# EAP: Architecture Specification and Prototype Through cooperative Q&A we, ColLabsTech, aim to create a community of motivated people who have a shared goal in learn, explore, grow, improve and help others improve using the tools and skills you learn. In this community you have the opportunity to write about subjects that really matter to you and reflects your interests. ## A7: Web Resources Specification The artifact provides information on the architecture of the web application that will be developed, including a resource catalog with properties that identify each resource, as well as the format of the JSON responses. YAML is used to conform to the OpenAPI specification. ### 1. Overview | Module | Module Description | |--------|--------------------| | M01: Registration, authentication and external auth api | Web resources associated with user authentication/registration. Includes the following system features: login/logout, signup/registration and password recovery. Also includes endpoints related to the use of external APIs. | | M02: User profile, user information and user posts | Related to user profile management. It provides features such as viewing and editing your personal profile, viewing statistics about you and your subscriptions and viewing your saved posts. | | M03: Homepage, questions and respective answers and comments | This module contains web resources related to a post, comment or their versions. Includes not only the view but also the edit of a post, view and edit of a comment and the visualization of the different versions of them. | | M04: Administration page | This module is linked to the pages and actions that can only be accessed by system administrators, namely reports and ban moderators. | | M05: Static pages| Web resources related to static content. Includes the pages About us, Contacts and FAQ. | ### 2. Permissions |Abbreviation|Name|Description| |--|--|--| |PUB|Public|Users without privileges; not logged in into the system| |BAN|Banned user|Authenticated user with read-only permissions| |USR|Authenticated/Non banned user|Regular authenticated users| |OWN|Owner|Owner of the content| |MOD|Moderator|Site moderator| |ADM|Administrator|Administrator of the system| ### 3. OpenAPI Specification OpenAPI specification in YAML format to describe the web application's web resources. Link to the `a7_openapi.yaml` file in the group's repository. ```yaml openapi: 3.0.0 info: version: '1.0' title: 'ColLabsTech OpenApi' description: 'Web Resources Specification (A7) for ColLabsTech' servers: - url: http://lbaw.fe.up.pt description: 'Production server' externalDocs: description: "Find more info here." url: https://git.fe.up.pt/lbaw/lbaw2223/lbaw2233/-/wikis/home tags: - name: 'M01: Registration, authentication and external auth api' - name: 'M02: User profile, user information and user posts' - name: 'M03: Homepage, questions and respective answers and comments' - name: 'M04: Administration page' - name: 'M05: Static pages' paths: /register: get: operationId: R101 summary: 'R101: Register Form' description: 'Provide register form. Access: PUB' tags: - 'M01: Registration, authentication and external auth api' responses: '200': description: 'Ok. Show sign-up UI' post: operationId: R102 summary: 'R102: Register Action' description: 'Processes the register form submission. Access: PUB' tags: - 'M01: Registration, authentication and external auth api' requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object properties: username: type: string name: type: string profileImage: type: string email: type: string password: type: string aboutMe: type: string dateBirth: type: string required: - username - name - email - password - aboutMe - dateBirth responses: '302': description: 'Redirect after processing the register action.' headers: Location: schema: type: string examples: 302Success: description: 'Successful registration. Redirect to user profile.' value: '/users/{id}' 302Error: description: 'Failed registration. Redirect to login form.' value: '/register' /login: get: operationId: R103 summary: 'R103: Login Form' description: 'Provide login form. Access: PUB' tags: - 'M01: Registration, authentication and external auth api' responses: '200': description: 'Ok. Show Log-in UI' post: operationId: R104 summary: 'R104: Login Action' description: 'Processes the login form submission. Access: PUB' tags: - 'M01: Registration, authentication and external auth api' requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object properties: email: type: string password: type: string required: - email - password responses: '302': description: 'Redirect after processing the login credentials.' headers: Location: schema: type: string examples: 302Success: description: 'Successful