Skip to content

Latest commit

 

History

History
667 lines (550 loc) · 36.6 KB

README.md

File metadata and controls

667 lines (550 loc) · 36.6 KB

Map Stories Server

A repository to maintain the backend of Map Stories application

Table of Contents

Features

  • Spring boot application which is packed as an executable jar with embedded Tomcat server
  • The server accepts HTTPS requests only
  • Services (requests) are proected using JWT
  • Available for installation as a service, and can run on both Linux and Windows systems

Requirements

Run

  • JRE 11+
  • MySQL server 5+
  • Open port 8443 for incoming requests
  • Environment Variables - Sensitive data is passed to the server through environment variables, so we will not have to deal with encryption of data in the source control. So you have to add the environment variables below and make sure they are available for the JVM. (Restart the machine if needed)
    • MAP_STORIES_DB_HOST - Hostname or IP address of MySQL server. (I used 127.0.0.1 for localhost). Do NOT specify schema name. Schema name is hard coded: mapstories
    • MAP_STORIES_DB_PORT - The port that MySQL server listens to. (3306)
    • MAP_STORIES_DB_USERNAME - User name to connect to the DB
    • MAP_STORIES_DB_PASSWORD - Password to use
    • MAP_STORIES_KEYSTORE_PASSWORD - Password to the keystore. We need a signed key store in order to be trusted. (Server runs in secured mode (HTTPS))
    • MAP_STORIES_KEYSTORE_ALIAS - Alias name used for the keystore

Develop

  • JDK 11+
  • Gradle 6+
  • Intellij/Eclipse
  • Import the project as a Gradle project by selecting build.gradle file
    • It is required in order to resolve all of our dependencies and plugins
    • Note: Run the bootJar Gradle task in order to package the project into executable jar file
  • Lombok
    • We use Project Lombok for generating constructors/getters/setters/toString, etc. automatically.
  • Make sure the project is being compiled and built using Gradle. Otherwise you won't be able to compile it.

Installation

Follow these instructions in order to install Map Stories Server as a Windows Service.

This way Map Stories Server will be launched immediately when Windows starts up, and there is no need to login in order to launch it.

  • Refer here to download winsw.exe
  • Make sure you have defined JAVA_HOME environment variable and put %JAVA_HOME%\bin at the PATH environment variable. We depend on a JVM (version 11+) in order to run.
  • Create a configuration file at the installation directory, and name it as the service identifier: MapStoriesServer.xml
    • Content of the XML:
<service>
    <id>MapStoriesServer</id>
    <name>Map Stories Server</name>
    <description>This runs Map Stories Server as a Service.</description>
    <env name="MYAPP_HOME" value="%BASE%"/>
    <executable>java</executable>
    <arguments>-XX:+HeapDumpOnOutOfMemoryError -Xms64m -Xmx4G -showversion -jar "%BASE%\map-stories-server-1.0.0.jar"</arguments>
    <logmode>rotate</logmode>
</service>
  • Rename winsw.exe file to MapStoriesServer.exe and move it to the installation directory, next to the xml file.
  • Copy the map-stories-server-1.0.0.jar file to the same folder, next to MapStoriesServer.exe
    • Build this executable jar using the bootJar Gradle task
    • bootJar
  • Open cmd at the folder you have saved MapStoriesServer.exe
  • Write: MapStoriesServer.exe install
  • Press enter
  • Good job, you have map-stories-server installed as a service.

