This project reimplements the functionality of the current standalone Matomat application in the form of a RESTful service. This service then can be consumed by any client.
maas-server contains the service server implementationmaas.yml contains the service API definition in OpenAPI 3.0 formatSee maas.yml.
Use a tool like Postman and import the API definition file. Another alternative would be to use Swagger Code Editor, import and then use the "Authorize/Execute/Test" functionality.
A client authenticates to the service by passing a username and password (as
well as a validity time in seconds) to the server. The server then returns
a JWT token that is valid for
the requested amount of seconds (or it this was not given, for the configured
server default). This JWT
token has to be passed using an Authorization header alongside any other
service request (Using the "Bearer token" concept).
This functionality has to be implemented by the client. The client would have to offer a enroll functionality during which the user enters her credentials. Then a very high token validity time is chosen by the client application (months?) and a login operation - resulting in a JWT token - is performed against the service. The received token is then stored on the RFID/NFC chip. For subsequent "logins" the client only needs to read the token from the RFID/NFC chip and use it to authenticate its calls to the service.
Currently there are only normal users and users with admin rights (admins). Certain API operations can only be executed by admins (E.g. create user, delete item, ...).