authentication. Redirect to user profile.' value: '/users/{id}' 302Error: description: 'Failed authentication. Redirect to login form.' value: '/login' /logout: get: operationId: R105 summary: 'R105: Logout Action' description: 'This web resource logs out the authenticated user (includes admins and mods). Access: OWN, MOD, ADM' tags: - 'M01: Registration, authentication and external auth api' responses: '302': description: 'Redirect after processing logout.' headers: Location: schema: type: string examples: 302Success: description: 'Successful logout. Redirect to previous page.' value: previousPage 302Failure: description: 'Failed logout. Redirect to register form.' value: '/login' /recover: get: operationId: R106 summary: 'R106: Recover Password Form' description: 'Provide recover form. Access: PUB' tags: - 'M01: Registration, authentication and external auth api' responses: '200': description: 'Ok. Show recover UI' post: operationId: R107 summary: 'R107: Login Action' description: 'This web resource processes the recover action. Access: PUB' tags: - 'M01: Registration, authentication and external auth api' requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object properties: email: type: string required: - email responses: '302': description: 'Redirect after processing recover action.' headers: Location: schema: type: string examples: 302Success: description: 'Successful email sent. Redirect to static page.' value: '/static/successful-email' 302Failure: description: 'Failed email sent. Redirect to recover form.' value: '/recover' /users/{id}: get: operationId: R201 summary: 'R201: View user profile' description: 'Show the individual user profile. Access: USR, PUB' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true responses: '200': description: 'Success. Show User Profile' '404': description: 'User not found' /users/{id}/edit: get: operationId: R202 summary: 'R202: Edit User Profile' description: 'Shows page that allows the edition of users. Access: OWN' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true responses: '202': description: 'Ok. Show edit page' '401': description: 'Unauthorized' post: operationId: R203 summary: 'R203: Edit User Profile Action' description: 'Edit the users profile. Access: OWN' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object properties: name: type: string profImage: type: string format: binary email: type: string password: type: string aboutMe: type: string responses: '200': description: 'Ok. User profile updated' '401': description: 'Unauthorized because the user is not logged in' '403': description: 'No permission to edit the users profile' '404': description: 'User not found' '302': description: 'Redirect after processing edit action.' headers: Location: schema: type: string examples: 302Success: description: 'User profile updated successfuly.' value: '/users/{id}' delete: operationId: R204 summary: 'R204: Delete User Account Action' description: 'Delete User Account. Access: OWN, MOD' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true responses: '200': description: 'Ok. Delete user profile' '401': description: 'Unauthorized. User is not logged in' '403': description: 'Forbidden. No permission to delete user' '404': description: 'User not found' '302': description: 'Redirect after processing deleting action.' headers: Location: schema: type: string examples: 302Success: description: 'User profile deleted successfuly.' value: '/homepage' /users/{id}/statistics: get: operationId: R205 summary: 'R205: Information about the statistics' description: 'Shows the information about the statistics of each user. Access: OWN' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true responses: '200': description: 'User Profile updated successfully.' '401': description: 'Unauthorized because the user is not logged in' '403': description: 'No permission to view the users statistics' '404': description: 'Information not found' '302': description: 'Redirect after processing statistics page.' headers: Location: schema: type: string examples: 302Error: description: 'Error. Back to Home Page' value: '/homepage' /users/{id}/badges: get: operationId: R206 summary: 'R206: Information about a users badges' description: 'Shows the information about the badges of each user. Access: PUB, USR' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true responses: '200': description: 'User Profile updated successfully.' content: application/json: schema: type: array items: type: object properties: id: type: integer name: type: string badgeType: type: string example: - id: 1 name: Fusce badgeType: Bronze - id: 2 name: Proin badgeType: Silver - id: 3 name: Morbi badgeType: Gold '404': description: 'Information not found' '302': description: 'Redirect after processing