Installation appendix

  • Refer to Run for instructions about how to run and what other requirements there are.
  • Explanation about the runtime arguments we use: (In MapStoriesServer.xml)
    • -XX:+HeapDumpOnOutOfMemoryError - To have a heapdump when there is OutOfMemory, so we can analyze it and find memory leaks, if we have such...
    • -Xms64m Minimum memory: 64 Mega.
    • -Xmx4G Maximum memory: 4 Giga.
  • Note that we log information to C:\BraveTogether\log by default. Log folder is modifiable, to support running the server on a Linux machine as well. For this, you need to specify a jvm system property: org.bravetogether.mapstories.logdir that refers to the log folder. For example: (This will use a log directory under base installation directory.)
<arguments>-XX:+HeapDumpOnOutOfMemoryError "-Dorg.bravetogether.mapstories.logdir=%BASE%\log" -Xms64m -Xmx4G -showversion -jar "%BASE%\map-stories-server-1.0.0.jar"</arguments>

Security

  • Certificate
    • I use a self signed certificate for the Hackathon. It is required to specify a signed certificate when building a server executable for production.
    • Put the certificate at resources\keystore\bravetogether.p12
    • Build using bootJar.
  • JWT
    • Homepage, /user/signin, and /user/signup are public paths. All other paths will be validated in order to recognize the user performing operations.
    • Authentication is done using user identifier and password, which are being sent as the body of a POST /user/sinin request, with body: { "id": "[email protected]", "pwd": "myPass" }
    • Before being able to sign in, you must sign up ofcourse. PUT /user/signup request, with body: { "id": "[email protected]", "pwd": "myPass", "name": "Haim Adrian", "dateOfBirth": "0000-00-00" }. Note that the date format must be yyyy-MM-dd.
    • The response of POST /user/sinin will contain the JWT to use for later authorization of a client, without needing to sign in over and over. Though it is very basic and not persistable, so in case the server is restarted, client must sign in again in order to get a new JWT.
    • JWT contains user identifier and user name, in case you want to decode it and verify that you are communicating with the server, and not a man in the middle.
  • Passwords
    • Passwords are encrypted before we save them to the database, to avoid of saving passwords as clear text.
    • We use an asymmetric key to protect the passwords such that they won't be decryptable.

RESTful Web Services

User

Sign Up

Method: PUT

Path: https://HOST:PORT/user/signup

Body:

{
    "id": "[email protected]",
    "pwd": "myPass",
    "name": "Haim Adrian",
    "dateOfBirth": "1970-01-01"
}

Response:

{
    "id": "[email protected]",
    "name": "Haim Adrian",
    "dateOfBirth": "1970-01-01"
}

Sign In

Method: POST

Path: https://HOST:PORT/user/signin

Body:

{
    "id": "[email protected]",
    "pwd": "myPass"
}

Response: (You must use this token as Authorization header in subsequent requests)

{ "token" : "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA" }

Sign Out

Method: PUT

Path: https://HOST:PORT/user/signout

Header: Authorization = Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA

Body: Empty. We'll extract user identifier out of the Bearer token

User Info

Method: GET

Path: https://HOST:PORT/user/info/{userId} replace {userId} with the user identifier. e.g. [email protected]

Header: Authorization = Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA

Body: Empty.

Response:

{
    "id": "[email protected]",
    "name": "Haim Adrian",
    "dateOfBirth": "1970-01-01",
    "coins": 2
}

Coordinate

Upload Coordinate

Method: POST

Path: https://HOST:PORT/coordinate

Header: Authorization = Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA

Body:

{
	"coordinateId": null,
	"latitude": 32.01623990507656,
	"longitude": 34.773109201554945,
	"locationName": "Holon Institute of Technology",
	"image": ""
}

Response: (You can get the generated coordinate identifier out of the response)

{
    "coordinateId": 1,
    "latitude": 32.01623990507656,
    "longitude": 34.773109201554945,
    "locationName": "Holon Institute of Technology",
    "image": "The byte array data here. I'd like to avoid of copying it again"
}

Update Coordinate

Method: POST

Path: https://HOST:PORT/coordinate/{coordinateId} (Replace {coordinateId} with the coordinate identifier)

Header: Authorization = Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA

Body:

{
	"coordinateId": 1,
	"latitude": 32.01623990507656,
	"longitude": 34.773109201554945,
	"locationName": "Holon Institute of Technology",
	"image": "The byte array data here. I'd like to avoid of copying it again. Or null to delete"
}

Response: (You can get the generated coordinate identifier out of the response)

