Table of Contents
Nest.js application that mock product store backend. It enable users with admin roles to add product details (price, category etc.) and registred and authenticated user to create orders for given products. Further actions are based on metioned roles and permissions. Passport.js is used as middleware and mySQL as primary databsase.
- register an account (need to provide name, login, password and email)
- login to account
- make an order
- change order status
- list own orders
- get product list
- add / update products
- add / update categories
- list all clients
- list all orders
- Orders can only be made for client
- login and email cannot be duplicated
- password must
- not available product cannot be ordered
- already completed order cannot change status
POST http://localhost:4000/auth/register
Content-Type: application/json
{
"login": "login123",
"password": "$tr0ng_P4$$w0rd",
"name": "John",
"surname": "Doe",
"email": "john.doe@example.com"
}
RESPONSE: HTTP 201 (Created)
{
"message": "User created successfully"
}
POST http://localhost:4000/auth/login
Content-Type: application/json
{
"login": "login123",
"password": "$tr0ng_P4$$w0rd"
}
RESPONSE: HTTP 200
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... rest of client JWT",
"method": "Bearer"
}
POST http://localhost:4000/products
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... rest of admin JWT
{
"name": "Odyssey",
"description": "Homer Odyssey book",
"price": 20,
"categoryName": "BOOK"
}
RESPONSE: HTTP 201 (Created)
{
"name": "Odyssey",
"description": "Homer Odyssey book",
"price": 20,
"category": {
"id": 6,
"categoryName": "BOOK"
},
"id": 13,
"isAvailable": true
}
GET http://localhost:4000/products
(no auth required)
[
{
"id": 1,
"name": "Creatine lemon 120g",
"isAvailable": true,
"description": "Creatine is a natural substance found in the body. It is produced in the liver, kidneys and pancreas. It is also found in red meat and fish. Creatine is stored in the muscles in the form of phosphocreatine.",
"price": 20,
"category": {
"id": 1,
"categoryName": "SPORT"
}
},
{
"id": 2,
"name": "Nike Air Max 270",
"isAvailable": true,
"description": "Nike Air Max 270 is a new silhouette from Nike. It is a combination of the Air Max 180 and Air Max 93. The shoe features a full-length Air unit, a mesh upper, and a synthetic heel counter.",
"price": 200,
"category": {
"id": 2,
"categoryName": "CLOTHES"
}
},
{
"id": 3,
"name": "iPhone 6s",
"isAvailable": true,
"description": "iPhone 6s is a smartphone designed, developed, and marketed by Apple Inc. It is the tenth generation of the iPhone.",
"price": 500,
"category": {
"id": 3,
"categoryName": "ELECTRONIC"
}
},
{
"id": 4,
"name": "T-shirt",
"isAvailable": true,
"description": "A T-shirt is a style of unisex fabric shirt named after the T shape of its body and sleeves.",
"price": 20,
"category": {
"id": 2,
"categoryName": "CLOTHES"
}
},
other results...
POST http://localhost:4000/orders
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... rest of client JWT
{
"ProductsIds": [
1, 4
]
}
RESPONSE: HTTP 201 (Created)
{
"message": "Order created"
}
Of course there is also exception handling for unauthorized/unauthenticated/incorrect data, for example
GET http://localhost:4000/users
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.... rest of user JWT
RESPONSE: HTTP 401
{
"statusCode": 401,
"message": "Unauthorized"
}
POST http://localhost:4000/products
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9... rest of admin JWT
{
"name": "Odyssey",
"description": "Homer Odyssey book",
"categoryName": "BOOK"
}
RESPONSE: HTTP 400
{
"statusCode": 400,
"message": [
"price must be a positive number"
],
"error": "Bad Request"
}
POST http://localhost:4000/orders
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9... rest of client JWT
{
"ProductsIds": [
1, 4
]
}
RESPONSE: HTTP 400
{
"statusCode": 400,
"message": "Product is not available",
"error": "Bad Request"
}
Distributed under the MIT License. See LICENSE.txt
for more information.