A comprehensive API built using the Nest.js framework, offering user management and admin features.
This project is a robust API built using the Nest.js framework, focusing on user and product management with a role-based access control system. The API provides user registration, authentication, profile management, and admin functionalities such as banning/unbanning users and managing products. It is designed to be scalable, efficient, and easy to extend.
- User Management: Users can register, log in, and manage their profiles.
- Product Management: Users can create, update, delete, and view their own products. Admins can approve or disapprove products.
- Admin Management: Admins can ban or unban users and manage product approvals.
- Authentication: JWT-based authentication with role-based access control.
- Role-Based Access Control: Different access levels for users, admins, and super admins.
- Pagination and Filtering: Support for paginated and filtered queries for large datasets.
- Swagger Documentation: Protected by basic authentication (username and password). Only authorized users can view the Swagger documentation.
- Node.js (v14.x or higher)
- npm or yarn
- MongoDB (local or cloud-based)
- Clone the repository:
git clone https://github.com/yourusername/your-repo.git
cd your-repo- Install dependencies:
pnpm install- Set up environment variables:
Copy the .env.example file to .env and configure the variables according to your environment.
cp .env.example .env # development
$ pnpm run start
# watch mode
$ pnpm run start:dev
# production mode
$ pnpm run start:prod1. Visit the Swagger documentation at http://localhost:3000/api/docs.
2. Enter the username and password when prompted:
• Username: The username is configured via the SWAGGER_USER environment variable (default: admin).
• Password: The password is configured via the SWAGGER_PASSWORD environment variable (default: password).
These credentials can be customized in the .env file to suit your security requirements.
# unit tests
$ pnpm run test
# e2e tests
$ pnpm run test:e2e
# test coverage
$ pnpm run test:covAuthentication
• POST /auth/v1/login
• Log in a user and obtain an access token.
• Request Body: LoginDto
• Response: AuthResponseDto
• PATCH /auth/v1/change-password
• Change the password of the authenticated user.
• Request Body: ChangePasswordDto
• Response: UserSuccessResponseDto<void>
• Protected Route: Requires JWT token.
User Management
• GET /user/v1/profile
• Get the profile of the authenticated user.
• Response: UserSuccessResponseDto<UserResponseDto>
• Protected Route: Requires JWT token.
Admin Management
• PATCH /admin/v1/update-status
• Update the status of a user (ban/unban).
• Request Body: UpdateUserStatusDto
• Response: UserSuccessResponseDto<UserResponseDto>
• Protected Route: Requires JWT token and admin role.
Product Management
• POST /products/v1
• Create a new product.
• Request Body: CreateProductDto
• Response: ProductSuccessResponseDto<ProductResponseDto>
• Protected Route: Requires JWT token.
• GET /products/v1
• Retrieve a list of products (only approved products for unauthenticated users).
• Response: ProductPaginatedResponseDto<ProductResponseDto>
• GET /products/v1/:id
• Retrieve details of a single product by ID.
• Response: ProductSuccessResponseDto<ProductResponseDto>
• PATCH /products/v1/:id
• Update a product by ID.
• Request Body: UpdateProductDto
• Response: ProductSuccessResponseDto<ProductResponseDto>
• Protected Route: Requires JWT token.
• DELETE /products/v1/:id
• Delete a product by ID.
• Response: ProductDeleteSuccessResponseDto
• Protected Route: Requires JWT token.
• JwtAuthGuard: Protects routes by ensuring the request includes a valid JWT.
• RolesGuard: Ensures that the user has the correct role to access a route.
• JwtPassportStrategy: Validates the JWT and checks the user’s status (e.g., whether the user is banned).
• LoginDto: Used for user login requests.
• ChangePasswordDto: Used for changing user passwords.
• UpdateUserStatusDto: Used by admins to ban/un-ban users.
• CreateProductDto: Used for creating new products.
• UpdateProductDto: Used for updating existing products.
• FindProductsDto: Used for querying products with pagination and filters.
All DTOs are validated using class-validator decorators to ensure the integrity of incoming requests.
1. Ensure MongoDB is running locally or update your .env file with the correct MongoDB URI.
2. Start the application using the appropriate pnpm command as described in the Compile and Run the Project section.
3. The API will be available at http://localhost:3000.
• Cannot connect to MongoDB: Ensure that MongoDB is running and the MONGO_URI in your .env file is correct.
• Invalid JWT Token: Ensure that you are using the correct token and that it has not expired. Check the JWT_SECRET in your .env file.
• Unauthorized Access: Ensure you have the correct role and permissions to access certain routes.
For additional support, consult the NestJS Documentation or visit the Discord channel for community help.
. This project is MIT licensed.
Happy coding ;) 🥂