statistics page.' headers: Location: schema: type: string examples: 302Success: description: 'Success. Redirect to User Profile' value: '/users/{id}' 302Error: description: 'Error. Back to Home Page' value: '/homepage' /users/{id}/subs: get: operationId: R207 summary: 'R207: Information about a users subscriptions' description: 'Shows the information about the subscriptions of each user. Access: OWN' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true responses: '200': description: 'Everything ok' '404': description: 'Information not found' post: operationId: R208 summary: 'R208: Subscription of an user action' description: 'Action for the subscription of an user. Access: OWN' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object properties: id: type: integer required: - id responses: '200': description: 'Success' '401': description: 'Unauthorized because the user is not logged in' '403': description: 'No permission to suscribe to this user' '404': description: 'Error. User not found' '302': description: 'Redirect after processing subscription action.' headers: Location: schema: type: string examples: 302Success: description: 'Success. Redirect to previous page' value: previousPage 302Error: description: 'Error. Back to Home Page' value: '/homepage' delete: operationId: R209 summary: 'R209: Delete subscription of a user action' description: 'Action to delete the subscription of a user. Access: OWN' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true responses: '200': description: 'Success' '401': description: 'Unauthorized because the user is not logged in' '403': description: 'No permission to suscribe to this user' '404': description: 'Error. User not found' '302': description: 'Redirect after deleting the subscription action.' headers: Location: schema: type: string examples: 302Success: description: 'Success. Redirect to previous page' value: previousPage 302Error: description: 'Error. Back to Home Page' value: '/homepage' /users/{id}/subs/tags: post: operationId: R210 summary: 'R210: Subscription of a tag action' description: 'Action for the subscription of a tag. Access: OWN' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object properties: idTag: type: integer required: - idTag responses: '200': description: 'Success' '401': description: 'Unauthorized because the user is not logged in' '403': description: 'No permission to suscribe to this user' '404': description: 'Error. User not found' '302': description: 'Redirect after the subscription action.' headers: Location: schema: type: string examples: 302Success: description: 'Success. Redirect to previous page' value: previousPage 302Error: description: 'Error. Back to Home Page' value: '/homepage' delete: operationId: R211 summary: 'R211: Delete subscription of a tag action' description: 'Action to delete the subscription of a tag. Access: OWN' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true responses: '200': description: 'Success' '401': description: 'Unauthorized because the user is not logged in' '403': description: 'No permission to suscribe to this user' '404': description: 'Error. User not found' '302': description: 'Redirect after deleting the subscription action.' headers: Location: schema: type: string examples: 302Success: description: 'Success. Redirect to previous page' value: previousPage 302Error: description: 'Error. Back to Home Page' value: '/homepage' /users/{id}/saved_posts: get: operationId: R212 summary: 'R212: Saved posts of a user' description: 'Shows all the saved posts of each user. Access: OWN' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true responses: '200': description: 'Success' '404': description: 'Unauthorized because the user is not logged in' post: operationId: R213 summary: 'R213: Adds posts to the saved posts' description: 'Action that adds posts to the saved posts of each user. Access: OWN' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true responses: '200': description: 'Success' '401': description: 'Unauthorized because the user is not logged in' '403': description: 'No permission to suscribe to this user' '404': description: 'Error. User not found' '302': description: 'Redirect after adding the post action.' headers: Location: schema: type: string examples: 302Success: description: 'Success. Redirect to previous page' value: previousPage 302Error: description: 'Error. Back to Home Page' value: '/homepage' delete: operationId: R214 summary: 'R214: Delete a post from the saved posts of a user' description: 'Action to delete a certain post from the saved posts. Access: OWN' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true responses: '200': description: 'Success' '401': description: 'Unauthorized because the user is not logged in' '403': description: 