[Brad Traversy] Node.js API Masterclass With Express & MongoDB [2019, ENG]
Original src:
https://github.com/bradtraversy/devcamper-api
2. HTTP Intro - Headers, Body, Status Codes, etc
3. Starting Our DevCamper Project
2. Basic Express Server, dotenv & Git
$ cd api
$ npm init -y
$ npm install --save express dotenv
$ npm install --save-dev nodemon
$ npm run dev
3. Creating Routes & Responses In Express
4. Using The Express Router
5. Creating Controller Methods
6. Intro To Middleware
$ npm install --save-dev morgan
7. Postman Environment & Collections
4. Getting Started With MongoDB & Bootcamps Resource
1. MongoDB Atlas & Compass Setup
We made an account on mongodb.com
2. Connecting To The Database With Mongoose
$ npm install --save mongoose
MongoDB Connected: traversy-node-js-api-masterclass-shard-00-02-9n706.mongodb.net
3. Colors In The Console
$ npm install --save colors
4. Creating Our First Model
5. Create Bootcamp - POST
$ curl -d '{
"user": "5d7a514b5d2c12c7449be045",
"name": "Devworks Bootcamp",
"description": "Devworks is a full stack JavaScript Bootcamp located in the heart of Boston that focuses on the technologies you need to get a high paying job as a web developer",
"website": "https://devworks.com",
"phone": "(111) 111-1111",
"email": "[email protected]",
"address": "233 Bay State Rd Boston MA 02215",
"careers": ["Web Development", "UI/UX", "Business"],
"housing": true,
"jobAssistance": true,
"jobGuarantee": false,
"acceptGi": true
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/bootcamps \
| python -m json.tool
$ curl -d '{
"user": "5d7a514b5d2c12c7449be046",
"name": "ModernTech Bootcamp",
"description": "ModernTech has one goal, and that is to make you a rockstar developer and/or designer with a six figure salary. We teach both development and UI/UX",
"website": "https://moderntech.com",
"phone": "(222) 222-2222",
"email": "[email protected]",
"address": "220 Pawtucket St, Lowell, MA 01854",
"careers": ["Web Development", "UI/UX", "Mobile Development"],
"housing": false,
"jobAssistance": true,
"jobGuarantee": false,
"acceptGi": true
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/bootcamps \
| python -m json.tool
$ curl -d '{
"user": "5c8a1d5b0190b214360dc031",
"name": "Codemasters",
"description": "Is coding your passion? Codemasters will give you the skills and the tools to become the best developer possible. We specialize in full stack web development and data science",
"website": "https://codemasters.com",
"phone": "(333) 333-3333",
"email": "[email protected]",
"address": "85 South Prospect Street Burlington VT 05405",
"careers": ["Web Development", "Data Science", "Business"],
"housing": false,
"jobAssistance": false,
"jobGuarantee": false,
"acceptGi": false
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/bootcamps \
| python -m json.tool
$ curl -d '{
"user": "5c8a1d5b0190b214360dc032",
"name": "Devcentral Bootcamp",
"description": "Is coding your passion? Codemasters will give you the skills and the tools to become the best developer possible. We specialize in front end and full stack web development",
"website": "https://devcentral.com",
"phone": "(444) 444-4444",
"email": "[email protected]",
"address": "45 Upper College Rd Kingston RI 02881",
"careers": [
"Mobile Development",
"Web Development",
"Data Science",
"Business"
],
"housing": false,
"jobAssistance": true,
"jobGuarantee": true,
"acceptGi": true
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/bootcamps \
| python -m json.tool
6. Fetching Bootcamps - GET
