Backend for WheelBorrow Application
I created a backend for an application that would allow users rent D.I.Y equipment and tools while they are not currently using them. The backend allows full CRUD functionality for Users, Products, Reviews and more. The project utilizes Node.js, Express and MongoDB. All routes are online to interact with here .
All data is stored in a MongoDB database and the project uses mongoose throughout. Data is sanitized before insertion into the database, preventing any harmful user inputs.
Routes for User Register, Login and Logout are set-up. I have made provisions for users forgetting their password by using node-mailer to automatically generate an email with a Reset-Password Token Link. All users passwords are stored hashed in the database using Bcrypt.
User authentication is taken care of with JSON Web Tokens and all users are assigned roles. I have also allowed for full CRUD access for an ‘admin’ account, which can only be assigned manually via MongoDB.
Once logged in, users can post products to rent, upload photos for products, search for products and leave reviews for products they have used. The database creates a relationship between the product and it's creator, avoiding any security breach and preventing users reviewing their own products.
The API allows for advanced querying methods such as Filtering, Selecting and Sorting results by field. All requests for products and reviews also include pagination, and a limit on the number of results per page can be set. The API even allows users search for products within a certain radius of a location.
For security, I included modules to prevent SQL injections, http param pollution, cross site scripting, an API rate limiter and more. I used NGINX as my reverse proxy and am currently using PM2 as my process manager.
For a full look at the API, please visit https://www.wheelborrow.xyz/, and to view the code in full, please visit my GitHub Page.