Express.js, commonly referred to as Express, is a minimal and flexible web application framework for Node.js, a runtime environment that allows developers to execute JavaScript code server-side. Express.js provides a set of tools and features that make it easier to build web applications and APIs. MongoDB stores data in a flexible, JSON-like format called BSON (Binary JSON) and offers features like automatic sharding for horizontal scaling, powerful querying through a flexible query language, and support for geospatial data. It's widely used in web development, mobile apps, and other scenarios where fast, adaptable data storage is essential.
This project is made for RevoU assignment.
The purpose of this assignment is to create a sophisticated Transfer Request Management Api. The Api endpoints will facilitate the interaction between two roles "maker" and "approver" in which each roles will have it own purposes. The api will also have security and integrity using JWT.
This transfer request management app is made using javascript, express, mongoDB as a database.
- App Features:
- User Registration:
- Anyone can register with a field
username, email, password, role
. username
must not be blank and eachusername
is unique.
- Anyone can register with a field
- Password Requirements:
- Each user password must have a minimum length of 8 chars.
- Is alphanumeric
- Is hashed when storing in MongoDB database.
- Authentication & Authorization:
- Using JWT to authenticated specific endpoints & manage role based control.
- Roles:
- User with
'maker'
role only able to create or add transfer request. - The status of transfer request created is automatically set to
'pending'
- User with
'approver'
role able to create, andapprove
orreject
transfer request that haspending
status. - Anyone without authentication and role authorization will be able to view all the transfer lists that is not soft-deleted.
- User with
'admin'
role able to create, approve, and soft-delete the transfer request with status'pending'
only not'approved'
or'rejected'
admin
role also able to see all the transfer requests available on the database without filtering the soft-delete method.admin
role also able to search or get all transfer request based ondate-range
&multiple-statuses
- User with
- User Registration:
- Git clone this repository.
- Open the project and start with
npm install
, this will install all dependencies. - Create your own
.env
file (this will contain sensitive data or variables for your project.)- Below is the example:
PORT=your_defined_port
MONGODB_URI=your_mongodb_uri
JWT_SECRET=your_jwt_secret
- Run
npm start
to start the project, you will get a notification like thisServer listening on port PORT_NUMBER
&Successfully connect to MongoDb
- Now you have successfully run the project.
- Try and see the api-documentation by accessing
localhost:PORT_NUMBER/api-docs
If you want to test and see this app api-endpoint and its functionality as mentioned in app features
above, you can visit the link below
You can access the api-documentation here : Link Here!
View openapi.yaml here
Notes: When registering the role accepted is either maker, approver, or admin.
Don't Forget to switch the Server
to deployment or production.
- Refer to
src/routes/transferRoutes.js
//Only authenticated user or user with bearer token can create transfer request
router.post("/add", body("amount").trim(), verifyJWT, createTransfer);
//only authenticated approver can approve and reject a a pending request
router.put("/approve/:transferId", verifyJWT, checkRole(["approver", "admin"]), approveTransferReq);
router.put("/reject/:transferId", verifyJWT, checkRole(["approver"]), rejectTransferReq);
//Any visitors or users can access this
router.get("/", getAllTransfers);
//admin area
router.put("/soft-delete/:transferId", verifyJWT, checkRole(["admin"]), softDeleteTransferReq);
router.get("/admin/transfer-lists", verifyJWT, checkRole(["admin"]), adminGetAllTransfers)
router.get("/search-date", verifyJWT, checkRole(["admin"]), getTransferReqByDateRange,);
router.get("/search-status", verifyJWT, checkRole(["admin"]), getTransferReqByStatuses);