Let's do a complete set of tests for the RESTful server we created in the previous chapter, with all options enabled, including JWT—which, as you'll remember, we removed in order to simplify our code! Let's follow these steps:
Firstly, we may verify that the server is up and running; the / route had no token requirement. Remember that we are using 8443, and actual HTTPS: requests will be sent to that port:
> curl localhost:8443/
Ready
Now, if we try to access some region, we'll be refused, because of the lack of an authorizing JWT:
> curl localhost:8443/regions/uy/10
No token specified
- If the line starts with *, it's some information from curl itself
- If the line starts with >, it's a header sent with the request
- If the line starts with <, it's a received header
In the following listing, I highlighted the incoming data:
> curl localhost:8443/regions/uy/10 --verbose
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
> GET /regions/uy/10 HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.59.0
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< X-Powered-By: Express
< Access-Control-Allow-Origin: *
< Connection: close
< Content-Type: text/html; charset=utf-8
< Content-Length: 18
< ETag: W/"12-s2+Ia/H9PDrgc59/6Z0mcWLfxuw"
< Date: Sun, 03 Jun 2018 21:00:40 GMT
<
* Closing connection 0
No token specified
We can get a token by using the /gettoken route and providing user and password values. Let's store the received token in a file to simplify future tests:
> curl localhost:8443/gettoken -d "user=fkereki" -d "password=modernjsbook" -o token.txt
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 187 100 153 100 34 149k 34000 --:--:-- --:--:-- --:--:-- 182k
> cat token.txt
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiJma2VyZWtpIiwiaWF0IjoxNTI4MDU5Nzc0LCJleHAiOjE1MjgwNjMzNzR9.6tioV798HHqriOFkhUpf8xJc8wq5TY5g-jN-XhgwaTs
Now we can try a simple GET. We can either cut-and-paste the token in a header, or use some shell features, at least in Linux-based systems, and take advantage of the back tick option to include the token file's contents in the request:
> curl localhost:8443/regions/uy/10 -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiJma2VyZWtpIiwiaWF0IjoxNTI4MDU5Nzc0LCJleHAiOjE1MjgwNjMzNzR9.6tioV798HHqriOFkhUpf8xJc8wq5TY5g-jN-XhgwaTs"
[{"countryCode":"UY","regionCode":"10","regionName":"Montevideo"}]
> curl localhost:8443/regions/uy/10 -H "Authorization: Bearer `cat token.txt`"
[{"countryCode":"UY","regionCode":"10","regionName":"Montevideo"}]
All we've got left is to try out the other routes and methods. Let's change the name of Montevideo to MVD, which actually is the IATA code for its international airport; we'll do a PUT first (which should produce a 204 status code) and then a GET to verify the update:
> curl localhost:8443/regions/uy/10 -H "Authorization: Bearer `cat token.txt`" -X PUT -d "name=MVD" --verbose
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
> PUT /regions/uy/10 HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.59.0
> Accept: */*
> Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiJma2VyZWtpIiwiaWF0IjoxNTI4MDU5Nzc0LCJleHAiOjE1MjgwNjMzNzR9.6tioV798HHqriOFkhUpf8xJc8wq5TY5g-jN-XhgwaTs
> Content-Length: 8
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 8 out of 8 bytes
< HTTP/1.1 204 No Content
< X-Powered-By: Express
< Access-Control-Allow-Origin: *
< Connection: close
< Date: Sun, 03 Jun 2018 21:09:01 GMT
<
* Closing connection 0
> curl localhost:8443/regions/uy/10 -H "Authorization: Bearer `cat token.txt`"
[{"countryCode":"UY","regionCode":"10","regionName":"MVD"}]
In one experiment, I created a new region, numbered 20. Let's delete it and verify that it's gone with yet another GET. The first request should get a 204 status, and the second should get a 404, because the region will no longer exist:
> curl localhost:8443/regions/uy/20 -H "Authorization: Bearer `cat token.txt`" -X DELETE --verbose
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
> DELETE /regions/uy/20 HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.59.0
> Accept: */*
> Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiJma2VyZWtpIiwiaWF0IjoxNTI4MDU5Nzc0LCJleHAiOjE1MjgwNjMzNzR9.6tioV798HHqriOFkhUpf8xJc8wq5TY5g-jN-XhgwaTs
>
< HTTP/1.1 204 No Content
< X-Powered-By: Express
< Access-Control-Allow-Origin: *
< Connection: close
< Date: Sun, 03 Jun 2018 21:12:06 GMT
<
* Closing connection 0
> curl localhost:8443/regions/uy/20 -H "Authorization: Bearer `cat token.txt`" -X DELETE --verbose
.
. several lines snipped out
.
< HTTP/1.1 404 Not Found
.
. more snipped lines
.
Region not found
Finally, let's invent a new region to verify that POST also works; a 201 status should be returned, as well as the new ID (which would be 20, after we deleted the previous invented 20th Uruguayan region):
> curl localhost:8443/regions/uy -H "Authorization: Bearer `cat token.txt`" -X POST -d "name=Fictitious" --verbose
.
. lines snipped out
.
< HTTP/1.1 201 Created
< X-Powered-By: Express
< Access-Control-Allow-Origin: *
< Connection: close
< Location: /regions/uy/20
.
. snipped lines
.
Region created
> curl localhost:8443/regions/uy -H "Authorization: Bearer `cat token.txt`"
[{"countryCode":"UY","regionCode":"1","regionName":"Artigas"},{"countryCode":"UY","regionCode":"10","regionName":"MVD"},
.
. snipped out lines
.
{"countryCode":"uy","regionCode":"20","regionName":"Fictitious"},
.
. more snipped out lines
.
{"countryCode":"UY","regionCode":"9","regionName":"Maldonado"}]
So, by using curl and some console work, we can set out to test any kind of services. However, at some point, you may need to work with more complex sequences of service calls, and doing all this work by hand could become a chore. Indeed, by careful scripting you may simplify your job, but let's consider another tool, Postman, that's more apt for that kind of work.