What's the easiest way to override the limit of 100 for an api? I think this is coming form your other lib querymen but I am not really sure how to override it. It looks like maybe I can do this in the router, or the model, or?

When I try to set a limit greater than 100 I get:

logs?limit=101

{
  "name": "max",
  "param": "limit",
  "value": 101,
  "max": 100,
  "valid": false,
  "message": "limit must be lower than or equal to 100"
}

Hello,

I'm trying to sign in with curl into the API

curl -X POST http://0.0.0.0:9000/auth -i -u [email protected]:123456 -d "access_token=MASTER_KEY_HERE"

But its not working, returns me an error saying that: -d command not found

Do i need to update something? (i've already updated curl)

How would I go about uploading images? Currently I'm just uploading base64 encoded data

I know this could be easily dismissed as "a matter of taste", but I just wanted to mention that returning the model data at the top level of the json document hierarchy is considered a bit of an antipattern and something that I see other open source codebases moving away from.

I don't remember where I last saw this matter discussed but a quick 1 minute google search I was able to find a couple of guidelines around which corroborate this approach:

https://google.github.io/styleguide/jsoncstyleguide.xml?showone=data#data

and also:

http://jsonapi.org/format/#document-top-level

I've found some problems when trying to npm test on Windows.

First, npm run lint tries to lint package.json files, which obviously throws. The solution would be changing the script to: "lint": "eslint <%= srcDir %>/**/*.js" on https://github.com/diegohaz/generator-rest/blob/master/generators/app/templates/_package.json#L14

Another problem is the test script itself. It has a condition written in shell script and Windows doesn't recognize it. I'm looking for a cross-platform conditional statement solution, but found nothing yet.

Hi, when adding an object to the server, I get an error stating the payload is to large to add. I know what it is and I know how to fix it with these 2 lines.

app.use(bodyParser.json({ limit: '50mb', type: 'application/json' }))
app.use(bodyParser.urlencoded({ limit: '50mb', extended: true, parameterLimit: 50000 }))

I have overcome this problem on a previous server but I am struggling to get it to work with your sever which I am loving at the moment. Where I previously added these lines is in the index.js file where you export the "app" but It's not working.

Any advice?

Why do you have the models exporting in es2015 and commonjs formats?

See: https://github.com/diegohaz/generator-rest/blob/master/generators/api/templates/model.js#L48

As we add more auth providers (facebook, google, twitter etc.), I'm thinking of joining them in a single field, like services:

const UserSchema = new Schema({
  email: {
    type: String,
    match: /^\S+@\S+\.\S+$/,
    required: true,
    unique: true,
    trim: true,
    lowercase: true
  },
  password: {
    type: String,
    minlength: 6
  },
  services: {
    facebook: String,
    twitter: String,
    google: String,
    github: String
  },
  name: {
    type: String,
    index: true,
    trim: true
  },
  role: {
    type: String,
    enum: roles,
    default: 'user'
  },
  picture: {
    type: String,
    trim: true
  }
}, {
  timestamps: true
})

For Facebook, we just need to store the user id. I also don't know if it will be the same with twitter, google etc.

I've been playing around with validation for most of the inputs that are going through mongoose, I'm just wondering if there is going to be at any time some built in validation within the service? That being a lot quicker since some of it would already be generated, or it being simpler to implement.

On many places the terminatios are is missing which causes warnings in my IDE (ending lines with ;).

This looks optimizable from my POV.

Was there a reason to leave those?
If not maybe I can help you to do a cleanup here.

While using the yo:rest api tool to create an endpoint, when you get to the model generation part, it asks for a comma separated list of your fields. Is there a way to provide a model that has nested fields/arrays in this setup process?

For example:

-id
-colors
----color_name
----color_value
-categories
---category_name
---category_slug

...and so on.

I Generated a sample API on an existing project with "yo rest:api" which resulted to the files named as indicated:

Wondering if this is an upgrade, or something i'm yet to do as compared to this:

Thanks.

Steps

On generator's root:

yarn upgrade nock

On template's package.json

"nock": "^9.0.2",

I'm just leaving it here in the case of someone wants to contribute. 🎉

There're strange errors on CI that occur sometimes and break the tests. I think it's related to the integration between Mockgoose and AVA.

I don't know yet how to solve it, even though it's not a big problem. The solution, for now, is just restarting the build on Travis CI.

Hey man.

I see that when generating a new api, the get request that one can make with the master key etc it will return all the indexes/values. My question is I see with the get a query function is passed through

router.get('/', master(), query(), index)

Now my question that I have is can I make a custom query sent from the client side with a get request to return only the desired values from the query?

