An API with authentication and permissions. Users can register/login and on role based can perform different CRUD operations over users, events and tickets. Built with Express, Mongoose and JWT.
Additional description about the project and its features.
- JAVASCRIPT
- NPM
- EXPRESS
- MONGOOSE
- PASSPORT
- JWT
- NODE
- ESLINT
- GITHUB ACTIONS
- VSCODE
To have this app on your pc, you need to:
-
download or clone this repo:
- Clone with SSH:
git@github.com:javitocor/Events-API-Express.git
- Clone with HTTPS
https://github.com/javitocor/Events-API-Express.git
-
Requirements:
- Nodejs and npm
[Download Nodejs](https://nodejs.org/en/download/) and follow the instructions, npm is included in the package
-
In the project directory, you can run:
-
$ npm install
- installs all the dependencies required by the project -
$ npm run devstart
- runs the app in the development mode:- The API will run in http://localhost:3000
- You can use Postman, cURL or any other tool of your choice to perform the API calls.
-
-
Basic information
- This project is set up using Express js and Mongoose js, the authentication is based on Passport and JWT strategies. All the permissions to the different routes are set up in 'permissions.js' inside permissionsMiddleware folder.
-
Role based The API is based on 4 different roles:
Basic ADMIN_BASIC ADMIN_MANAGER SUPERADMIN
-
Endpoints You can access the following endpoints depending on your user's role, by default a new user is assigned a 'Basic' role
Register post http://localhost:3000/signup (EVERYONE) Login post http://localhost:3000/login (Basic, ADMIN_BASIC, ADMIN_MANAGER, SUPERADMIN) Logout get http://localhost:3000/logout (Basic, ADMIN_BASIC, ADMIN_MANAGER, SUPERADMIN) Get all users get http://localhost:3000/users (ADMIN_BASIC, ADMIN_MANAGER, SUPERADMIN) Get user detail get http://localhost:3000/users/:id (ADMIN_MANAGER, SUPERADMIN) Update user put http://localhost:3000/users/:id (SUPERADMIN) Delete user delete http://localhost:3000/users/:id (SUPERADMIN) Get all ongoing events get http://localhost:3000/events/ (Basic, ADMIN_BASIC, ADMIN_MANAGER, SUPERADMIN) Get all events get http://localhost:3000/events/all (SUPERADMIN) Get event detail get http://localhost:3000/events/:id (Basic, ADMIN_BASIC, ADMIN_MANAGER, SUPERADMIN) Create events post http://localhost:3000/events/ (ADMIN_BASIC, ADMIN_MANAGER, SUPERADMIN) Update events put http://localhost:3000/events/:id (SUPERADMIN) Delete events delete http://localhost:3000/events/:id (SUPERADMIN) Get tickets for an specific event get http://localhost:3000/events/:id/tickets (ADMIN_BASIC, ADMIN_MANAGER, SUPERADMIN) Create tickets for an specific event post http://localhost:3000/events/:id/tickets (ADMIN_MANAGER, SUPERADMIN) Update tickets for an specific event put http://localhost:3000/events/:id/tickets/:id (ADMIN_BASIC, ADMIN_MANAGER, SUPERADMIN) Delete tickets for a specific event delete http://localhost:3000/events/:id/tickets/:id (SUPERADMIN)
-
Bearer token authentication
- Once a user has signed up, can make a post request to the login endpoint, the response will be a bearer token that user will have to add to the headers in any other request to the API to access the protected routes.
-
Seeding You can seed the database with the following command:
node ./seeder/seed.js
In case the db is empty, with this command you will get the 4 basic roles with its user to start performing operations.
users: 'Basic', 'ADMIN_BASIC', 'ADMIN_MANAGER', 'SUPERADMIN' password: 'password' for all of them
-
Database
- You can change the MongoDb database by changing the MONGODB_URI field in ./.env file.
-
Auth
- You can modify the different auth strategies by modifying the file 'auth.js' in the 'auth' folder.
This project is no longer maintained, maybe in the future I might add some extra features or routes. Feel free to download it and adapt it to your own project, the project is easy to understand and it is a good starting point to develop larger backends. The models, routes and authentication are scalable and easily maintenable.
👤 Javier Oriol Correas Sanchez Cuesta
- Github: @javitocor
- Twitter: @JavierCorreas4
- Linkedin: Javier Oriol Correas Sanchez Cuesta
Contributions, issues and feature requests are welcome!
Feel free to check the issues page.
Give a ⭐️ if you like this project!
This project is MIT licensed.