Node.js DevCamper Backend API
Backend API for DevCamper application, which is a bootcamp directory website
Demo
The API is live at https://nodejs-devcamper.herokuapp.com/
Extensive documentation with examples using Postman here
Usage
Rename "config/config.env.env" to "config/config.env" and update the values/settings to your own
Install Dependencies
npm install
Run App
# Run in dev mode
npm run dev
# Run in prod mode
npm start
Database Seeder
To seed the database with users, bootcamps, courses and reviews with data from the "_data" folder, run
# Destroy all data
node seeder -d
# Import all data
node seeder -i
Specifications
Create the backend for a bootcamp directory website.
Bootcamps
- List all bootcamps in the database
- Pagination
- Sorting
- Select specific fields in result
- Limit number of results
- Filter by fields
- Search bootcamps by radius from zipcode
- Use a geocoder to get exact location and coords from a single address field
- Get single bootcamp
- Create new bootcamp
- Authenticated users only
- Must have the role "publisher" or "admin"
- Only one bootcamp per publisher (admins can create more)
- Field validation via Mongoose
- Upload a photo for bootcamp
- Owner only
- Photo will be uploaded to local filesystem
- Update bootcamps
- Owner only
- Validation on update
- Delete Bootcamp
- Owner only
- Calculate the average cost of all courses for a bootcamp
- Calculate the average rating from the reviews for a bootcamp
Courses
- List all courses for bootcamp
- List all courses in general
- Pagination, filtering, etc
- Get single course
- Create new course
- Authenticated users only
- Must have the role "publisher" or "admin"
- Only the owner or an admin can create a course for a bootcamp
- Publishers can create multiple courses
- Update course
- Owner only
- Delete course
- Owner only
Reviews
- List all reviews for a bootcamp
- List all reviews in general
- Pagination, filtering, etc
- Get a single review
- Create a review
- Authenticated users only
- Must have the role "user" or "admin" (no publishers)
- Update review
- Owner only
- Delete review
- Owner only
Users & Authentication
- Authentication will be ton using JWT/cookies
- JWT and cookie should expire in 30 days
- User registration
- Register as a "user" or "publisher"
- Once registered, a token will be sent along with a cookie (token = xxx)
- Passwords must be hashed
- User login
- User can login with email and password
- Plain text password will compare with stored hashed password
- Once logged in, a token will be sent along with a cookie (token = xxx)
- User logout
- Cookie will be sent to set token = none
- Get user
- Route to get the currently logged in user (via token)
- Password reset (lost password)
- User can request to reset password
- A hashed token will be emailed to the users registered email address
- A put request can be made to the generated url to reset password
- The token will expire after 10 minutes
- Update user info
- Authenticated user only
- Separate route to update password
- User CRUD
- Admin only
- Users can only be made admin by updating the database field manually
Security
- Encrypt passwords (bcrypt) and reset tokens
- Prevent NoSQL injections
- Add headers for security (helmet)
- Prevent cross site scripting - XSS
- Add a rate limit for requests of 100 requests per 10 minutes
- Protect against http param polution (hpp)
- Use cors to make API public
Documentation
- Use Postman to create documentation
- Use docgen to create HTML files from Postman
- Add html files as the / route for the api
Middlewares and configurations
- Config file for important constants
- Use controller methods with documented descriptions/routes
- Error handling middleware
- Authentication middleware for protecting routes and setting user roles
- Validation using Mongoose and no external libraries
- Use async/await middleware to keep controllers clean
- Create a database seeder to import and destroy data
Main technologies used
- Express - Web framework for Node.js
- Node.js - JavaScript runtime environment
- Typescript - Static type-checking along with ECMAScript features
Acknowledgments
- Brad Traversy for his tutorial and guidance
- Authors of the libraries used in this app
- Heroku as a platform for serving site
- Version: 1.0.0
- License: MIT
- Author: Wee Chien