文件列表:

.DS_Store (10244, 2023-10-01)
DevCamper API.postman_collection.json (16135, 2023-10-01)
backend/ (0, 2023-10-01)
backend/_data/ (0, 2023-10-01)
backend/_data/bootcamps.json (2456, 2023-10-01)
backend/_data/courses.json (3660, 2023-10-01)
backend/_data/reviews.json (4888, 2023-10-01)
backend/_data/users.json (2148, 2023-10-01)
backend/config/ (0, 2023-10-01)
backend/config/db.js (322, 2023-10-01)
backend/config/example.config.env (554, 2023-10-01)
backend/controllers/ (0, 2023-10-01)
backend/controllers/auth.js (5739, 2023-10-01)
backend/controllers/bootcamps.js (5314, 2023-10-01)
backend/controllers/courses.js (4594, 2023-10-01)
backend/controllers/reviews.js (3068, 2023-10-01)
backend/controllers/users.js (1490, 2023-10-01)
backend/middleware/ (0, 2023-10-01)
backend/middleware/advancedResults.js (1738, 2023-10-01)
backend/middleware/async.js (138, 2023-10-01)
backend/middleware/auth.js (1387, 2023-10-01)
backend/middleware/error.js (832, 2023-10-01)
backend/middleware/logger.js (192, 2023-10-01)
backend/models/ (0, 2023-10-01)
backend/models/Bootcamp.js (3317, 2023-10-01)
backend/models/Course.js (2036, 2023-10-01)
backend/models/Review.js (1801, 2023-10-01)
backend/models/User.js (2094, 2023-10-01)
backend/package-lock.json (131517, 2023-10-01)
backend/package.json (891, 2023-10-01)
backend/public/ (0, 2023-10-01)
backend/public/uploads/ (0, 2023-10-01)
backend/public/uploads/photo_5d725a1b7b292f5f8ceff788.ico (318, 2023-10-01)
backend/router/ (0, 2023-10-01)
backend/router/api/ (0, 2023-10-01)
backend/router/api/auth.js (610, 2023-10-01)
backend/router/api/bootcamps.js (1267, 2023-10-01)
backend/router/api/courses.js (959, 2023-10-01)
backend/router/api/reviews.js (770, 2023-10-01)
... ...

# DevCamper Backend API Specifications Create the backend for a bootcamp directory website. The frontend/UI will be created by another team (future course). The html/css template has been created and can be used as a reference for functionality. All of the functionality below needs to be fully implmented in this project. ### Bootcamps - List all bootcamps in the database * Pagination * Select specific fields in result * Limit number of results * Filter by fields - Search bootcamps by radius from zipcode * Use a geocoder to get exact location and coords from a single address field - Get single bootcamp - Create new bootcamp * Authenticated users only * Must have the role "publisher" or "admin" * Only one bootcamp per publisher (admins can create more) * Field validation via Mongoose - Upload a photo for bootcamp * Owner only * Photo will be uploaded to local filesystem - Update bootcamps * Owner only * Validation on update - Delete Bootcamp * Owner only - Calculate the average cost of all courses for a bootcamp - Calculate the average rating from the reviews for a bootcamp ### Courses - List all courses for bootcamp - List all courses in general * Pagination, filtering, etc - Get single course - Create new course * Authenticated users only * Must have the role "publisher" or "admin" * Only the owner or an admin can create a course for a bootcamp * Publishers can create multiple courses - Update course * Owner only - Delete course * Owner only ### Reviews - List all reviews for a bootcamp - List all reviews in general * Pagination, filtering, etc - Get a single review - Create a review * Authenticated users only * Must have the role "user" or "admin" (no publishers) - Update review * Owner only - Delete review * Owner only ### Users & Authentication - Authentication will be ton using JWT/cookies * JWT and cookie should expire in 30 days - User registration * Register as a "user" or "publisher" * Once registered, a token will be sent along with a cookie (token = xxx) * Passwords must be hashed - User login * User can login with email and password * Plain text password will compare with stored hashed password * Once logged in, a token will be sent along with a cookie (token = xxx) - User logout * Cookie will be sent to set token = none - Get user * Route to get the currently logged in user (via token) - Password reset (lost password) * User can request to reset password * A hashed token will be emailed to the users registered email address * A put request can be made to the generated url to reset password * The token will expire after 10 minutes - Update user info * Authenticated user only * Separate route to update password - User CRUD * Admin only - Users can only be made admin by updating the database field manually ## Security - Encrypt passwords and reset tokens - Prevent cross site scripting - XSS - Prevent NoSQL injections - Add a rate limit for requests of 100 requests per 10 minutes - Protect against http param polution - Add headers for security (helmet) - Use cors to make API public (for now) ## Documentation - Use Postman to create documentation - Use docgen to create HTML files from Postman - Add html files as the / route for the api ## Deployment (Digital Ocean) - Push to Github - Create a droplet - https://m.do.co/c/5424d440c63a - Clone repo on to server - Use PM2 process manager - Enable firewall (ufw) and open needed ports - Create an NGINX reverse proxy for port 80 - Connect a domain name - Install an SSL using Let's Encrypt ## Code Related Suggestions - NPM scripts for dev and production env - Config file for important constants - Use controller methods with documented descriptions/routes - Error handling middleware - Authentication middleware for protecting routes and setting user roles - Validation using Mongoose and no external libraries - Use async/await (create middleware to clean up controller methods) - Create a database seeder to import and destroy data

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：