|
1 | 1 | # Notes API |
2 | 2 |
|
3 | | -A RESTful API for managing personal notes with user authentication. Built with Node.js, Express, and MongoDB. |
| 3 | +A RESTful API for managing personal notes with user authentication, built using Express.js, MongoDB, and Passport.js. |
4 | 4 |
|
5 | 5 | ## Features |
6 | 6 |
|
7 | | -- User registration and authentication |
8 | | -- Create, read, update, and delete notes |
9 | | -- Search notes by title |
10 | | -- Filter notes by tags |
11 | | -- Pagination for note listings |
12 | | -- Archive and pin notes |
13 | | -- Secure routes with authentication middleware |
| 7 | +- **User Authentication**: Register, login, and logout functionality with session management |
| 8 | +- **Note Management**: Full CRUD operations for notes (Create, Read, Update, Delete) |
| 9 | +- **Search & Filtering**: Search notes by title, filter by tags |
| 10 | +- **Pagination**: Paginated results for better performance |
| 11 | +- **Security**: Helmet for security headers, XSS protection, input sanitization |
| 12 | +- **Validation**: Joi schema validation for input data |
| 13 | +- **Error Handling**: Comprehensive error handling with custom error classes |
| 14 | + |
| 15 | +## Tech Stack |
| 16 | + |
| 17 | +- **Backend**: Node.js, Express.js |
| 18 | +- **Database**: MongoDB with Mongoose ODM |
| 19 | +- **Authentication**: Passport.js with Local Strategy |
| 20 | +- **Validation**: Joi |
| 21 | +- **Security**: Helmet, XSS-clean, Express Mongo Sanitize |
| 22 | +- **Session Management**: Express Session |
14 | 23 |
|
15 | 24 | ## Installation |
16 | 25 |
|
17 | 26 | 1. Clone the repository: |
18 | | - ``` |
19 | | - git clone <repository-url> |
20 | | - cd notes-api |
21 | | - ``` |
| 27 | +```bash |
| 28 | +git clone <repository-url> |
| 29 | +cd notes-api |
| 30 | +``` |
22 | 31 |
|
23 | 32 | 2. Install dependencies: |
24 | | - ``` |
25 | | - npm install |
26 | | - ``` |
| 33 | +```bash |
| 34 | +npm install |
| 35 | +``` |
27 | 36 |
|
28 | 37 | 3. Set up environment variables: |
29 | | - Create a `.env` file in the root directory with the following: |
30 | | - ``` |
31 | | - SECRET=your-secret-key |
32 | | - PORT=3000 |
33 | | - ``` |
| 38 | +Create a `.env` file in the root directory with the following variables: |
| 39 | +```env |
| 40 | +PORT=3000 |
| 41 | +SECRET=your-secret-key-here |
| 42 | +``` |
34 | 43 |
|
35 | | -4. Start MongoDB locally or update the connection string in `index.js` if using a remote database. |
| 44 | +4. Start MongoDB: |
| 45 | +Make sure MongoDB is running on your system (default: `mongodb://127.0.0.1:27017`) |
36 | 46 |
|
37 | 47 | 5. Run the application: |
38 | | - ``` |
39 | | - node index.js |
40 | | - ``` |
| 48 | +```bash |
| 49 | +node index.js |
| 50 | +``` |
41 | 51 |
|
42 | | -The server will start on port 3000 (or the port specified in `.env`). |
| 52 | +The API will be available at `http://localhost:3000` |
43 | 53 |
|
44 | 54 | ## Usage |
45 | 55 |
|
46 | | -The API provides endpoints for user authentication and note management. All note-related endpoints require authentication except registration and login. |
47 | | - |
48 | | -### Authentication |
49 | | - |
50 | | -- Register a new user with POST `/register` |
51 | | -- Login with POST `/login` |
52 | | -- Logout with POST `/logout` |
53 | | -- Get user profile with GET `/profile` |
54 | | - |
55 | | -### Notes |
56 | | - |
57 | | -- Create a note: POST `/notes` |
58 | | -- Get all notes: GET `/notes` (supports query parameters for search, tag, page, limit) |
59 | | -- Get a specific note: GET `/notes/:id` |
60 | | -- Update a note: PUT `/notes/:id` |
61 | | -- Delete a note: DELETE `/notes/:id` |
62 | | - |
