Update October 14, 2020: Both the server and the client app are now retired. Feel free to use the sources if you want to deploy your own server-client configuration of this project.

Node.js API based on the one presented in https://www.udemy.com/api-development.

Building on that base, the following features have been added:

• Image support for foodtrucks and user accounts
• Auto generation of thumbnails
• Better error handling
• Rating support for reviews
• Queries for foodtrucks return average rating and rating count, based on the associated reviews
• Ownership for submitted foodtruck and review entities (Only the original authors can edit or remove them)
• Support for multiple foodtypes per foodtruck
• Other improvements

Base URL: https://releasetracker.app/foodtruck-api/v1/

For requests marked as 🔒, you need to have the Authorization header set with the value built as Bearer {token}, where {token} is the token received with the login call.

For all POST / PUT requests that have a json body provided, you need to set the application/json value for the Content-Type header.

For all POST requests that involve uploading images, you need to set the multipart/form-data value for the Content-Type header.

In the documentation, certain attributes displayed with a colon in the begining (e.g. :id) need to be replaced with a corresponding value when you are making the call.

POST account/register

Request Body Parameters:

• username - String (required)
• password - String (required)

Example Request Body:

{
	"username": "Tommy Vercetti",
	"password": "let's go"
}

Example Response Body 201 CREATED:

{
	"message": "New account created successfully"
}

Specific restrictions:

• Max username length: 50 characters
• Usernames must be unique (otherwise, 409 CONFLICT will be returned)
• Usernames are considered unique on a case insensitive basis (e.g. if Tommy Vercetti is registered, trying to register tommy vercetti will result in a conflict error)
• Note: spaces are allowed in usernames

POST account/login

Request Body Parameters:

• username - String (required)
• password - String (required)

Example Request Body:

{
	"username": "Tommy Vercetti",
	"password": "let's go"
}

Example Response Body 200 OK:

{
	"user": "Tommy Vercetti",
	"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVjYmY3MWJlYThkMGQ4NDNhMDg5NzlmOCIsImlhdCI6MTU1NjA1MDY5NiwiZXhwIjoxNTU4NjQyNjk2fQ.5DzDWCOT0ufiI4Yam05_RNwg-pBQCM7BnApi1A9ws7E"
}

In case the username or password are not valid, 401 UNAUTHORIZED response will be returned.

POST account/logout

Example Response Body 200 OK:

{
	"message": "Logged out successfully"
}

GET account/me

Example Response Body 200 OK:

{
	"_id": "5cbf71bea8d0d843a08979f8",
	"username": "Tommy Vercetti",
	"joined": "2019-04-23T20:12:46.586Z",
	"lastUpdate": "2019-04-23T20:12:46.586Z"
}

GET account/get/:id

Request URL parameters:

• id (required) - Account id

Example Response Body 200 OK:

{
	"_id": "5cbf71bea8d0d843a08979f8",
	"username": "Tommy Vercetti",
	"joined": "2019-04-23T20:12:46.586Z",
	"lastUpdate": "2019-04-23T20:12:46.586Z"
}

GET account/availability/:username

Request URL parameters:

• username - Account username

Response codes:

• 200 OK - Username is available for registration
• 409 CONFLICT - Username is unavailable for registration

POST account/image

Request Body Parameters:

• image - File (required) - Image file

Specific restrictions:

• Max file size is 6MB
• Accepted MIME types: image/jpeg, image/png, image/*

Accessing profile images

In your client app, you need to build the image url as follows:

• Full size version: https://releasetracker.app/foodtruck-api-static/profile_images/:image
• Mid size version (max res: 500x500): https://releasetracker.app/foodtruck-api-static/profile_images/500/:image
• Thumbnail (max res: 150x150): https://releasetracker.app/foodtruck-api-static/profile_images/thumbnails/:image

...where :image is the image field from the account object

DELETE account/image

POST foodtrucks/add

Request Body Parameters:

• name - String (required)
• foodtypes - [String] (required)
• coordinates - Object (required)
  • lat - Number (required)
  • long - Number (required)

Example Request Body:

{
	"name": "Mr Whoopee",
	"foodtypes": [
		"Ice Cream"
	],
	"coordinates": {
		"lat": 25.789603494529825,
		"long": -80.18718123435976
	}
}

Example Response Body 201 CREATED:

