{"id":15575685,"url":"https://github.com/hsyntes/instamern-api","last_synced_at":"2025-04-12T03:14:26.466Z","repository":{"id":185120782,"uuid":"673034168","full_name":"hsyntes/instamern-api","owner":"hsyntes","description":"The InstaMERN backend API powers the InstaMERN application, a full-stack social media platform similar to Instagram. This API allows users to register, log in, create posts \u0026 story, add comments, follow \u0026 unfollow, AWS Cloud Computing for storage \u0026 sending emals and more.","archived":false,"fork":false,"pushed_at":"2023-09-10T18:11:48.000Z","size":25496,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-12T03:14:20.934Z","etag":null,"topics":["aws","express","mongodb","mongoose","nodejs","rest-api","restful-api"],"latest_commit_sha":null,"homepage":"https://instamern.netlify.app","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hsyntes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-07-31T18:05:16.000Z","updated_at":"2024-09-22T08:52:42.000Z","dependencies_parsed_at":null,"dependency_job_id":"63469cd5-251c-4b40-82a4-7abcf7404455","html_url":"https://github.com/hsyntes/instamern-api","commit_stats":{"total_commits":82,"total_committers":1,"mean_commits":82.0,"dds":0.0,"last_synced_commit":"d86104ecd6916df27c965a4d7020774ebd7a7eeb"},"previous_names":["hsyntes/instamern-api"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hsyntes%2Finstamern-api","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hsyntes%2Finstamern-api/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hsyntes%2Finstamern-api/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hsyntes%2Finstamern-api/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hsyntes","download_url":"https://codeload.github.com/hsyntes/instamern-api/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248510001,"owners_count":21116130,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","express","mongodb","mongoose","nodejs","rest-api","restful-api"],"created_at":"2024-10-02T18:40:22.516Z","updated_at":"2025-04-12T03:14:26.461Z","avatar_url":"https://github.com/hsyntes.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Instamern Backend API\n\nThe InstaMERN backend API powers the InstaMERN application, a full-stack social media platform similar to Instagram. This API allows users to register, log in, create posts \u0026 story, add comments, follow \u0026 unfollow, **AWS Cloud Computing** for storage \u0026 sending emals and more.\n\n[![InstaMERN](https://github.com/hsyntes/instamern/blob/main/public/logo.png)](https://instamern.netlify.app)\n\n## AWS Cloud Integration\n\nThe InstaMERN backend leverages **AWS Cloud Services** for various functionalities. Here are the AWS services used:\n\n1. Amazon S3\n\n   Description: Amazon S3 is used for storing and serving user-uploaded images, including post images, story images and profile pictures.\n\n2. Amazon SES\n\n   Decription: Amazon SES is used for sending emails to users in order to reset passwords \u0026 emails by secure token.\n\n## Features\n\n- Signup \u0026 login with secure token\n- Uploading posts/stories to **AWS Cloud** \u0026 load them from **MongoDB**\n- Sending reset links to users' email address with **AWS SES** to reset \u0026 update their password\n- Structured users' data more secure with **mongoose Data Modelling** both **referencing** \u0026 **embedded**\n- **Encrypting** \u0026 **hashing** passwords\n- Email validator via both backend API \u0026 **AWS Cloud**\n- Verifying **JSON Web Token**\n- Security HTTP headers with **helmet**\n- Rate limitting from the same **IP/API**\n- Data Sanitization against **NoSQL** injection\n- Data Sanitization against **XSS**\n- Maganing \u0026 catching errors globally with **middleware** functions\n- Generate expired token\n- Sending JWT via **cokie**\n- Restrict/protect some features by secure token\n- Dedicate environments to **development** and **production**\n\n## Authentication\n\nAuthentication is the process of verifying the identity of a user or system. In the context of a back-end application, it ensures that only authorized users can access protected resources. Here are some key considerations for implementing authentication:\n\n### User Registration\n\nImplement a user registration process that collects necessary information, such as username, email, and password. Ensure that password requirements, such as length and complexity, are enforced.\n\n### Login\n\nProvide a secure login mechanism using sessions or tokens. Validate user credentials against stored data and generate authentication tokens or session cookies for subsequent requests.\n\n## Authorization\n\nAuthorization determines what actions a user can perform within an application. It ensures that authenticated users have the necessary permissions to access or modify specific resources. Consider the following when implementing authorization\n\n### Role-Based Access Control\n\nImplement role-based access control (RBAC) to assign different permissions to different user roles. For example, an administrator role might have more privileges than a regular user role.\n\n### Resource-Based Authorization\n\nControl access to specific resources based on user roles and ownership. Ensure that users can only access resources they are authorized to view or modify.\n\n## Security\n\nMaintaining the security of your application is crucial to protect user data and prevent unauthorized access or data breaches. Consider the following security measures\n\n#### Password Hashing\n\nStore user passwords securely by hashing them with a strong cryptographic algorithm like bcrypt or Argon2. Hashing passwords prevents storing plain-text passwords in the database, making it harder for attackers to retrieve user passwords in case of a data breach.\n\n#### Secure Communication\n\nEnable secure communication between clients and the server using HTTPS/TLS. This ensures that data transmitted over the network is encrypted and protects against eavesdropping and tampering. Obtain and install an SSL certificate to enable HTTPS on your server.\n\n#### Session Management\n\nImplement secure session management to track user sessions and prevent session-related attacks such as session hijacking or fixation. Use secure session storage mechanisms, such as server-side storage or encrypted client-side storage (e.g., signed cookies), and regenerate session IDs after user authentication or privilege changes.\n\n## Storage\n\nSotarage users' materials suchs as posts, profile pictures, stories in **AWS Cloud Object Storage**\n\n## END Points\n\n#### Authentication\n\n`POST /instamern/users/signup`: Register a new user.\n\n`POST /instamern/users/login`: Log in an existing user.\n\n### User Profile\n\n`GET /instamern/users/username/:username`: Get user profile by username.\n\n`GET /instamern/users/authorization/current-user`: Get currently logged-in user by secure token.\n\n### Posts\n\n`GET /instamern/posts`: Get all posts.\n\n`GET /instamern/posts/:id`: Get a single post by ID.\n\n`POST /instamern/posts/upload`: Create a new post by secure token and storage it to **AWS Cloud**\n\n`POST /instamern/posts/like/:id`: Like a post by current user's secure token.\n\n`POST /instamern/posts/comment/:id`: Add a comment to a post by current user's secure token.\n\n`DELETE /instamern/posts/delete/:id`: Delete a post by current user's secure token.\n\n### Stories\n\n`GET /instamern/stories`: Get all stories.\n\n`POST /instamern/stories/upload`: Add a new story by current user's secure token and save it to **AWS Cloud**\n\n## 🔗 Links\n\n[![linkedin](https://img.shields.io/badge/linkedin-0A66C2?style=for-the-badge\u0026logo=linkedin\u0026logoColor=white)](https://www.linkedin.com/in/hsyntes)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhsyntes%2Finstamern-api","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhsyntes%2Finstamern-api","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhsyntes%2Finstamern-api/lists"}