$ curl \
-H "Content-Type: application/json" \
-X GET localhost:5000/api/v1/bootcamps \
| python -m json.tool
$ curl \
-H "Content-Type: application/json" \
-X GET localhost:5000/api/v1/bootcamps/5db62fd567c1170dd52c2c34 \
| python -m json.tool
7. Updating & Deleting Bootcamps - PUT & DELETE
$ curl \
-d '{
"housing": true
}' \
-H "Content-Type: application/json" \
-X PUT localhost:5000/api/v1/bootcamps/5db62fd567c1170dd52c2c34 \
| python -m json.tool
$ curl -d '{
"careers": ["UI/UX"]
}' \
-H "Content-Type: application/json" \
-X PUT localhost:5000/api/v1/bootcamps/5db62fd567c1170dd52c2c34 \
| python -m json.tool
$ curl \
-H "Content-Type: application/json" \
-X DELETE localhost:5000/api/v1/bootcamps/5db62fd567c1170dd52c2c34 \
| python -m json.tool
5. Custom Error Handling & Mongoose Middleware
1. Error Handler Middleware
2. Custom ErrorResponse Class
3. Mongoose Error Handling [1]
4. Mongoose Error Handling [2]
$ curl \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/bootcamps \
| python -m json.tool
4. Mongoose Error Handling [2]
5. AsyncAwait Middleware
6. Mongoose Middleware & Slugify
$ npm install --save slugify
We deleted all documents in the database
$ curl -d '{
"user": "5d7a514b5d2c12c7449be045",
"name": "Devworks Bootcamp",
"description": "Devworks is a full stack JavaScript Bootcamp located in the heart of Boston that focuses on the technologies you need to get a high paying job as a web developer",
"website": "https://devworks.com",
"phone": "(111) 111-1111",
"email": "[email protected]",
"address": "233 Bay State Rd Boston MA 02215",
"careers": ["Web Development", "UI/UX", "Business"],
"housing": true,
"jobAssistance": true,
"jobGuarantee": false,
"acceptGi": true
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/bootcamps \
| python -m json.tool
***
"slug": "devworks-bootcamp",
***
7. GeoJSON Location & Geocoder Hook - MapQuest API
register
https://developer.mapquest.com/
Manage Keys --> My Application's Key --> Consumer Key --> insert to config
$ npm install --save node-geocoder
We deleted all documents in the database
$ curl -d '{
"user": "5d7a514b5d2c12c7449be045",
"name": "Devworks Bootcamp",
"description": "Devworks is a full stack JavaScript Bootcamp located in the heart of Boston that focuses on the technologies you need to get a high paying job as a web developer",
"website": "https://devworks.com",
"phone": "(111) 111-1111",
"email": "[email protected]",
"address": "233 Bay State Rd Boston MA 02215",
"careers": ["Web Development", "UI/UX", "Business"],
"housing": true,
"jobAssistance": true,
"jobGuarantee": false,
"acceptGi": true
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/bootcamps \
| python -m json.tool
<br/ >
6. Mongoose Advanced Querying & Relationships
1. Database Seeder For Bootcamps
// ImportData
$ node seeder -i
// DestroyData
$ node seeder -d
2. Geospatial Query - Get Bootcamps Within Radius
$ curl \
-H "Content-Type: application/json" \
-X GET localhost:5000/api/v1/bootcamps/radius/02118/10 \
| python -m json.tool
3. Advanced Filtering
$ curl \
-H "Content-Type: application/json" \
-X GET localhost:5000/api/v1/bootcamps?careers[in]=Business \
| python -m json.tool
4. Select & Sorting
http://localhost:5000/api/v1/bootcamps?select=name,description,housing&housing=true
http://localhost:5000/api/v1/bootcamps?select=name,description,housing&sort=name
http://localhost:5000/api/v1/bootcamps?select=name,description,housing&sort=-name
5. Adding Pagination
http://localhost:5000/api/v1/bootcamps?page=2
6. Course Model & Seeding