{
    "coordinateId": 1,
    "latitude": 32.01623990507656,
    "longitude": 34.773109201554945,
    "locationName": "Holon Institute of Technology",
    "image": "The byte array data here. I'd like to avoid of copying it again"
}

Get all Coordinates

Method: GET

Path: https://HOST:PORT/coordinate

Header: Authorization = Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA

Body: Empty

Response: Note that we avoid of returning images when requesting all coordinates, to reduce response size. Use Get coordinate by identifier if you want the image

[
    {
        "coordinateId": 1,
        "latitude": 32.01623990507656,
        "longitude": 34.773109201554945,
        "locationName": "Holon Institute of Technology"
    }, 
    {
        "coordinateId": 2,
        "latitude": 32.015343027689276,
        "longitude": 34.770769562549276,
        "locationName": "Israeli Cartoon Museum"
    },
  ...
]

Get Coordinate Info

Method: GET

Path: https://HOST:PORT/coordinate/{coordinateId} (Replace {coordinateId} with the coordinate identifier)

Header: Authorization = Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA

Body: Empty

Response: Here you have the whole information, including image data.

{
    "coordinateId": 1,
    "latitude": 32.01623990507656,
    "longitude": 34.773109201554945,
    "locationName": "Holon Institute of Technology",
    "image": "The byte array data here. I'd like to avoid of copying it again"
}

Get all Coordinates within some range around specified point

Method: GET

Path: https://HOST:PORT/coordinate/dist?lat={latValue}&lng={lngValue}&dist={distanceInKm} (Note that dist param is optional. We will use 1KM by default.)

Header: Authorization = Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA

Body: Empty

Response: Note that we avoid of returning images when requesting all coordinates, to reduce response size. Use Get coordinate by identifier if you want the image

[
    {
        "coordinateId": 1,
        "latitude": 32.01623990507656,
        "longitude": 34.773109201554945,
        "locationName": "Holon Institute of Technology"
    }, 
    {
        "coordinateId": 2,
        "latitude": 32.015343027689276,
        "longitude": 34.770769562549276,
        "locationName": "Israeli Cartoon Museum"
    },
  ...
]

Story

Upload Story

Method: POST

Path: https://HOST:PORT/story

Header: Authorization = Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA

Body: (Note that user and coordinate contain the identifiers only, and they must be existing at the server)

{
	"storyId": null,
	"user": {
		"id": "[email protected]"
	},
	"coordinate": {
		"coordinateId": 1202
	},
	"since": "2019-11-10",
	"heroName": "Chrissy Costanza",
	"title": "Phoenix",
	"content": "So are you gonna die today or make it out alive?\nYou gotta conquer the monster in your head and then you'll fly\nFly, phoenix, fly\nIt's time for a new empire\nGo bury your demons then tear down the ceiling\nPhoenix, fly",
	"linkToVideo": "https://www.youtube.com/watch?v=dpdWuM4SZdc&ab_channel=LeagueofLegends"
}

Response: (The response will contain the new story identifier, and all of the information, including user (with up-to-date amount of coins) and coordinate info)

{
    "storyId": 708,
    "user": {
        "id": "[email protected]",
        "name": "Haim Adrian",
        "dateOfBirth": "1970-01-01",
        "coins": 2
    },
    "coordinate": {
        "coordinateId": 1202,
        "latitude": 32.01623990507656,
        "longitude": 34.773109201554945,
        "locationName": "Holon Institute of Technology",
        "image": "image data as byte array here"
    },
    "since": "2019-11-10",
    "heroName": "Chrissy Costanza",
    "title": "Phoenix",
    "content": "So are you gonna die today or make it out alive?\nYou gotta conquer the monster in your head and then you'll fly\nFly, phoenix, fly\nIt's time for a new empire\nGo bury your demons then tear down the ceiling\nPhoenix, fly",
    "linkToVideo": "https://www.youtube.com/watch?v=dpdWuM4SZdc&ab_channel=LeagueofLegends"
}

Update Story

Method: POST

Path: https://HOST:PORT/story/{storyId} (Replace {storyId} with story identifier)

Header: Authorization = Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA

Body and Response are the same as for Upload Story, with only one difference. Body will contain a real story identifier and not null.

