A secure and scalable RESTful Book Catalog API built using Node.js, Express.js (ES Modules) and MongoDB, implementing authentication using HTTP-only cookies instead of authorization headers.
The project follows a clean MVC architecture with modular route structure and secure middleware practices.
https://book-catalog-api-rx65.onrender.com/
- 🔐 User Authentication (Register / Login / Logout)
- 🍪 JWT stored in HTTP-only cookies
- 📖 Add, Update, Delete, Get Books
- 👤 User-specific book management
- 🧱 Modular folder structure
- ⚡ Rate limiting for security
- 🛡️ Password hashing using bcrypt
- 🌍 RESTful API design
- 🧪 Fully tested with Postman
- Node.js
- Express.js (ES Module Type)
- MongoDB + Mongoose
- JWT (JSON Web Token)
- bcrypt
- cookie-parser
- express-rate-limit
book-catalog-api
│
├── configs
│ └── db.config.js
│ └── env.config.js
│
├── controllers
│ ├── user.controller.js
│ └── book.controller.js
│
├── middlewares
│ ├── auth.middleware.js
│ └── error.middleware.js
│
├── models
│ ├── user.model.js
│ └── book.model.js
│
├── routes
│ ├── user.route.js
│ └── book.route.js
│
├── utils
│ ├── generateToken.util.js
│
├── .env
├── index.js
└── package.json\
- User logs in
- Server generates JWT
- JWT stored in HTTP-only cookie
- Protected routes verify cookie token
- No Authorization header used
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/users/register | Register user |
| POST | /api/users/login | Login user |
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/books | Add new book |
| GET | /api/books | Get all books (user-specific) |
| GET | /api/books/:id | Get single book |
| PUT | /api/books/:id | Update book |
| DELETE | /api/books/:id | Delete book |
- HTTP-only cookies (prevents XSS attacks)
- Password hashing with bcrypt
- Rate limiting (100 requests / 15 min)
- Centralized error handling
- JWT verification middleware