BrAPI - PT node

Welcome to BrAPI - PT node

This is the root page for the BrAPI implementation of the PT-Node.

Implemented calls:

http://brapi.biodata.ptbrapi/v1/studies/studyDbID

This call is auth protected. You need to send an access_token in headers ex:

curl -H 'authorization: Bearer ' http://brapi.biodata.pt/brapi/v1/studies/studyDbID

No auth version of the same call

http://brapi.biodata.pt/noauth/brapi/v1/studies/studyDbID

Auth (Soon)

http://brapi.biodata.pt/brapi/v1/authentication

Get tokens

http://brapi.biodata.pt/brapi/v1/token

For more help refer to github readme:

Plant breeding API (BrAPI)

This is a test implementation of BrAPI using nodeJS .

Routes are done through express

Squelize is used to connect to the the mysql database defined in the config.js file.

How to install

To install this use must have nodejs and npm installed on your system. Once you have nodejs and npm install simply clone this repro and run:

    npm install

in the main directory.

Once all dependencies by nodejs have been installed you can start the server in dev mode by running, :

    DEBUG=brapi:* npm start

Setup database

This will guide you through installing the mysql server and the database as well as populating it with the test data.

    sudo apt-get update
    sudo apt-get install mysql-server
    sudo mysql_secure_installation
    #Setup a new user and permissions
    #...

    mysql -p -u [user] -D [database] < [pathToProject]/SQL/BrAPI_dan.sql #this will install the empty database

    #or

    mysql -p -u [user] -D [database] < [pathToProject]/SQL/TESTdata/sql_dump_[date].sql #this will install the latest db dump

Using the database

Configure config_brapi.js or whatever file is setup in components/[schema]/sqldb/index.js

    module.exports = {
      sql: {
          host: '[hostIfNotLocal]',
        database: '[theDBtoUse]',
        username: '[yourUsernaem]',
        password: '[yourPassword]',
        dialect: 'mysql', // PostgreSQL, MySQL, MariaDB, SQLite and MSSQL See more: http://docs.sequelizejs.com/en/latest/
        logging: console.log,
        timezone: '+05:30',
        limit: 1000  //Limit of result to get if findAll is used
      },
      mongo: {
        uri: ''
      },
      seedDB:false,
      seedMongoDB:false,
      seedDBForce:true,
      db:'sql' // mongo,sql if you want to use any SQL change dialect above in sql config
    }

Note: Create a user with limited privileges to query only the necessary tables.

Adding tables


Authentication

(Needs https configuration, only for importing data. Not in use now) OAuth 2.0 authentication provided by oauth2-server Being implemented in branch: OAuth20 Auth will be done by sending a auth grant to authorization server After auth has been achieved an access token will be generated to be used with the resource server. This way if someone discovers your access token it will be soon invalidated.

Figure 1 - OAuth scheme.

####Attention! User database isn't being saved with hashed passwords yet. Raw data in data base. There is no method for adding users yet either. This will employ some hashing along with variable salting string like creation time datetime stamp.

##Databases Default database scheme being used is fig. 2 while official db architecture isn't done.

Figure 2 - Database scheme being used for testing.

Refer to mysql directory to get creation scripts.

Database connection

To connect to the the mysql database you should set up the variables:

auth database parameters config_auth.js (Auth server) config_res.js (Resource Server)

Testing

To test that this is working you can try using a access_token:

localhost:3000/brapi/v1/brapi
localhost:3000/brapi/v1/investigation/investigationID

Getting tokens urls

localhost:3000/brapi/v1/token
localhost:3000/brapi/v1/authenticate

No auth example

localhost:3000/noauth/brapi/v1/investigation/investigationID

Two versions

Auth and no auth

The first should get you a hello world The second extracts the data from investigation database where investigaionID is the variable in the url path

Auth server should be separated from Resource server (TODO)

By this I mean even if it's the same resource the db privileges should be limited to read the access_token table and any other that is necessary. No write permission. "To much?"

Pagination (TODO)

If the response is a single record that doesn't require pagination, then the value for the "pagination" key is the javascript reserved word 'NULL'. When the results are paginated, the pagination object contains the keys "pageSize", "currentPage", "totalCount", "totalPages". The first page will be page 0 (zero).

Specs to be implemented for Studies

https://github.com/plantbreeding/API/tree/master/Specification/Studies