1. الرئيسية
  2. المستقلين
  3. محمود ا.
  4. معرض الأعمال

DevCamper API

معرض الأعمال
اطلب عمل مماثل

تفاصيل العمل

DevCamper API

**DevCamper Backend AP**

Created the backend for a Bootcamp directory website. All of the functionality below are created and fully implemented in this project.

*Bootcamps*

- List all bootcamps in the database

▪ Pagination

▪ Select specific fields in the result

▪ Limit the number of results

▪ Filter by fields

- Search bootcamps by radius from zipcode

▪ Use a geocoder to get the exact location and coordinates from a single address field

- Get single bootcamp

- Create new bootcamp

▪ Authenticated users only

▪ Must have the role "publisher" or "admin"

▪ Only one bootcamp per publisher (admins can create more)

▪ Field validation via Mongoose

- Upload a photo for bootcamp

▪ Owner only

▪ The photo will be uploaded to the local filesystem

- Update bootcamps

▪ Owner only

▪ Validation on update

-Delete Bootcamp

▪ Owner only

-Calculate the average cost of all courses for a bootcamp

-Calculate the average rating from the reviews for a BootCamp

*Courses*

-List all courses for bootcamp

-List all courses in general

▪ Pagination, filtering, etc

-Get single course

-Create a new course

▪ Authenticated users only

▪ Must have the role "publisher" or "admin"

▪ Only the owner or an admin can create a course for a bootcamp

▪ Publishers can create multiple courses

-Update course

▪ Owner only

-Delete course

▪ Owner only

*Reviews*

-List all reviews for a bootcamp

-List all reviews in general

▪ Pagination, filtering, etc

-Get a single review

-Create a review

▪ Authenticated users only

▪ Must have the role "user" or "admin" (no publishers)

-Update review

▪ Owner only

-Delete review

▪ Owner only

*Users & Authentication*

- Authentication will be done using JWT/cookies

▪ JWT and cookie should expire in 30 days

- User registration

▪ Register as a "user" or "publisher"

▪ Once registered, a token will be sent along with a cookie (token = xxx)

▪ Passwords must be hashed

- User login

▪ Users can log in with email and password

▪ Plain text password will compare with the stored hashed password

Once logged in, a token will be sent along with a cookie (token = xxx)

- User logout

▪ The cookie will be sent to set token = none

- Get user

▪ Route to get the currently logged in user (via token)

- Password reset (lost password)

▪ Users can request to reset the password

▪ A hashed token will be emailed to the user's registered email address

▪ A put request can be made to the generated URL to reset the password

▪ The token will expire after 10 minutes

- Update user info

▪ Authenticated user only

▪ Separate route to update the password

- User CRUD

▪ Admin only

- Users can only be made admin by updating the database field manually

*Security*

- Encrypt passwords and reset tokens

- Prevent NoSQL injections

- Add headers for security (helmet)

- Prevent cross-site scripting - XSS

- Add a rate limit for requests of 100 requests per 10 minutes

- Protect against HTTP param pollution

- Use cors to make API public (for now)

معاينة

بطاقة العمل

اسم المستقل
محمود ا.
عدد الإعجابات
0
تاريخ الإضافة
تاريخ الإنجاز
المهارات