A-Secure-Node-js-REST-API-with-Json file storage

This Nodejs REST API part two is intended to be secure and user-friendly, and it makes use of best API practices

The APIs could be improve over time to be more secure.

Check out Build-a-Secure-Nodejs-REST-API-part-two github repo

Chekc out Nodejs-REST-API-part-three uses PRISMA and Azure Data Studio for storage

Steps to run Node JS REST API part two

How to export the APIs to Postman

Download the Nodejs REST API partOne V1 .postman_collection.json file on the current repo
Open Postman
Select the import icon.
Upload the Nodejs REST API partOne V1 .postman_collection.json file
Go to auth/login and enter the username and password

Clone the repo

npm install
npm start
Open the browser

3 Login

Login with username and password

dataBaseJson
- adminsAndUsersLists
- select an admin or user
Save the token
- Click on the Nodejs REST API part one V1 collection
- Go to Variables
- Paste in the token
- tokenPartOneV1
- Make sure one of tokenPartOneV1 is selected.
  - Multiple of tokenPartOneV1 can be used but one must be selected at the time.
- Note: at the same multiple user could been logged in.
- click on the Save button
The *Get ...auth/me route will return the user who is logged in.
- Click on the me route
- Click on the Send button
- if successful you should see the following
- else you will see a "message": "Invalid token"

superadmin

    {
    "email": "softhouse@gmail.com",
    "password": "password"    
     }

admin

    {
    "email": "admin@gmail.com",
    "password": "password"    
     }

user

    {
    "user1": "admin@gmail.com",
    "password": "password"    
     }

Create an admin or user

Click on the admin/admin post route
Fill new Admin or user credentials in the Body
Validation would take care of if unnecessary fields are added.
Click Send

Update an admin or user

Click on the admin/admin upate route
Edit Admin or user credentials in the Body
Params
- id: the id of the admin or user
Validation would take care of if unnecessary fields are added.
Click Send
- Check the data or get the admin or user route to see if the admin or user has been updated

Other admin or user routes are the same. you can check them out. You got the idea

The rest would be the same. You got the idea.

Create a new user

OBS: the user is not an admin or user. It could be renamed to customer or client. lets keep it this way for now

Click on the user/user route
Fill new user credentials in the Body
Validation would take care of if unnecessary fields are added.
Click Send
Go to getAllUsers route
- The newly created user should be in the list

Update a user

Before updating the user details
Click on the user/user update route
Edit user credentials in the Body
Params
- id: the id of the user
Validation would take care of if unnecessary fields 1re added.
Click Send
- check the data or get the user route to see if the user has been updated

Delete a user

Delete a user without the secret word "secret" is not allowed. However, permission can be added or remvoed to roles.json file to prevent deletion of a user. Lets keep it this way for now.

Click on the user/user delete route
Params
- id: the id of the user
Body
- secret: "secret"
Click Send

Create a user post

Click on the user/user post route
Fill the post body with userId, title and body in as the json format
OBS: Validation would take care of if unnecessary fields are added.
Click Send
Go to user get a user post by user id
- You should see the new user post

Update a user post

Click on the user/user post update route
Edit user post userId, title and body in the Body
Params
- id: the id of the user post
Validation would take care of if unnecessary fields are added.
Click Send
- check the data or get the user post route to see if the user post has been updated

Delete user post

Click on the user/user post delete route
Params
- id: the id of the user post
userId
- id: the id of the user in body
Click Send

rqkohistani/Nodejs-RESTAPI-part-one