The backend API for the Bloggio project. It provides RESTful endpoints to manage blogs, users, categories, auth tokens and other related data. Built with Node.js and Express.js, it ensures efficient data handling and secure user authentication.
Explore the docs »
Bloggio App »
View
·
Report Bug
·
Request Feature
Table of Contents
This project implements a comprehensive authentication system using the following technologies: Node.js, Express.js, JWT, Simple Token, MongoDB, Mongoose, Passport.js, Session, Nodemailer, and AWS-S3. Below is a detailed overview of the authentication process:
-
User Registration:
- Users fill out a registration form on the web/mobile application.
- The backend server receives the user data and encrypts the password using a hashing algorithm.
- The encrypted user data is saved to MongoDB.
-
Email Verification:
- An email verification link is sent to the user's email address using Nodemailer.
- Users must click the verification link to activate their account.
- The backend server verifies the token from the link and activates the user account.
- OAuth Login:
- Users can log in using their Google accounts via Passport.js.
- Passport.js handles the OAuth flow and retrieves user data from the social media platform.
- If the user does not exist in the database, a new user is created with the retrieved data.
- User session data is stored using express-session.
-
User Login:
- Users can log in manually with their credentials or through social media accounts.
- Upon successful login, the backend server generates a Simple Token and JWT (access and refresh tokens).
-
Token Usage:
- The JWT allows users to access protected routes and perform authorized actions within the application.
- The session duration is set to 1 day. If needed, the access token can be refreshed using the refresh token to extend the session by another 1 day.
- If the session expires without token refresh, users are redirected to the login page to re-authenticate.
- When creating an account, user passwords are securely hashed before storing in the database to ensure confidentiality.
-
Social Media Avatars:
- When users log in through social media, their avatar URL is automatically fetched and stored.
-
Manual Avatar Upload:
- Users can manually upload their avatar photos, which are then stored in AWS-S3.
- The URL of the uploaded avatar is saved in the database.
To better understand the authentication flow, here is a visual representation:
bloggio-api
├── logs
├── src/
| ├── configs
| | ├── email/
| | ├── passportjs-auth
| | ├── dbConnection.js
| | └── swagger.json
| ├── controllers
| | ├── auth.js
| | ├── blog.js
| | ├── category.js
| | ├── comment.js
| | ├── subCategory.js
| | ├── token.js
| | └── user.js
| ├── controllers
| | └── customError.js
| ├── helpers
| | ├── convertHtmlToText.js
| | ├── deleteObjectByKeyNumberS3Bucket.js
| | ├── extractDateNumber.js
| | ├── passwordEncryption.js
| | ├── tokenGenerator.js
| | └── userValidator.js
| ├── middlewares
| | ├── authentication.js
| | ├── awsS3Upload.js
| | ├── checkVisitSession.js
| | ├── errorHandler.js
| | ├── idValidation.js
| | ├── logger.js
| | ├── permissions.js
| | ├── queryHandler.js
| | └── rateLimiters.js
| ├── models
| | ├── blog.js
| | ├── category.js
| | ├── comment.js
| | ├── subCategory.js
| | ├── token.js
| | ├── tokenBlacklist.js
| | ├── tokenVerification.js
| | └── user.js
| ├── routers
| | ├── auth.js
| | ├── blog.js
| | ├── category.js
| | ├── comment.js
| | ├── document.js
| | ├── index.js
| | ├── subCategory.js
| | ├── token.js
| | └── user.js
| └── utils
| ├── email
| | ├── feedback
| | | ├── feedback.html
| | | └── feedback.js
| | ├── forgot
| | | ├── forgotPassword.html
| | | └── forgotPassword.js
| | ├── reset
| | | ├── resetPassword.html
| | | └── resetPassword.js
| | ├── welcome
| | | ├── welcomeEmail.html
| | | └── welcomeEmail.js
| | └── emailService.js
| └── functions.js
├── .dockerignore
├── .gitignore
├── .sample-env
├── constants.js
├── dockerfile
├── bloggio-auth.png
├── bloggio-erd.png
├── index.js
├── LICENSE
├── package-lock.json
├── package.json
├── README.md // Project documentation
└── swaggerAutogen.js
See the open issues for a full list of proposed features (and known issues).