63 | | -## API Endpoints |
64 | | - |
65 | | -### Authentication Routes |
66 | | - |
67 | | -| Method | Endpoint | Description | Auth Required | |
68 | | -|--------|--------------|--------------------------|---------------| |
69 | | -| POST | /register | Register a new user | No | |
70 | | -| POST | /login | Login user | No | |
71 | | -| POST | /logout | Logout user | Yes | |
72 | | -| GET | /profile | Get user profile | Yes | |
73 | | - |
74 | | -### Notes Routes |
75 | | - |
76 | | -| Method | Endpoint | Description | Auth Required | |
77 | | -|--------|--------------|--------------------------|---------------| |
78 | | -| POST | /notes | Create a new note | Yes | |
79 | | -| GET | /notes | Get all user notes | Yes | |
80 | | -| GET | /notes/:id | Get a specific note | Yes | |
81 | | -| PUT | /notes/:id | Update a note | Yes | |
82 | | -| DELETE | /notes/:id | Delete a note | Yes | |
83 | | - |
84 | | -Query parameters for GET /notes: |
85 | | -- `q`: Search term for title (case-insensitive) |
| 56 | +### Authentication Endpoints |
| 57 | + |
| 58 | +#### Register a new user |
| 59 | +```http |
| 60 | +POST / |
| 61 | +Content-Type: application/json |
| 62 | +
|
| 63 | +{ |
| 64 | + "username": "johndoe", |
| 65 | + |
| 66 | + "password": "password123" |
| 67 | +} |
| 68 | +``` |
| 69 | + |
| 70 | +#### Login |
| 71 | +```http |
| 72 | +POST /login |
| 73 | +Content-Type: application/json |
| 74 | +
|
| 75 | +{ |
| 76 | + "username": "johndoe", |
| 77 | + "password": "password123" |
| 78 | +} |
| 79 | +``` |
| 80 | + |
| 81 | +#### Logout |
| 82 | +```http |
| 83 | +POST /logout |
| 84 | +``` |
| 85 | + |
| 86 | +#### Get user profile |
| 87 | +```http |
| 88 | +GET /profile |
| 89 | +``` |
| 90 | + |
| 91 | +### Notes Endpoints |
| 92 | + |
| 93 | +All notes endpoints require authentication. |
| 94 | + |
| 95 | +#### Create a note |
| 96 | +```http |
| 97 | +POST /notes |
| 98 | +Content-Type: application/json |
| 99 | +
|
| 100 | +{ |
| 101 | + "title": "My First Note", |
| 102 | + "content": "This is the content of my note", |
| 103 | + "tags": ["work", "important"], |
| 104 | + "isArchived": false, |
| 105 | + "isPinned": false |
| 106 | +} |
| 107 | +``` |
| 108 | + |
| 109 | +#### Get all notes |
| 110 | +```http |
| 111 | +GET /notes?page=1&limit=10&q=searchTerm&tag=work |
| 112 | +``` |
| 113 | + |
| 114 | +Query parameters: |
| 115 | +- `page`: Page number (default: 1) |
| 116 | +- `limit`: Number of notes per page (default: 10) |
| 117 | +- `q`: Search term for title |
86 | 118 | - `tag`: Filter by tag |
87 | | -- `page`: Page number for pagination (default 1) |
88 | | -- `limit`: Number of notes per page (default 10) |
89 | 119 |
|
90 | | -## Models |
| 120 | +#### Get a specific note |
| 121 | +```http |
| 122 | +GET /notes/:id |
| 123 | +``` |
| 124 | + |
| 125 | +#### Update a note |
| 126 | +```http |
| 127 | +PUT /notes/:id |
| 128 | +Content-Type: application/json |
| 129 | +
|
| 130 | +{ |
| 131 | + "title": "Updated Note Title", |
| 132 | + "content": "Updated content", |
| 133 | + "tags": ["personal", "updated"], |
| 134 | + "isArchived": true, |
| 135 | + "isPinned": true |
| 136 | +} |
| 137 | +``` |
| 138 | + |
| 139 | +#### Delete a note |
| 140 | +```http |
| 141 | +DELETE /notes/:id |
| 142 | +``` |
| 143 | + |
| 144 | +## API Response Format |
| 145 | + |
| 146 | +### Success Response |
| 147 | +```json |
| 148 | +{ |
| 149 | + "success": true, |
| 150 | + "count": 5, |
| 151 | + "page": 1, |
| 152 | + "totalPages": 2, |
| 153 | + "totalNotes": 15, |
| 154 | + "data": [...] |
| 155 | +} |
| 156 | +``` |
| 157 | + |
| 158 | +### Error Response |
| 159 | +```json |
| 160 | +{ |
| 161 | + "error": "Error message" |