'No permission to suscribe to this user' '404': description: 'Error. User not found' '302': description: 'Redirect after deleting a saved post action.' headers: Location: schema: type: string examples: 302Success: description: 'Success. Redirect to previous page' value: previousPage 302Error: description: 'Error. Back to Home Page' value: '/homepage' /users/{id}/tags: get: operationId: R215 summary: 'R215: Tags used by a user' description: 'Shows all the tags that were used by a user. Access: PUB,USR' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true responses: '200': description: 'Success' '404': description: 'Unauthorized because the user is not logged in' '302': description: 'Redirect after showing all tags.' headers: Location: schema: type: string examples: 302Success: description: 'Success. Redirect to User Profile Page' value: /users/{id} /users/{id}/comments: get: operationId: R216 summary: 'R216: Comments posted by a user' description: 'Shows all the comments that were published by a user. Access: PUB,USR' tags: - 'M02: User profile, user information and user posts' parameters: - in: path name: id schema: type: integer required: true responses: '200': description: 'Success' '404': description: 'Unauthorized because the user is not logged in' '302': description: 'Redirect after showing all comments.' headers: Location: schema: type: string examples: 302Success: description: 'Success. Redirect to User Profile Page' value: /users/{id} 302Error: description: 'Error. Redirect to HomePage' value: /homepage /homepage: get: operationId: R301 summary: 'R301: View Questions Page/ Homepage' description: 'Show the questions list. Access: PUB' tags: - 'M03: Homepage, questions and respective answers and comments' parameters: - in: query name: questions_id schema: type: integer minimum: 1 required: true responses: '200': description: 'Show homepage successfully.' /homepage/createQuestion: post: operationId: R302 summary: 'R302: Add Question Action' description: 'Processes the user question creation form submission. Access: USR' tags: - 'M03: Homepage, questions and respective answers and comments' requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object properties: title: type: string content: type: string required: - title - content responses: '302': description: 'Redirect after processing the new question.' headers: Location: schema: type: string examples: 302Success: description: 'Question successfully posted. Redirect to homepage.' value: '/homepage' 302Failure: description: 'Failed to post the question. Redirect to homepage.' value: '/homepage' /question/{id}: get: operationId: R303 summary: 'R303: View Questions Page Content' description: 'View a specific question and related answers and comments. Access: PUB' tags: - 'M03: Homepage, questions and respective answers and comments' parameters: - in: path name: id schema: type: integer required: true - name: page in: query required: false description: Pagination attribute to identify which page you are requesting. schema: type: integer minimum: 0 default: 0 responses: '200': description: 'Show question page successfully.' /question/{id}/add: post: operationId: R304 summary: 'R304: Add Answer/Comment Action' description: 'Processes the user answer/comment creation form submission. Access: USR' tags: - 'M03: Homepage, questions and respective answers and comments' parameters: - in: path name: id schema: type: integer required: true requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object properties: content: type: string required: - content responses: '302': description: 'Redirect after processing the new post/comment.' headers: Location: schema: type: string examples: 302Success: description: 'Successfully posted. Redirecting to homepage.' value: '/homepage' 302Failure: description: 'Failed to post. Redirecting to question page.' value: '/question/{id}' /question/{id}/review: post: operationId: R305 summary: 'R305: Add Review' description: 'Review a specific question. Access: USR' tags: - 'M03: Homepage, questions and respective answers and comments' parameters: - in: path name: id schema: type: integer required: true requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object properties: reviewType: type: string required: - reviewType responses: '302': description: 'Redirect after processing the new review.' headers: Location: schema: type: string examples: 302Success: description: 'Review successfully added. Redirecting to question page.' value: '/question/{id}' 302Failure: description: 'Failed to add review. Redirecting to question page.' value: '/question/{id}' /question/{id}/report: post: operationId: R306 summary: 'R306: Report' description: 'Report a certain question. Access: USR' tags: - 'M03: Homepage, questions