// DestroyData
$ node seeder -d
// ImportData
$ node seeder -i
7. Course Routes & Controller
http://localhost:5000/api/v1/courses
http://localhost:5000/api/v1/bootcamps/5d713995b721c3bb38c1f5d0/courses
8. Populate, Virtuals & Cascade Delete
http://localhost:5000/api/v1/bootcamps
$ curl \
-H "Content-Type: application/json" \
-X DELETE localhost:5000/api/v1/bootcamps/5d725a1b7b292f5f8ceff788 \
| python -m json.tool
9. Single Course & Add Course
http://localhost:5000/api/v1/courses/5d725a4a7b292f5f8ceff789
http://localhost:5000/api/v1/bootcamps/
$ curl -d '{
"title": "Front End Web Development",
"description": "This course will provide you with all of the essentials to become a successful frontend web developer. You will learn to master HTML, CSS and front end JavaScript, along with tools like Git, VSCode and front end frameworks like Vue",
"weeks": 8,
"tuition": 8000,
"minimumSkill": "beginner",
"scholarhipsAvailable": true
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/bootcamps/5d713995b721c3bb38c1f5d0/courses \
| python -m json.tool
$ curl -d '{
"title": "Full Stack Web Development",
"description": "In this course you will learn full stack web development, first learning all about the frontend with HTML/CSS/JS/Vue and then the backend with Node.js/Express/MongoDB",
"weeks": 12,
"tuition": 10000,
"minimumSkill": "intermediate",
"scholarhipsAvailable": true
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/bootcamps/5d713995b721c3bb38c1f5d0/courses \
| python -m json.tool
http://localhost:5000/api/v1/bootcamps/
10. Update & Delete Course
// DestroyData
$ node seeder -d
// ImportData
$ node seeder -i
http://localhost:5000/api/v1/courses
$ curl -d '{
"tuition": 13000,
"minimumSkill": "advanced"
}' \
-H "Content-Type: application/json" \
-X PUT localhost:5000/api/v1/courses/5d725a4a7b292f5f8ceff789 \
| python -m json.tool
http://localhost:5000/api/v1/courses/5d725a4a7b292f5f8ceff789
$ curl \
-H "Content-Type: application/json" \
-X DELETE localhost:5000/api/v1/courses/5d725a4a7b292f5f8ceff789 \
| python -m json.tool
11. Aggregate - Calculating The Average Course Cost
12. Photo Upload For Bootcamp
$ npm install --save express-fileupload
$ curl \
-F "file=@/home/marley/1/pic1.jpg" \
-X PUT localhost:5000/api/v1/bootcamps/5d725a1b7b292f5f8ceff788/photo \
| python -m json.tool
http://localhost:5000/uploads/photo_5d725a1b7b292f5f8ceff788.jpg
13. Advanced Results Middleware
http://localhost:5000/api/v1/bootcamps/
http://localhost:5000/api/v1/bootcamps?page=2
http://localhost:5000/api/v1/bootcamps?select=name,description
http://localhost:5000/api/v1/courses?select=title
http://localhost:5000/api/v1/courses?page=2&limit=2
7. Authentication, Users & Permissions - Part 1
1. User Model
$ npm install --save jsonwebtoken
$ npm install --save bcryptjs
2. User Register & Encrypting Passwords
$ curl \
-d '{"name": "John Doe",
"email": "[email protected]",
"password": "123456",
"role": "publisher"}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/auth/register \
| python -m json.tool
3. Sign & Get JSON Web Token
$ curl \
-d '{"name": "John Doe",
"email": "[email protected]",
"password": "123456",
"role": "publisher"}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/auth/register \
| python -m json.tool
4. User Login
$ curl \
-d '{
"email": "[email protected]",
"password": "123456"
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/auth/login \
| python -m json.tool
5. Sending JWT In a Cookie
$ npm install --save cookie-parser
6. Auth Protect Middleware
