- Streamlined Customer Checkout Flow w/ Custom Cart System
- Secure Payment Methods via PayPal and Stripe Integration
- User / Admin Roles to Limit and Protect Access to Sensitive Endpoints
| Resource | Route | HTTP Verbs | Acess Level |
|---|---|---|---|
| Users | api/users | GET, POST | Admin, All |
| api/users/login | POST | All | |
| api/users/profile | GET, PUT | Protected (2) | |
| api/users/:id | GET, PUT, DELETE | Protected (3) | |
| Products | api/products | GET, POST | All, Protected & Admin |
| api/products/top | GET | All | |
| api/products/:id | GET, PUT, DELETE | All, Protect & Admin (2) | |
| api/products/:id/reviews | POST, PUT, DELETE | Protected (3) | |
| Orders | api/orders | GET, POST | Protected, Protected & Admin |
| api/orders/myorders | GET | Protected | |
| api/orders/:orderId | GET | Protected | |
| api/orders/:orderId/pay | PUT | Protected | |
| api/orders/:orderId/shipping | PUT | Protected & Admin |
| Table | Column | Data Type |
|---|---|---|
| Users | id | Object Id |
| isAdmin | Boolean | |
| name | String | |
| String | ||
| password | String | |
| created_at | Timestamp | |
| updated_at | Timestamp | |
| Products | id | Object Id |
| User | Object Id | |
| name | String | |
| image | String | |
| brand | String | |
| category | String | |
| description | String | |
| reviews | [ Object Id ] | |
| price | Number | |
| number_in_stock | Number | |
| Reviews | name | String |
| rating | Number | |
| comment | String | |
| User | Object Id | |
| Orders | id | Object Id |
| User | Object Id | |
| order_total | Number | |
| tax_price | Number | |
| shipping_price | Number | |
| total_price | Number | |
| is_paid | Boolean | |
| is_delivered | Boolean | |
| order_items | { Product, quantity: Number } |
|
| shipping_address | { address: String, city: String, postal_code: String, country: String } |
|
| payment_method | String | |
| payment_result | { id: Object Id, status: String, update_time: timestamp, email: String } |
|
| delivered_at | Timestamp | |
| paid_at | Timestamp |
Users register with a name, email, and password. Passwords are salted and encrypted using bcrypt before being saved in the Mongo Atlas database. When users login, login data is compared and on success, a token is generated and sent to the user. On every proceeding request, the user sends the token, and the requests are validated by middleware. The middleware decodes the token and the user's authorization roles are fetched allowing them to access (role) protected routes.