hoodie-standalone-account

Account REST and front-end API

The hoodie-standalone-account server is a hapi plugin, that exposes a REST-ful API. It also exposes dynamically bundled & pre-initialised scripts for the account client

RESTful API

See current work in progress here http://docs.accountrestapi.apiary.io/ Comment / send PRs for apiary.apib.

Have a glance (might be outdated, check links above)

# sign in, check session, sign out
PUT /session
GET /session
DELETE /session

# sign up, get / update / destroy account
PUT /session/account
GET /session/account
PATCH /session/account
DELETE /session/account

# get / update profile
GET /session/account/profile
PATCH /session/account/profile

# requests (e.g. password resets / username reminder, user account confirmation)
POST /requests
GET /requests # admins only
GET /requests/{id}
DELETE /requests/{id}

# admins only: manage accounts
POST /accounts
GET /accounts
GET /accounts/{username}
PATCH /accounts/{username}
DELETE /accounts/{username}

Client API

The Client API can be loaded from /account.js. A pre-initiliased account API is set on window.account

Server API

var Hapi = require('hapi')
var hapiAccount = require('hoodie-standalone-account')
 
var options = {
  backend: {
    // Unless name=pouchdb, pass spawn-pouchdb-server options:
    // https://github.com/gr2m/spawn-pouchdb-server#options
    name: 'couchdb',
    location: 'http://admin:secret@localhost:5984'
  },
  confirmation: 'auto',
  notifications: {
    service: 'gmail',
    auth: {
      user: 'gmail.user@gmail.com',
      pass: 'userpass'
    },
    templates: {
      passwordreset: 'Dear {account.username},\n\nyou can reset your password at:\n{server.info.uri}/#resetPassword/{request.token}',
      confirmation: 'Dear {account.profile.name},\n\nyour confirmation code is {token}'
    }
  },
  schema: {
    username: {
      minlength: 3
    },
    password: {
      minlength: 6
    },
    profile: {
      required: ['name'],
      properties: {
        name: {
          type: 'string',
          minlength: 3
        }
      }
    }
  },
  requests: {
    upgrade: function (request, reply) {
      var server = request.connection.server
      var user = request.auth.credentials
 
      var promise = server.app.users.update({
        id: user.id,
        plan: request.params.plan
      })
 
      reply(promise)
    }
  }
})
 
server.register({register: hapiAccount}, options, function (error) {
  // server is ready
});
 
server.connection({
  port: 8000
});
 
server.start(function () {
  console.log('Server running at %s', server.info.uri);
});

hoodie-standalone-account also adds a server.app.account.admin API, which is the same as the account admin client API.

options.adapter

Back-end adapter, currently only one supported is CouchDB. options.adapter.couchdb must either be a string of the CouchDB url, or a an object with couchdb.url, couchdb.auth.user and couchdb.auth.pass.

options.confirmation

Account confirmation strategy.

• "auto": accounts get confirmed automatically
• "email": user receives email with confirmation token / url
• "invite-only": user receives email with invitation token, that needs to be passed on sign up
• false: Admins confirm manually, or custom logic / 3rd-party plugins

options.notifications

Settings to send notifications to users like password resets and account confirmations. notifications.service and notifications.auth should be compatible with nodemailer

options.notifications.templates are templates for notifications being sent out by the server.

options.schema

A JSON schema to validate account properties against.

options.requests

Handlers for custom requests