From 54a6794bd1e70e93a60abb5b51ab3f933df5a94e Mon Sep 17 00:00:00 2001
From: martin bedouret <martinbedouret@gmail.com>
Date: Thu, 11 Jan 2018 12:47:17 -0300
Subject: [PATCH 1/4] fixes

---
 api/controllers/user.js | 8 ++++----
 api/helpers/auth.js     | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/api/controllers/user.js b/api/controllers/user.js
index f2442f8b..82f97147 100644
--- a/api/controllers/user.js
+++ b/api/controllers/user.js
@@ -150,17 +150,17 @@ function loginUser(args, res) {
     var password = args.body.password;
     console.log(role + username + password);
 
-    if (role != "user" && role != "admin") {
+    if (role !== "user" && role !== "admin") {
         return res.status(400).json({
-            message: 'Error: Role must be either "admin" or "user"'
+            message: "Error: Role must be either admin or user"
         });
     }
 
-    if (username == "username" && password == "password" && role) {
+    if (username === "cboard_robot" && password === "youNIC4$" && role) {
         var tokenString = auth.issueToken(username, role);
         res.status(200).json({
             token: tokenString,
-            message: "User successfully authenticated"
+            message: "Token successfully generated"
         });
     } else {
         res.status(403).json({
diff --git a/api/helpers/auth.js b/api/helpers/auth.js
index 5581c296..2cba8578 100644
--- a/api/helpers/auth.js
+++ b/api/helpers/auth.js
@@ -2,7 +2,7 @@
 
 var jwt = require("jsonwebtoken");
 var sharedSecret = "shh";
-var issuer = "my-awesome-website.com";
+var issuer = "cboard.io";
 
 //Here we setup the security checks for the endpoints
 //that need it (in our case, only /protected). This

From 80bc2544b83f5235b9bb702956140ed000a8ee31 Mon Sep 17 00:00:00 2001
From: martin bedouret <martinbedouret@gmail.com>
Date: Thu, 11 Jan 2018 12:52:35 -0300
Subject: [PATCH 2/4] implement security for all operations

---
 api/swagger/swagger.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/api/swagger/swagger.yaml b/api/swagger/swagger.yaml
index c815f417..3a65edd9 100644
--- a/api/swagger/swagger.yaml
+++ b/api/swagger/swagger.yaml
@@ -67,6 +67,11 @@ paths:
     post:
       operationId: createUser
       description: Create a new user
+      security:
+        - Bearer: []
+      x-security-scopes:
+        - admin
+        - user
       parameters:
         - $ref: '#/parameters/User'
       responses:
@@ -100,6 +105,11 @@ paths:
     get:
       operationId: getUser
       description: get a specific user
+      security:
+        - Bearer: []
+      x-security-scopes:
+        - admin
+        - user
       parameters:
         - name: id
           type: string
@@ -118,6 +128,11 @@ paths:
     put:
       operationId: updateUser
       description: update a user
+      security:
+        - Bearer: []
+      x-security-scopes:
+        - admin
+        - user
       parameters:
         - name: id
           description: User Id
@@ -143,6 +158,10 @@ paths:
     delete:
       operationId: removeUser
       description: delete a user
+      security:
+        - Bearer: []
+      x-security-scopes:
+        - admin
       parameters:
         - name: id
           description: User id
@@ -164,6 +183,11 @@ paths:
     post:
       operationId: activateUser
       description: Create a new user
+      security:
+        - Bearer: []
+      x-security-scopes:
+        - admin
+        - user
       parameters:
         - in: path
           name: url

From f2a14161adc8bd0f95af5e82a12295e2f275d3dc Mon Sep 17 00:00:00 2001
From: martin bedouret <martinbedouret@gmail.com>
Date: Thu, 11 Jan 2018 15:54:44 -0300
Subject: [PATCH 3/4] updates for version 0.0.1