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVkYmI0YTg5OWE1ODE1M2ZmNjEzYWEzOSIsImlhdCI6MTU3MjU1NTQwMSwiZXhwIjoxNTc1MTQ3NDAxfQ.2G0jVvVPpHPem-SEGLGg3-_JMmYqnOsIuY3RjhVkfQY"
$ curl -d '{
"user": "5d7a514b5d2c12c7449be045",
"name": "Devworks Bootcamp",
"description": "Devworks is a full stack JavaScript Bootcamp located in the heart of Boston that focuses on the technologies you need to get a high paying job as a web developer",
"website": "https://devworks.com",
"phone": "(111) 111-1111",
"email": "[email protected]",
"address": "233 Bay State Rd Boston MA 02215",
"careers": ["Web Development", "UI/UX", "Business"],
"housing": true,
"jobAssistance": true,
"jobGuarantee": false,
"acceptGi": true
}' \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVkYmI0YTg5OWE1ODE1M2ZmNjEzYWEzOSIsImlhdCI6MTU3MjU1NTQwMSwiZXhwIjoxNTc1MTQ3NDAxfQ.2G0jVvVPpHPem-SEGLGg3-_JMmYqnOsIuY3RjhVkfQY" \
-X POST localhost:5000/api/v1/bootcamps \
| python -m json.tool
$ curl \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVkYmI0YTg5OWE1ODE1M2ZmNjEzYWEzOSIsImlhdCI6MTU3MjU1NTQwMSwiZXhwIjoxNTc1MTQ3NDAxfQ.2G0jVvVPpHPem-SEGLGg3-_JMmYqnOsIuY3RjhVkfQY" \
-X GET localhost:5000/api/v1/auth/me \
| python -m json.tool
7. Storing The Token In Postman
8. Role Authorization
Only user 'publisher' and 'admin' can do actions to create / update / delete
8. Authentication, Users & Permissions - Part 2
1. Bootcamp & User Relationship
// DestroyData
$ node seeder -d
// ImportData
$ node seeder -i
http://localhost:5000/api/v1/bootcamps/
2. Bootcamp Ownership
Only onwer or admin can modify bootcamp
3. Course Ownership
Only onwer or admin can modify course
4. Forgot Password - Generate Token
$ curl \
-d '{
"email": "[email protected]"
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/auth/forgotpassword \
| python -m json.tool
5. Forgot Password - Send Email
https://mailtrap.io/
http://nodemailer.com/about/
$ npm install --save nodemailer
$ curl \
-d '{
"email": "[email protected]"
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/auth/forgotpassword \
| python -m json.tool
6. Reset Password
$ curl \
-d '{
"password": "654321"
}' \
-H "Content-Type: application/json" \
-X PUT http://localhost:5000/api/v1/auth/resetpassword/bcedda5593f1799bd34ba1a49608f92a0434d154 \
| python -m json.tool
// Invalid
$ curl \
-d '{
"email": "[email protected]",
"password": "123456"
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/auth/login \
| python -m json.tool
// Valid
$ curl \
-d '{
"email": "[email protected]",
"password": "654321"
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/auth/login \
| python -m json.tool
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVkN2E1MTRiNWQyYzEyYzc0NDliZTA0NSIsImlhdCI6MTU3MjU4NTY1OCwiZXhwIjoxNTc1MTc3NjU4fQ.vhxaMRCksKb0LHx5T91JqrX4xo0i2Im_BOuv3vShmXk
7. Update User Details
$ curl \
-d '{
"email": "[email protected]",
"name": "John Smith"
}' \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVkN2E1MTRiNWQyYzEyYzc0NDliZTA0NSIsImlhdCI6MTU3MjU4NTY1OCwiZXhwIjoxNTc1MTc3NjU4fQ.vhxaMRCksKb0LHx5T91JqrX4xo0i2Im_BOuv3vShmXk" \
-X PUT localhost:5000/api/v1/auth/updatedetails \
| python -m json.tool
$ curl \
-d '{
"currentPassword": "654321",
"newPassword": "123456"
}' \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVkN2E1MTRiNWQyYzEyYzc0NDliZTA0NSIsImlhdCI6MTU3MjU4NTY1OCwiZXhwIjoxNTc1MTc3NjU4fQ.vhxaMRCksKb0LHx5T91JqrX4xo0i2Im_BOuv3vShmXk" \
-X PUT localhost:5000/api/v1/auth/updatepassword \
| python -m json.tool
8. Admin Users CRUD
mongodb -> set role "admin" to user.