CRUD Operations:
- Create: Add new blog with detailed information such as name, description, dueDates....
- Read: Retrieve information about single blog, either all at once or individually by ID.
- Update: Modify the details of existing blog.
- Delete: Remove blog from the collection.
MVC Architecture:
- Model: Defines the structure of the blog data and interacts with the MongoDb database using Mongoose ODM.
- View: Though typically associated with frontend, in this context, it refers to the response sent back to the client.
- Controller: Handles incoming requests, processes data using models, and returns the appropriate responses.
Database Management:
- Utilizes MongoDB for non-relational database, server-side storage.
- Mongoose ODM provides an easy-to-use interface for database operations, enabling complex queries and relationships.
Routing:
- Express.js handles routing, directing API requests to the appropriate controllers.
- Organized routes for handling blog-related operations.
Error Handling:
- Robust error handling to manage invalid inputs, missing data, and other potential issues.
- Custom error messages to guide users and developers.
Middleware:
- Utilizes Express middleware for parsing request bodies, handling JSON data, and managing static files.
- Passportjs middleware for authenticating with Google accounts
Session Management:
- Retrieve user data from Google and save in Mongodb collection with using Connect-Mongo (Passportjs)
Tools and Technologies:
- Postman is used for API testing, ensuring that all endpoints are functioning correctly and efficiently. The application is hosted on Render, a reliable hosting service that ensures high availability and performance.
- Docker is used for running application serverless with container
- DrawSQL is used for creating an ERD for project.
Deployment:
- The project is deployed on Render, allowing for easy access and scalability. Vercel and Render's platforms provide automatic builds and deployments, making the development process smoother.
Models:
- Defined using Mongoose to represent the data structures.
- Models (Blog, Category, SubCategory, Comment, User and Token) include fields for details.
- Associations and validations ensure data integrity and consistency.
Controllers:
- Contain the logic for handling CRUD operations.
- Interact with Mongoose models to perform database operations.
- Return JSON responses to the client, containing data or error messages as appropriate.
Routes:
- Defined in Express to handle API endpoints.
- Routes map to controller actions for creating, reading, updating, and deleting blogs.
Example endpoints:
- POST /blogs - Create a new blog.
- GET /blogs - Retrieve all blogs.
- GET /blogs/:id - Retrieve a specific blog by ID.
- PUT /blogs/:id - Update a blog by ID.
- PATCH /blogs/:id - Update a blog by ID.
- DELETE /blogs/:id - Delete a blog by ID.
For more endpoints check out Swagger Document
Middleware:
- Used to parse incoming request bodies (e.g., express.json()).
- Additional middleware can be added for authentication, logging, permissions and limiters etc.
Frontend:
- React: A JavaScript library for building user interfaces.
- TypeScript: A statically typed superset of JavaScript.
- TailwindCSS: A utility-first CSS framework for rapid UI development.
- Redux & Toolkit: For managing state across the application.
- Cypress: For E2E Testing
Backend:
- Node.js: A JavaScript runtime built on Chrome's V8 engine.
- Express.js: A minimal and flexible Node.js web application framework.
- MongoDb: A document database used to build highly available and scalable internet applications.
- Mongoose: An ODM (Object Data Modeling) library for MongoDB, provides a straight-forward, schema-based solution to model your application data
- JWT: JSON Web Token (JWT) is a compact URL-safe means of representing claims to be transferred between two parties
- Passportjs: A popular middleware for Node. js that simplifies the process of implementing authentication and authorization in web apps
- Docker: A platform designed to help developers build, share, and run container applications.
- AWS-S3: Amazon Simple Storage Service (Amazon S3) is an object storage service offering industry-leading scalability, data availability, security, and performance.
- Nodemailer: A Node JS module that allows you to send emails from your server easily.
Tools:
- Postman: An API client for testing and developing APIs.
- DrawSQL: Helps dev teams create beautiful schema diagrams to document their database entity relationships (ERD: Entity-Relationship Diagram)
- Render: A cloud platform for hosting web applications. (backend)
- Vercel: A cloud plattform for hosting web applications. (frontend)
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the MIT License. See LICENSE.txt for more information.