Recapitulating Exercise

Suject

You have to provide a server system in Node-RED with the following capabilities. The system works with the database used in the previous exercises (medizininformatik). You must create a new table token (just copy paste the following code inside mysql):
CREATE TABLE token (
    tokenID INT NOT NULL AUTO_INCREMENT,
    value VARCHAR(200) NOT NULL,
    staffID INT,
    PRIMARY KEY(tokenID)
);
We will use this token to verify that a request is valid for accessing the system. For each of the requests for manipulating data, the first step will be to test if one has a valid token. This is similar to the system used by Nasa for the API we used in a former exercise.
You need to implement the following functionalities:
  • GenerateToken
    Input JSON in a POST request -> output a new ticket that is written inside the Database (JSON object).
    Example of input:
    {
       'username':'bie1',
       'password':'test'
    }
      
    Example of output:
    {
      'token' : 'qwqwjkdiuwejiikjkj'
    }
      
    You must validate that the username and password match with data inside the database (in the tables staff and credential).
    The passwords are stored "hashed" for security reasons.
    To insert a password inside the database, we use the following SQL (in this example, we insert the password "house" for the user number 1):
      
    INSERT INTO `medizininformatik`.`credential` (`credentialID`, `staffID`,
    `hashed_password`, `hashed_nfctag`) VALUES (NULL, '1', sha('house'), '');
    
    
    Here are some valid users:
    • username: house, password: house
    • username: wilson, password: wilson
    • username: taub, password: taub
    Example of a select statement to be used for testing the validity of a password:
    select username, staff.staffID, credentialID
        from staff, credential
        where staff.staffID=credential.staffID and
              username='house' and
              hashed_password=sha('house');
    
  • EnterData
    with a POST request.Input is a JSON
    {
        'token': 'qwqwjkdiuwejiikjkj',
        'patient':'1',
        'vital_sign': '1',
        'value':'37.5',
        'note':'Everything is OK'
    }
      
    Output is just a value OK or error.
  • GetData
    Input: token, vitalsign and patient in a GET request.
    Ouput:
    [
       {"date": ..., "value": ...},
       {"date": ..., "value": ...}
    ]
    
  • GetAverage
    Input token, vitalsign and patient in a GET request. Output average for the vitalsign for this patient (JSON object).

Conditions

This work must be done by each student alone using Node-RED.
You have to deliver the source code of your project per mail (you must chose "export" in the menu and copy paste the content into the mail, be carefull to export all the tab(s) and not just one single node).
Even if Web Security is VERY important, you do not have to take care of it for this project.

Deadline: 22nd of April 2021