A REST API Backend using
Node
-Express
-Mongoose
for the Tourino Project contains practical examples (CRUD, Authentication & Authorization, Error Handling, Security).
Live Demo : https://tourino.herokuapp.com/api/v1/
URL | HTTP Verb | POST Body | Authentication | Authorization | Result |
---|---|---|---|---|---|
/api/v1/tours | GET | Return all tours | |||
/api/v1/tours/:id | GET | Return single tour (based on id) | |||
/api/v1/tours/slug/:slug | GET | Return single tour (based on slug) | |||
/api/v1/tours | POST | JSON String | Yes | moderator, admin | Create new tour |
/api/v1/tours/:id | PATCH | JSON String | Yes | moderator, admin | Updates an existing tour |
/api/v1/tours/:id | DELETE | Yes | moderator, admin | Deletes an existing tour | |
- | |||||
/api/v1/tours/destinations | GET | Return all destinations and count | |||
/api/v1/tours/travelStyle | GET | Return all travel style and count |
URL | HTTP Verb | POST Body | Authentication | Authorization | Result |
---|---|---|---|---|---|
/api/v1/users/signup | POST | JSON String | Create a new user | ||
/api/v1/users/login | POST | JSON String | Create a new user | ||
/api/v1/users/forgotPassword | POST | JSON String | Create a new user | ||
/api/v1/users/resetPassword:token | POST | JSON String | Create a new user | ||
- | |||||
/api/v1/users/me | GET | Yes | Return a current user | ||
/api/v1/users/updateMyPassword | PATCH | JSON String | Yes | Updates password for a current user | |
/api/v1/users/updateMe | PATCH | JSON String | Yes | Updates a current user | |
/api/v1/users/deleteMe | DELETE | Yes | Deletes a current user | ||
- | |||||
/api/v1/users | GET | Yes | admin | Return all users | |
/api/v1/users/role | GET | Yes | admin | Return all Role's types and count | |
/api/v1/users/:id | GET | Yes | admin | Return a specific user | |
/api/v1/users/:id | PATCH | JSON String | Yes | admin | Update a specific user |
/api/v1/users/:id | DELETE | Yes | admin | Delete a specific user |
URL | HTTP Verb | POST Body | Authentication | Authorization | Result |
---|---|---|---|---|---|
/api/v1/tours/:tourId/reviews | GET | Return all reviews from a specific tour | |||
/api/v1/reviews | GET | Return all reviews | |||
/api/v1/reviews/:id | GET | Return a specific review | |||
/api/v1/reviews | POST | JSON String | Yes | user | Create new review |
/api/v1/reviews/:id | PATCH | JSON String | Yes | user(owner of review), admin | Updates a specific review |
/api/v1/reviews/:id | DELETE | Yes | user(owner of review), admin | Deletes a specific review |
- NodeJS
- Express
- MongoDB
- Mongoose
- dotenv
- Loads environment variables from .env file
- mongoose-id-validator
- validate that ObjectID references refer to objects that actually exist in the referenced collection
- mongoose-unique-validator
- adds pre-save validation for unique fields within a Mongoose schema.
- morgan
- HTTP request logger middleware for node.js
- nodemailer
- Easy as cake e-mail sending from your Node.js applications
- qs
- A querystring parser that supports nesting and arrays, with a depth limit
- slugify
- Slugifies a String
- validator
- String validation and sanitization
- BcryptJS
- Optimized bcrypt in plain JavaScript for NodeJS.
- jsonwebtoken
- JSON Web Token for node.js
- cors
- Node.js CORS middleware
- express-rate-limit
- Basic IP rate-limiting middleware for Express.
- Use to limit repeated requests to public APIs and/or endpoints such as password reset.
- express-mongo-sanitize
- Sanitize your express payload to prevent MongoDB operator injection.
- helmet
- secure the Express apps
- xss-clean
- sanitize user input coming from POST body, GET queries, and url params
- hpp
- protect against HTTP Parameter Pollution attacks
To keep the style of resources consistent, I decided to stick to some shared rules that have to be applied to every project using some editors plugins.
I have chosen to use
This works including specific .eslintrc.json
and .prettierrc
files in the root directory and making sure your editor has the necessary plugins.
I using REST client to test my API.
File test can be found in /dev-data/testApiRequest folder
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature
- Commit your changes:
git commit -am 'Add some feature'
- Push to the branch:
git push origin my-new-feature
- Submit a pull request
This is just a personal project created for study/demonstration purpose, it may or may not be a good fit for your project(s).
Please β this repository if you like it or this project helped you!
Feel free to open issues or submit pull-requests to help me improving my work.