55 lines
3.1 KiB
Markdown
55 lines
3.1 KiB
Markdown
# XIVPlan+DB Mod Edition
|
|
|
|
This is just XIVPlan with a very basic DB implementation to make sharing links to a plan much more accessible. This repo contains the modification to XIVPlan as a git `.patch` file, and the rest of the source in this repo is the server that acts as an interface between XIVPlan and the DB.
|
|
|
|
## Ideas around the mod
|
|
|
|
User enrollment will require a username and pin, but this pin will be stored in plaintext in the DB for simplicity as there is nothing in here that requires security. Users can optionally provide an email at enrollment to protect their account from accidental deletion.
|
|
|
|
The API SSR User page will be the primary way of managing your plans to limit modifications to XIVPlan.
|
|
|
|
Plans will not ever be truly deleted from an account, instead marked as deleted and hidden.
|
|
|
|
Every non-readonly action will require user PIN as everything is stateless.
|
|
|
|
Users and their plans can be permanently deleted, but if an email was provided at enrollment they will need to confirm the delete first.
|
|
|
|
## DB Implementation
|
|
|
|
### User Table Columns
|
|
|
|
- id (PK) [string]
|
|
- name [string]
|
|
- pin [string]
|
|
- email [string]
|
|
- delete-confirmation-code [string]
|
|
|
|
### Plan Table Columns
|
|
|
|
- id (PK) [string]
|
|
- ownerId (FK to user.id) [string]
|
|
- name [string]
|
|
- folder [string]
|
|
- data [string]
|
|
- deleted [boolean]
|
|
|
|
## API Implementation
|
|
|
|
The API will be a combination API and basic SSR.
|
|
|
|
### Routes
|
|
|
|
- /api - SSR Page: shows login form
|
|
- /api/[userId] - SSR Page: provides import plan button to upload an existing xivplan url to the db, shows all user's plans (have section for deleted plans), each plan should have the following buttons: [Open], [Share], [Rename*] [Delete*] Buttons with an \* will prompt for PIN to confirm.
|
|
- /api/[userId]/list - API Page: **GET** returns non-deleted plans, specifically the name, id, and folder of each plan as a JSON array of objects
|
|
- /api/[userId]/export - API Page: **GET** returns zip of .xivplan files
|
|
- /api/[userId]/read/[planId] - API Page: **GET** returns name and data as JSON object
|
|
- /api/[userId]/create - API Page: **POST** to save new plan to DB, requires name, **PIN**, and data (optionally folder), api will generate a nanoid for the PK
|
|
- /api/[userId]/update/[planId] - API Page: **PUT** to overwrite plan while keeping same name and id, requires **PIN** and data
|
|
- /api/[userId]/undelete/[planId] - API Page: **PUT** to unmark plan as deleted, requires **PIN**
|
|
- /api/[userId]/delete/[planId] - API Page: **DELETE** to mark plan as deleted, requires **PIN**
|
|
- /api/auth - API Page: **POST** to check if you are who you say you are, requires username and **PIN**, returns userId and boolean of if email was set
|
|
- /api/enroll - API Page: **POST** to create new user, requires username and **PIN** (optionally email), returns userId
|
|
- /api/unenroll - API Page: **DELETE** to get rid of user and all of their plans, requires username and **PIN** (and deletion-confirmation-code if email present)
|
|
- If email present on user and delete-confirmation-code not present, send delete-confirmation-code to user and have them redo form
|