|
1 | | -To use your own database, configure properly properties file under server/src/main/resources/database.properties, |
2 | | -then initialize the database with sakila-min.sql script. |
| 1 | +#Java Web API |
| 2 | +A simple **standalone web application** providing API. |
3 | 3 |
|
4 | | -API Default Admin User: user=sa, token=bdd69043cade8ba513813e2e17cd25e241e259bdac956dab2d437b43f40d9514 |
| 4 | +The API gives access to database resources and returns data in **JSON**. |
| 5 | + |
| 6 | +Built using **plain Java EE** and **Jetty** server. |
| 7 | + |
| 8 | +Implemented with **DAO** pattern. |
| 9 | + |
| 10 | +Tested on **H2Database** v1.4.196. |
| 11 | + |
| 12 | +##Configuration |
| 13 | +* Build using Maven `mvn install` |
| 14 | +* Create a new database |
| 15 | + * you can find **ready-to-go** database and .properties files in folder `/example_db`. |
| 16 | + Use these to skip the following two steps. |
| 17 | +* Initialize the database with provided script `/sakila-min.sql` |
| 18 | + * by default script provides admin user as _user: admin'_, _password: 'admin'_ |
| 19 | +* Create _.properties_ file including all necessary data: |
| 20 | + |
| 21 | + `example.properties` |
| 22 | + ``` |
| 23 | + <pre> |
| 24 | + url=<i>url of your database</i> |
| 25 | + driver=<i>jdbc driver of your database</i> |
| 26 | + username=<i>login for your database</i> |
| 27 | + password=<i>password for your database</i> |
| 28 | + </pre> |
| 29 | + ``` |
| 30 | +* Run application with the following parameters: |
| 31 | + * `-port [1024..49151]` - port number that will be used by server |
| 32 | + * `-dbProps path` - **relative** path to _.properties_ file |
| 33 | +* Now you are able to connect at localhost:_port_ and start sending requests! |
| 34 | +
|
| 35 | +##Authentication |
| 36 | +Every user of API has to pass his username and access token along with every request: |
| 37 | +
|
| 38 | + `/route?user=username&token=user_token&key1=val1&key2=val2...` |
| 39 | +
|
| 40 | +Of course, all parameters can occur in any order. |
| 41 | +
|
| 42 | +##Public routes |
| 43 | +API consists of 3 public routes: |
| 44 | +* **/actors** - provides access to actors data |
| 45 | +* **/films** - provides access to films data |
| 46 | +* **/languages** - provides access to languages data |
| 47 | +
|
| 48 | +###GET Parameters |
| 49 | +#### All routes |
| 50 | +All of the routes mentioned above provide: |
| 51 | +* obtaining all records under given route |
| 52 | +
|
| 53 | + /actors?... |
| 54 | +
|
| 55 | +* using multiple values of given filtering parameter |
| 56 | +
|
| 57 | + /films?id=2,3,5,7... |
| 58 | +
|
| 59 | +* obtaining a record by its id - by parameter _id_ |
| 60 | +
|
| 61 | + /actors?id=1... |
| 62 | +
|
| 63 | +* pagination - by parameters _page_ (counting from 0) and _perPage_ |
| 64 | +
|
| 65 | + /films?minLength=60&page=2&perPage=10... |
| 66 | +
|
| 67 | +* ordering - by parameter _order_ (_desc_, _asc_) |
| 68 | +
|
| 69 | + /languages?order=asc... |
| 70 | +
|
| 71 | +####Route-specific parameters |
| 72 | +
|
| 73 | +#####/actor |
| 74 | +* firstName |
| 75 | +
|
| 76 | + /actors?firstName=Woody... |
| 77 | +
|
| 78 | +* lastName |
| 79 | +
|
| 80 | + /actors?lastName=Williams... |
| 81 | +
