This project is an example of implementation of a Messing System API with nodejs v14.15.3 and MongoDB

Install nodejs and mongodb in your machine.

Install dependencies with npm and run the application:

npm install
npm run start

• The project use ecmascript modules so you need Node.js 13.2.0+.
• For more details go to Node.js support for ECMAScript modules

You need to create .env file in the root of the project.
Before run the server set your nodejs environment variables

.env

# env example #
NODE_ENV = <NODE_ENV>
PORT = 5000
MONGO_URI = <MONGO_URI>
JWT_SECRET = <JWT_SECRET>
JWT_EXPIRESIN = 3d

Server url is https://kasa-messaging-api.herokuapp.com, and it expose the following APIs:

• POST - /ap/users/register - Register a new user

  • email - string
  • name - string
  • password - string

• POST - /ap/users//login - Login user

  • email - string
  • password - string

• GET - /api/users - Returns all users (must be logged in)

• GET - /api/users/:id - Returns user by id (must be logged in)

• PUT - /api/users/:id - Update user info

  • name - string
  • email - string
  • password - string

• DELETE - /api/users/:id - Delete user

• POST - /ap/messages - Create a new message

  • receiver - string
  • message - string
  • subject - string

• GET - /api/messages - Get all meesages for login user

• GET - /api/messages/unread - Get all unread messages for user

• PUT - /api/messages/:meesageId/read - Read message

• DELETE - /api/messages/:id - Delete message

You can find a postman requests Docs with examples of how to user this API here

This project use JSON Web Token (JWT) Bearer Token authentication . The login API returns an access_token that you have to use to send a correct authorization header in calls that require authentication. You can find an example with postman here

Login response:

{
   ...
  "data": {
    ...
      "token": {
          "expires_in": "3d",
          "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...._DkYJJh4s"
      },
  ...
}

Authorization header example:

 Authorization → Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...._DkYJJh4s

The project implements some of nodejs security techniques:

• Helmet : can help protect our app from some well-known web vulnerabilities by setting HTTP headers appropriately
• Express Rate Limit: to protect our applications from brute-force attacks
  • In the server.js we can set a limit of requests in a time window (default is 100 requests in 15 minutes for all endpoints, and 3 requests in a 1 hour for sign up endpoint)

If you want to contribute to this starter, consider:

• Reporting bugs and errors
• Improve the documentation
• Creating new features and pull requests

Licensed under the MIT license.