backend-login
Beep backend handling login. Call /init and then /verify in sequence. /login is legacy to provide an easy source of tokens for testing, and will be removed someday™.
Environment variables
Supply environment variables by either exporting them or editing .env.
| ENV |
Description |
Default |
| LISTEN |
Host and port number to listen on |
:8080 |
| SECRET |
JWT secret |
secret |
API
| Contents |
| Init Auth |
| Verify Code |
| Create Token (temporary) |
| Register User |
Init Auth
POST /init
Kick off SMS verification process.
Body
| Name |
Type |
Description |
| phone_number |
String |
Verifying phone number in format <country code><8 digits>. |
Success (200 OK)
A nonce, to be used for /verify to add additional entropy.
Errors
| Code |
Description |
| 400 |
Error parsing body/phone_number is not a valid phone number |
| 500 |
Error generating nonce/Making request to Twilio SMS |
Verify Code
POST /verify
Second half of the verification process, verifying the code and returning a JWT. If the user does not exist in the database, a blank one is created.
Body
| Name |
Type |
Description |
| code |
String |
Verification code received by SMS. |
| nonce |
String |
Nonce returned by /init. |
| clientid |
String |
ID unique to device, e.g. MAC Address |
Success (200 OK)
JWT token.
{
"userid": "<userid>",
"clientid": "<clientid>"
}
Errors
| Code |
Description |
| 400 |
Error parsing body |
| 404 |
Code with nonce supplied was not found |
| 500 |
Error retrieving record from Redis/querying postgres/creating user ID/generating token |
Create Token (temporary)
POST /login
Just a simple little endpoint to get a valid token without having to jump through the (expensive) hoops of SMS Authentication.
Body
| Name |
Type |
Description |
Required |
| userid |
String |
User's ID. |
✓ |
| clientid |
String |
Device's ID. Must be unique to the device. I suggest something based on MAC address. |
✓ |
Success (200 OK)
JWT token.
Errors
| Code |
Description |
| 400 |
Required fields in body were not supplied |
| 500 |
Error creating the JWT |
Register User
POST /register/:code/:nonce
Register a new user. Proxies core's CreateUser endpoint, adding in a dummy token. Admittedly not the most secure implementation ever, but sue me it's 3AM now. Requires a code and nonce supplied from querying the /init endpoint.
Params
| Name |
Type |
Description |
Required |
| code |
String |
OTP code SMS-ed to the user. Initiated with the /init endpoint. |
✓ |
| nonce |
String |
Nonce returned by the /init endpoint response. |
✓ |
Body
| Name |
Type |
Description |
Required |
| first_name |
String |
First name of the added user. |
✓ |
| last_name |
String |
Last name of the added user. |
✓ |
| phone_number |
String |
Phone number of the added user. Shouldn't be needed but makes life easier. |
X |
Success Response (200 OK)
Created user object.
{
"id": "<id>",
"first_name": "<first_name>",
"last_name": "<last_name>",
"phone_number": "<phone_number>"
}
Errors
| Code |
Description |
| 400 |
Error parsing submitted body, or fields first_name or last_name have a length of 0 |
| 401 |
Supplied OTP is invalid |
| 500 |
Error occurred inserting entry into database/proxying |