// Me
$ curl \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVkN2E1MTRiNWQyYzEyYzc0NDliZTA0NSIsImlhdCI6MTU3MjU4NTY1OCwiZXhwIjoxNTc1MTc3NjU4fQ.vhxaMRCksKb0LHx5T91JqrX4xo0i2Im_BOuv3vShmXk" \
-X GET localhost:5000/api/v1/auth/me \
| python -m json.tool
// Get all user
$ curl \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVkN2E1MTRiNWQyYzEyYzc0NDliZTA0NSIsImlhdCI6MTU3MjU4NTY1OCwiZXhwIjoxNTc1MTc3NjU4fQ.vhxaMRCksKb0LHx5T91JqrX4xo0i2Im_BOuv3vShmXk" \
-X GET localhost:5000/api/v1/users \
| python -m json.tool
// Get single user
$ curl \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVkN2E1MTRiNWQyYzEyYzc0NDliZTA0NSIsImlhdCI6MTU3MjU4NTY1OCwiZXhwIjoxNTc1MTc3NjU4fQ.vhxaMRCksKb0LHx5T91JqrX4xo0i2Im_BOuv3vShmXk" \
-X GET localhost:5000/api/v1/users/5c8a1d5b0190b214360dc032 \
| python -m json.tool
// Get single user
$ curl \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVkN2E1MTRiNWQyYzEyYzc0NDliZTA0NSIsImlhdCI6MTU3MjU4NTY1OCwiZXhwIjoxNTc1MTc3NjU4fQ.vhxaMRCksKb0LHx5T91JqrX4xo0i2Im_BOuv3vShmXk" \
-X GET localhost:5000/api/v1/users/5c8a1d5b0190b214360dc032 \
| python -m json.tool
// Create user
$ curl \
-d '{
"name": "Nate Smith",
"email": "[email protected]",
"password": "123456"
}' \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVkN2E1MTRiNWQyYzEyYzc0NDliZTA0NSIsImlhdCI6MTU3MjU4NTY1OCwiZXhwIjoxNTc1MTc3NjU4fQ.vhxaMRCksKb0LHx5T91JqrX4xo0i2Im_BOuv3vShmXk" \
-X POST localhost:5000/api/v1/users/ \
| python -m json.tool
// Update user
$ curl \
-d '{
"name": "Nate Johnson"
}' \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVkN2E1MTRiNWQyYzEyYzc0NDliZTA0NSIsImlhdCI6MTU3MjU4NTY1OCwiZXhwIjoxNTc1MTc3NjU4fQ.vhxaMRCksKb0LHx5T91JqrX4xo0i2Im_BOuv3vShmXk" \
-X PUT localhost:5000/api/v1/users/5dbbd7c42041035e7eb80426 \
| python -m json.tool
// Delete user
$ curl \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVkN2E1MTRiNWQyYzEyYzc0NDliZTA0NSIsImlhdCI6MTU3MjU4NTY1OCwiZXhwIjoxNTc1MTc3NjU4fQ.vhxaMRCksKb0LHx5T91JqrX4xo0i2Im_BOuv3vShmXk" \
-X DELETE localhost:5000/api/v1/users/5dbbd7c42041035e7eb80426 \
| python -m json.tool
9. Bootcamp Reviews & Ratings
1. Review Model & Get Reviews
2. Get Single Review & Update Seeder
// DestroyData
$ node seeder -d
// ImportData
$ node seeder -i
// Get all reviews
$ curl \
-H "Content-Type: application/json" \
-X GET localhost:5000/api/v1/reviews \
| python -m json.tool
$ curl \
-H "Content-Type: application/json" \
-X GET localhost:5000/api/v1/reviews/5d7a514b5d2c12c7449be020 \
| python -m json.tool
$ curl \
-H "Content-Type: application/json" \
-X GET localhost:5000/api/v1/bootcamps/5d725a1b7b292f5f8ceff788/reviews \
| python -m json.tool
3. Add Review For Bootcamp
User with 'publisher' role shouldn't create reviews
$ curl \
-d '{
"email": "[email protected]",
"password": "123456"
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/auth/login \
| python -m json.tool
$ curl \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVjOGExZDViMDE5MGIyMTQzNjBkYzAzMyIsImlhdCI6MTU3MjYwNjQ5NSwiZXhwIjoxNTc1MTk4NDk1fQ.lgUqJEJDp9dShq4HeA9-CiiTt9zfB-7ZVaRotI928l0" \
-X GET localhost:5000/api/v1/auth/me \
| python -m json.tool
$ curl \
-d '{
"title": "Nice Bootcamp",
"text": "I learned a lot",
"rating": 8
}' \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVjOGExZDViMDE5MGIyMTQzNjBkYzAzMyIsImlhdCI6MTU3MjYwNjQ5NSwiZXhwIjoxNTc1MTk4NDk1fQ.lgUqJEJDp9dShq4HeA9-CiiTt9zfB-7ZVaRotI928l0" \
-X POST localhost:5000/api/v1/bootcamps/5d725a1b7b292f5f8ceff788/reviews/ \
| python -m json.tool
4. Aggregate - Calculate Average Rating
// DestroyData
$ node seeder -d
$ curl \
-d '{"name": "John Doe",
"email": "[email protected]",
"password": "123456",
"role": "user"}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/auth/register \
| python -m json.tool
$ curl \
-d '{"name": "Jack Smith",
"email": "[email protected]",
"password": "123456",
"role": "user"}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/auth/register \
| python -m json.tool
$ curl \
-d '{"name": "Mary Smith",
"email": "[email protected]",
"password": "123456",
"role": "user"}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/auth/register \
| python -m json.tool
// Login
$ curl \
-d '{
"email": "[email protected]",
"password": "123456"
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/auth/login \
| python -m json.tool
Did not test. Need to create a bootcamp, then create review and check average rating for 3 users. User with role 'user' has no premission to create bootcamp.