| 162 | +} |
| 163 | +``` |
| 164 | + |
| 165 | +## Data Models |
91 | 166 |
|
92 | 167 | ### User |
93 | | -- `email`: String (required, unique) |
94 | | -- `username`: String (handled by passport-local-mongoose) |
95 | | -- `password`: String (hashed by passport-local-mongoose) |
| 168 | +```javascript |
| 169 | +{ |
| 170 | + email: String (required, unique), |
| 171 | + username: String (auto-generated by passport-local-mongoose), |
| 172 | + hash: String (password hash), |
| 173 | + salt: String (password salt) |
| 174 | +} |
| 175 | +``` |
96 | 176 |
|
97 | 177 | ### Note |
98 | | -- `title`: String (required, max 50 characters) |
99 | | -- `content`: String (required, min 3 characters) |
100 | | -- `tags`: Array of Strings (required) |
101 | | -- `user`: ObjectId (reference to User) |
102 | | -- `isArchived`: Boolean (default false) |
103 | | -- `isPinned`: Boolean (default false) |
104 | | -- `createdAt`: Date |
105 | | -- `updatedAt`: Date |
106 | | - |
107 | | -## Technologies Used |
108 | | - |
109 | | -- Node.js |
110 | | -- Express.js |
111 | | -- MongoDB |
112 | | -- Mongoose |
113 | | -- Passport.js (with Local Strategy) |
114 | | -- Express Session |
| 178 | +```javascript |
| 179 | +{ |
| 180 | + title: String (required, max 50 chars), |
| 181 | + content: String (required, min 3 chars), |
| 182 | + tags: [String] (required), |
| 183 | + user: ObjectId (reference to User), |
| 184 | + isArchived: Boolean (default: false), |
| 185 | + isPinned: Boolean (default: false), |
| 186 | + createdAt: Date, |
| 187 | + updatedAt: Date |
| 188 | +} |
| 189 | +``` |
| 190 | + |
| 191 | +## Validation Rules |
| 192 | + |
| 193 | +Notes are validated using Joi schema: |
| 194 | +- `title`: 1-100 characters, required |
| 195 | +- `content`: Minimum 1 character, required |
| 196 | +- `tags`: Array of strings (max 30 chars each), required |
| 197 | +- `isArchived`: Boolean, optional |
| 198 | +- `isPinned`: Boolean, optional |
| 199 | + |
| 200 | +## Project Structure |
| 201 | + |
| 202 | +``` |
| 203 | +notes-api/ |
| 204 | +├── index.js # Main application file |
| 205 | +├── middleware.js # Custom middleware functions |
| 206 | +├── schema.js # Joi validation schemas |
| 207 | +├── package.json # Dependencies and scripts |
| 208 | +├── models/ |
| 209 | +│ ├── user.js # User model |
| 210 | +│ └── notes.js # Note model |
| 211 | +├── routes/ |
| 212 | +│ ├── auth.js # Authentication routes |
| 213 | +│ └── notes.js # Notes CRUD routes |
| 214 | +└── utils/ |
| 215 | + ├── catchAsync.js # Async error handler |
| 216 | + └── expressError.js # Custom error class |
| 217 | +``` |
| 218 | + |
| 219 | +## Security Features |
| 220 | + |
| 221 | +- **Helmet**: Sets various HTTP headers for security |
| 222 | +- **XSS Protection**: Prevents cross-site scripting attacks |
| 223 | +- **MongoDB Sanitization**: Prevents NoSQL injection |
| 224 | +- **Session Management**: Secure session handling with Passport.js |
| 225 | +- **Input Validation**: Joi schemas validate all incoming data |
| 226 | + |
| 227 | +## Error Handling |
| 228 | + |
| 229 | +The API uses custom error handling: |
| 230 | +- `ExpressError` class for custom errors |
| 231 | +- `catchAsync` utility for async error handling |
| 232 | +- Global error handler middleware |
| 233 | +- Proper HTTP status codes and error messages |
115 | 234 |
|
116 | 235 | ## Contributing |
117 | 236 |
|
118 | 237 | 1. Fork the repository |
119 | 238 | 2. Create a feature branch |
120 | 239 | 3. Make your changes |
121 | | -4. Submit a pull request |
| 240 | +4. Add tests if applicable |
| 241 | +5. Submit a pull request |
122 | 242 |
|
123 | 243 | ## License |
124 | 244 |
|
|
0 commit comments