Repository files navigation

TourByte is a RESTful web API built upon the MVC framework. It also has a server-side renderedwebsite based on the same API. Although the website doesn't use all the available features of the tourbyte API, but they can be implemented for other projects.

• All the available tours can be viewed by anyone even without logging in.
• The user will have to login in order to be able to book a tour or write a review.
• The user can view and update their profile information such as name, email, profile photo etc.
• Only users with certain user roles will be able to create, update or delete a tour.
• Technologies used for this project include node.js, express, mongodb, jwt, mapbox, stripe etc.

1. Clone or download this repository.

   git clone https://github.com/devanshu-raj/tourbyte.git

2. Install the required packages.

   npm install

3. This app needs API secret keys and other credentials to run locally. Create aconfig.env file in the root folder of the project and add the following fields :

   NODE_ENV='<environment>'PORT='<server-port>'# Database keysDATABASE='<mongodb-connection-string>'DATABASE_PASSWORD='<mongodb-password>'# JWT variablesJWT_SECRET_KEY='<key>'JWT_EXPIRES='<token-validity>'JWT_COOKIE_EXPIRES='<cookie-validity>'# Mailtrap keys (for development)EMAIL_FROM='<your-email>'EMAIL_USERNAME='<mailtrap-username>'EMAIL_PASSWORD='<mailtrap-password>'EMAIL_HOST='<mailtrap-host>'EMAIL_PORT='<mailtrap-port>'# SendInBlue keys (for production)SENDINBLUE_USERNAME='<sendinblue-username>'SENDINBLUE_PASSWORD='<sendinblue-password>'SENDINBLUE_HOST='<sendinblue-host>'SENDINBLUE_PORT='<sendinblue-port>'# Stripe keysSTRIPE_SECRET_KEY='<stripe-key>'STRIPE_WEBHOOK_SECRET='<webhook-key>'

4. Run the server and go to the specified port to test the API.

   # In development environment:  npm start-dev# In production environment:  npm start

To access the API for the available resources, we need to hit the endpoint/api/v1/ followed by the resource name. To perform operations on certain endpoints, the user needs to be authorized through bearer token and may need admin privileges. Other important API features like filtering, sorting, pagination and field limiting are also available on all the resources.

• tours :

  a)GET/tours : Retrieve all tours' data as JSON response.

  b)GET/tours/:tour-id : Retrieve all data for the tour having document idtour-id.

  c)GET/tours/tour-stats : Retrieve all tours' data classified according to thedifficulty field in the tour model.

  d)GET/tours/monthly-plan : Retrieve all tours' data according to each month of the year. User needs to be authorized as admin or tour guide in order to use this endpoint.

  e)GET/tours/tours-within/:radius/center/:latlng/unit/:unit : Retrieve the tours' data which lie within the distanceradius inunit (km/mi) from the pointlatlng (latitude, longitude) as center.

  f)POST/tours : Create new tour by sending the required data in the request body. User needs to be authorized as admin in order to use this endpoint. Response contains the created tour data as JSON.

  g)PATCH/tours/:tour-id : Update the tour having document idtour-id by sending the updated data in the request body. User needs to be authorized as admin in order to use this endpoint. Response contains the updated tour data.

  h)DELETE/tours/:tour-id : Delete the tour with document idtour-id. User needs to be authorized as admin in order to use this endpoint. A response with empty body and status code204 is sent back.

