Skip to content

Latest commit

 

History

History
91 lines (64 loc) · 6.85 KB

File metadata and controls

91 lines (64 loc) · 6.85 KB

API Directory

This directory explains each API endpoint in the front end React app and the purposes they serve. Each function name is linked to the /Controller file that it executes.

Endpoints

Each category is a link to its Routes or relevant folder.

  • refreshToken - JWT token refresh endpoint that validates HTTP-only cookies and issues new access tokens
  • authorizeRequest - Validates JWT tokens from headers or cookies, handles token verification and rejection
  • guard - Express middleware for protecting routes with JWT authentication
  • createAccessToken - Generates JWT access tokens with configurable expiration
  • createRefreshToken - Generates JWT refresh tokens with 18-day expiration and token version tracking
  • handleTokenRejection - Clears cookies and logs out users when tokens are invalid

📖 For comprehensive authentication system documentation, see docs/authentication-system.md

  • updateUser updates user document
  • changePassword changes user password (in-app, during a secure session) and invalidates all existing tokens, issues new JWT tokens
  • resetPassword changes user password (outside of a secure session, user is verified via unique URL)
  • confirmResetPasswordHash confirms a unique link provided to user if they ask to reset their password
  • confirmActivationHash confirms a unique link provided to user if they create a new account
  • deleteUser deletes user account and stored document
  • login logs user into the app
  • checkPrivilege checks if user has viewed the Eligibility requirements and clicked "Agree". (Users cannot make Celebrations without this)
  • givePrivilege updates a user's document to TRUE for the above
  • promoteDonor updates a user document to TRUE for the above
  • getUserData returns any user data that is exposed by the client
  • forgotPassword starts process to allow user to reset their password (if they cannot login)
  • createUser creates a new User account document,
  • logout logs out user
  • GET /api/congress/ — List politicians for the selectable roster (lobby carousel, search). getPols: has_stakes: true and roster_excluded not true.
  • GET /api/congress/members/:pol — Single politician document (getPol); requires authentication.
  • GET /api/congress/election-dates — Election dates (snapshot / fallbacks).
  • sendPayment sends payment to Stripe,
  • setupIntent creates a "payment intent" object
  • setPaymentMethod creates a "payment method" i.e. user's credit card
  • Roster exclusion: POST /api/payments/celebrations/:customer_id rejects excluded pol_id with HTTP 400 and code: POL_ROSTER_EXCLUDED before Stripe payment intent creation (see polRosterEligibility).

📖 For comprehensive payment processing documentation, see docs/payment-processing.md
📖 For webhook processing details, see docs/webhooks.md

  • getPolsByLocation returns local Representative information (allows user to search by address/ZIP code)
  • getBTCAddress generates a unique Bitcoin address for donations using HD wallet derivation

📖 For comprehensive Bitcoin donations documentation, see docs/bitcoin-donations.md

  • notifyImgErr (PUT body { pol }, bioguide): may send an internal email when a roster WebP is still missing; suppresses send if {pol}.webp already exists on the served pfp tree or the same bioguide was alerted within 24 hours (pfp_image_error_alerts)
  • getConstants retrieves private constant values stored on the server

📖 For comprehensive webhook system documentation, see docs/webhooks.md

Related Documentation