group-car-api's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot]")
Stargazers
Watchers
group-car-api's Issues
Get licenses of all used libraries.
| Description | As a user, I want to view all used libraries and their license. |
| Acceptance criterion | A new endpoint exists with which a list of licenses of all used libraries can be retrieved. |
Get groups of user
| Description | As a user, I want to get all groups I'm a member of. |
| Acceptance criterion | A new endpoint exists with which a user can get all groups which he/she is a member of |
Crash when not index site accessed
Leave group
| Description | A user can leave a group he/she is in. |
| Acceptance criterion | A new endpoint exists with which a user can leave a group he/she is in. A user can only leave groups of which he/she is not the owner. |
Update group
| Description | Group admins can update group attributes. |
| Acceptance criterion | A new endpoint exists with which any admin of a group can change the following attributes of the group: name, description |
Change authentication system
| Description | As a user, I want my account to be secure and as a web page owner, I want the application and thus my server to be secured and safe. |
| Acceptance criterion | The authentication and security system proposed in https://docs.mygroupcar.de is implemented |
Create car with location
| Description | As a user, I want to create a car with an already predefined location |
| Acceptance criterion | The create car endpoint will accept latitude and longitude as optional information. |
Inviting user with username
The current implementation of the invite user endpoint requires the user to know the id of the user he/she wishes to invite. This is not something the user should know. Add the property username to the request body to allow invite via username.
Disable automatic account creation
| Description | As the website host I want to have complete control over who creates an account. |
| Acceptance criterion | If a user creates an account the account itself is not created. But the website host is notified that a user wants to create an account. The host can then accept the request and create the account. The user will then be notified of that. |
Remove members from get group endpoint
Reason
With the new members endpoint, it's not necessary to include members in the get groups endpoints. This way the group service and repository can be simplified.
Profile picture generation endpoint
A new endpoint should be added with which a pseudo-random generated profile picture should be returned. Which can be shown to the user when he/she wants to create a new account. The seed for the pseudo-random generation is the given username.
Added error object to error response
| Description | As a front-end developer, I want that every error response includes the error class with name and additional properties. |
| Acceptance criterion | Rework error handler to include error class in error response. |
Adding profile pictures to user accounts
Every user account gets a pseudo-random generated profile picture which will be stored and can be accessed.
Delete car
| Description | As an admin of a group I want to delete a car. |
| Acceptance criterion | A new endpoint exists with which cars can be deleted from groups. |
Get current backend version
| Description | As a developer and a user, I want to get the version of the backend for better tracability of errors. |
| Acceptance criterion | The new endpoint /versions.json is added with which the version of the backend is returned. |
User login
Feature
User can log in with new endpoint if he previously signed up.
Acceptance
A new endpoint is created with which the user can log in. A user can only log in if he has an account
- New endpoint for log in
- Handle login of user
Create car for group
| Description | As an admin of a group, I want to create cars for the group. |
| Acceptance criterion | A new endpoint exists with which an admin of a group can create a car for the group. To create a car the name, a color and a symbol have to be provided. |
Get invited users of group
| Description | As a member of a group, I want to view all invited users which are not yet members |
| Acceptance criterion | A new endpoint exists with which all invited users of a group can be retrieved |
Get own invites
| Description | As a user, I want to see all my invites |
| Acceptance criterion | A new endpoint exists with which a user can get a list of all invites he/she has. |
Use car
| Description | As a member of a group, I want to use a car if it's available. |
| Acceptance criterion | A new endpoint exists with which a member of a group can use a car. The car can only be used if it's not already in use (indicated by location and driver). A member can only use a car if he/she is currently not using any other car in the group. If the member uses a car, the location will be set to null and the driver is set to that user. |
Endpoint for token login
Api endpoint for the frontend to login only via the jwt token. Check if not pre-login token and if username still exists. If all checks correct respond with ok and if not with unathorized.
Change password
| Description | As a user, I want to change my password. |
| Acceptance criterion | Add a new enpoint with which the password of a user can be changed. The endpoint should require the correct old (current) password and a new password, which fulfills the password constraints, in the request body. If not given or if the fields are incorrect (e.g. not the correct old password), the endpoint should return the appropriate error response. A more detailed description of the endpoint and the steps for the implementation are given below. |
Enpoint Specification
Method: POST
Required Request Body:
{
"oldPassword": "<string>",
"newPassword": "<string>",
}Implementation details
- Check if old and new password are different.
- Check if new password fulfills password constraints.
- Check if old password is correct.
- If all checks passed, change password. โ๏ธ
Create group
A user can create a new group and is then the owner and an admin of that group.
| Description | User can create new groups |
| Acceptance criterion | A new endpoint exists with which any user can create a new group. If a user creates a new group, the user is the owner and an admin of that group. |
Remove default database flush
Without specifying the argument --disableFlush the database will be flushed on each start. This is unnecessary and should be removed. Instead, add the argument --flush-db which will force flush the database.