I created a client app in Angular js, in this app you can log in as an user and add articles. I merge my client with this server. I tried to log in with the user created in the terminal and everything i used (add Authorization: Bearer Access-Token in header request) i got this:
Request URL:http://0.0.0.0:9000/auth
Request Method:POST
Status Code:401 Unauthorized
Remote Address:0.0.0.0:9000

I used $http service.

Can you give me some advices?

I create api by using yo rest:api, How can I delete/remove it?

With Node 6.9 supporting 99% of ES2015, I wonder if still makes sense to force people who are unfamiliar with Babel to use it as a mandatory requirement.

It happens because the linter searches for a .eslintrc or a package.json file recursively starting in the current file path. The API folder has a package.json file, but this doesn't include an eslintConfig property, so it disables the linter.

Possible solutions:

• remove package.json from API folders;
• add eslintConfig to each package.json folder;
• add a .eslintrc file to the root directory.

I think the last one is the better solution.

Now it supports promises natively: https://github.com/kelektiv/node.bcrypt.js#with-promises

No need for promisifying this anymore.

Steps:

On generator's root:

yarn upgrade bcrypt

On template's api/user/model.js:

Remove this:

<%_ if (passwordSignup) { _%>
const compare = require('bluebird').promisify(bcrypt.compare)
<%_ } _%>

On userSchema.pre hook, change bcrypt.hash to promise:

bcrypt.hash(this.password, rounds).then((hash) => {
    this.password = hash
    next()
  }).catch(next)

Change compare to bcrypt.compare on authenticate method:

return bcrypt.compare(password, this.password).then((valid) => valid ? this : false)

On template's package.json, update bcrypt's version:

"bcrypt": "^1.0.1",

Maybe leverage something like this:
https://www.npmjs.com/package/mongoose-paginate

Some people are asking me about GraphQL support. I don't have much experience with it. But, as far as I know (please, correct me if I'm wrong), REST and GraphQL are two different approaches and can not coexist.

I'm working on some projects that would benefit from a GraphQL API, so I'm very into learning it and perhaps creating/using another generator or integrating it on generator-rest (if it's possible).

Just creating this thread to see if there're more people interested on this.

cc @cameronroe @arraisgabriel

Currently the README is the documentation generated by npm run docs, which could be in a DOCS.md file. It should put another useful info in the README (including a link to DOCS).

The same way Facebook and GitHub login was implemented, we need to:

• create a twitter service with a getMe method in generators/app/templates/services
• enable the option on generators/app/index.js#L51
• add the option on test/index.js#L8

It's important to note that the API will only handle the token provided by Twitter and not the entire OAuth process (it must be done on the client).

This issue is participating on the Digital Ocean's Hacktoberfest.

When I attempt to make a post request to one of my own api endpoint that I have generated, I'm continuing to get this below response. I think I'm using the API correctly I've followed along with the documentation a few times and it continues to occur.

TypeError: request.body.hasOwnProperty is not a function at JwtStrategy.<anonymous> (/Users/~/Documents/Development/Websites/servers-rest/node_modules/passport-jwt/lib/extract_jwt.js:30:42) at JwtStrategy._jwtFromRequest (/Users/~/Documents/Development/Websites/servers-rest/node_modules/passport-jwt/lib/extract_jwt.js:82:39) at JwtStrategy.authenticate (/Users/~/Documents/Development/Websites/servers-rest/node_modules/passport-jwt/lib/strategy.js:84:22) at attempt (/Users/~/Documents/Development/Websites/servers-rest/node_modules/passport/lib/middleware/authenticate.js:348:16) at authenticate (/Users/~/Documents/Development/Websites/servers-rest/node_modules/passport/lib/middleware/authenticate.js:349:7) at /Users/~/Documents/Development/Websites/servers-rest/src/services/passport/index.js:26:3 at Layer.handle [as handle_request] (/Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/layer.js:95:5) at next (/Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/route.js:131:13) at Route.dispatch (/Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/route.js:112:3) at Layer.handle [as handle_request] (/Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/layer.js:95:5) at /Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/index.js:277:22 at Function.process_params (/Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/index.js:330:12) at next (/Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/index.js:271:10) at Function.handle (/Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/index.js:176:3) at router (/Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/index.js:46:12) at Layer.handle [as handle_request] (/Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/layer.js:95:5) at trim_prefix (/Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/index.js:312:13) at /Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/index.js:280:7 at Function.process_params (/Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/index.js:330:12) at next (/Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/index.js:271:10) at Function.handle (/Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/index.js:176:3) at router (/Users/~/Documents/Development/Websites/servers-rest/node_modules/express/lib/router/index.js:46:12)

Regarding user access endpoints ( not related to admin/masterkey):

Correct me if I'm wrong, but it looks to me that the authentication and routing code currently has no built in mechanism for pŕeventing an authenticated user from accessing data related to other users by simply leveraging querymen to make queries that pass some other user's id ?

