Skip to content

codeday/showcase-gql

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

89 Commits

.circleci

.circleci

 
 

prisma

prisma

 
 

src

src

 
 

.dockerignore

.dockerignore

 
 

.eslintignore

.eslintignore

 
 

.eslintrc.js

.eslintrc.js

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

fly.toml

fly.toml

 
 

package.json

package.json

 
 

tsconfig.json

tsconfig.json

 
 

yarn-error.log

yarn-error.log

 
 

yarn.lock

yarn.lock

 
 

Repository files navigation

Showcase GQL

A GraphQL API for creating and exploring CodeDay projects/teams.

Security

Showcase makes use of JSON Web Tokens (JWT) to provide stateless authentication. To authenticate with the API, set the Authorization or X-Showcase-Authorization header to a Bearer JWT token. (e.g. X-Showcase-Authorization: Bearer {token})

The token should meet the following requirements:

  • alg: HS256, HS384, HS512
  • key: The value of the JWT_SECRET environment variable (ask the ops team)
  • aud: The value of the JWT_AUDIENCE environment variable (default showcase)

The payload may contain the following:

  • a ("admin", required): If true, the user can edit, feature, and award all projects in the specified e.
  • u ("username", optional): For newly created projects, and allows editing all the user's projects.
  • e ("eventId", optional): For newly created projects (if null, cannot create any); admin event scope if a.
  • g ("eventGroupId", optional): For newly created projects (if null cannot create any), only used for discovery.
  • r ("regionId", optional): For newly created projects, only used for discovery.
  • p ("programId", optional): For newly created projects, only used for discovery.
  • j ("judgingPoolId", optional): A judging pool ID to judge projects in.
  • jvr ("judgingViewResults", optional): Allows judges to view results in their pool.
  • jum ("judgingViewMedia", optional): Allows judges to upload judges' media to projects in their pool.

Example Payloads

A token allowing an end-user to create projects in the specified event:

{
  "a": false,
  "u": "johnpeter",
  "p": "codeday",
  "r": "seattle",
  "g": "winter-2020",
  "e": "codeday-seattle-winter-2020"
}

A token allowing an end-user to create projects, with required information only. (Note that the un-populated information will not be inferred -- that is, even if other events were created with the same e, but with p/r/g set, this project will still have all other fields set to null. Put another way: make sure to populate all the information applicable to the event.)

{
  "a": false,
  "u": "johnpeter",
  "p": "virtual",
  "e": "virtual-codeday-spring-2020"
}

A token allowing an end-user to edit their existing projects only, and not create new ones:

{
  "a": false,
  "u": "johnpeter"
}

An admin token allowing editing all events in a region, giving awards, etc:

{
  "a": true,
  "e": "codeday-seattle-spring-2020"
}

About

Tracking projects created at CodeDay

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages