Skip to content

API for Fullstack DevCamper App (JavaScript, Node.js, & MongoDB)

Notifications You must be signed in to change notification settings


Folders and files

Last commit message
Last commit date

Latest commit



64 Commits

Repository files navigation

DevCamper Backend API Specifications

Create the backend for a bootcamp directory website. The frontend/UI will be created by another team (future course). The html/css template has been created and can be used as a reference for functionality. All of the functionality below needs to be fully implmented in this project.


Rename "config/config.env.example" to "config/config.env" and update the values/settings to your own

Install Dependencies

npm install

Run App

# Run in dev mode
npm run dev

# Run in prod mode
npm start


  • List all bootcamps in the database
    • Pagination
    • Select specific fields in result
    • Limit number of results
    • Filter by fields
  • Search bootcamps by radius from zipcode
    • Use a geocoder to get exact location and coords from a single address field
  • Get single bootcamp
  • Create new bootcamp
    • Authenticated users only
    • Must have the role "publisher" or "admin"
    • Only one bootcamp per publisher (admins can create more)
    • Field validation via Mongoose
  • Upload a photo for bootcamp
    • Owner only
    • Photo will be uploaded to local filesystem
  • Update bootcamps
    • Owner only
    • Validation on update
  • Delete Bootcamp
    • Owner only
  • Calculate the average cost of all courses for a bootcamp
  • Calculate the average rating from the reviews for a bootcamp


  • List all courses for bootcamp

  • List all courses in general

    • Pagination, filtering, etc
  • Get single course

  • Create new course

    • Authenticated users only
    • Must have the role "publisher" or "admin"
    • Only the owner or an admin can create a course for a bootcamp
    • Publishers can create multiple courses
  • Update course

    • Owner only
  • Delete course

    • Owner only


  • List all reviews for a bootcamp
  • List all reviews in general
    • Pagination, filtering, etc
  • Get a single review
  • Create a review
    • Authenticated users only
    • Must have the role "user" or "admin" (no publishers)
  • Update review
    • Owner only
  • Delete review
    • Owner only

Users & Authentication

  • Authentication will be ton using JWT/cookies
    • JWT and cookie should expire in 30 days
  • User registration
    • Register as a "user" or "publisher"
    • Once registered, a token will be sent along with a cookie (token = xxx)
    • Passwords must be hashed
  • User login
    • User can login with email and password
    • Plain text password will compare with stored hashed password
    • Once logged in, a token will be sent along with a cookie (token = xxx)
  • User logout
    • Cookie will be sent to set token = none
  • Get user
    • Route to get the currently logged in user (via token)
  • Password reset (lost password)
    • User can request to reset password
    • A hashed token will be emailed to the users registered email address
    • A put request can be made to the generated url to reset password
    • The token will expire after 10 minutes
  • Update user info
    • Authenticated user only
    • Separate route to update password
  • User CRUD
    • Admin only
  • Users can only be made admin by updating the database field manually


  • Encrypt passwords and reset tokens
  • Prevent cross site scripting - XSS
  • Prevent NoSQL injections
  • Add a rate limit for requests of 100 requests per 10 minutes
  • Protect against http param polution
  • Add headers for security (helmet)
  • Use cors to make API public (for now)


  • Use Postman to create documentation
  • Use docgen to create HTML files from Postman
  • Add html files as the / route for the api

Deployment (Digital Ocean)

  • Push to Github
  • Create a droplet
  • Clone repo on to server
  • Use PM2 process manager
  • Enable firewall (ufw) and open needed ports
  • Create an NGINX reverse proxy for port 80
  • Connect a domain name
  • Install an SSL using Let's Encrypt

Code Related Suggestions

  • NPM scripts for dev and production env
  • Config file for important constants
  • Use controller methods with documented descriptions/routes
  • Error handling middleware
  • Authentication middleware for protecting routes and setting user roles
  • Validation using Mongoose and no external libraries
  • Use async/await (create middleware to clean up controller methods)
  • Create a database seeder to import and destroy data


API for Fullstack DevCamper App (JavaScript, Node.js, & MongoDB)