Get Story info

Method: GET

Path: https://HOST:PORT/story/{storyId} (Replace {storyId} with story identifier. e.g. 708)

Header: Authorization = Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA

Body: Empty

Response: Contains all of the information, including content and image.

{
    "storyId": 708,
    "user": {
        "id": "[email protected]",
        "name": "Haim Adrian",
        "dateOfBirth": "1970-01-01",
        "coins": 2
    },
    "coordinate": {
        "coordinateId": 1202,
        "latitude": 32.01623990507656,
        "longitude": 34.773109201554945,
        "locationName": "Holon Institute of Technology",
        "image": "image data as byte array here"
    },
    "since": "2019-11-10",
    "heroName": "Chrissy Costanza",
    "title": "Phoenix",
    "content": "So are you gonna die today or make it out alive?\nYou gotta conquer the monster in your head and then you'll fly\nFly, phoenix, fly\nIt's time for a new empire\nGo bury your demons then tear down the ceiling\nPhoenix, fly",
    "linkToVideo": "https://www.youtube.com/watch?v=dpdWuM4SZdc&ab_channel=LeagueofLegends"
}

Get Stories by Hero Name field

Method: GET

Path: https://HOST:PORT/story/hero/{heroName} (Replace {heroName} with the name of the hero. It does not have to be full name. e.g. costanza)

Header: Authorization = Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA

Body: Empty

Response: The result is a list of stories, without content/image! To reduce size. Use Get story by identifier to find the details.

[
    {
        "storyId": 708,
        "user": {
            "id": "[email protected]",
            "name": "Haim Adrian",
            "dateOfBirth": "1970-01-01",
            "coins": 2
        },
        "coordinate": {
            "coordinateId": 1202,
            "latitude": 32.01623990507656,
            "longitude": 34.773109201554945,
            "locationName": "Holon Institute of Technology",
            "image": "image data as byte array here"
        },
        "since": "2019-11-10",
        "heroName": "Chrissy Costanza",
        "title": "Phoenix",
        "content": "So are you gonna die today or make it out alive?\nYou gotta conquer the monster in your head and then you'll fly\nFly, phoenix, fly\nIt's time for a new empire\nGo bury your demons then tear down the ceiling\nPhoenix, fly",
        "linkToVideo": "https://www.youtube.com/watch?v=dpdWuM4SZdc&ab_channel=LeagueofLegends"
    },
  ...
]

Get Stories by Title field

Method: GET

Path: https://HOST:PORT/story/title/{title} (Replace {title} with the text to lookup for. It does not have to be full title. e.g. pho)

Header: Authorization = Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA

Body: Empty

Response: The result is a list of stories, without content/image! To reduce size. Use Get story by identifier to find the details.

[
    {
        "storyId": 708,
        "user": {
            "id": "[email protected]",
            "name": "Haim Adrian",
            "dateOfBirth": "1970-01-01",
            "coins": 2
        },
        "coordinate": {
            "coordinateId": 1202,
            "latitude": 32.01623990507656,
            "longitude": 34.773109201554945,
            "locationName": "Holon Institute of Technology",
            "image": "image data as byte array here"
        },
        "since": "2019-11-10",
        "heroName": "Chrissy Costanza",
        "title": "Phoenix",
        "content": "So are you gonna die today or make it out alive?\nYou gotta conquer the monster in your head and then you'll fly\nFly, phoenix, fly\nIt's time for a new empire\nGo bury your demons then tear down the ceiling\nPhoenix, fly",
        "linkToVideo": "https://www.youtube.com/watch?v=dpdWuM4SZdc&ab_channel=LeagueofLegends"
    },
  ...
]

Get Stories by UserId field

Method: GET

Path: https://HOST:PORT/story/user/{userId} (Replace {userId} with the user identifier to lookup for. It has to be the full user identifier. e.g. [email protected])

Header: Authorization = Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA

Body: Empty

Response: The result is a list of stories, without content/image! To reduce size. Use Get story by identifier to find the details.