{
	"_id": "5cbf6cfea8d0d843a08979f7"
}

Specific restrictions:

• name max length: 100 characters
• foodtypes:
  • min array size: 1
  • max array size: 10
  • min item length: 1
  • max item length: 50

GET foodtrucks/get

Example Response Body 200 OK:

[
    {
        "_id": "5cbf6cfea8d0d843a08979f7",
        "name": "Mr Whoopee",
        "foodtypes": [
		"Ice Cream"
	],
        "coordinates": {
            "lat": 25.789603494529825,
            "long": -80.18718123435976
        },
        "image": "foodtruck-image-5cbf6cfea8d0d843a08979f7.jpg",
        "owner": {
            "_id": "5cbf6c56a8d0d843a08979f5",
            "username": "Tommy Vercetti",
            "joined": "2019-04-23T19:49:42.375Z",
	    "lastUpdate": "2019-04-23T19:49:42.375Z"
        },
        "created": "2019-04-23T19:52:30.072Z",
        "lastUpdate": "2019-04-23T19:52:30.072Z",
        "avgRating": 5,
        "ratingCount": 1
    }
]

GET foodtrucks/get/owned_by/:owner_id

Request URL Parameters:

• owner_id (required) - Account id

Example Response Body 200 OK:

[
    {
        "_id": "5cbf6cfea8d0d843a08979f7",
        "name": "Mr Whoopee",
        "foodtypes": [
		"Ice Cream"
	],
        "coordinates": {
            "lat": 25.789603494529825,
            "long": -80.18718123435976
        },
        "image": "foodtruck-image-5cbf6cfea8d0d843a08979f7.jpg",
        "owner": {
            "_id": "5cbf6c56a8d0d843a08979f5",
            "username": "Tommy Vercetti",
            "joined": "2019-04-23T19:49:42.375Z",
	    "lastUpdate": "2019-04-23T19:49:42.375Z"
        },
        "created": "2019-04-23T19:52:30.072Z",
        "lastUpdate": "2019-04-23T19:52:30.072Z",
        "avgRating": 5,
        "ratingCount": 1
    }
]

GET foodtrucks/get/:id

Request URL Parameters:

• id (required) - Foodtruck id

Example Response Body 200 OK:

{
    "_id": "5cbf6cfea8d0d843a08979f7",
    "name": "Mr Whoopee",
    "foodtypes": [
		"Ice Cream"
	],
    "coordinates": {
        "lat": 25.789603494529825,
        "long": -80.18718123435976
    },
    "image": "foodtruck-image-5cbf6cfea8d0d843a08979f7.jpg",
    "owner": {
        "_id": "5cbf6c56a8d0d843a08979f5",
        "username": "TestUser",
        "joined": "2019-04-23T19:49:42.375Z",
	"lastUpdate": "2019-04-23T19:49:42.375Z"
    },
    "created": "2019-04-23T19:52:30.072Z",
    "lastUpdate": "2019-04-23T19:52:30.072Z",
    "avgRating": 5,
    "ratingCount": 1
}

PUT foodtrucks/update/:id

Request URL Parameters:

• id (required) - Foodtruck id

Request Body Parameters:

• Parameters from section 2.1 apply

Example Request Body:

{
	"name": "Mr Whoopee",
	"foodtypes": [
		"Ice Cream",
		"Vanilla Ice Cream"
	],
	"coordinates": {
            "lat": 25.789603494529825,
            "long": -80.18718123435976
        }
}

Example Response Body 200 OK:

{
    "message": "Foodtruck info updated"
}

Example Response Body 403 FORBIDDEN:

{
    "message": "You must be the owner of this foodtruck in order to edit its details"
}

Specific restrictions:

• Restrictions from section 2.1 apply
• You must be authenticated as the owner of the foodtruck in order to edit it. Otherwise, 403 FORBIDDEN will be returned.

DELETE foodtrucks/delete/:id

Request URL Parameters:

• id (required) - Foodtruck id

Example Response Body 200 OK:

{
    "message": "Foodtruck successfully removed"
}

Specific restrictions:

• You must be authenticated as the owner of the foodtruck in order to remove it. Otherwise, 403 FORBIDDEN will be returned.

POST foodtrucks/image/:id

Request Body Parameters:

• image - File (required) - Image file

Specific restrictions:

• Max file size is 6MB
• Accepted MIME types: image/jpeg, image/png
• You must be authenticated as the owner of the foodtruck in order to upload an image for it. Otherwise, 403 FORBIDDEN will be returned.

