Recapitulating Exercise
Suject
You have to provide a server system in Node-RED with the following capabilities. The system works with the database used in the previous exercises (medizininformatik). You must create a new tabletoken
(just copy paste the following code inside mysql):
CREATE TABLE token ( tokenID INT NOT NULL AUTO_INCREMENT, value VARCHAR(200) NOT NULL, staffID INT, PRIMARY KEY(tokenID) );We will use this token to verify that a request is valid for accessing the system. For each of the requests for manipulating data, the first step will be to test if one has a valid token. This is similar to the system used by Nasa for the API we used in a former exercise.
You need to implement the following functionalities:
GenerateToken
Input JSON in a POST request -> output a new ticket that is written inside the Database (JSON object).
Example of input:{ 'username':'bie1', 'password':'test' }
Example of output:{ 'token' : 'qwqwjkdiuwejiikjkj' }
You must validate that the username and password match with data inside the database (in the tablesstaff
andcredential
).
The passwords are stored "hashed" for security reasons.
To insert a password inside the database, we use the following SQL (in this example, we insert the password "house" for the user number 1):INSERT INTO `medizininformatik`.`credential` (`credentialID`, `staffID`, `hashed_password`, `hashed_nfctag`) VALUES (NULL, '1', sha('house'), '');
Here are some valid users:- username: house, password: house
- username: wilson, password: wilson
- username: taub, password: taub
select username, staff.staffID, credentialID from staff, credential where staff.staffID=credential.staffID and username='house' and hashed_password=sha('house');
-
EnterData
with a POST request.Input is a JSON{ 'token': 'qwqwjkdiuwejiikjkj', 'patient':'1', 'vital_sign': '1', 'value':'37.5', 'note':'Everything is OK' }
Output is just a value OK or error. -
GetData
Input: token, vitalsign and patient in a GET request.
Ouput:[ {"date": ..., "value": ...}, {"date": ..., "value": ...} ]
GetAverage
Input token, vitalsign and patient in a GET request. Output average for the vitalsign for this patient (JSON object).
Conditions
This work must be done by each student alone using Node-RED.You have to deliver the source code of your project per mail (you must chose "export" in the menu and copy paste the content into the mail, be carefull to export all the tab(s) and not just one single node).
Even if Web Security is VERY important, you do not have to take care of it for this project.
Deadline: 22nd of April 2021
Related Pages
Contact
Prof. Dr. Emmanuel Benoist
Berner Fachhochschule - TI
Quellgasse 21
CH-2501 Biel/Bienne
Switzerland
Mail: emmanuel.benoist (at) bfh.ch
Berner Fachhochschule - TI
Quellgasse 21
CH-2501 Biel/Bienne
Switzerland
Mail: emmanuel.benoist (at) bfh.ch
Social Networks
Follow
me
on
Linkedin, Scholar
& Research gate