Bug: Incorrect handling of expired session
If the session expires, the server replaces the jwt cookie with a PreLogin session and should send a NotLoggedInError response to show the client that the user is not logged in anymore. But instead, it sends an UnauthorizedError. This leads to unexpected behavior in the client and will show a confusing error message.
Update validation for sign-up
The sign-up endpoint has to be updated with new validation constraints.
The following constraints have to be added:
- Username cannot contain whitespaces
- Username has to consist of certain characters
- Username has to be at least 4 characters long
- Username has to be shorter than 25 characters
- Password has to be shorter than 255 characters (database restriction)
Refactor project
| Description | As a developer, I want a consistent and clean project to work with. |
| Acceptance criterion | Clean project files, remove unused files, reorganize root file, and refactor everything to use services and repositories |
Give other user admin permissions
| Description | Any admin of a group can make other users of the group admins. |
| Acceptance criterion | A new endpoint exists with which an admin of a group can make another user of the same group an admin. |
New endpoint for logout
A new endpoint is added with which a user can logout
Update car of group
| Description | As an admin of a group I want to change the name, color, and/or symbol of a car |
| Acceptance criterion | A new endpoint exists with which the data of a car can be updated. |
Get all users
| Description | Any user can get a list of all users. |
| Acceptance criterion | A new endpoint exists with which a user can get a list of all users. The list only contains the username |
Rework pipeline for more deploy steps
Add following stages to pipeline:
- Development Deploy:
- Executed on every push or pull request on the develop branch
- Deploys current state to the development server
- Beta Deploy:
- Executed on every push or pull request to the master branch
- Deploys current state to beta server
- Release Deploy:
- Same step as deploy is now
- This deploy stage is the only one with version checking
Progress:
- Dev Deploy
- Beta Deploy
- Release Deploy
Store when user last logged in
| Description | As a user, I want to know when i last logged in. |
| Acceptance criterion | When a user logs in, the time will be stored in the database. This time will be added to login or checkLoggedIn response |
Park car
| Description | As the driver of a car, I want to park the car at a specific location. |
| Acceptance criterion | A new endpoint exists with which a member of a group, who is currently driving a car, can park that car. Parking means, that the location will be set and the driver is set to null. |
Bug: Endpoint /auth/token not working correctly
The endpoint which serves to reinitiate a session always throws 401 Error
Kick user
| Description | As an admin, I want to kick users from a group. |
| Acceptance criterion | A new endpoint exists with which an admin can kick any not admin user from the group the current user is an admin of. |
Delete group
| Description | The owner of a group can delete the group. |
| Acceptance criterion | A new endpoint exists with which the owner of a group can delete the group. |
Get cars
| Description | As a member of a group I want to get all cars of that group. |
| Acceptance criterion | A new endpoint exists with which a member of a group can get the list of cars of that group. Each car should also include the data of the driver if one is defined. |
User can signup
Feature
The user can sign up by via a new request.
Acceptance
A new user is created, the password is hashed and salted.
- New endpoint for signup
- Store new user in database
Get list of members
| Description | As a member of a group, I want to get a list of all members of a group. |
| Acceptance criterion | A new endpoint exists with which the list of members of a specified group can be retrieved. |
Get live car updates
| Description | As a member of a group, I want to subscribe to changes to the cars of a group. |
| Acceptance criterion | Websockets are added rto the server, preferably with Socket.io. It's possble for a client to subscribe to changes of the cars if a group via a dynamic path. When subscribing, it's checked if the user is a member if the group and only then are they able to subscribe. |
Dockerize deployment
Invite user to group
| Description | Admins can invite other users to a group. |
| Acceptance criterion | A new endpoint exists with which an admin of a group can invite other users to the group. |
Add monitoring
Add performance, error and misc monitoring
Extending authentication with JWT
Feature
If the user logs in or signs up he receives a JWT Token with which the api can be used.
Acceptance
If the user logs in, a JWT is returned which will be set as cookie (Double Submit Method). The JWT defines the role of the user, the allowed routes and has an expiration time.
Get invitations
| Description | A user can get all his/her invitations. |
| Acceptance criterion | A new endpoint exists with which a user can retrieve all invitations for him/her. |
Join group
| Description | A user can join a group for which the user has an invitation. |
| Acceptance criterion | A new endpoint exists with which a user can join a group for which the user has an invitation. |
Transfer ownership
| Description | The owner of a group can transfer his/her ownership to another user of the group. |
| Acceptance criterion | A new endpoint exists with which the owner of a group can transfer the ownership to another user of the group. |
Websockets won't send user data when car is added/parked/drove
The data sent over the websockets if the car of a group is added, parked or driven is missing user data
Revoke admin permissions
| Description | An admin can revoke the admin permissions of other users. |
| Acceptance criterion | A new endpoint exists with which an admin can revoke the admin permissions of any other user in the group as long as the user is not the owner. |
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.