Accessing foodtruck images

In your client app, you need to build the image url as follows:

• Full size version: https://releasetracker.app/foodtruck-api-static/foodtruck_images/:image
• Mid size version (max res: 500x500): https://releasetracker.app/foodtruck-api-static/foodtruck_images/500/:image
• Thumbnail (max res: 150x150): https://releasetracker.app/foodtruck-api-static/foodtruck_images/thumbnails/:image

...where :image is the image field from sections 2.2 / 2.3 / 2.4

DELETE foodtrucks/image/:id

Specific restrictions:

• You must be authenticated as the owner of the foodtruck in order to remove its image. Otherwise, 403 FORBIDDEN will be returned.

POST foodtrucks/reviews/add/:foodtruck_id

Request URL Parameters:

• foodtruck_id (required) - Foodtruck id

Request Body Parameters:

• title - String (required)
• text - String (required)
• rating - Number (required)

Example Request Body:

{
	"title": "Best ice cream in town",
	"text": "Even the VCPD wants to get some :D",
	"rating": 5
}

Example Response Body 201 CREATED:

{
    "message": "Review added successfully"
}

Example Response Body 403 FORBIDDEN

{
    "message": "You already have a review submitted, please edit or remove it instead"
}

Specific restrictions:

• title max length: 100 characters
• text max length: 1000 characters
• rating Number in the 1-5 range
• You can't add a review for your own foodtrucks, otherwise 403 FORBIDDEN will be returned
• You can't add more than one review per foodtruck, otherwise 403 FORBIDDEN will be returned

GET foodtrucks/reviews/get/:foodtruck_id

Request URL Parameters:

• foodtruck_id (required) - Foodtruck id

Example Response Body 200 OK:

[
    {
        "_id": "5cc03f80f6805c03c8996e31",
        "created": "2019-04-24T10:50:40.920Z",
        "lastUpdate": "2019-04-24T10:50:40.920Z",
        "title": "Best ice cream in town",
        "text": "Even the VCPD wants to get some :D",
        "rating": 5,
        "foodtruck": "5cbf6cfea8d0d843a08979f7",
        "author": {
            "_id": "5cbf71bea8d0d843a08979f9",
            "username": "Lance Vance",
            "joined": "2019-04-23T20:12:46.586Z",
	    "lastUpdate": "2019-04-23T20:12:46.586Z"
        }
    }
]

GET foodtrucks/reviews/get/my/:foodtruck_id

Request URL Parameters:

• foodtruck_id (required) - Foodtruck id

Example Response Body 200 OK:

{
    "_id": "5cc03f80f6805c03c8996e31",
    "created": "2019-04-24T10:50:40.920Z",
    "lastUpdate": "2019-04-24T10:50:40.920Z",
    "title": "Best ice cream in town",
    "text": "Even the VCPD wants to get some :D",
    "rating": 5,
    "foodtruck": "5cbf6cfea8d0d843a08979f7",
    "author": {
        "_id": "5cbf71bea8d0d843a08979f9",
        "username": "Lance Vance",
        "joined": "2019-04-23T20:12:46.586Z",
	"lastUpdate": "2019-04-23T20:12:46.586Z"
    }
}

Example Response Body 404 NOT FOUND:

{
    "message": "No review was added from your account for this foodtruck"
}

PUT foodtrucks/reviews/update/:id

Request URL Parameters:

• id (required) - Review id

Request Body Parameters:

• title - String (required)
• text - String (optional)
• rating - Number (required)

Example Request Body:

{
	"title": "Oh, well",
	"text": "It's not as good as it's hyped up to be. I think the owner is hiding something shady.",
	"rating": 2
}

Example Response Body 200 OK:

{
    "message": "Review updated"
}

Specific restrictions:

• Parameter restrictions from section 3.1 apply
• You must be authenticated as the author of the review in order to edit it. Otherwise, 403 FORBIDDEN will be returned.

DELETE foodtrucks/reviews/delete/:id

Request URL Parameters:

• id (required) - Review id

Specfic restrictions:

• You must be authenticated as the author of the review in order to remove it. Otherwise, 403 FORBIDDEN will be returned.

Apache License 2.0, see the LICENSE file for details.