Small example app to manage a training center :
- Members have a role (student or coach)
- Each role has specific permissions
- Students can register into a Training (ex: "Python")
- Trainings contain Modules (ex: "Introduction to Python")
- Modules contain Lessons (ex: "Loops & flow structures")
- API requires an auth token, which you can get through the
/loginendpoint
- PostgreSQL : Database
- NestJS : Main framework
- Prisma : ORM
- @nestjs/jwt : Authentication
- argon2 : Password hashing
- pg : PostgreSQL integration
- Create the database in PostgreSQL
- Copy
.env.exampleas.envand change DB host/user/password - Run
npm install
# development mode
$ npm run start:dev
# production mode
$ npm run start:prod/curl_examples: cURL scripts to test any endpoint of the API/documentation: auto-generated documentation/docs:/cdm: Conceptual Data Modelinstall.md,postgresql.mdandrun.md: command-line reference for installing the app, creating the PostgreSQL user account, and running the apprbac.png: list of permissions for each role
POST /login (login with username & password, and get back an auth token)
name type data type description name required string username password required string password
http code content-type response 200application/jsonTODOapplication/json
curl -X GET -H "Content-Type: application/json" http://localhost:3000/login
GET /user/{id} (get a specific User)
name type data type description id required int User id
http code content-type response 200application/jsonUser 404application/json{"code":"404","message":"Not Found"}
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/user/1
GET /user/list (get all Users. limit=1000)
None
http code content-type response 200application/jsonUser[]
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/user/list
POST /user/signup (create/signup a new User)
name type data type description roleId required int N/A name required string username password required string password (will be hashed)
http code content-type response 201application/jsonUser 404application/json{"code":"404","message":"Not Found"}
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/user/signup
DELETE /user/{id} (delete a User)
name type data type description id required int User id
http code content-type response 200application/jsonUser 404application/json{"code":"404","message":"Not Found"}
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/user/1/delete
PUT /user/{id}/setrole (update a User's role)
name type data type description id required int User id roleId required int roleId of the new role
http code content-type response 200application/jsonUser 404application/json{"code":"404","message":"Not Found"}
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/user/1/setrole
GET /training/{id} (get a specific Training)
name type data type description id required int Training id
http code content-type response 200application/jsonTraining 404application/json{"code":"404","message":"Not Found"}
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/training/1
GET /training/list (get all Trainings. limit=1000)
None
http code content-type response 200application/jsonTraining[] 404application/json{"code":"404","message":"Not Found"}
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/training/list
POST /training/create (create a new Training)
name type data type description name required string Name of the Training modules required int[] Array of Module ids to include in this Training coachId required int User ID of the coach assigned to this module
http code content-type response 201application/jsonTraining TODOapplication/json
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/training/create
DELETE /training/{id} (delete a Training)
name type data type description id required int Training id
http code content-type response 200application/jsonTraining 404application/json{"code":"404","message":"Not Found"}
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/training/1/delete
PUT /training/{id}/update (update a Training. Can add or delete associated Modules)
name type data type description name optional string Training id addModules optional int[] list of Modules to add to this Training deleteModules optional int[] list of Modules to delete from this Training
http code content-type response 200application/jsonTraining 404application/json{"code":"404","message":"Not Found"}
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/training/1/update
GET /module/{id} (get a specific Module)
name type data type description id required int Module id
http code content-type response 200application/jsonModule 404application/json{"code":"404","message":"Not Found"}
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/module/1
GET /module/list (get all Modules. limit=1000)
None
http code content-type response 200application/jsonModule[] 404application/json{"code":"404","message":"Not Found"}
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/module/list
POST /module/create (create a new Module)
name type data type description name required string Name of the Module lessons optional int[] Array of Lessons to include in this Module
http code content-type response 201application/jsonModule TODOapplication/json
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/module/create
DELETE /module/{id} (delete a Module)
name type data type description id required int Module id
http code content-type response 200application/jsonModule 404application/json{"code":"404","message":"Not Found"}
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/module/1/delete
PUT /module/{id}/update (update a Module. Can add or delete associated Lessons)
name type data type description name optional string Module id addLessons optional int[] list of Lessons to add to this Module deleteLessons optional int[] list of Lessons to delete from this Module
http code content-type response 200application/jsonModule 404application/json{"code":"404","message":"Not Found"}
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/module/1/update
GET /lesson/{id} (get a specific Lesson)
name type data type description id required int Lesson id
http code content-type response 200application/jsonLesson 404application/json{"code":"404","message":"Not Found"}
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/lesson/1
GET /lesson/list (get all Lessons. limit=1000)
None
http code content-type response 200application/jsonLesson[] 404application/json{"code":"404","message":"Not Found"}
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/lesson/list
POST /lesson/create (create a new Lesson)
name type data type description name optional string Name of the Lesson content required string Content of the lesson
http code content-type response 201application/jsonLesson TODOapplication/json
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/lesson/create
DELETE /lesson/{id} (delete a Lesson)
name type data type description id required int Lesson id
http code content-type response 200application/jsonLesson 404application/json{"code":"404","message":"Not Found"}
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/lesson/1/delete
PUT /lesson/{id}/update (update a Lesson)
name type data type description name optional string Lesson id content optional string Lesson text content
http code content-type response 200application/jsonLesson 404application/json{"code":"404","message":"Not Found"}
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/lesson/1/update
GET /role/{id} (get a specific Role)
name type data type description id required int Role id
http code content-type response 200application/jsonRole 404application/json{"code":"404","message":"Not Found"}
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/role/1
GET /role/list (get all Roles. limit=1000)
None
http code content-type response 200application/jsonRole[] 404application/json{"code":"404","message":"Not Found"}
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/role/list
POST /role/create (create a new Role)
name type data type description name optional string Name of the Role permissions required int[] Array of Roles to include in this Role
http code content-type response 201application/jsonRole TODOapplication/json
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/role/create
DELETE /role/{id} (delete a Role)
name type data type description id required int Role id
http code content-type response 200application/jsonRole 404application/json{"code":"404","message":"Not Found"}
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/role/1/delete
PUT /role/{id}/update (update a Role. Can add or delete associated Permissions)
name type data type description name optional string Name of role addPermissions optional string List of Permissions to add to this Role deletePermissions optional string List of Permissions to remove from this Role
http code content-type response 200application/jsonRole 404application/json{"code":"404","message":"Not Found"}
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/role/1/update
GET /permission/{id} (get a specific Permission)
name type data type description id required int Permission id
http code content-type response 200application/jsonPermission 404application/json{"code":"404","message":"Not Found"}
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/permission/1
GET /permission/list (get all Permissions. limit=1000)
None
http code content-type response 200application/jsonPermission[] 404application/json{"code":"404","message":"Not Found"}
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/permission/list
POST /permission/create (create a new Permission)
name type data type description name required string Name description required string Description
http code content-type response 201application/jsonPermission TODOapplication/json
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/permission/create
DELETE /permission/{id} (delete a Permission)
name type data type description id required int Permission id
http code content-type response 200application/jsonPermission 404application/json{"code":"404","message":"Not Found"}
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer [token]" http://localhost:3000/permission/1/delete
PUT /permission/{id}/update (update a Permission)
name type data type description name optional string Permission name description optional string Permission description
http code content-type response 200application/jsonPermission 404application/json{"code":"404","message":"Not Found"}
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer [token]" -d data.json http://localhost:3000/permission/1/update