Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/basedhound/chili-sauces_api

RESTful API built with Node.js and Express, featuring authentication, MongoDB integration, and full CRUD operations. It includes robust security and validation measures for secure data handling.
https://github.com/basedhound/chili-sauces_api

angular api bcrypt crypto-js dotenv express fullstack helmet jsonwebtoken mongodb mongoose mongoose-unique-validator multer nodejs

Last synced: 6 days ago
JSON representation

RESTful API built with Node.js and Express, featuring authentication, MongoDB integration, and full CRUD operations. It includes robust security and validation measures for secure data handling.

Awesome Lists containing this project

README 

        


    

      Project Banner

    

  
Chili Sauces


  
School Project





## 
 đź“‹ Table of Contents



- ✨ [Introduction](#introduction)

- ⚙️ [Tech Stack](#tech-stack)

- đź“ť [Features](#features)

- 🚀 [Quick Start](#quick-start)



## 
 ✨ Introduction



**[EN]** This project focuses on building a RESTful API using Node.js and Express for a school assignment at OpenClassrooms. The API features robust authentication, database integration with MongoDB, and full CRUD operations. Security tools include Bcrypt, Crypto-js, Helmet, Jsonwebtoken, and Password-validator, along with Mongoose, Dotenv, Multer, Mongoose-unique-validator, and Validator. The API integrates seamlessly with the provided Angular frontend, demonstrating essential web development and security skills. For more information, see the [docs](/.docs) folder.



**[FR]** Ce projet se concentre sur la création d'une API RESTful en utilisant Node.js et Express pour un examen OpenClassrooms. L'API comprend une authentification robuste, une intégration de base de données avec MongoDB, et des opérations CRUD complètes. Les outils de sécurité incluent Bcrypt, Crypto-js, Helmet, Jsonwebtoken, et Password-validator, ainsi que Mongoose, Dotenv, Multer, Mongoose-unique-validator, et Validator. L'API s'intègre parfaitement avec le frontend Angular fourni, démontrant des compétences essentielles en développement web et en sécurité. Pour plus d'informations, consultez le dossier [docs](/.docs).



## 
 ⚙️ Tech Stack



- [**Angular**](https://v17.angular.io/docs) is a comprehensive framework for building web applications that can range from single-page applications (SPAs) to multi-page applications (MPAs). Developed by Google, Angular provides a powerful set of tools for building dynamic, scalable, and maintainable applications. It features robust client-side routing, two-way data binding, and a modular architecture that supports component-based development. Angular also supports server-side rendering through Angular Universal, enhancing performance and SEO. Its capabilities make it suitable for a wide range of web application scenarios beyond just SPAs.



- [**Node.js**](https://nodejs.org/en/learn/getting-started/introduction-to-nodejs) is a JavaScript runtime built on Chrome's V8 JavaScript engine. It allows developers to execute JavaScript on the server side, enabling the creation of scalable and high-performance applications. Node.js's non-blocking, event-driven architecture makes it particularly suitable for building real-time, data-intensive applications.



- [**Express**](https://expressjs.com/en/starter/installing.html) is a minimal and flexible Node.js web application framework that provides a robust set of features for building web and mobile applications. It simplifies the process of creating RESTful APIs by providing a thin layer of fundamental web application features, including routing, middleware support, and HTTP utilities.



- [**NPM**](https://nodejs.org/en/learn/getting-started/an-introduction-to-the-npm-package-manager) (Node Package Manager) is the default package manager for Node.js. It allows developers to install, share, and manage dependencies in their projects. NPM provides access to a vast repository of open-source packages, facilitating the rapid development and integration of new features.



- [**REST API**](https://blog.postman.com/rest-api-examples/) (Representational State Transfer Application Programming Interface) is a specific type of API that adheres to the principles of REST, an architectural style for designing networked applications. REST APIs use standard HTTP methods (GET, POST, PUT, DELETE) to interact with resources, which are typically represented in JSON or XML format. REST APIs are stateless, meaning each request from a client to the server must contain all the information needed to understand and process the request. This approach simplifies the interactions between client and server and ensures scalability and performance.



- [**MongoDB**](https://www.mongodb.com/docs/atlas/getting-started/) is a NoSQL database that stores data in flexible, JSON-like documents. It is designed for scalability and high performance, making it suitable for applications that handle large volumes of data. MongoDB's document model allows for easy data manipulation and querying, providing a more natural way to work with data compared to traditional relational databases.



- [**Mongoose**](https://mongoosejs.com/docs/guide.html) is an Object Data Modeling (ODM) library for MongoDB and Node.js. It provides a schema-based solution to model application data, ensuring data consistency and providing powerful tools for querying and validation. Mongoose simplifies the process of interacting with MongoDB by providing a higher abstraction layer.



- [**Bcrypt**](https://www.npmjs.com/package/bcrypt) is a library for hashing passwords in a secure manner. It uses a salt to protect against rainbow table attacks and employs a computationally intensive hashing algorithm, making brute-force attacks impractical. Bcrypt ensures that passwords are stored securely, enhancing the overall security of an application.



- [**Crypto-js**](https://www.npmjs.com/package/crypto-js) is a cryptography library in JavaScript that provides various cryptographic algorithms, such as hashing, encryption, and decryption. It is used to secure data, ensuring its integrity and confidentiality. Crypto-js is commonly used for encrypting sensitive information before storing or transmitting it.