• users :

  a)GET/users : Retrieve all users' data as JSON response. Only admins can access this endpoint. Passwords are encrypted and are not accessible even to the admins.

  b)GET/users/:user-id : Retrieve data for the user having document iduser-id. Only admins can access this endpoint.

  c)GET/users/me : Retrieve the data for the current logged in user. This endpoint is accessible to all authorized users.

  d)POST/users/signup : Create a new user and returns a valid jwt as response. All required fields must be specified in the request body.

  e)POST/users/login : Login for an existing user. Send email and password in the request body. Returns jwt as response if login is successful.

  f)POST/users/forgotPassword : Send a reset token to the registered email of the user. Provide email in the request body.

  g)PATCH/users/resetPassword/:resetToken : Update the user password if theresetToken is valid and is the same as that sent to the registered email of the user. Providepassword andpasswordConfirm in the request body.

  h)PATCH/users/updateMe : Update the profile information of the current logged in user (except password).

  i)PATCH/users/updateMyPassword : Update the password of the current logged in user. Request body must containpasswordCurrent,password andpasswordConfirm. A new jwt is sent as response.

  j)PATCH/users/:user-id : Update user's profile information (except password). Only admins can access this endpoint.

  k)DELETE/users/deleteMe : Delete the current logged in user (or mark as inactive user).

  l)DELETE/users/:user-id : Delete the user with document iduser-id. Only admins can access this endpoint.

• reviews :

  a)GET/reviews : Retrieve all reviews for all the tours from the database. User must be logged in to access this endpoint.

  b)GET/reviews/:review-id : Retrieve the review with document idreview-id. User must be logged in to access this endpoint.

  c)POST/reviews : Create a new review. Tour id and user id must be provided in the request body. Only users (not admins/tour guides) can access this endpoint.

  d)PATCH/reviews/:review-id : Update the review with document idreview-id. This endpoint can be accessed by both admins and users but not by tour guides.

  e)DELETE/reviews/:review-id : Delete the review with document idreview-id. This endpoint is also accessible to both admins and users but not to the tour guides.

• bookings :

  a)GET/bookings : Retrieve all bookings data for all tours. Only admins and tour guides can access this endpoint.

  b)GET/bookings/:booking-id : Retrieve the booking with document idbooking-id. Only admins and tour guides can access this endpoint.

• tours/:tour-id/reviews :

  a)GET/tours/:tour-id/reviews : Retrieve all reviews on the tour with document idtour-id. User needs to be logged in to access this endpoint.

  b)POST/tours/:tour-id/reviews : Create a new review on the tour with document idtour-id. Only users (not admins/tour guides) can access this endpoint.

• Filtering :

  Filter parameters can be specified in the URL as query string. Simple filtering can be done by specifying the property name as the key and a value. For example,

  GET /api/v1/tours?duration=6&difficulty=easy

  Above request retrieves the tours which have theduration property set to6 anddifficulty property set toeasy.
  Advanced filtering can also be done by using the operators such as[lte],[gte],[lt] and[gt]. For example,

  GET /api/v1/tours?price[gte]=1000&duration[lt]=8

  Above request retrieves the tours which have the value ofprice property greater than or equal to1000 andduration less than8.

• Sorting :

  Sorting the response data is also possible by using thesort key in the query string and its value as the property by which you want to sort the data. For example,

  GET /api/v1/tours?sort=price

  Above request retrieves all the tours' data sorted by price in ascending / non-decreasing order. To retrieve data in decreasing / non-increasing order, append a minus- sign before the value of sort property. For example,

  GET /api/v1/tours?sort=-ratingsAverage

  Above request retrieves all the tours' data sorted by average ratings in the descending order.

• Pagination :

  Pagination distributes the retrieved response data among different pages. Querying without pagination may retrieve millions of results from the database at once which can be very difficult to handle.
  Pagination can be done by specifying alimit property with value set to the number of results per page andpage property with value equals the page number of the response you want to retrieve. For example,

  GET /api/v1/tours?limit=5&page=2

  Above request retrieves the page number2 of the tours' data where each page contains a maximum of5 results.

• Field limiting :

  Field limiting restricts the number of fields in each object of the retrieved response. It can be done by specifying the fields which you want in the response data as value tofields property separated by commas,. Append a minus- sign before the fields which you don't want to show up in the response. For example,

  GET /api/v1/tours?fields=name,-guides

  Above request retrieves thename and hides theguides field for each object in the response.

The project is deployed on Heroku@tourbyte and its API is also available and can be accessed likeGET /api/v1/tours.