GET /users/login should accept an email and password and, if they match, return user id, name, email, and token (generating Users.token if it is null)
API endpoints that add or edit records should require a userToken parameter
Suggestion for student development team:
Have login page send a request to /users/login and store the token that's returned
Include userToken in any requests that require it
Have the application's logout function simply forget the user information without sending any requests (since the Muncie Events server won't have an actual user session to terminate)
Strategy
GET /users/loginshould accept an email and password and, if they match, return user id, name, email, and token (generatingUsers.tokenif it is null)userTokenparameterSuggestion for student development team:
/users/loginand store the token that's returneduserTokenin any requests that require it