and respective answers and comments' parameters: - in: path name: id schema: type: integer required: true requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object properties: reportDescription: type: string required: - reportDescription responses: '302': description: 'Redirect after processing the new report.' headers: Location: schema: type: string examples: 302Success: description: 'Report successfully completed. Redirect to homepage.' value: '/homepage' 302Failure: description: 'Failed to complete report. Redirect to question page.' value: '/question/{id}' /admins/{admin_id}: get: operationId: R401 summary: 'R401: Administrators page' description: 'Show the administrators page. Access: ADM' tags: - 'M04: Administration page' parameters: - in: path name: admin_id schema: type: integer required: true responses: '200': description: 'Success. Show Administration Page' '401': description: 'Error. Administrator is not logged in' '403': description : 'Forbidden. This user does not have permission' '404': description: 'Page not found' delete: operationId: R402 summary: 'R402: Delete administrator' description: 'Delete administrator permissions of a user. Access: ADM' tags: - 'M04: Administration page' parameters: - in: path name: admin_id schema: type: integer required: true responses: '200': description: 'Success.' '401': description: 'Error. Administrator is not logged in' '403': description : 'Forbidden. This user does not have permission to delete an administrator' '404': description: 'Not found' /admins/{user_id}: post: operationId: R403 summary: 'R403: Add administrator' description: 'Promote a moderator to administrator. Access: ADM' tags: - 'M04: Administration page' parameters: - in: path name: user_id schema: type: integer required: true responses: '200': description: 'Success.' '401': description: 'Error. Administrator is not logged in' '403': description : 'Forbidden. This user does not have permission to promote another user' '404': description: 'User not found' /mods/reports: get: operationId: R404 summary: 'R404: Shows all reports' description: 'Shows all reports associated to a moderator. Access: ADM, MOD' tags: - 'M04: Administration page' responses: '200': description: 'Success.' '401': description: 'Error. User is not logged in' '403': description : 'Forbidden. This user does not have permission to see the reports' /mods/reports/{report_id}: put: operationId: R405 summary: 'R405: Close report' description: 'Mark a report as closed. Access: ADM,MOD' tags: - 'M04: Administration page' parameters: - in: path name: report_id schema: type: integer required: true responses: '200': description: 'Success.' '401': description: 'Error. User is not logged in' '403': description : 'Forbidden. This user does not have permission to close the report' '404': description: 'Error. Report not found' /users/banned: get: operationId: R406 summary: 'R406: Banned users' description: 'List of banned users. Access: ADM,MOD' tags: - 'M04: Administration page' responses: '200': description: 'Success.' '401': description: 'Error. User is not logged in' '403': description : 'Forbidden. This user does not have permission to see the banned users' '404': description: 'Error. Not found' /mods/banned: get: operationId: R407 summary: 'R407: Banned moderators' description: 'List of banned moderators. Access: ADM' tags: - 'M04: Administration page' responses: '200': description: 'Success.' '401': description: 'Error. User is not logged in' '403': description : 'Forbidden. This user does not have permission to see the banned users' '404': description: 'Error. Not found' /users/{user_id}/reports: post: operationId: R408 summary: 'R408: Make a report' description: 'Report a user. Access: USR' tags: - 'M04: Administration page' parameters: - in: path name: user_id schema: type: integer required: true requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object properties: explanation: type: string type_report: type: string required: - explanation - type_report responses: '200': description: 'Success.' '401': description: 'Unauthorized. User is not logged in' '403': description : 'Forbidden. This user does not have permission to report another user' '404': description: 'Error. Not found' /users/{user_id}/ban: post: operationId: R409 summary: 'R409: Ban user' description: 'Ban a user. Access: MOD' tags: - 'M04: Administration page' parameters: - in: path name: user_id schema: type: integer required: true requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object properties: explanation: type: string required: - explanation responses: '200': description: 'Success.' '401': description: 'Unauthorized. User is not logged in' '403': description : 'Forbidden. This user does not have permission to ban another