A secure and scalable RESTful API for a blog platform built with TypeScript, Express, and MongoDB. Features include user authentication, blog posts, comments, and comprehensive API documentation.
- 🔐 JWT-based Authentication & Authorization
- 👥 User Management with Role-based Access
- 📝 Blog Posts & Comments System
- 📄 Pagination & Search Functionality
- 📚 Swagger API Documentation
- 🛡️ Security Features (XSS Protection, Rate Limiting)
- ✅ Input Validation & Sanitization
- 🧪 Comprehensive Test Coverage
- Language: TypeScript
- Runtime: Node.js
- Framework: Express.js
- Database: MongoDB
- Authentication: JWT
- Documentation: Swagger/OpenAPI
- Testing: Jest
- Node.js (v14+)
- MongoDB
- npm/yarn
- Clone the repository
- Install dependencies:
npm install- Configure environment variables:
Create a
.envfile in the root directory:
PORT=3000
MONGODB_URI=mongodb://localhost:27017/blog
JWT_SECRET=your_secret_key
JWT_EXPIRES_IN=24hDevelopment mode:
npm run devProduction mode:
npm run build
npm startRun tests:
npm testAccess the Swagger documentation at /api-docs when the server is running.
POST /api/auth/register- Register new userPOST /api/auth/login- User loginGET /api/auth/verify- Verify JWT token
GET /api/users/profile- Get user profilePATCH /api/users/profile- Update profilePATCH /api/users/password- Change passwordPATCH /api/users/avatar- Update avatar
GET /api/blogs- List all blogsPOST /api/blogs- Create blogGET /api/blogs/:id- Get blogPUT /api/blogs/:id- Update blogDELETE /api/blogs/:id- Delete blog
POST /api/comments- Add commentGET /api/comments/blog/:blogId- Get blog commentsPATCH /api/comments/:id- Update commentDELETE /api/comments/:id- Delete comment
- ✅ JWT Authentication
- ✅ Password Hashing (bcrypt)
- ✅ Request Rate Limiting
- ✅ XSS Protection
- ✅ Security Headers
- ✅ Input Sanitization
- ✅ Error Handling Middleware
src/
├── config/ # App configuration
├── controllers/ # Request handlers
├── interfaces/ # TypeScript interfaces
├── middleware/ # Express middleware
├── models/ # Database models
├── repositories/ # Data access layer
├── routes/ # Route definitions
├── services/ # Business logic
├── utils/ # Utility functions
└── tests/ # Test suites
The API implements a centralized error handling system with custom error classes:
ValidationError: Input validation failuresNotFoundError: Resource not foundUnauthorizedError: Authentication failuresForbiddenError: Permission issues
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the MIT License.