[
    {
        "storyId": 708,
        "user": {
            "id": "[email protected]",
            "name": "Haim Adrian",
            "dateOfBirth": "1970-01-01",
            "coins": 2
        },
        "coordinate": {
            "coordinateId": 1202,
            "latitude": 32.01623990507656,
            "longitude": 34.773109201554945,
            "locationName": "Holon Institute of Technology",
            "image": "image data as byte array here"
        },
        "since": "2019-11-10",
        "heroName": "Chrissy Costanza",
        "title": "Phoenix",
        "content": "So are you gonna die today or make it out alive?\nYou gotta conquer the monster in your head and then you'll fly\nFly, phoenix, fly\nIt's time for a new empire\nGo bury your demons then tear down the ceiling\nPhoenix, fly",
        "linkToVideo": "https://www.youtube.com/watch?v=dpdWuM4SZdc&ab_channel=LeagueofLegends"
    },
  ...
]

Get Stories by location name field (from coordinate)

Method: GET

Path: https://HOST:PORT/story/location/{locationName} (Replace {locationName} with the name of the location to lookup for. It does not have to be the full location name. e.g. holon)

Header: Authorization = Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA

Body: Empty

Response: The result is a list of stories, without content/image! To reduce size. Use Get story by identifier to find the details.

[
    {
        "storyId": 708,
        "user": {
            "id": "[email protected]",
            "name": "Haim Adrian",
            "dateOfBirth": "1970-01-01",
            "coins": 2
        },
        "coordinate": {
            "coordinateId": 1202,
            "latitude": 32.01623990507656,
            "longitude": 34.773109201554945,
            "locationName": "Holon Institute of Technology",
            "image": "image data as byte array here"
        },
        "since": "2019-11-10",
        "heroName": "Chrissy Costanza",
        "title": "Phoenix",
        "content": "So are you gonna die today or make it out alive?\nYou gotta conquer the monster in your head and then you'll fly\nFly, phoenix, fly\nIt's time for a new empire\nGo bury your demons then tear down the ceiling\nPhoenix, fly",
        "linkToVideo": "https://www.youtube.com/watch?v=dpdWuM4SZdc&ab_channel=LeagueofLegends"
    },
  ...
]

Get Stories by coordinate identifier

Method: GET

Path: https://HOST:PORT/story/coordinate/{coordinateId} (Replace {coordinateId} with the identifier to lookup for. e.g. 1202)

Header: Authorization = Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoYWltIiwidXNlck5hbWUiOiJIYWltIEFkcmlhbiJ9.J28593Lq7IbO_Jvz4tK3GaP3K2FnSNqSq9O9SK2I3lA

Body: Empty

Response: The result is a list of stories, without content/image! To reduce size. Use Get story by identifier to find the details.

[
    {
        "storyId": 708,
        "user": {
            "id": "[email protected]",
            "name": "Haim Adrian",
            "dateOfBirth": "1970-01-01",
            "coins": 2
        },
        "coordinate": {
            "coordinateId": 1202,
            "latitude": 32.01623990507656,
            "longitude": 34.773109201554945,
            "locationName": "Holon Institute of Technology",
            "image": "image data as byte array here"
        },
        "since": "2019-11-10",
        "heroName": "Chrissy Costanza",
        "title": "Phoenix",
        "content": "So are you gonna die today or make it out alive?\nYou gotta conquer the monster in your head and then you'll fly\nFly, phoenix, fly\nIt's time for a new empire\nGo bury your demons then tear down the ceiling\nPhoenix, fly",
        "linkToVideo": "https://www.youtube.com/watch?v=dpdWuM4SZdc&ab_channel=LeagueofLegends"
    },
  ...
]