CNS Admin API is a backend service built with Express.js that provides user authentication, user management, and service request functionality. This API uses MongoDB as its database and JWT for authentication.
- Environment Configuration
- Database Connection
- API Routes
- Authentication
- User Management
- Service Requests
- Error Handling
- Project Structure
The application connects to MongoDB using Mongoose. The connection is established when the server starts.
The API has the following base routes:
/api/v1/auth: Authentication routes/api/v1/users: User management routes/api/v1/serviceRequest: Service request routes/: Welcome route
- Route: POST
/api/v1/auth/register - Description: Creates a new user account
- Request Body:
{
"admin": boolean,
"userName": string,
"password": string,
"email": string
}- Response:
{
"success": true,
"message": "User successfully registered",
"token": "jwt_token"
}- Route: POST
/api/v1/auth/login - Description: Authenticates a user
- Request Body:
{
"email": string,
"password": string
}- Response:
{
"success": true,
"message": "User successfully logged in",
"data": {
"user": {/* user object */},
"token": "jwt_token"
}
}The authorize middleware verifies the JWT token provided in cookies and adds the user to the request object if authentication is successful.
- Route: GET
/api/v1/users/ - Description: Retrieves all users
- Authentication: Required
- Response:
{
"success": true,
"data": [/* array of user objects */]
}- Route: GET
/api/v1/users/:id - Description: Retrieves a specific user by ID
- Authentication: Required
- Response:
{
"success": true,
"data": {/* user object without password */}
}The service request endpoints allow creating, retrieving, updating, and deleting service requests.
- Route: GET
/api/v1/serviceRequest/ - Authentication: Required
- Route: POST
/api/v1/serviceRequest/ - Authentication: Not required
- Route: GET
/api/v1/serviceRequest/:id - Authentication: Required
- Route: DELETE
/api/v1/serviceRequest/:id - Authentication: Required
- Route: PUT
/api/v1/serviceRequest/:id - Authentication: Required
- Route: PATCH
/api/v1/serviceRequest/:id - Authentication: Required
- Route: PATCH
/api/v1/serviceRequest/:id/status - Authentication: Required
- Route: PATCH
/api/v1/serviceRequest/:id/review - Authentication: Not required
- Route: PATCH
/api/v1/serviceRequest/:id/price - Authentication: Required
The application uses a centralized error handling middleware that formats error responses consistently:
{
"success": false,
"error": {
"message": "Error message"
}
}Common error types handled:
- CastError (404): Resource not found
- ValidationError (400): Invalid input data
- JsonWebTokenError (401): Invalid token
- Duplicate key errors (409): Duplicate field value entered
/
├── app.js # Main application entry point
├── config/
│ └── env.js # Environment variable configuration
├── controllers/
│ ├── auth.controller.js # Authentication controller
│ ├── user.controller.js # User management controller
│ └── serviceRequest.controllers.js # Service request controller
├── database/
│ └── mongodb.js # MongoDB connection setup
├── middleware/
│ ├── auth.middleware.js # Authentication middleware
│ └── error.middleware.js # Error handling middleware
├── models/
│ └── users.model.js # User data model
├── routes/
│ ├── auth.routes.js # Authentication routes
│ ├── user.routes.js # User management routes
│ └── serviceRequest.routes.js # Service request routes
└── .env.*.local # Environment configuration files
The user model schema includes:
admin(Boolean): Indicates if the user has admin privilegesuserName(String): The user's display namepassword(String): Hashed password for authenticationemail(String): User's email address (unique)
The schema includes validation for all fields and timestamps for creation and updates.
- Password hashing using bcryptjs
- JWT token-based authentication
- Secure cookie options for production
- MongoDB session transactions for critical operations