ksquareincmx / conference-server-next Goto Github PK

What happens is that when there's an error with JWT, the main thread gets blocked and the app fail.

Try sending an incorrect JWT or not JWT token at all, and see what happens.

stark conference room is gonna have a minimum attendance of 6 people, if the attendance is less it shouldn't let you book the room (and send an error)

Currently all models are being stored into memory, so nothing persists after the app is shutdown.

Please add MySQL as a datasource.

Keep in mind that...

• All models should be persisted into MySQL
• Add migrations (if needed)
• Add configuration to set up connection to the DB instance.

Currently, when a new Booking is scheduled we send an email to the user (or invitees).

We need a sendEmail option that when provided the server will send the invite through email. This option should be set as false as default. Keep in mind that this option does not need to be stored in to the DB.

User cannot edit and delete bookings at the moment. Console returns a 401 error.

Due to short lifespan of a JWT a refresh token is needed to allow the user to keep using the application without needing to login again.

• Token should be a unique random string with a length of 150 characters.
• It should have a lifespan of 15 days
• It should be stored into DB with userId and expirationTime.
• On authentication, refresh token should be send as an HttpOnly Cookie.

ask tona how this thing should work

slack/gmail jwt auth not working.

ask German about this task.

Ask German for help.

Due to the short lifespan of a JWT we need to implement a refresh token to allow users to keep using the app without the need of authenticating again.

• #36 Send refresh token on authentication request
• #37 Add /refreshToken endpoint
• Reduce JWT lifespan to 12 hrs
• Make a scheduled task to remove expired tokens

On the REDME file is not clear how to start and set up the project properly for development purposes.

To ensure that future developers can take this project and maintain it we need to write the steps to get the app working.

Please take this in mind:

• Add the title "Development Setup"
• Add a subtitle with the "Required Software", which should include Node, Database Manager, and any other (if any).
• Add a step to setup the .env file, and reference the env variables table.
• Add further steps to get the app working (Like Yarn install, executing any seed command, and running it)

User's role is a property set on users mode, so It may be possible for the user change this role and make himself an admin. We want to prevent that.

Make it so a non-admin user cannot update his role attribute.

Use loopback's role resolver to create an admin permission

Create and endpoint to refresh the auth token of the user

Add an endpoint to allow user client to get a new JWT access token.

Due the short lifespan of a JWT we want to be able to provide the user a new token when the previous JWT had expired so he can still access the application without login in again.

• Endpoint should only take the refresh token from cookies
• If token is valid (has not expired) send a new JWT access token and a new refresh token
• After a refresh token has been used, it must be removed from database
• if token is not valid return an 401 and delete the record (if exists) from database.

We need to keep track of what environment variables we use, that's why we need an .env.example file, and also for having seed data, we need to display mock data as well.

conference-client expects any booking to have a user key with the correspondant information of who scheduled the conference room.

add minimum attendance for certain rooms

We need to create an endpoint that only returns a list of bookings created by the user. The backend should get the user id from the JWT.