5. Update & Delete Reviews
// DestroyData
$ node seeder -d
// ImportData
$ node seeder -i
// Login
$ curl \
-d '{
"email": "[email protected]",
"password": "123456"
}' \
-H "Content-Type: application/json" \
-X POST localhost:5000/api/v1/auth/login \
| python -m json.tool
// Get all reviews
$ curl \
-H "Content-Type: application/json" \
-X GET localhost:5000/api/v1/reviews \
| python -m json.tool
$ curl \
-d '{
"title": "Had Fun",
"text": "Super",
"rating": 10
}' \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVjOGExZDViMDE5MGIyMTQzNjBkYzAzMyIsImlhdCI6MTU3MjYwOTE4NiwiZXhwIjoxNTc1MjAxMTg2fQ.3fY2OVWxj7YWxD3vfhr459MX0vb4ewtSm9BU8nWQrfc" \
-X PUT localhost:5000/api/v1/reviews/5d7a514b5d2c12c7449be020 \
| python -m json.tool
$ curl \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVjOGExZDViMDE5MGIyMTQzNjBkYzAzMyIsImlhdCI6MTU3MjYwOTE4NiwiZXhwIjoxNTc1MjAxMTg2fQ.3fY2OVWxj7YWxD3vfhr459MX0vb4ewtSm9BU8nWQrfc" \
-X DELETE localhost:5000/api/v1/reviews/5d7a514b5d2c12c7449be020 \
| python -m json.tool
10. API Security
1. Logout To Clear Token Cookie
// Logout
$ curl \
-H "Content-Type: application/json" \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVjOGExZDViMDE5MGIyMTQzNjBkYzAzMyIsImlhdCI6MTU3MjYwNjQ5NSwiZXhwIjoxNTc1MTk4NDk1fQ.lgUqJEJDp9dShq4HeA9-CiiTt9zfB-7ZVaRotI928l0" \
-X GET localhost:5000/api/v1/auth/logout \
| python -m json.tool
2. Prevent NoSQL Injection & Sanitize Data
$ npm install --save express-mongo-sanitize
3. XSS Protection & Security Headers
$ npm install --save helmet
https://github.com/jsonmaur/xss-clean
$ npm install --save xss-clean
4. Rate Limiting, HPP & CORS
$ npm install --save express-rate-limit
$ npm install --save hpp
https://github.com/expressjs/cors
$ npm install --save cors
11. Documentation & Deploy
Steps to deploy:
https://gist.github.com/bradtraversy/cd90d1ed3c462fe3bddd11bf8953a896
1. Documentation With Postman & Docgen
2. Digital Ocean Droplet & Server Log In
3. Prepare & Push To Github
4. Clone Repo On Server
5. PM2 Process Manager Setup
6. NGINX Reverse Proxy Setup
7. Domain, SSL & Wrap Up
Marley
Any questions on eng: https://jsdev.org/chat/
Любые вопросы на русском: https://jsdev.ru/chat/