From 3d93817b855dcbe1c4d2573faa2901ae3db0f7d8 Mon Sep 17 00:00:00 2001
From: alex <alex@alexloehr.net>
Date: Fri, 28 Nov 2025 10:29:25 +0000
Subject: [PATCH] audit

---
 README.md |   65 +++++++++++++++++++++-----------
 1 files changed, 42 insertions(+), 23 deletions(-)

diff --git a/README.md b/README.md
index 5752c19..04737e4 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,12 @@
 (Theoretically it can also run on a different host but this is untested.)
 
 
+### ILIAS DB Access
+
+Globus-ILIAS-Rest needs access to the ILIAS DB.
+The DB credentials are defined in the settings file `settings.$NODE_ENV.json`.
+
+
 ### Software
 
 - node.js v22.x
@@ -63,7 +69,7 @@
     cd $ILIASBASEDIR
     chown -R www-data:www-data globus-ilias-rest
 
-The copied folder contains a file named `token`. This file contains an access token wich __must be kept secret__.
+The copied folder contains a file named `token`. This file contains an access token which __must be kept secret__.
 The file `token` is protected by a `.htaccess` rule which prevents the webserver from reading the file.
 
 __Make sure that this `.htaccess` Apache rule is active and prevents the file from beeing read by the webserver.__
@@ -77,7 +83,7 @@
 This way Globus-ILIAS-Rest can be accessed through the same URL as the ILIAS Installation (including https).
 
 __ATTENTION__
-The service __must__ run under https. Otherwise the AUTH-TOKEN used by Globus-ILIAS-Rest is not secure.
+The service __must__ run under https. Otherwise, the AUTH-TOKEN used by Globus-ILIAS-Rest is not secure.
 (as of now this is given for both ILIAS installations)
 
 ##### Enable mod_proxy
@@ -105,8 +111,7 @@
 
 ## Setup
 
-
-### Env und Settings
+### Env
 
 Set `NODE_ENV` env var.
 E.g. in `.bashrc`.
@@ -119,14 +124,13 @@
 
     NODE_ENV=prod
 
-
 __NODE_ENV must be set before starting the application!__
 
 
 
 ### Install files
 
-Install the files using git.
+Install Globus-ILIAS-Rest using git.
 
     git clone https://$USER@gitblit.minervis.com/r/globus/globus-ilias-rest.git
     cd globus-ilias-rest
@@ -147,13 +151,17 @@
 
 ### Run a self test
 
-Globus-ILIAS-Rest has a build-in testing tool to check if everything works correctly.
+Globus-ILIAS-Rest has a build-in testing tool to check if everything works correctly and all components are accessible.
 
 Inside Globus-ILIAS-Rest dir run:
 
     npm run test-connect
 
 All tests must succeed without errors.
+
+
+__Note__
+The tests for "the rest service" can only succeed when the rest service is running (see below).
 
 
 
@@ -191,35 +199,46 @@
 For accessing the service a auth-token is required.
 This token is defined in the config file `settings.$NODE_ENV.json`.
 
-Dann kann der Service angesprochen werden (test mit curl):
+Access REST API using curl:
 
-    curl localhost:4101/users?token=AUTHTOKEN
+    curl localhost:4101/api/user?token=AUTHTOKEN
 
-Die Antwort prettyfeien:
+Prettify the response:
 
-    curl localhost:4101/users?token=AUTHTOKEN | jq .
+    curl localhost:4101/api/user?token=AUTHTOKEN | jq .
 
 
-### globusfm-dev2
 
-Kann zugegriffen werden über
 
-    https://globusfm-dev2.minervis.com/popcorn/users?token=$TOKEN
+## Manual testing
 
+Some example URLs for manual testing.
+
+### Test for globusfm-dev2
+
+Can be accessed by 
+
+    curl https://globusfm-dev2.minervis.com/popcorn/api/user?token=$TOKEN
+    curl https://globusfm-dev2.minervis.com/popcorn/api/user/userid/573?token=$TOKEN
 
 #### Testing PHP Component
 
-Folgende URL sollte dann funktionieren für die PHP Komponente:
-https://globusfm-dev2.minervis.com/globus-ilias-rest/login.php?token=$PHPTOKEN&command=getUser&usr_id=573
-
-Die API dann über:
-https://globusfm-dev2.minervis.com/popcorn/api/user/userid/573?token=$TOKEN
-
-__Achtung__ die Tokens sind unterschiedlich!
+    curl https://globusfm-dev2.minervis.com/globus-ilias-rest/login.php?token=$ILIASTOKEN&command=getUser&usr_id=573
 
 
-### Testing Apache
 
-    https://globusfm-dev2.minervis.com/popcorn/users?token=AUTHTOKEN
 
+## Other
+
+### Logs
+
+To prevent logs from growing too big the file `$INSTALLDIR/log.log` should be included into a logrotation job.
+
+Furthermore `pm2` also does some logging.
+`pm2` logs can be cleared by running
+
+    pm2 flush
+
+Alternatively `pm2` logging also can be turned off (not advised).
+To do this add the param `--disable-logs` when running Globus-ILIAS-Rest through `pm2`.
 

--
Gitblit v1.8.0