A robust RESTful API for a blog platform built with Node.js, Express, and MongoDB. Features comprehensive user authentication, blog post management (CRUD operations), and secure route protection using JWT tokens. Designed as a backend-only portfolio project with full test coverage and modern development practices.
- JWT-based authentication with secure token management
- User registration and login with password hashing using Argon2
- Protected routes with middleware-based authorization
- Token refresh functionality for extended sessions
- Secure password storage with industry-standard hashing
- User registration with email/password validation
- User profile management with customizable profile information
- Public user profiles accessible without authentication
- User deletion with proper cleanup
- User posts retrieval for public viewing
- Full CRUD operations for blog posts
- Post ownership validation - users can only modify their own posts
- Public post viewing with authentication for private posts
- Post search and filtering capabilities
- Rich post content support
- MongoDB integration with optimized database operations
- Comprehensive error handling with meaningful error messages
- Input validation and sanitization
- RESTful API design following best practices
- Modular architecture with separation of concerns
- Environment-based configuration management
- Runtime: Node.js with ES6+ modules
- Framework: Express.js 5.1.0
- Database: MongoDB 6.17
- Authentication: JSON Web Tokens (JWT)
- Password Hashing: Argon2
- Testing: Jest with Supertest
- Code Quality: ESLint with Airbnb config
- Development: Babel for ES6+ transpilation
- Environment: dotenv for configuration management
- Node.js (v16 or higher)
- MongoDB (v4.4 or higher)
- npm or yarn package manager
-
Clone the repository
git clone https://github.com/hassanah391/blog-platform-api.git cd blog-platform-api -
Install dependencies
npm install
-
Environment Configuration Create a
.envfile in the root directory:# Database Configuration DB_HOST=localhost DB_PORT=27017 DB_USER=your_db_user DB_PASSWORD=your_db_password DB_NAME=blog_app # Server Configuration SERVER_HOST=0.0.0.0 SERVER_PORT=3000 # JWT Configuration SECRETKEY=your_jwt_secret_key_here
-
Start MongoDB Ensure MongoDB is running on your system or use a cloud MongoDB instance.
-
Run the application
# Development mode with auto-reload npm run dev # Production mode npm run start-server
The project includes comprehensive test coverage for all major functionality:
# Run all tests
npm test
# Run tests with coverage report
npm test -- --coverage
# Run specific test files
npm test -- tests/auth.test.js- Authentication tests: User registration, login, token refresh
- User management tests: Profile operations, user retrieval
- Post management tests: CRUD operations, authorization
- Database tests: Connection and operation validation
http://localhost:3000
POST /auth/signup
Content-Type: application/json
{
"email": "[email protected]",
"password": "securepassword123",
"firstName": "hassan",
"lastName": "ahmed",
"phoneNumber": "01234567890"
}POST /auth/signin
Content-Type: application/json
{
"email": "[email protected]",
"password": "securepassword123"
}POST /auth/refresh-token
Content-Type: application/json
{
"refreshToken": "your_refresh_token_here"
}GET /auth/protected
Authorization: Bearer your_jwt_token_hereGET /users/me
Authorization: Bearer your_jwt_token_herePUT /users/me/profile
Authorization: Bearer your_jwt_token_here
Content-Type: application/json
{
"bio": "Software developer and blogger"
}DELETE /users/me
Authorization: Bearer your_jwt_token_hereGET /users/:userIdGET /users/:userId/postsGET /postsPOST /posts
Authorization: Bearer your_jwt_token_here
Content-Type: application/json
{
"title": "My First Blog Post",
"content": "This is the content of my blog post...",
"tags": ["technology", "programming"]
}GET /posts/:postId
Authorization: Bearer your_jwt_token_herePUT /posts/:postId
Authorization: Bearer your_jwt_token_here
Content-Type: application/json
{
"title": "Updated Blog Post Title",
"content": "Updated content...",
"tags": ["updated", "tags"]
}DELETE /posts/:postId
Authorization: Bearer your_jwt_token_hereblog-platform-api/
βββ controllers/ # Business logic handlers
β βββ authController.js # Authentication operations
β βββ usersController.js # User management operations
β βββ postsController.js # Blog post operations
βββ routes/ # API route definitions
β βββ index.js # Main router configuration
β βββ authRoutes.js # Authentication routes
β βββ usersRoutes.js # User management routes
β βββ postsRoutes.js # Blog post routes
β βββ middlewares.js # Custom middleware functions
βββ utils/ # Utility functions
β βββ db.js # Database connection and operations
βββ tests/ # Test files
β βββ auth.test.js # Authentication tests
β βββ users.test.js # User management tests
β βββ posts.test.js # Blog post tests
β βββ db.test.js # Database tests
βββ config.js # Environment configuration
βββ server.js # Express server setup
βββ package.json # Dependencies and scripts
βββ jest.config.js # Jest testing configuration
βββ .eslintrc.cjs # ESLint configuration
βββ babel.config.cjs # Babel configuration
βββ README.md # Project documentation
# Development
npm run dev # Start development server with auto-reload
npm run start-server # Start production server
npm run start-worker # Start worker process (if applicable)
# Code Quality
npm run lint # Run ESLint
npm run check-lint # Check specific files with ESLint
# Testing
npm test # Run all tests with coverage- JWT Token Authentication: Secure stateless authentication
- Password Hashing: Argon2 for secure password storage
- Protected Routes: Middleware-based authorization
- Input Validation: Request data sanitization and validation
- Environment Variables: Secure configuration management
- CORS Protection: Cross-origin request handling
The project implements a comprehensive testing strategy:
- Unit Tests: Individual function and component testing
- Integration Tests: API endpoint testing with Supertest
- Database Tests: MongoDB connection and operation validation
- Authentication Tests: JWT token and user authentication flow
- Coverage Reporting: Detailed test coverage analysis
- Database Indexing: Optimized MongoDB queries
- Connection Pooling: Efficient database connections
- Async/Await: Non-blocking operations
- Error Handling: Graceful error management
- Input Validation: Early request validation
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the ISC License - see the LICENSE file for details.
Hassan Ahmed
- Demo video: demo video link
This project serves as a comprehensive backend API demonstrating modern Node.js development practices, secure authentication, and scalable architecture for a blog platform.