GET /users/login should accept an email and password and, if they match, return user id, name, email, and token (generating Users.token if it is null)
API endpoints that add or edit records should require a userToken parameter
Suggestion for student development team:
Have login page send a request to /users/login and store the token that's returned
Include userToken in any requests that require it
Have the application's logout function simply forget the user information without sending any requests (since the Muncie Events server won't have an actual user session to terminate)
Strategy
GET /users/login
should accept an email and password and, if they match, return user id, name, email, and token (generatingUsers.token
if it is null)userToken
parameterSuggestion for student development team:
/users/login
and store the token that's returneduserToken
in any requests that require it