A REST API, and in the future a web-based front end, to handle the casting for regularly scheduled performances.
This is being created for Theatre on the Edge (http://tote.ca), but others may find it useful.
Table of Contents
The server uses a number of environment variables to configure how it connects to the database, and perform various functions.
Required
TOTE_DB_HOSTTOTE_DB_DATABASETOTE_DB_USERTOTE_DB_PASSWORDTOTE_JWT_SECRET: Secret key for signing JSON Web Tokens
Optional
TOTE_SESSION_LENGTH_MINUTES: How long a token will be valid for without being used. Defaults to 20 minutes.
These are subject to change, and are here for testing reference only.
Organization/sorting will come later.
Authenticated routes require a JSON Web Token to authenticate against.
To send the token, add an Authorization to the request. The value must begin
with JWT followed by a space, followed by a token retrieved from the server
from the /api/auth/login route.
Routes that require authentication are noted as Authenticated.
Objects are created by POSTing to the appropriate endpoint. The body of the request must be a JSON object containing the data for the object to create. This MUST NOT include an ID.
Objects are modified by sending a PATCH to the appropriate endpoint. The body of the request must be a JSON object containing the fields to be modified. No other attributes for the object will be affected.
Both creation and modification will return a the object in its new state.
Some routes, notably those marked as Authenticated, require the accessing user to have one or more Permissions to successfully perform the desired action.
Note: These checks are currently implemented and enforced, but management of them has not.
Log in with your username & password, and get a JSON Web Token to authenticate further requests to Authenticated routes.
Request Body
{
"username": <string[username]>,
"password": <string>
}Response
{
"token": <string[JWT]>
}{
"id": <id[player]>,
"name": <string>,
"email": <string[email]>,
"bio": <string>
}Fetch a list of all active Players.
Requires Manage Players permission
Create a new Player.
Fetch the information for an individual Player.
Requires Manage Players permission
Update the information for an individual Player.
Requires Manage Players permission
Delete a player.
TBD
Fetch a list of upcoming Shows.
Requires Manage Shows permission
Create a new Show.
Fetch the information for an individual Show.
Requires Manage Shows permission
Update the information for an individual Show.
Requires Manage Shows permission
Delete a Show.
{
"username": <string[username]>,
"playerId": <id[player]>,
"password": <string>
}Note: Objects returned WILL NOT contain a password field. This is used for
creation and modification only.
Requires Manage Users permission
Get an array containing all active Users.
Requires Manage Users permission
Create a new User.
Requires Manage Users permission
Fetch the information for an individual User.
Requires Manage Users permission NOTE: Users do not require any permissions to update their password using this route.
Update a user.
Requires Manage Users permission
Delete a user.