Project developed as a challenge for a job interview. Read the section About the Project for complete information.
This is the BACK-END.
FRONT-END at https://github.com/MarioDoncel/Teste-Cintra-React
Table of Contents
Application developed for an interview test.
The main requirements was to consume the API, show the movies in a list of cards with pagination, a image slider, filter then by categories, show the data of the movies individually on a page. For tecnologies was asked to use ReactJS,Styled-Components, Redux SAGA (i used Redux-Toolkit for production, but there is a SAGA implementation on branch redux-saga), Axios, React Router.
I accomplished the challenge early and went further than the requirements asked, creating some other features and an API for users register/login/logout and validation with JWT and Refresh Token strategie seted in cookies httpOnly. Also i used Typescript for Front and Back, at Backend i used NodeJs (Express) connected to Mongo DB Atlas Database. In Database there are a collection user and whitelist (stores the valid refresh tokens to allow more control on users permissions, whith it i can revogate the access easily).
At the end i added a cron-job to delete all expirated refresh tokens from database at 02:00AM everyday.
Time of development: 7 days
- Typescript
- ReactJS
- Styled Components
- React Router
- React Icons
- Redux-SAGA
- Redux-Toolkit
- ContextAPI
- SwiperJS
- Axios
- JWT
Project developed for a job interview.
Finished.
- npm
npm install npm@latest -g
-
Clone the repo
git clone https://github.com/MarioDoncel/Teste-Cintra-Backend
-
Install NPM packages
npm install
-
Create a database at MongoDB Atlas and configure your environment variables
.envMONGO_CONNECTION=mongodb+srv://<username>:<password>@<cluster>.oczo8.mongodb.net/<database>?retryWrites=true&w=majority JWT_SECRET=yoursecret
-
Run the application
npm start
or
- Open it on the link bellow
BaseURL - http://localhost:5000
-
/validate -> Verify the JWT secret and expiration (1 hour of expiration), if its valid returns the JWT access token, if not valid or expired verify the refresh token expiration and if its valid at the Whitelist collection in Mongo Database, if it is valid create new tokens set them to the user browser and returns the new JWT access token, if not authen ticated returns an error
- Cookies (httpOnly):
AccessToken: JWT RefreshToken: { _id?:string; hash: string; userId: string; expiresIn:number; }
-
/login -> Make the basic authentication of the user and create and set the Access Token and the Refresh Token at cookies httpOnly.
- Basic authentication:
'Basic email:password'- Response:
return res.status(200).send(token) - token = JWT Token
-
/:id -> Receives the id and return the user information
- Params:
:id- Response:
{ "id": string; "username":string "email":string "password":string - encrypted }- i should remove the password from the response
-
/create -> Create and register an user at database
- Body:
{ "username":"string", "email": "string", "password": "string" }- Response:
return res.status(201).send(token) - token = JWT Token
-
/logout -> Update the whitelist of refresh tokens at Mongo database, removing the current refresh token and delete the tokens from the cookies of user browser - might should use DELETE for this route
- Cookies:
AccessToken RefreshToken- Response:
return res.status(200).send("success")
Distributed under the MIT License. See LICENSE.txt for more information.
Mario Andres Doncel Neto
Email - 88mario.doncel@gmail.com
Whatsapp - +55 19 99612 9909
Project Link: https://github.com/MarioDoncel/Teste-Cintra-Backend
Link In Production: Featured Movies
- Sergio Cintra JR
- DevFast