Deployed on Netlify: https://62d9a066ed70b700b9fad3f7--jaimeblogapi.netlify.app/
API that uses Json Web Token (JWT) authorization so user can authenticate across apps or micro-services. JWT stores authorization with the Client, NOT the Server.
The user must create a profile with password, which is then hashed using the bcrypt dependency to hash, salt and store the encrypted password.
User: There are distinct routes to create, read, update and delete the user. There is a separate router to login the user. There are two user routes for reading. /users to list all users and /user/:id to find a specific user by the id.
Blogs: There are distinct routes to create, read, update and delete users' blogs.
- NodeJS
- Express
- MongoDB
- Mongoose
- Postman
- Heroku
- VSC as my editor
- express
- express-validator
- bcrypt
- dotenv
- ejs
- helmet
- jsonwebtoken
- mongoose
- morgan
3 routers and 2 schemas on server side:
- server.js
- routers/authRouter.js for login
- routers/userRouter.js for CRUD
- routers/blogRouter.js for CRUD
username: type: String, required: true
email: type: String, required: true, unique: true
birthday: day: type: Number
month:
type: Number
year:
type: Number
age: type: Number
password: type: String, required: true
created_at: type: Date, default: Date.now()
created_by: type: String, required: true title: type: String, required: true
content: type: String, required: true
private: type: Boolean, required: true
created_at: type: Date, date: Date.now()
- Run 'nodemon server.js' in terminal to start app OR open Heroku app: https://jaimeblogapi.herokuapp.com/
- Run postman to Create, Read, Update and Delete all Users and individual User blogs by entering User's JWT in Postman's headers. Key: x-auth-token Value: the JWT token provided when user is created.
- Create User: router.post('/users/new') userSchema is used, password is hashed, JWT is created
- Read all Users: router.post('/users')
- Read User by ID: router.post('/users/:id')
- Update User: router.post('/users/:id')
- Delete User: router.post('/users/:id')
- Login User: go to authRouter.js router.post('/')
- Create User: /users/new NOTE: You MUST copy JWT and in the following requests, go to 'header' tab and use 'x-auth-token" as the 'key' and the JWT in 'value'. This must be done to ALL CRUD requests for the user, in postman header.
- Login User: /auth
- Read all Users: /users
- Read User by ID: /users/user's id
- Update User: /users/user's id
- Delete User: /user/user's id
- Create Blog: router.post('/blogs/new')
- Read all Blog: router.post('/blogs')
- Read Blog by ID: router.post('/blogs/:id')
- Read Public Blogs: router.post('/blogs/public')
- Update Blog: router.post('/blogs/:id')
- Delete Blog: router.post('/blogs/:id')
- Create Blog: /blogs/new NOTE: You MUST copy JWT and in the following requests, go to 'header' tab and use 'x-auth-token" as the 'key' and the JWT in 'value'. This must be done to ALL CRUD requests for the blogs, in postman header.
- Create Blog: /blogs/new
- Read all Blogs: /blogs
- Read Blogs by ID: /blogs/blog id
- Filter Public blogs: /blogs/public
- Update Blogs: /blogs/blog id, with JWT
- Delete Blog: /blogs/blog id, with JWT
- Mongoose/MongoDB config: /config/mongoConfig.js --> Require 'mongoose' and connect to and process it using the .env file's MONGODB_URI link. (Make sure to list .env in the .gitignore file to hide MongoDB password!!!)
- JWT: /middleware/authMiddleware.js --> Require 'jsonwebtoken', verify and process it using SECRET_KEY. This get's the token from the header in postman and matches/verifies token sent. Error messages send if either token was not created or is not valid (tampered with, doesn't match or expires)