Hopefully I just failed to locate this, but in case it really doesn't exist, and because this is such a common requirement, it would be great to include a build-in mechanism for this so that this functionality could be activated by just adding an item or attribute ( could be named something like requireOwnId or ownerOnly ) to a route's middleware chain.

Hey. Could support for model relations be added, so we could be able to use the generator to have endpoints like GET books/{id}/pages?

The same way Facebook and GitHub login was implemented, we need to:

• create a google service with a getMe method in generators/app/templates/services
• enable the option on generators/app/index.js#L51
• add the option on test/index.js#L8

It's important to note that the API will only handle the token provided by Google and not the entire OAuth process (it must be done on the client).

This issue is participating on the Digital Ocean's Hacktoberfest.

For those who don't want to generate the *.test.js files or want to use another test library and create them by their own.

It should look more like:

api
├── user
│   ├── api.js
│   ├── api.test.js
│   ├── controller.js
│   ├── index.js
│   ├── model.js
│   └── model.test.js
└── index.js

Where api/user/api.js is the current api/user/user.router.js. I think it still makes sense while gives a better tree (since api comes alphabetically first).

The api/index.js file is the current routes.js file.

Also, this makes easier to change the endpoint names as one no longer needs to update the name of each file.

The api/user/index.js file should look like:

export api from './api'
export controller from './controller'
export model, { schema } from './model'

This apparently happens if you choose to generate a password reset endpoint but skip the sendgrid information prompt.
Not sure if this is expected behavior, but maybe it would be best to use placeholder information instead of not creating the module altogether?

I'm just thinking that the user might want to generate the code while not having their sendgrid information at hand.

module.js:457
    throw err;
    ^

Error: Cannot find module './api/password-reset'
    at Function.Module._resolveFilename (module.js:455:15)

Post a new Article

curl -X POST http://0.0.0.0:9000/articles -i -d "title=Awesome Article&content=YeahBaby access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"

TypeError: request.body.hasOwnProperty is not a function at JwtStrategy.<anonymous> (.../node_modules/passport-jwt/lib/extract_jwt.js:30:42)

Only on local version. It works on heroku. Any Idea?

Versions

IOS: 10.12
npm: 3.10.9
nodejs: 6.3.1
MongoDB: 3.2.8
passport-jwt "^2.1.0"

Hi, how would you send the request from the client side using angular 2 to authenticate the user and then send back the token with all the relevant details of the user?

I've tried searching and it looks like you'll need to add headers to the post from the client side but not sure how to do that. Can you maybe give me an example?

Can this work with auth0?

I'm fairly new to the concept of a master key. To me it makes sense as a "the dev who has this can get anything done", but by default it's middleware on the /auth endpoint and user creation. If I were to have a site that allows users to register themselves and to log themselves in... wouldn't that mean that they would need to have the master key stored locally? Am I misinterpreting how the master key is used? My understanding would be that both of these endpoints should have no authorization middleware.

Should I remove these from these two endpoints if that is the case?

Steps:

On generator's root:

yarn upgrade babel-jest jest-cli 

On template's package.json

"setupTestFrameworkScriptFile": "<rootDir>/test/setup.js"
...
"babel-jest": "^18.0.0",
...
"jest-cli": "^18.0.0",

Currently response strings are hardcoded, so creating a project for non-English users requires to carefully search and replace all user facing text.

At least having all text strings centralized in a single location would make this task much easier and less error prone.

Side note: Let me know what is the best way for me to contribute with suggestions like this. Maybe a
Product Pains page would be a better option as not to clutter the issues page with these enhancement requests.

I'm not a native speaker either, but I think most people would understand API as the complete collection of all related endpoints in a given system or project, while :endpoint would make more sense to describe each individual URL to manipulate a single named resource.

Steps

On generator's root:

yarn upgrade rand-token

On template's package.json

"rand-token": "^0.3.0",

I'm just leaving it here in the case of someone wants to contribute. 🎉

Steps

On generator's root:

yarn upgrade dotenv-safe

On template's package.json

"dotenv-safe": "^3.0.0",

I'm just leaving it here in the case of someone wants to contribute. 🎉

With this, everything will be up to date. 🙌

Look for an alternative to that. The project is awesome, but seems unmaintained. There're old PRs unmerged (even people asking for that), like one we need, and the owner doesn't answer.