- [**Dotenv**](https://www.npmjs.com/package/dotenv) is a module that loads environment variables from a .env file into process.env. This practice helps manage configuration and secrets in Node.js applications, keeping them out of the source code and making it easier to change settings without modifying the application code.



- [**Helmet**](https://www.npmjs.com/package/helmet) is a middleware for Express applications that helps secure apps by setting various HTTP headers. It mitigates common web vulnerabilities such as cross-site scripting (XSS), clickjacking, and other web attacks by configuring appropriate security-related HTTP headers.



- [**Jsonwebtoken**](https://www.npmjs.com/package/jsonwebtoken) (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. It is commonly used for authentication and information exchange in web applications, allowing secure and verifiable transfer of information. JWTs are often used for implementing stateless authentication mechanisms.



- [**Mongoose-unique-validator**](https://www.npmjs.com/package/mongoose-unique-validator) is a plugin for Mongoose that adds pre-save validation for unique fields within a Mongoose schema. It simplifies the enforcement of uniqueness constraints in MongoDB documents, ensuring that certain fields, such as usernames or email addresses, remain unique.



- [**Multer**](https://www.npmjs.com/package/multer) is a middleware for handling multipart/form-data, which is primarily used for uploading files. It simplifies the process of handling file uploads in an Express application by providing various options for storage and file handling, making it easy to manage file uploads.



- [**Password-validator**](https://www.npmjs.com/package/password-validator) is a library for validating password strength and compliance with defined rules. It helps enforce security policies by ensuring passwords meet specific criteria, such as length, complexity, and character variety. This enhances the security of user accounts by promoting the use of strong passwords.



- [**Validator**](https://www.npmjs.com/package/validator) is a library for string validation and sanitization. It provides a set of functions for validating and sanitizing strings, helping ensure data integrity and security in web applications. Validator is commonly used for validating user input, ensuring that it meets the expected format and constraints.



## 
 đź“ť Features



👉 RESTful API Development: The project includes a robust RESTful API built with Node.js and Express. It supports standard HTTP methods (GET, POST, PUT, DELETE) for interacting with resources, enabling seamless CRUD operations.



👉 Secure Data Storage: Data is securely stored using MongoDB with Mongoose. Passwords are hashed with Bcrypt, and sensitive information is encrypted using Crypto-js, ensuring data protection and confidentiality.



👉 Compliance and Data Protection: The project implements a logical data model that adheres to regulatory standards. Data is validated and sanitized to meet security and compliance requirements.



👉 Authentication and Authorization: Secure authentication is handled through Jsonwebtoken (JWT), providing a robust mechanism for verifying user identity and managing access to resources.



👉 Enhanced Security Measures: The application uses Helmet to set security-focused HTTP headers, protecting against common web vulnerabilities. File uploads are managed securely with Multer.



👉 Environment Management: Configuration and sensitive information are managed using Dotenv, keeping environment variables and secrets out of the source code.



👉 Unique Data Validation: Ensures uniqueness of data fields using Mongoose-unique-validator, preventing duplicate entries in the database.



👉 Integration with Angular Frontend: The backend API integrates smoothly with the provided Angular frontend, facilitating dynamic and interactive user experiences.



👉 Comprehensive Error Handling: Implements thorough error handling and logging mechanisms to track and resolve issues effectively.



👉 Testing and Validation: Includes testing processes to ensure the reliability and correctness of the API functionality.



## 
 🚀 Quick Start



Follow these steps to set up the project locally on your machine.




**Prerequisites**



Make sure you have the following installed on your machine:



- [Git](https://git-scm.com/)

- [Node.js](https://nodejs.org/en)

- [npm](https://www.npmjs.com/) (Node Package Manager)



Install nodemon globally on your machine, open your terminal and run the following command:

```bash

npm install -g nodemon

```



- **Nodemon** is a tool that helps develop Node.js based applications by automatically restarting the node application when file changes in the directory are detected.




**Cloning the Repository**



```bash

git clone {git remote URL}

```




**Installation**



Let's install the project dependencies for both the client and server, from your terminal, run:



```bash

# Navigate to the client directory

cd client



# Install the necessary dependencies for the client-side application

npm install

# or

yarn install



# Navigate back to the root directory

cd ..



# Navigate to the server directory

cd server



# Install the necessary dependencies for the server-side application

npm install

# or

yarn install

```



If you encounter any issues while installing the client dependencies, please refer to the [help file](/.docs/04%20How%20to%20fix%20front%20repo.pdf).




**Set Up Environment Variables**



Create a new file named `.env` inside the server folder and add the following content:



```env

# MongoDB: https://cloud.mongodb.com

DB_USERNAME=

DB_PASSWORD=

DB_CLUSTER=

DATABASE=



# Json-Web-Token: https://jwt.io

JWT_KEY=

(Generate new key)



# Crypto-JS: https://cryptojs.gitbook.io

CRYPTOJS_KEY=

(Generate new key)

```



Replace the placeholder values with your actual respective account credentials:



- [MongoDB](https://cloud.mongodb.com)




**Running the Project**



Installation will take a minute or two, but once that's done, you should be able to run the following command:



```bash

# Navigate to the client directory

cd client



# Start client

npm start

# or

yarn start



# Navigate back to the root directory

cd ..



# Navigate to the server directory

cd server



# Start server

npm start

# or

yarn start

```



- Client running on [`http://localhost:4200`](http://localhost:4200)

- Server running on [`http://localhost:3000`](http://localhost:3000)