|
| 82 | +
|
| 83 | +#####/film |
| 84 | +You can mix title and language with both minLength and maxLength. |
| 85 | +
|
| 86 | +* title |
| 87 | +
|
| 88 | + /films?title=twisted pirates... |
| 89 | +
|
| 90 | +* language |
| 91 | +
|
| 92 | + /films?language=mandarin... |
| 93 | +
|
| 94 | +* minLength (with duration equal or greater than) |
| 95 | +
|
| 96 | + /films?title=twisted pirates&minLength=99... |
| 97 | +
|
| 98 | +* maxLength (with duration equal or less than) |
| 99 | +
|
| 100 | + `/films?language=mandarin&maxLength=99...` |
| 101 | +
|
| 102 | +#####/language |
| 103 | +* name |
| 104 | +
|
| 105 | + /language?name=english... |
| 106 | +
|
| 107 | +##Admin routes |
| 108 | +Non-public (accessible only to application's admins) part of the API has 2 routes: |
| 109 | +* **/user** - provides access to users data |
| 110 | +* **/admin** - provides access to mechanisms of user management |
| 111 | +
|
| 112 | +Operations on these routes don't subtract from your usage limit. |
| 113 | +
|
| 114 | +###User |
| 115 | +Every user is created with |
| 116 | +* role - _user_ (standard user) or _admin_ (administrator), |
| 117 | +* name, |
| 118 | +* access token, |
| 119 | +* usage limit. |
| 120 | +
|
| 121 | +After _limit_ requests, every user has to get his limit renewed by an admin. |
| 122 | +
|
| 123 | +###Standard user |
| 124 | +Can access all **public** routes of the API in terms of his usage limits. |
| 125 | +
|
| 126 | +###Administrator |
| 127 | +Can access **all routes** of the API in terms of his usage limits and has ability to: |
| 128 | +* access all users' data, |
| 129 | +* add new users, |
| 130 | +* delete current users, |
| 131 | +* renew current users' usage limits. |
| 132 | +
|
| 133 | +###GET Parameters |
| 134 | +
|
| 135 | +#####/user |
| 136 | +* as well as in public API, you can order and paginate the results as well as get multiple results |
| 137 | +by listing many ids |
| 138 | +
|
| 139 | + /user?page=1&perPage=5&order=asc |
| 140 | +
|
| 141 | +* filter |
| 142 | + * all (returns all users) |
| 143 | +
|
| 144 | + /user?filter=all... |
| 145 | +
|
| 146 | + * admin (filters by role) |
| 147 | +
|
| 148 | + /user?filter=admin... |
| 149 | +
|
| 150 | + * user (filters by role) |
| 151 | +
|
| 152 | + /user?filter=user... |
| 153 | +
|
| 154 | + * noaccess (returns users that have exhausted their usage limit) |
| 155 | +
|
| 156 | + /user?filter=noaccess... |
| 157 | +
|
| 158 | +
|
| 159 | +#####/admin |
| 160 | +* action |
| 161 | + * add |
| 162 | +
|
| 163 | + /admin?action=add&role=user&name=foo&limit=16 |
| 164 | +
|
| 165 | + * renew |
| 166 | +
|
| 167 | + /admin?action=renew&id=256&limit=4096 |
| 168 | +
|
| 169 | + * delete |
| 170 | +
|
| 171 | + /admin?action=add&id=65536 |
| 172 | +
|
| 173 | +
|
| 174 | +You can modify multiple records within one request, for example: |
| 175 | +
|
| 176 | + /admin?action=renew&id=1,2,4,8&limit=16,32,64,128 |
| 177 | +
|
| 178 | +
|
| 179 | +##Credits |
| 180 | +Thanks to [@math-g](https://github.com/math-g) for porting Sakila (sample MySQL database) to H2 dialect. |
| 181 | +
|
| 182 | +
|
| 183 | +<sub>And yeah, this API is vulnerable to SQL-injection. Emm... **let's call it a feature...**</sub> |
0 commit comments