Blog API

A RESTful API for a blog, built with Node.js, Express, Prisma ORM,vitest, and PostgreSQL (via Docker). Secure authentication with JWT, pagination, and enhanced security (Helmet, rate-limiting). Allows creating, reading, updating, and deleting posts, with access restricted to authenticated users.

Features

Authentication: Sign-up / Login via JWT.

CRUD Posts: Create, read (with pagination), update, delete posts.

Security: Protection against XSS (Helmet), rate-limiting, input validation.

Database: PostgreSQL with Prisma for type-safe queries.

Docker: Containerized database for easy setup.

Prerequisites

Node.js: v24.x or higher

Docker: For PostgreSQL

npm: To manage dependencies

Postman or curl: To test the endpoints

Installation

Clone the repository:

git clone https://github.com/ton-user/blog-api.git cd blog-api

Install dependencies:

npm install

Set up environment variables: Create a .env file in the root:

DATABASE_URL=postgresql://postgres:secret@localhost:5432/blog_app JWT_SECRET=your_super_long_random_secret PORT=3000

Run PostgreSQL via Docker:

docker run --name blog-db -e POSTGRES_PASSWORD=secret -e POSTGRES_DB=blog_app -p 5432:5432 -d postgres:16

Set up Prisma:

npx prisma migrate dev --name init npx prisma generate

Start the server:

npm run dev

The API will be live at http://localhost:3000 .

Endpoints Authentication

POST /api/auth/signup : Create a new user

Body:

{ "username": "grok", "email": "grok@x.ai", "password": "pass123" }

Response:

{ "message": "User created", "user": { ... } }

POST /api/auth/login : Log in and get a JWT

Body:

{ "username": "grok", "password": "pass123" }

Response:

{ "token": "jwt", "user": { ... } }

Posts (Protected except GET)

GET /api/blog : List published posts (paginated)

Query: ?page=1&limit=10

Response:

{ "data": [{ id, title, content, ... }], "pagination": { ... } }

GET /api/blog/:id : Get post details

POST /api/blog : Create a post (JWT required)

Header:

Authorization: Bearer

Body:

{ "title": "My post", "content": "Lorem", "published": true }

PUT /api/blog/:id : Update post (author only)

DELETE /api/blog/:id : Delete post (author only)

Example Requests curl -X POST http://localhost:3000/api/auth/signup
-H "Content-Type: application/json"
-d '{"username":"grok","email":"grok@x.ai","password":"pass123"}'

curl -X POST http://localhost:3000/api/auth/login
-H "Content-Type: application/json"
-d '{"username":"grok","password":"pass123"}'

Security

JWT: Tokens signed, expire in 1 hour.

Helmet: Secures headers.

Rate-limiting: 100 requests / 15 minutes per IP.

CORS: Configured for localhost (restrict in production).

Project Structure blog-api/ ├── prisma/ │ └── schema.prisma ├── controllers/ │ ├── authController.js │ └── blogController.js ├── middleware/ │ └── auth.js ├── routes/ │ └── blog.js ├── .env ├── app.js └── package.json

Developer

Made with ❤️ by [your-name] to learn Node.js/Express via The Odin Project.

Contributing

Fork the repo

Create a branch (git checkout -b feature/cool-feature)

Commit changes (git commit -m "Add cool feature")

Push (git push origin feature/cool-feature)

Open a Pull Request