSL for Vantage connections
- service emails
You need the following:
node.jswith generators support orio.js- a RethinkDB server running on localhost
If you're using the FOUfashion/development repo set-up, run these commands to start the database and the reverse proxy:
$ docker-compose up -d rethinkdb
$ docker-compose up -d nginx
$ source ../.env# install dependencies
$ npm install
# build and start the server
$ npm run build && npm start
# start and reload the server automatically on changes
$ npm run start-watchFou API uses Lab to run tests and Code for assertions.
# run the tests
$ npm test
# automatically re-run the tests on code changes
$ npm run test-watch
# run the tests and generate a coverage.html report
$ npm run coverage
# automatically re-run the tests with coverage on code changes
$ npm run coverage-watch
# also lint the code if you're feeling fancy
$ npm run lint
# and if you can't help from typing...
$ npm run lint-watchThe API blueprint is available at docs.fou.apiary.io.
Other docs like the database diagram are included there.
The API uses Vantage to create a remote CLI intended only for private use. It is used to create resources and generate auth credentials for first-party clients without exposing these abilities to everyone else.
# install vantage
$ npm intall -g vantage
# enable the CLI
$ export API_CLI_ENABLED=true
$ export API_CLI_USER=admin
$ export API_CLI_PASS=admin
# start the server
$ npm start
# connect to the CLI
$ vantage 127.0.0.1:4000You'll need to authenticate with the specified credentials.
I use Atom with atom-beautify, autocomplete, language-babel, linter and linter-eslint. These plugins provide code formatting, auto completion, ES6+ support and linting.