Trebble - API - Security - Hackathon - 2023

Movie_Smart

Brief Section

Movie Smart is a movie streaming API with admin access to upload movies and change relevant data built with the express framework of nodejs, it was built for the treblle API security hackathon that commenced from the 3rd of July through the 7th of July.

Pre-requisite

To clone this repository, you can head over to GitHub Repository. the major requirements for this API is shown below

• NodeJS (npm)
• mongoDB
• .env (Environment Variables)

Variable	Data Type	Allowed Values
PORT	Number	Default: 3000
BASE_URL	String	the url for hosting the API
NODE_ENV	String	production |  development
DB_URL	String	mongo url
thumbnails_path	String	file directory path
movies_path	String	file directory path
JWT_SECRET	String	any
JWT_ACCESS_EXPIRATION_MINUTES	Number	any
JWT_REFRESH_EXPIRATION_DAYS	Number	any
JWT_RESET_PASSWORD_EXPIRATION_MINUTES	Number	any
JWT_VERIFY_EMAIL_EXPIRATION_MINUTES	Number	any
SMTP_HOST	String	eg: smtp.gmail.com
SMTP_PORT	Number	465
SMTP_USERNAME	String	any
SMTP_PASSWORD	String	any
EMAIL_FROM	String	any
TREBLLE_API_KEY	String	any
TREBLLE_PROJECT_ID	String	any

These variables are required and the API cannot start without them! 😂

Starting the API

first run npm install to install the necessary dependencies

after the dependencies are installed, type npm start and visit the version 1.0 from http://localhost:{port}/v1.0/. default port is 3000

Current Available Endpoints

All endpoints accept JSON objects and returns JSON objects All admin endpoints can only be accesed by admin level users, so in order to test that create an extra user and set the useRole to admin All resources are initialized with is ACtive set to false so you have to update resources that you feel are ready for the viewers

endpoint	method	request payload
Auth	Auth	Auth
/v1.0/auth/register	POST	Request Body {   "email", :required   "password", :required   "firstName", :required   "lastName", :required   "gender", :required }
/v1.0/auth/login	POST	Request Body {   "email", :required   "password", :required }
/v1.0/auth/logout	POST	Request Body {   "refreshToken", :required }
/v1.0/auth/refresh-tokens	POST	Request Body {   "refreshToken", :required }
/v1.0/auth/forgot-password	POST	Request Body {   "email", :required }
/v1.0/auth/reset-password	POST	Request Body {   "password", :required } Request Query {   "token", :required }
/v1.0/auth/send-verification-email	POST	Request Query {   "token", :required }
/v1.0/auth/verify-email	POST	Request Query {   "token", :required }
Movies	Movies	Movies
/v1.0/movies/	GET	Request Query {   "page", :required   "limit", :required }
/v1.0/movies/genres	GET	Request Query {   "page", :required   "limit", :required }
/v1.0/movies/countries	GET	Request Query {   "page", :required   "limit", :required }
/v1.0/movies/:id	GET	Request Query {   "page", :required   "limit", :required }
/v1.0/movies/genres/:id	GET	Request Query {   "page", :required   "limit", :required }
/v1.0/movies/countries/:id	GET	Request Query {   "page :required   "limit", :required }
Admins	Admins	Admins
/v1.0/admins/movies	GET	Request Query {   "page :required   "limit", :required }
/v1.0/admins/movies	POST	Request Body {   "movieTitle :required   "movieDescription", :required   "movieThumbNail :required   "releaseYear :required   "movieCast :required   "movieCountry :required   "movieDirector :required   "movieDuration :required   "isActive :required   "special :required   "genreId :required   "movieLocation :required }
/v1.0/admins/genres	GET	Request Query {   "page :required   "limit", :required }
/v1.0/admins/genres	POST	Request Body {   "genreName :required }
/v1.0/admins/countries	GET	Request Query {   "page :required   "limit", :required }
/v1.0/admins/countries	POST	Request Body {   "countryName :required }
/v1.0/admins/users	GET	Request Query {   "page :required   "limit", :required }
/v1.0/admins/users	POST	Request Body {   "email", :required   "password", :required   "firstName", :required   "lastName", :required   "gender", :required }
/v1.0/admins/movies/:id	GET	Request Query {} Request Query {}
/v1.0/admins/movies/:id	PATCH	Request Body {   "movieTitle :optional   "movieDescription", :optional   "movieThumbnail :optional   "releaseYear :optional   "movieCast :optional   "countryId :optional   "movieDirector :optional   "movieDuration :optional   "isActive :optional   "special :optional   "genreId :optional }
/v1.0/admins/movies/:id	DELETE	Request Query {} Request Query {}
/v1.0/admins/genres/:id	GET	Request Query {} Request Query {}
/v1.0/admins/genres/:id	DELETE	Request Query {} Request Query {}
/v1.0/admins/countries/:id	GET	Request Query {} Request Query {}
/v1.0/admins/countries/:id	DELETE	Request Query {} Request Query {}
/v1.0/admins/users/:id	GET	Request Query {} Request Query {}
/v1.0/admins/users/:id	PATCH	Request Body {   "email", :required   "firstName", :required   "lastName", :required   "gender", :required }
/v1.0/admins/users/:id	DELETE	Request Query {} Request Query {}

Security Hackathon Checklist

• SQL Injection
• Authentication
• Authorization
• UUID
• Rate Limiting
• Content Labeling
• MIME sniffing
• Force Secure Connection
• Embedding Prevention
• Security Policies
• Content-Type specification
• Method limiting
• Request Validation

Team

                         Oladimeji Amusa

             Abraham Solabi

Enquiries

Send A Mail¹

Footnotes

1. Happy coding 👋 ↩