---
 api/swagger/swagger.yaml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/api/swagger/swagger.yaml b/api/swagger/swagger.yaml
index 3a65edd9..d2a3f413 100644
--- a/api/swagger/swagger.yaml
+++ b/api/swagger/swagger.yaml
@@ -66,7 +66,7 @@ paths:
     x-swagger-router-controller: user
     post:
       operationId: createUser
-      description: Create a new user
+      description: Create a new temporal user in database and send an email to validate the user.
       security:
         - Bearer: []
       x-security-scopes:
@@ -85,7 +85,7 @@ paths:
             $ref: "#/definitions/ErrorResponse"
     get:
       operationId: listUser
-      description: Return users list
+      description: Returns the full users list for the confirmed users.
       security:
         - Bearer: []
       x-security-scopes:
@@ -104,7 +104,7 @@ paths:
     x-swagger-router-controller: user
     get:
       operationId: getUser
-      description: get a specific user
+      description: Returns a specific user
       security:
         - Bearer: []
       x-security-scopes:
@@ -127,7 +127,7 @@ paths:
             $ref: "#/definitions/ErrorResponse"
     put:
       operationId: updateUser
-      description: update a user
+      description: Updates a specific user
       security:
         - Bearer: []
       x-security-scopes:
@@ -157,7 +157,7 @@ paths:
             $ref: "#/definitions/ErrorResponse"
     delete:
       operationId: removeUser
-      description: delete a user
+      description: Deletes a specific user
       security:
         - Bearer: []
       x-security-scopes:
@@ -182,7 +182,7 @@ paths:
     x-swagger-router-controller: user
     post:
       operationId: activateUser
-      description: Create a new user
+      description: Create a new user by copying it from temporal users and it removes the temporal user
       security:
         - Bearer: []
       x-security-scopes:
@@ -208,7 +208,7 @@ paths:
     x-swagger-router-controller: user
     post:
       operationId: loginUser
-      description: Authenticate user by email and password
+      description: Returns a valid token for a user, that can be used for api authentication.
       parameters:
         - name: role
           description: user role

From 9b544ce824e390f8c11272903d2d850b710c0b5e Mon Sep 17 00:00:00 2001
From: martin bedouret <martinbedouret@gmail.com>
Date: Fri, 12 Jan 2018 07:36:40 -0300
Subject: [PATCH 4/4] version 0.0.1

---
 README.md | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 539bdebf..f60caa56 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Cboard API - REST API for CBoard application
 
-[Cboard](https://shayc.github.io/cboard) is an augmentative and alternative communication (AAC) web application, allowing users with speech and language impairments (autism, cerebral palsy) to communicate by symbols and text-to-speech.
+[Cboard](https://app.cboard.io/) is an augmentative and alternative communication (AAC) web application, allowing users with speech and language impairments (autism, cerebral palsy) to communicate by symbols and text-to-speech.
 
 <img src='https://i.imgur.com/eeH9cUM.jpg' width='794' alt='Cboard screenshot'>
 
@@ -16,6 +16,34 @@ This video from Real Look Autism will help you understand how communication boar
 
 <a href="https://www.youtube.com/watch?v=oIGrxzPMVtw"><img src="https://img.youtube.com/vi/oIGrxzPMVtw/0.jpg" alt="Real Look Autism Episode 8" width="480" height="360"></a>
 
+## Quick start
+
+### Install
+Clone repository and install npm dependencies:
+```bash
+$ git clone https://github.com/cboard-org/cboard-api.git
+$ cd cboard-api
+$ npm install
+```
+
+### Run the API Server
+Using swagger for nodejs. You need to install swagger for node locally first, Install it using npm. For complete instructions, see the [install](./docs/install.md) page.
+
+```bash
+$ npm install -g swagger
+$ swagger project start
+```
+That should start a server process listening on port 10010.
+
+### See API Paths
+By using swagger edit appication:
+```bash
+$ swagger project edit
+```
+That should open a browser window and show API swagger editor like below:
+<img src='https://i.imgur.com/pt0eJVQ.png' width='600' alt='Cboard API Swagger'>
+
+
 ## License
 
 Code - [GPLv3](https://github.com/shayc/cboard/blob/master/LICENSE)