Course Selling Web App - Backend

A RESTful API backend for a course selling platform built with Node.js, Express, and MongoDB. This application enables admins to create and manage courses while users can browse and purchase courses.

📋 Table of Contents

• Features
• Tech Stack
• Project Structure
• Prerequisites
• Installation
• Configuration
• Running the Application
• API Endpoints
• How It Works
• Database Schema
• Security

✨ Features

Admin Features

• Admin signup and signin with JWT authentication
• Create new courses with title, description, price, and image
• Update existing courses
• View all courses created by the admin

User Features

• User signup and signin with JWT authentication
• Browse all available courses
• Purchase courses
• View purchased courses

🛠️ Tech Stack

• Runtime: Node.js
• Framework: Express.js v5.1.0
• Database: MongoDB (Mongoose ODM v8.15.1)
• Authentication: JWT (jsonwebtoken v9.0.2)
• Password Hashing: bcrypt v6.0.0
• CORS: cors v2.8.5

📁 Project Structure

coursesellingProject/
├── config.js              # JWT secrets and configuration
├── index.js               # Application entry point
├── package.json           # Dependencies and scripts
├── middleware/
│   ├── adminmiddle.js    # Admin authentication middleware
│   └── usermiddle.js     # User authentication middleware
├── routes/
│   ├── admin.js          # Admin routes (signup, signin, course management)
│   ├── user.js           # User routes (signup, signin, purchases)
│   └── course.js         # Course routes (purchase, preview)
└── schema/
    ├── admindb.js        # Admin database schema
    ├── userdb.js         # User database schema
    ├── coursedb.js       # Course database schema
    └── purchasedb.js     # Purchase database schema

📦 Prerequisites

Before running this application, ensure you have the following installed:

• Node.js (v14 or higher)
• MongoDB (v4.0 or higher)
• npm or yarn package manager

🚀 Installation

1. Clone the repository (or navigate to the project directory):

   cd "d:\sigma web development\Harkirat cohort\coursesellingProject"

2. Install dependencies:

   npm install

   This will install all required packages:

   • express
   • mongoose
   • jsonwebtoken
   • bcrypt
   • cors

⚙️ Configuration

Database Configuration

1. Ensure MongoDB is running on your local machine on the default port (27017)
2. The application will automatically connect to mongodb://localhost:27017/course-app

JWT Secrets

The JWT secrets are defined in config.js:

• JWT_ADMIN_SECRET: "newadmin"
• JWT_USER_SECRET: "newuser"

⚠️ Security Note: For production, replace these with strong, randomly generated secrets and store them in environment variables.

🏃 Running the Application

1. Start MongoDB (if not already running):

   mongod

2. Start the server:

   node index.js

3. The server will start on http://localhost:3001

   You should see the message:

   Server is running at http://localhost:3001
   

4. Test the API:

   • Visit http://localhost:3001 in your browser - you should see "Hello World!"
   • Use tools like Postman, Insomnia, or curl to test the API endpoints

📡 API Endpoints

Admin Routes (/admin)

Method	Endpoint	Description	Auth Required
POST	/admin/signup	Register new admin	No
POST	/admin/signin	Admin login	No
POST	/admin/create-courses	Create a new course	Yes
PUT	/admin/update-course	Update existing course	Yes
GET	/admin/all-course	Get all courses by admin	Yes

Admin Signup

POST /admin/signup
Content-Type: application/json

{
  "email": "admin@example.com",
  "password": "securepassword",
  "firstname": "John",
  "lastname": "Doe"
}

Admin Signin

POST /admin/signin
Content-Type: application/json

{
  "email": "admin@example.com",
  "password": "securepassword"
}

Response: { "message": "Admin logged in", "token": "jwt_token_here" }

Create Course

POST /admin/create-courses
Content-Type: application/json
token: your_jwt_token

{
  "title": "Complete Web Development",
  "description": "Learn HTML, CSS, JavaScript, and more",
  "price": 999,
  "imageUrl": "https://example.com/image.jpg"
}

User Routes (/user)

Method	Endpoint	Description	Auth Required
POST	/user/signup	Register new user	No
POST	/user/signin	User login	No
GET	/user/purchase	Get user's purchased courses	Yes

User Signup

POST /user/signup
Content-Type: application/json

{
  "email": "user@example.com",
  "password": "userpassword",
  "firstname": "Jane",
  "lastname": "Smith"
}

User Signin

POST /user/signin
Content-Type: application/json

{
  "email": "user@example.com",
  "password": "userpassword"
}

Response: { "message": "User logged in", "token": "jwt_token_here" }

Course Routes (/course)

Method	Endpoint	Description	Auth Required
GET	/course/preview	Get all available courses	No
POST	/course/purchase	Purchase a course	Yes (User)

Preview All Courses

GET /course/preview

Response: { "courses": [...] }

Purchase Course

POST /course/purchase
Content-Type: application/json
token: user_jwt_token

{
  "userId": "user_id_here",
  "courseId": "course_id_here"
}

🔄 How It Works

Authentication Flow

1. Signup/Registration:

   • Admin/User provides email, password, firstname, lastname
   • Password is hashed using bcrypt (salt rounds: 5)
   • User data is stored in MongoDB
   • Success message is returned

2. Signin/Login:

   • Admin/User provides email and password
   • System validates credentials against database
   • If valid, JWT token is generated with user/admin ID
   • Token is returned to the client

3. Protected Routes:

   • Client includes JWT token in the token header
   • Middleware verifies the token
   • If valid, request proceeds with user/admin ID attached
   • If invalid, 401 Unauthorized is returned

Course Management Flow

1. Admin Creates Course:

   • Admin authenticates and receives JWT token
   • Admin sends course details (title, description, price, imageUrl)
   • System creates course with admin ID as creator
   • Course ID is returned

2. User Browses Courses:

   • Anyone can call /course/preview (no auth required)
   • System returns all available courses

3. User Purchases Course:

   • User authenticates and receives JWT token
   • User sends courseId with token
   • System creates purchase record linking user and course
   • Purchase confirmation is returned

4. User Views Purchases:

   • User authenticates with JWT token
   • System retrieves all purchases for that user
   • System fetches course details for purchased courses
   • Returns purchase history with course information

Middleware Authentication

• adminMiddleware: Validates admin JWT token in headers
• userMiddleware: Validates user JWT token in headers
• Both attach the authenticated ID to the request object for use in route handlers

💾 Database Schema

Admin Collection

{
  email: String (unique, required),
  password: String (required),
  firstname: String (required),
  lastname: String (required)
}

User Collection

{
  email: String (unique, required),
  password: String (required),
  firstname: String (required),
  lastname: String (required)
}

Course Collection

{
  title: String (required),
  description: String (required),
  price: Number (required),
  imageUrl: String (required),
  creatorId: ObjectId (reference to Admin)
}

Purchase Collection

{
  userId: ObjectId (reference to User),
  courseId: ObjectId (reference to Course),
  purchaseDate: Date
}

🔒 Security

Current Implementation

• JWT-based authentication for protected routes
• Password hashing with bcrypt (salt rounds: 5)
• CORS enabled for cross-origin requests
• Separate authentication for admins and users

🤝 Contributing

Feel free to fork this project and submit pull requests for any improvements.

📄 License

ISC

---