What is this project for?

This project which applies MVC/DDD/Hexagonal structure is using Express, MongoDB and Mongoose as ORM. The project has an implementation of an authentication system that uses JSON Web Token to manage admin' login data in Node.js web server and user management by admin.

Architecture Overview 1.1 Data Layer 1.2 Domain Layer 1.3 Routs/Controller Layer
Security Concern 2.1 JWT signing and verification 2.2 Password Hashing 2.3 Username and Email Encryption
Quick Start 3.1 Prerequisites 3.2 Use Docker 3.3 Use the npm scripts
Endpoints 4.1 Admin Routes 4.2 User Routs
Swagger Docs
Pakages and Tools

Architecture Overview

The app is designed to use a layered architecture. The architecture is heavily influenced by the Clean Architecture.Clean Architecture is an architecture where:

does not depend on the existence of some framework, database, external agency.
does not depend on UI
the business rules can be tested without the UI, database, web server, or any external element.

Also, in entry point(server.js), I use Dependency Injection(DI). There are many reasons using Dependency Injection as:

Decoupling
Easier unit testing
Faster development
Dependency injection is really helpful when it comes to testing. You can easily mock your modules' dependencies using this pattern.

According to DI: A. High-level modules should not depend on low-level modules. Both should depend on abstractions. B. Abstractions should not depend on details.

The code style being used is based on the airbnb js style guide.

Data Layer

The data layer is implemented using repositories, that hide the underlying data sources (database, network, cache, etc), and provides an abstraction over them so other parts of the application that make use of the repositories, don't care about the origin of the data and are decoupled from the specific implementations used, like the Mongoose ORM that is used by this app. Furthermore, the repositories are responsible to map the entities they fetch from the data sources to the models used in the applications. This is important to enable the decoupling.

Domain Layer

The domain layer is implemented using services. They depend on the repositories to get the app models and apply the business rules on them. They are not coupled to a specific database implementation and can be reused if we add more data sources to the app or even if we change the database for example from MongoDB to Couchbase Server.

Routes/Controller Layer

This layer is being used in the express app and depends on the domain layer (services). Here we define the routes that can be called from outside. The services are always used as the last middleware on the routes and we must not rely on res.locals from express to get data from previous middlewares. That means that the middlewares registered before should not alter data being passed to the domain layer. They are only allowed to act upon the data without modification, like for example validating the data and skipping calling next().

Entry point

The entry point for the applications is the server.js file. It does not depend on express.js or other node.js frameworks. It is responsible for instantiating the application layers, connecting to the db and mounting the http server to the specified port.

Security Concern

JWT signing and verification

As a default, JWT uses HMAC-SHA256 algorithm for signing and verifying. While SHA256 is one of the most popular one, it has security concerns so that it is hardly recommended for a top security application. In this project, RS512 is used for signing and verifying JWT.

Quick guide

Generate a keypair (private key and public key) and save it as private.key and public.key.

private.pem

public.key

Copy these two file to src/configuration directory.

Password Hashing

One of the most secure algorithm bcrypt was used for password hashing.

Username and Email Encryption

Before saving these data to database, these are encrypted using AES-256 so that we can ensure the privacy of data.

Quick start

Prerequisites

Create an .env file in project root to register the following required environment variables:

DATABASE_URL - MongoDB connection URL
HTTP_PORT - port of server
JWT_SECRET - we will use secret to generate our JSON web tokens

Use Docker:

You can use Docker to start the app locally. The Dockerfile and the docker-compose.yml are already provided for you. You have to run the following command:

docker-compose up

Use the npm scripts:

npm run start

for running project.

npm run build

for building project.

npm run test

for running tests.

Endpoints

Admin Routes

Register

POST /admin/register

Body Params:

{ 
  fullname,
  email,
  password
}

Description: creates a new admin. Password is stored in bcrypt format.

Login

POST /admin/login

Body Params:

{ 
  email,
  password
}

Description: logs in to the server. Server will return a JWT token:

{
    "status": "success",
    "data": {
        "token": {
          access_token: "eyJhbGciOiJIUzxxxxxxx.eyJlbWFpbCI6ImRpbW9zdGhlbxxxxxxxxxxxxx.axxxxxxxxxx",
          expiresIn: 86400,
        },
    }
}

Get info

GET /admin/info

{
    "status": "success",
    "data": {
          "username": "admin",
          "email": "super.admin@gmail.com",
          "created": "2022-10-30T22:55:23.507Z"
    }
}

Description: logs in to the server. Server will return a JWT token:

{
    "status": "success",
    "data": {
        "token": {
          access_token: "eyJhbGciOiJIUzxxxxxxx.eyJlbWFpbCI6ImRpbW9zdGhlbxxxxxxxxxxxxx.axxxxxxxxxx",
          expiresIn: 86400,
        },
    }
}

Update

PUT /admin/update

Body Params:

{ 
  fullname,
  email,
  password
}

Description: Update admin info:

{
    "status": "success",
    "data": {
          "id": "635f00db957b63a0db223a67",
          "username": "group.user9",
          "email": "grop.user9@gmail.com",
          "created": "2022-10-30T22:55:23.507Z"
    }
}

Delete

DELETE /admin/

Description: Delete admin :

User Routes

In order to be able to retrieve posts list, user should send a Bearer token using Authorization header, otherwise server will answer with 401.

Create user

POST /users/

Body Params:

{ 
  fullname {String},
  email {String},
  password {String}
}

Description: Create user with Admin's credential.

Get specific user

GET /users/:userId

Response is

    {
      "data": {
          "id": "635f00db957b63a0db223a67",
          "username": "group.user9",
          "email": "grop.user9@gmail.com",
          "created": "2022-10-30T22:55:23.507Z"
      }
    }

Description: Gets specific user.

Get all users

GET /users/all

Description: Gets all users.

Response is

    {
      "data": [
          {
            "id": "635f00db957b63a0db223a67",
            "username": "group.user9",
            "email": "grop.user9@gmail.com",
            "created": "2022-10-30T22:55:23.507Z"
          },
      ]
    }

Update a user

PUT /users/:userId

Body Params:

{ 
  fullname {String},
  email {String},
  password {String}
}

Description: Updatae a specific user with Admin's credential.

Delete a user

Delete /users/:userId

Description: Updatae a specific user with Admin's credential.

Swagger Docs

Please visit http://localhost:8080/docs for more details about endpoints.

branchdev98 / node-test-code

What is this project for?

Contents

Architecture Overview

Data Layer

Domain Layer

Routes/Controller Layer

Entry point

Security Concern

JWT signing and verification

Quick guide

Password Hashing

Username and Email Encryption

Quick start

Prerequisites

Use Docker:

Use the npm scripts:

Endpoints

Admin Routes

Register

Login

Get info

Update

Delete

User Routes

Create user

Get specific user

Get all users

Update a user

Delete a user

Swagger Docs

Packages and Tools

About

Languages