user' '404': description: 'Error. Not found' '409': description: 'Error. User has already been banned' /mods/{mods_id}/ban: post: operationId: R410 summary: 'R410: Ban moderator' description: 'Ban a moderator. Access: ADM' tags: - 'M04: Administration page' parameters: - in: path name: mods_id schema: type: integer required: true requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object properties: explanation: type: string required: - explanation responses: '200': description: 'Success.' '401': description: 'Unauthorized. User is not logged in' '403': description : 'Forbidden. This user does not have permission to ban another user' '404': description: 'Error. Not found' '409': description: 'Error. User has already been banned' /static/about_us: get: operationId: R501 summary: 'R501: Get About page' description: 'Provide acess to the about page. Acess: PUB' tags: - 'M05: Static pages' responses: '200': description: 'OK. Show the static pages.' '404': description: 'Page not found.' /static/contacts: get: operationId: R502 summary: 'R502: Get contacts page' description: 'Provide acess to the contacts page. Acess: PUB' tags: - 'M05: Static pages' responses: '200': description: 'OK. Show the contacts pages.' '404': description: 'Page not found.' /static/FAQ: get: operationId: R503 summary: 'R503: Get FAQ page' description: 'Provide acess to the FAQ page. Acess: PUB' tags: - 'M05: Static pages' responses: '200': description: 'OK. Show the FAQ pages.' '404': description: 'Page not found.' ``` ## A8: Vertical prototype This artifact provides a general description of the architecture that will be used for the development of the system as well as the implementation of the features marked as mandatory in the common and theme requirements documents. ### 1. Implemented Features #### 1.1. Implemented User Stories | Identifier | Name | Priority | Description | | ---------- | ---- | -------- | ----------- | | US11 | Home | High | As a User, I want to access the website homepage, so that I can have an curated overview of the current questions | | US12 | Search | High | As a User, I want to search the platform keywords, so that I can quickly find questions that I am looking for | | US14 | About Us | High | As a User, I want to access the about page so that I can see information about the creators and the website purpose | | US15 | Contacts | High | As a User, I want to see the services conctacts, so that I can communicate with the admin team | | US16 | Consult FAQ | High | As a User, I want to access the FAQ, so that I can get quick answers of commons questions about the website | | US21 | Sign-in | High | As a Non-Authenticated user, I want to authenticate in the system so that I can access privileged actions | | US22 | Sign-up | High | As a Non-Authenticated user, I want to register myself into the system so that I can authenticate myself into the system | | US303 | Ask Question | High | As a User, I want to add a new question and its tags so that it becomes available to other users | | US304 | Answer Questions | High | As a User, I want to reply to a question so that the answer becomes available to other users | | US312 | See Statistics | High | As a User I want to check my usage activity so that I know which are the most relevant tags for me | | US313 | Logout | High | As a User, I want to logout my account so that I can finish my current login session | #### 1.2. Implemented Web Resources > Module M01: Registration, authentication and external auth api | Web Resource Reference | URL | | ---------------------- | ------------------------------ | | R101: Register/Sign-up form | GET /register | | R102: Register/Sign-up action | POST /register | | R103: Login/Sign-in form | GET /login | | R104: Login/Sign-in action | POST /login | R105: Logout action | POST /logout | > Module M02: User profile, user information and user posts | Web Resource Reference | URL | | ---------------------- | ------------------------------ | | R201: View user profile | GET /users/{id}| | R205: Information about the statistics | GET /users/{id}| > Module M03: Homepage, questions and respective answers and comments | Web Resource Reference | URL | | ---------------------- | ------------------------------ | | R301: View Questions Page/Homepage | GET /homepage| | R302: Add Question Action | POST /homepage/createQuestion | | R303: View Questions Page Content | GET /question/{id} | > Module M05: Static Pages | Web Resource Reference | URL | | ---------------------- | ------------------------------ | | R501: About page | GET /static/about | | R502: Contacts page | GET /static/contacts | | R503: FAQ page | GET /static/faq | ## 2. Prototype The prototype is available at: Credentials: - admin user: - regular user: The code is available at