This is a backend application for a Credential Keeping App, developed using MongoDB (mongoose), NodeJS, and TypeScript. The app has user and admin roles with the intention of adding more features in the future.
- Node.js (v12 or later)
- MongoDB
- Clone the repository
- Run
npm install
to install all the required dependencies - Create a
.env
file in the root directory with the following environment variables:
MONGODB_URI=<mongodb://localhost:27017/your-db-name>
JWT_SECRET=<your-secret-key>
Make sure to replace your-db-name
and your-secret-key
with your own values.
- Run
npm run serve
to start the development server
The app uses JSON Web Tokens (JWT) for user authentication. Upon successful login, the server returns a token that should be included in the headers of subsequent requests to protected routes. A user can also generate a strong password on demand using the API.
The app has two roles: user
and admin
. User accounts can view and manage their own credentials, while admin accounts have access to all credentials.
Users can create, read, update, and delete their own credentials. Admins have the ability to manage all credentials.
Users can register, login and change their passwords (admins will be able to change user passwords soon). A user will have to login again and request a new token right after changing his password
Soon the client will be able to submit tickets, which then admins can read, and update the ticket's status to resolved, in progress... etc. The client will be able to access all his tickets and view their status, as well as delete tickets only when their status is resolved.
Method | Endpoint | Description | Access |
---|---|---|---|
POST | /api/auth/register | Register a new user | |
POST | /api/auth/login | Log in with existing user credentials | |
GET | /api/auth/whoami | Get the person's role | client, admin |
PATCH | /api/auth/changepassword | Change user's password | client, admin |
POST | /api/generatepassword | Generate strong password | client, admin |
PATCH | /api/auth/admin/changepassword | Change ANY client's password | admin |
GET | /api/mine?page=1&sort=-updated_At | Signed in user gets his credentials | client, admin |
GET | /api/[credential id] | Get a single credential from ANY user | admin |
GET | /api/all?page=1&sort=-updated_At | Get ALL credentials | admin |
GET | /api/credential?title=Gmail | User can search among his credentials | client, admin |
POST | /credential | Create a new credential | client, admin |
PUT | /api/[credential _id] | Update an existing credential | client, admin |
DELETE | /api/[credential _id] | Delete an existing credential | client, admin |
POST | /api/ticket | User can submit a ticket | client, admin |
GET | /api/ticket | User can check his submitted tickets | client, admin |
GET | /api/tickets/clients | Admin checks submitted tickets | admin |
PATCH | /api/ticket/:ticketId | Admin can update a ticket's status | admin |
GET | /api/auth/admin/all | Admin can see all user accounts | admin |
PATCH | /api/auth/ban/:userId | Admin can ban / unban a user | admin |