backend-login

Beep backend handling login. Call /init and then /verify in sequence. /login is legacy to provide an easy source of tokens for testing, and will be removed someday™.

Environment variables

Supply environment variables by either exporting them or editing .env.

ENV	Description	Default
LISTEN	Host and port number to listen on	:8080
SECRET	JWT secret	secret

API

Init Auth

POST /init

Kick off SMS verification process.

Body

Name	Type	Description
phone_number	String	Verifying phone number in format <country code><8 digits>.

Success (200 OK)

A nonce, to be used for /verify to add additional entropy.

Errors

Code	Description
400	Error parsing body/phone_number is not a valid phone number
500	Error generating nonce/Making request to Twilio SMS

---

Verify Code

POST /verify

Second half of the verification process, verifying the code and returning a JWT. If the user does not exist in the database, a blank one is created.

Body

Name	Type	Description
code	String	Verification code received by SMS.
nonce	String	Nonce returned by /init.
clientid	String	ID unique to device, e.g. MAC Address

Success (200 OK)

JWT token.

{
  "userid": "<userid>",
  "clientid": "<clientid>"
}

Errors

Code	Description
400	Error parsing body
404	Code with nonce supplied was not found
500	Error retrieving record from Redis/querying postgres/creating user ID/generating token

---

Create Token (temporary)

POST /login

Just a simple little endpoint to get a valid token without having to jump through the (expensive) hoops of SMS Authentication.

Body

Name	Type	Description	Required
userid	String	User's ID.	✓
clientid	String	Device's ID. Must be unique to the device. I suggest something based on MAC address.	✓

Success (200 OK)

JWT token.

Errors

Code	Description
400	Required fields in body were not supplied
500	Error creating the JWT