A robust and secure RESTful API for managing notes with user authentication, built with Node.js, Express, and MongoDB.
- User Authentication: Secure registration and login with JWT tokens
- CRUD Operations: Create, read, update, and delete notes
- User Isolation: Users can only access their own notes
- Input Validation: Comprehensive validation and sanitization
- Error Handling: Robust error handling with meaningful messages
- Security: Password hashing, secure cookies, and protection against common vulnerabilities
- Testing: Comprehensive test suite with 106+ tests and 90%+ coverage
- Docker Support: Full containerization with development and production environments
- Docker Engine 20.10+
- Docker Compose 2.0+
# Clone the repository
git clone https://github.com/AakashSuresh2003/CRUD_Notes_API.git
cd CRUD_Notes_API
# Set up environment
cp .env.example .env
# Edit .env with your production values
# Start the application
./docker-run.sh start
# Check status
./docker-run.sh status# Start development environment with hot reload
./docker-run.sh start dev
# Run tests
./docker-run.sh test dev
# View logs
./docker-run.sh logs# Build and run production
docker compose up -d
# Build and run development
docker compose -f docker-compose.dev.yml up -d
# Stop services
docker compose downFor complete Docker documentation, see DOCKER.md
-
Clone the repository:
git clone https://github.com/AakashSuresh2003/CRUD_Notes_API.git cd CRUD_Notes_API -
Install dependencies:
npm install
-
Set up environment variables: Create a
.envfile in the root directory:MONGODB_URI=mongodb://localhost:27017/crud_notes_db JWT_SECRET=your_super_secret_jwt_key_change_this_in_production JWT_EXPIRES_IN=7d PORT=3000
-
Start the development server:
npm run start:dev
Or start the production server:
npm start
This project includes a comprehensive test suite with 81+ tests covering all functionality.
npm testnpm run test:unitnpm run test:integrationnpm run test:coveragenpm run test:watch- Models: Data validation and database operations
- Controllers: Business logic and error handling
- Middleware: Authentication and authorization
- Routes: API endpoint functionality
- Validation: Input sanitization and validation
- Database: Connection and error handling
- Security: JWT tokens, password hashing, user isolation
For detailed test documentation, see TEST_DOCUMENTATION.md.
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| POST | /api/user/register |
Register a new user | No |
| POST | /api/user/login |
Log in and obtain authentication token | No |
| GET | /api/user/logout |
Log out and clear authentication token | No |
| GET | /api/user/refetch |
Fetch user data using valid token | Yes |
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| GET | /api/v1/notes |
Get all notes for authenticated user | Yes |
| GET | /api/v1/notes/:id |
Get specific note by ID | Yes |
| POST | /api/v1/notes |
Create a new note | Yes |
| PUT | /api/v1/notes/:id |
Update note by ID | Yes |
| DELETE | /api/v1/notes/:id |
Delete note by ID | Yes |
curl -X POST http://localhost:3000/api/user/register \
-H "Content-Type: application/json" \
-d '{
"username": "johndoe",
"fullName": "John Doe",
"email": "john@example.com",
"password": "securepassword123"
}'curl -X POST http://localhost:3000/api/user/login \
-H "Content-Type: application/json" \
-d '{
"username": "johndoe",
"password": "securepassword123"
}'curl -X POST http://localhost:3000/api/v1/notes \
-H "Content-Type: application/json" \
-H "Cookie: token=your_jwt_token_here" \
-d '{
"title": "My First Note",
"description": "This is the content of my first note"
}'curl -X GET http://localhost:3000/api/v1/notes \
-H "Cookie: token=your_jwt_token_here"- Password Hashing: All passwords are hashed using bcrypt
- JWT Authentication: Secure token-based authentication
- User Isolation: Users can only access their own notes
- Input Validation: All inputs are validated and sanitized
- Secure Cookies: HTTP-only, secure, and SameSite cookie configuration
- Error Handling: Sensitive information is never exposed in error messages
-
Set environment variables:
NODE_ENV=production MONGODB_URI=your_production_mongodb_uri JWT_SECRET=your_super_secure_production_secret JWT_EXPIRES_IN=7d PORT=3000
-
Install dependencies:
npm ci --only=production
-
Start the application:
npm start
CRUD_Notes_API/
├── src/
│ ├── controller/ # Route controllers
│ │ ├── auth.controller.js
│ │ └── notes.controller.js
│ ├── DataBase/ # Database configuration
│ │ └── db.js
│ ├── middleware/ # Custom middleware
│ │ └── authMiddleware.js
│ ├── models/ # Mongoose models
│ │ ├── user.models.js
│ │ └── notes.models.js
│ ├── router/ # Route definitions
│ │ ├── auth.router.js
│ │ └── notes.router.js
│ └── validation/ # Input validation schemas
│ └── post.validation.js
├── tests/ # Test suite
│ ├── unit/ # Unit tests
│ ├── integration/ # Integration tests
│ └── utils/ # Test utilities
├── .github/workflows/ # CI/CD configuration
├── index.js # Application entry point
├── jest.config.js # Jest configuration
├── package.json # Dependencies and scripts
└── README.md # This file
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Run tests (
npm test) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the ISC License.
- Express.js community for the excellent web framework
- MongoDB team for the robust database solution
- Jest team for the comprehensive testing framework
- All contributors and supporters of this project
Built with ❤️ by AakashSuresh2003