A robust RESTful API for managing tours and user authentication, built with Node.js and Express. This API provides comprehensive functionality for tour booking systems, including user management, authentication, and advanced tour querying capabilities.
- Tour Management: Complete CRUD operations for tours with advanced filtering, sorting, and pagination
- User Authentication: Secure JWT-based authentication system with password hashing
- Password Reset: Email-based password reset functionality
- Role-Based Access Control: Admin and user roles with protected routes
- Advanced Querying: Filter, sort, paginate, and limit fields in API responses
- Tour Statistics: Get aggregated statistics and monthly plans
- Error Handling: Comprehensive error handling middleware
- Security: Password hashing, JWT tokens, and protected routes
Before you begin, ensure you have the following installed:
- Node.js (v14 or higher)
- MongoDB (local installation or MongoDB Atlas account)
- npm or yarn package manager
- Clone the repository:
git clone <repository-url>
cd <repository-name>- Install dependencies:
npm install- Set up environment variables:
Copy
config.env.exampletoconfig.envand fill in your values:
cp config.env.example config.envThen edit config.env with your configuration values.
- Start the development server:
npm startThe API will be available at http://localhost:8000
TourGuide/
├── controllers/ # Route controllers
│ ├── authController.js
│ ├── errorController.js
│ ├── tourController.js
│ └── userController.js
├── models/ # Mongoose models
│ ├── tourModel.js
│ └── userModel.js
├── routes/ # API routes
│ ├── tourRoutes.js
│ └── userRoutes.js
├── utils/ # Utility functions
│ ├── apiFeatures.js
│ ├── appError.js
│ ├── catchAsync.js
│ └── email.js
├── dev-data/ # Development data and templates
├── public/ # Static files
├── app.js # Express app configuration
├── server.js # Server entry point
└── config.env # Environment variables
POST /api/v1/users/signup- Register a new userPOST /api/v1/users/login- Login userPOST /api/v1/users/forgotPassword- Request password resetPATCH /api/v1/users/resetPassword- Reset password with token
GET /api/v1/tours- Get all tours (requires authentication)- Query parameters:
page,limit,sort,fields,difficulty,price[gte|lte], etc.
- Query parameters:
GET /api/v1/tours/:id- Get a specific tourPOST /api/v1/tours- Create a new tourPATCH /api/v1/tours/:id- Update a tourDELETE /api/v1/tours/:id- Delete a tour (admin only)GET /api/v1/tours/top-5-cheap- Get top 5 cheapest toursGET /api/v1/tours/tour-stats- Get tour statisticsGET /api/v1/tours/monthly-plan/:year- Get monthly tour plan
GET /api/v1/users- Get all usersPOST /api/v1/users- Create a new userGET /api/v1/users/:id- Get a specific userPATCH /api/v1/users/:id- Update a userDELETE /api/v1/users/:id- Delete a user
Most routes require authentication using JWT tokens. Include the token in the Authorization header:
Authorization: Bearer <your-jwt-token>
After successful login or signup, you'll receive a JWT token that should be included in subsequent requests.
GET /api/v1/tours?difficulty=easy&price[gte]=1000&sort=-ratingsAverage&limit=10
Authorization: Bearer <token>POST /api/v1/tours
Content-Type: application/json
{
"name": "The Forest Hiker",
"duration": 5,
"maxGroupSize": 25,
"difficulty": "easy",
"ratingsAverage": 4.7,
"price": 497,
"summary": "Breathtaking hike through the Canadian Banff National Park",
"description": "...",
"imageCover": "tour-1-cover.jpg"
}POST /api/v1/users/login
Content-Type: application/json
{
"email": "user@example.com",
"password": "password123"
}- Password hashing using bcryptjs
- JWT token-based authentication
- Password reset tokens with expiration
- Protected routes middleware
- Role-based access control (admin/user)
- Input validation and sanitization
- Node.js - JavaScript runtime
- Express.js - Web framework
- MongoDB - Database
- Mongoose - MongoDB object modeling
- JSON Web Token (JWT) - Authentication
- bcryptjs - Password hashing
- nodemailer - Email functionality
- validator - Input validation
- morgan - HTTP request logger
ISC
Sam
Contributions, issues, and feature requests are welcome! Feel free to check the issues page.
This is a learning project and should be used for educational purposes. For production use, consider implementing additional security measures, rate limiting, and comprehensive testing.