This is a backend test API built with ExpressJS, using MongoDB as the persistent storage and Redis as the cache storage. It has the ability to handle user authentication, authorization and transfer of funds between accounts.
- ExpressJS - The Node.js framework used
- MongoDB - The NoSQL database used
- Redis - The cache storage used
- Docker - The containerization platform used
- Swagger
To get started with the API, follow the steps below:
To run this application, you will need to have the following installed or use github codespace which is faster and free!
Docker Docker Compose
- Clone the repository to your local machine:
git clone [email protected]:walosha/BACKEND_DEV_TESTS.git
-
Create an .env file in the root of the project directory, and copy the contents from the .env.example file. Edit the environment variables in the .env file to your preference.
-
Run the following command in the root of the project directory to start the application:
docker-compose up --build
This command will build and start the Docker containers.
- Access the API at http://localhost:3000
This API is documented using Swagger. You can access the API documentation at http://localhost:3000/api/v1/api-docs after starting the application.
The following routes are available:
- /api/v1/auth/signup - Creates an account
- /api/v1/auth/login - Logs in a user
- /api/v1/account/transfer - Transfers funds between accounts
- others
This API is versioned using the URI path. The current version is v1, which is included in all routes, e.g. /api/v1/auth/signup.
Rate limiting is currently implemented with Redis
This API uses JWT-based authentication and authorization. The signup and login routes are not protected, but all other routes require a valid JWT access token. The transfer route is also protected by an authorization middleware that checks the user's role.
Refresh tokens are used for re-authenticating users. They are stored in Redis and can be invalidated at any time by the user or by an administrator. Refresh tokens are automatically invalidated when they expire, which is currently set to 30 days.
This API defines two roles: user and admin. The user role is the default role for all users, and the admin role can be assigned by an administrator. The transfer route is protected by an authorization middleware
The project directory structure is as follows:
├── modules
│ ├── auth
│ │ ├── controllers
│ │ ├── models
│ │ ├── services
│ │ └── types
│ ├── transfer
│ │ ├── controllers
│ │ ├── models
│ │ ├── services
│ │ └── types
│ └── user
│ ├── controllers
│ ├── models
│ ├── services
│ └── types
├── database
│ ├── index
├── middlewares
│ ├── isLoggedIn.ts
│ ├── protect.ts
│ └── error.ts
├── utils
│ ├── appErrors.ts
│ ├── catchAsync.ts
└── @types
├── express
-
modules: This directory contains the different modules of the API, including auth, transfer, and user. Each module has its own controllers, models, services, and types.
-
database: This directory contains the mongoose configuration file and the database models.
-
middlewares: This directory contains the middleware functions used in the API, including the auth middleware, the error handler middleware, and the not-found handler middleware.
-
utils: This directory contains utility functions used in the API, including error handling functions, logger functions, and input validators.
-
@types: This directory contains the type definitions for external libraries used in the API.