Skip to content

API

Jump to bottom
rxt30 edited this page Feb 3, 2022 · 27 revisions

In the following article, the API is documented. The attribute role definies, which User-Role can access the individual interface.

JWT for Authentication

To authenticate a user, they must send a JWT with each request.
To send the JWT, the header Authorization must be set with the following format: Bearer <token>.
The JWT is signed with a random 64-Byte Token, which will be regenerated at every restart of the server.
It expires after 12 Hours.

Payload of the JWT 

{
  "id":user_id,
  "username":"username",
  "fullname":"fullname",
  "role":"student"|"teacher"|"administrator",
  "exp":time_to_expire
}

Middleware

The middleware verifies and decodes the delievered JWT, if the request is not to /user/login.
If the JWT could not be verified, a response with the HTTP-Status 401 and the message Invalid JWT is send.

/user

POST /user/register

Register a new user

Roles

administrator

Request-Data

{
  "username":"username",
  "password":"password",
  "role":"student"|"teacher"|"administrator",
  "fullname":"fullname",
  "address":"address",
  "matriculationNumber":"matriculationNumber",
  "mail":"[email protected]"
}

It may be noticed, that the role will default to student, if none of the role listed above is used.

Response-Data

On success returns the HTTP-Status 200.
On failure returns the HTTP-Status 403.

POST /user/login

Try to login a user

Roles

Unauthenticated users

Request-Data

{
  "username":"username",
  "password":"password
}

Response-Data

On success returns the HTTP-Status 200 and a JWT for authentication.
On failure returns the HTTP-Status 403 and the message Wrong username or password.

POST /user/delete

Deletes a user from the repository

Roles

administrator

Request-Data

{
  "username":"username"
}

Response-Data

On success returns the HTTP-Status 200 and the message The user has been deleted.
On failure returns the HTTP-Status 500 and the message The user could not be deleted.

POST /user/changePassword

Change the password of the given user

Roles

student & teacher may only change their own password. administrator may change their own password as the password of other users.

Request-Data

{
  "username":"username",
  "password":"password
}

Response-Data

On success returns the HTTP-Status 200 and the message The password has been changed.
On failure returns the HTTP-Status 500 and the message Password could not be changed.

GET /user/getAll

Get all users

Roles

administrator

Request-Data

No request data

Response-Data

An array of the following JSON-Objects

{
    "id": 5,
    "fullname": "fullname",
    "address": "address",
    "matriculationNumber": "matriculationNumber",
    "mail": "[email protected]",
    "userId": {
        "id": 14,
        "username": "username",
        "isTeacher": false|true,
        "isAdministrator": false|true
    }
}

/grades

GET /grades/:studentId

Returns the grades of the student specified in :studentId

Roles

student may only see his own grades
administrator may see the grades of all students

Reqeust-Data

No request data

Response-Data

An array with the following JSON-Objects

{
    "grade": 3,
    "weight": 100,
    "moduleId": {
        "id": 1,
        "name": "Test",
        "description": "Test"
    }
}

POST /grades/insert

Insert or update a new grade

Roles

teacher may insert or update new grades for his module
administrator may insert or update new grades for every module

Request-Data

{
    "id":1, // Only needed if updating a existing grade
    "moduleId":1, 
    "studentId":1,
    "grade":1,
    "weight":100
}

Response-Data

On success returns the HTTP-Status 200 and the message The grade has been saved.
On failure returns the HTTP-Status 500 and the message The grade has not been saved.

POST /grades/delete

Delete the grade

Roles

teacher for their own modules administrator for every module

Request-Data

{
    "id":1, // Only needed if updating a existing grade
    "moduleId":1, 
    "studentId":1,
    "grade":1,
    "weight":100
}

Response

On success returns the HTTP-Status 200 and the message The grade has been deleted.
On failure returns the HTTP-Status 500 and the message The grade could not be deleted.

/timetable

POST /timetable/insert

Insert or update a new entry into the timetable

Roles

teacher can insert entries for their module administrator can insert entries for every module

Reqeust

{
    "id":1, // Only needed if updating a existing entry
    "startTime":Date, 
    "endTime":Date,
    "assignedModule":1,
    "description":"description", // can be null
    "room":"A38"
}

Response

On success returns the HTTP-Status 200 and the message The entry has been saved.
On failure returns the HTTP-Status 500 and the message The entry could not be saved.

GET /timetable/getPerson

Retrieve entries for a person

Roles

teacher may get the entries for their modules
student may get the entries for their assigned course

Request

No request data

Response

A array with the following JSON-Objects

{
    "id": 2,
    "startTime": "2022-02-02T11:30:19.490Z",
    "endTime": "2022-02-02T12:30:19.490Z",
    "description": null,
    "room": "A13",
    "assignedModule": {
        "id": 1,
        "name": "tset",
        "description": "Test",
        "assignedCourse": {
            "id": 1,
            "name": "test"
        }
    }
}

GET /timetable/getModule/:moduleId

Retrieve entries for a module, specified by :moduleId

Roles

tbd

Request

No request data

Response

A array with the following JSON-Objects

{
    "id": 2,
    "startTime": "2022-02-02T11:30:19.490Z",
    "endTime": "2022-02-02T12:30:19.490Z",
    "description": null,
    "room": "A13",
    "assignedModule": {
        "id": 1,
        "name": "tset",
        "description": "Test"
    }
}

GET /timetable/getCourse/:courseId

Retrieve entries for a module, specified by :courseId

Roles

tbd

Request

No request data

Response

A array with the following JSON-Objects

{
    "id": 2,
    "startTime": "2022-02-02T11:30:19.490Z",
    "endTime": "2022-02-02T12:30:19.490Z",
    "description": null,
    "room": "A13",
    "assignedModule": {
        "id": 1,
        "name": "tset",
        "description": "Test",
        "assignedCourse": {
            "id": 1,
            "name": "test"
        }
    }
}

POST /timetable/delete

Delete a entry

Roles

teacher may delete the entries of their own module
administrator may delete all entries

Reqeust

{
    "id":1,
    "startTime":Date, 
    "endTime":Date,
    "assignedModule":1,
    "description":"description", // can be null
    "room":"A38"
}

Response

On success returns the HTTP-Status 200 and the message The entry has been deleted.
On failure returns the HTTP-Status 500 and the message The entry could not be deleted.

/course

POST /course/changeCourse

Change the name of a course

Roles

administrator

Request

{
    "name":"coursename",
    "newName":"newCoursename"
}

Response

On success returns the HTTP-Status 200 and the message The course has been updated.
On failure returns the HTTP-Status 500 and the message Course could not be updated.

POST /course/register

Register a new course

Roles

administrator

Request

{
    "name":"coursename",
    "students":"list of student_id"
}

Response

On success returns the HTTP-Status 200.
On failure returns the HTTP-Status 403.

POST /course/deleteCourse

Delete a course

Roles

administrator

Request

{
    "name":"coursename"
}

Response

On success returns the HTTP-Status 200 and the message The course has been deleted.
On failure returns the HTTP-Status 500 and the message Course could not deleted updated.

POST /course/addStudent

Add students to a course

Roles

administrator

Request

{
    "name":"coursename",
    "students":"list of student_id"
}

Response

On success returns the HTTP-Status 200 and the message The students have been added.
On failure returns the HTTP-Status 500 and the message Students could not be added.

POST /course/removeStudent

Remove students from a course

Roles

administrator

Request

{
    "name":"coursename",
    "students":"list of student_id"
}

Response

On success returns the HTTP-Status 200 and the message The students have been removed.
On failure returns the HTTP-Status 500 and the message Students could not be removed.

Clone this wiki locally