As it will only run on the server, it doesn't need to be transpiled to dist and the root directory can be deployed as well.

The generator generates code for creating users, logging in, but nothing for logging out/ destroying the session.

Is there a recommended approach?

AVA is an excellent test runner, but it doesn't work well when you have multiple test files, it's extremely slow (reference: avajs/ava#808).

I'm using Jest in a React project and it's very promising, also running tests in parallel.

It looks like sendgrid is currently only used to reset user passwords. If that is the case it would be nice to have it also used to send a confirmation email upon user registration, so that it can be properly validated.

I suppose this would require the use of a unique email validation token.

Just getting started testing this codebase but it already looks awesome from the get go. :-)
To make it even more awesome, it would be great to add an option to name the User model something else.

For reference, KeystoneJS has this feature on their generator, btw.

The reasoning is that a lot of projects, such as the one I'm working now, support multiple api users under the same paying account, so to model this, instead of a User model I have an Account model (which is the equivalent to the user model you have) and a Profile model instead.

I am getting error on entering yo rest . It installs dependencies but towards the end it gives error.

I am using windows 8.1

npm ERR! Windows_NT 6.3.9600
npm ERR! argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Users\\Thomas\\AppData\\Roaming\\npm\\node_modules\\npm\\bin\\npm-cli.js" "intall"
npm ERR! node v6.9.1
npm ERR! npm  v3.10.6
npm ERR! path C:\Users\Thomas\my-api\node_modules\.staging\jsonpointer-10566ae3
npm ERR! code EPERM
npm ERR! errno -4048
npm ERR! syscall rename

npm ERR! Error: EPERM: operation not permitted, rename 'C:\Users\Thomas\my-api\node_modules\.staging\jsonpointer-10566ae3' -> 'C:\User\Thomas\my-api\node_modules\jsonpointer'
npm ERR!     at destStatted (C:\Users\Thomas\AppData\Roaming\npm\node_modules\npm\lib\install\action\finalize.js:25:7)
npm ERR!     at FSReqWrap.oncomplete (fs.js:123:15)
npm ERR!
npm ERR! Error: EPERM: operation not permitted, rename 'C:\Users\Thomas\my-api\node_modules\.staging\jsonpointer-10566ae3' -> 'C:\User\Thomas\my-api\node_modules\jsonpointer'
npm ERR!     at Error (native)
npm ERR!  { Error: EPERM: operation not permitted, rename 'C:\Users\Thomas\my-api\node_modules\.staging\jsonpointer-10566ae3' -> 'C:\Uers\Thomas\my-api\node_modules\jsonpointer'
npm ERR!     at destStatted (C:\Users\Thomas\AppData\Roaming\npm\node_modules\npm\lib\install\action\finalize.js:25:7)
npm ERR!     at FSReqWrap.oncomplete (fs.js:123:15)
npm ERR!
npm ERR! Error: EPERM: operation not permitted, rename 'C:\Users\Thomas\my-api\node_modules\.staging\jsonpointer-10566ae3' -> 'C:\User\Thomas\my-api\node_modules\jsonpointer'
npm ERR!     at Error (native) parent: 'my-api' }
npm ERR!
npm ERR! Please try running this command again as root/Administrator.

npm ERR! Please include the following file with any support request:
npm ERR!     C:\Users\Thomas\my-api\npm-debug.log

1.Create project and install npm.
2.Start mongo db.
3.Use postman to retrieve "users" "GET" http://0.0.0.0:9000/users
3.1 try to add access_token behind URL (default MASTER_KEY)
3.2 try to add access_token in headers (default MASTER_KEY)

Result: 401 unauthorized
Expect: empty array.

The same way Facebook login was implemented, we need to:

• create a github service with a getMe method in https://github.com/diegohaz/generator-rest/tree/master/generators/app/templates/services
• create a passport method like https://github.com/diegohaz/generator-rest/blob/master/generators/app/templates/services/passport/index.js#L70-L77
• and enable the option on https://github.com/diegohaz/generator-rest/blob/master/generators/app/index.js#L51

It's important to note that the API will only handle the token provided by Github and not the entire OAuth process (it must be done on the client).

This issue is participating on the Digital Ocean's Hacktoberfest.

I was curious on the reason/purpose to have a package.json file under each api module folder? Tried finding an answer/example online and seen a couple others do the same but never found explanation.

Thanks;