Registration - Creating an API with a Centralized Database

[cerotrade]

Creating an API with a Centralized Database for Cero Trade

User Story

As a backend developer, I want to create a secure API that handles the tokenized user information storage and retrieval in a centralized database, ensuring data is handled in compliance with user data security regulations for Cero Trade.

Acceptance Criteria

• [ ] The user can't register if their userId is already linked to a record in the tokenVault.
• [ ] The API can generate a unique token (userToken) for each user.
• [ ] The API securely stores the user information along with its token in the centralized database.
• [ ] A record can be deleted from the database.
• [ ] Ensure all communications with the API are secured using HTTPS.

Tasks

• [ ] Set up the API environment:

  • Create express application
  • Deploy app to ElasticBeanstalk
  • Subdomain Configuration for api.cerotrade.cl
  • Install and configure the web server software to handle HTTP(S) requests for api.cerotrade.cl.
  • Obtain and configure SSL/TLS certificates for api.cerotrade.cl to enable secure HTTPS connections.
  • Set up AWS WAF for firewall security.

• [x] Design the database schema:

  • Design a schema to efficiently store and manage user information and associated tokens.
  • Set up database system (Amazon RDS with PostgreSQL).

• [ ] Implement API endpoints:

  • /api/user/store for storing user data and generating tokens.
  • Method: POST
  • Headers: Content-Type: application/json, Authorization: Bearer <API_KEY>
  • Body: { "principal": "string", "userInfo": "encryptedString" }
  • Response: { "token": "userToken" }
  • /api/user/retrieve for retrieving user data based on a token.
  • Method: POST
  • Headers: Content-Type: application/json, Authorization: Bearer <API_KEY>
  • Body: { "token": "userToken" }
  • Response: { "userInfo": "retrievedInfo" }

• [ ] Implement app methods

• AddToken(User, Token): void

• RemoveRecord(TokenID): void

• GetUserByToken(TokenID): User

• checkForUser(userId) : bool

• [ ] Secure the API:

  • Set up rate limiting to protect against abuse and ensure service availability.

[cerotrade]

Simplified Technology Stack Setup for Web Application

• Backend: Implement Node.js for the runtime environment with Express.js framework for simplified backend logic and routing.
• Database: Use PostgreSQL for robust data storage, managed through AWS RDS for scalability and ease of management.
• ORM: Integrate Sequelize to facilitate object-relational mapping, simplifying interactions between the Node.js application and the PostgreSQL database.
• Cloud Hosting & Services: Deploy the application using AWS Elastic Beanstalk for easy scaling and management.
• Version Control: Manage code with Git, leveraging GitHub or GitLab repositories for collaborative development and version tracking.
• CI/CD: Automate deployment workflows using GitHub Actions or GitLab CI/CD, ensuring consistent builds and deployments.
• Security: Secure application communications with HTTPS.

[cerotrade]

https://internetcomputer.org/docs/current/motoko/main/base/Blob