Guided Exercise - Online Bookstore - Backend - Express + MongoDB Backend Exercise: Online Bookstore API

[akash-coded]

Express + MongoDB Backend Exercise: Online Bookstore API

Part-1

This exercise will help you create a practical Express.js and MongoDB backend with features like authentication, authorization, logging, middleware, and security. You'll build an API for an online bookstore.

Prerequisites:

• Node.js and npm installed
• MongoDB installed or access to a MongoDB Atlas Cluster
• Postman or a similar API client for testing
• Basic understanding of JavaScript and RESTful API concepts

Application Features:

1. User registration and login
2. JWT-based authentication and role-based authorization
3. CRUD operations on books
4. Middleware for logging requests
5. Input validation
6. Data encryption for passwords
7. Error-handling

---

Step 1: Project Setup

Initialize a new Node.js project and install the required packages.

npm init -y
npm install express mongoose jsonwebtoken bcryptjs dotenv morgan validator

Create a .env file for environment variables like MongoDB URI, JWT secret, etc.

MONGODB_URI="your_mongodb_uri"
JWT_SECRET="your_secret_key"

---

Step 2: Establish MongoDB Connection

Use Mongoose to connect to MongoDB in your main app.js file.

Rationale: Mongoose provides a straight-forward, schema-based solution to model your application data.

const mongoose = require('mongoose');

mongoose.connect(process.env.MONGODB_URI, {
  useNewUrlParser: true,
  useUnifiedTopology: true,
});

---

Step 3: Basic Express Setup

Create your main Express application.

const express = require('express');
const app = express();

app.use(express.json());  // For parsing JSON

const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
  console.log(`Server running on port ${PORT}`);
});

---

Step 4: Model Definitions

Define your Mongoose models for Users and Books in separate files.

// models/User.js
const mongoose = require('mongoose');
const bcrypt = require('bcryptjs');

const userSchema = new mongoose.Schema({
  username: String,
  password: String,
  role: String,
});

// Password hashing middleware
userSchema.pre('save', function(next) {
  this.password = bcrypt.hashSync(this.password, 12);
  next();
});

module.exports = mongoose.model('User', userSchema);

Rationale: We're using bcrypt.js to hash passwords before storing them, as plain text passwords are a security risk.

---

Step 5: Authentication

Implement JWT-based authentication. Create a /login endpoint to issue tokens.

Rationale: JWT is stateless, meaning that you don't have to store the token on the server, making it scalable and easy to use.

---

Step 6: Authorization Middleware

Create a middleware to protect routes based on user roles.

// middleware/authorization.js

const jwt = require('jsonwebtoken');

function authorize(role) {
  return (req, res, next) => {
    const token = req.header('x-auth-token');
    if (!token) return res.status(401).send('No token provided.');
    
    const decoded = jwt.verify(token, process.env.JWT_SECRET);
    if (!decoded || (role && decoded.role !== role)) return res.status(403).send('Forbidden.');
    
    req.user = decoded;
    next();
  }
}

module.exports = authorize;

---

Step 7: CRUD for Books

Create CRUD operations for books and use the authorization middleware to protect the routes.

Rationale: CRUD operations form the backbone of most web APIs.

---

Step 8: Logging Middleware

Create a middleware for logging using the morgan library.

Rationale: Logging helps in debugging and monitoring.

const morgan = require('morgan');
app.use(morgan('tiny'));

---

Step 9: Error-handling

Implement centralized error-handling middleware.

Rationale: This ensures that all errors are caught and handled appropriately, improving your application's robustness and user experience.

---

Step 10: Input Validation

Use the validator library for basic input validation.

Rationale: Input validation is essential for application security to protect against malicious user data.

---

That's it! This exercise covers a lot of ground, but it provides a strong foundation in backend development with Node.js, Express, and MongoDB. Make sure to test all your endpoints using Postman or a similar API client.

---

Part-2

Step 11: Securing the Application

Add basic security measures to the application.

Rationale: Security is crucial in every application, especially when handling sensitive information like user credentials.

Install helmet for setting security-related HTTP headers:

npm install helmet

In your main app.js:

const helmet = require('helmet');
app.use(helmet());

---

Step 12: Rate Limiting

To protect against brute-force attacks, implement rate limiting.

Rationale: Rate limiting ensures that a user cannot make unlimited API requests, thereby reducing the risk of brute-force attacks.

Install express-rate-limit:

npm install express-rate-limit

Then set it up:

const rateLimit = require("express-rate-limit");

const limiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100 // limit each IP to 100 requests per windowMs
});

//  apply to all requests
app.use(limiter);

---

Step 13: User Registration and Validation

Add an endpoint for user registration and apply input validation and password hashing.

Rationale: User registration is a common feature in many apps, and proper validation and hashing ensure data integrity and security.

// routes/users.js
const { check, validationResult } = require('express-validator');

// User registration
app.post('/register',
  [
    check('username', 'Username is required').not().isEmpty(),
    check('password', 'Password should be at least 6 chars long').isLength({ min: 6 }),
  ],
  async (req, res) => {
    const errors = validationResult(req);
    if (!errors.isEmpty()) {
      return res.status(400).json({ errors: errors.array() });
    }
    
    // Hash password and save user
    // ...
  }
);

---

Step 14: Testing with Postman

Now that your application is feature-rich, test all its functionalities using Postman.

Rationale: Testing ensures that the application works as expected and can handle edge cases.

---

Step 15: Logging and Monitoring

Consider using a more advanced logging solution for production. You might use libraries like winston for this.

Rationale: Advanced logging solutions provide more features like logging to a file, logging levels, and more.

npm install winston

---

Step 16: Final Code Review

Review your code to make sure everything is working as expected and that you've followed best practices for coding standards, file structure, and naming conventions.

Rationale: This ensures maintainability and readability of the codebase, making future updates easier.

---

Step 17: Deployment

Prepare your code for deployment. Check environment variables, and secure sensitive data.

Rationale: Proper deployment practices ensure that the application runs smoothly in a production environment.

---

Testing Your Application

Now that your application is built, you should consider writing automated tests for it. Testing is a critical aspect of modern web development that ensures your application works as expected.

That's it! You've built a comprehensive and secure backend service with Node.js, Express, and MongoDB. Feel free to extend this application by adding more features, creating more robust validations, or even integrating more advanced authentication and authorization mechanisms.

---

Part-3

Step 18: Integrating Unit Testing with Jest

Now, let's add unit testing to ensure our Express + MongoDB application is working as expected.

Rationale: Unit testing helps to catch errors early in the development process, making it easier and cheaper to fix them.

Setup Jest and Required Packages

First, install Jest, supertest for HTTP assertions, and mongodb-memory-server to run an in-memory MongoDB instance:

npm install --save-dev jest supertest mongodb-memory-server

Update your package.json:

"scripts": {
  "test": "jest --watchAll"
}

Create a Jest Setup File

Create a file called jest.config.js in your root directory and add the following:

module.exports = {
  testEnvironment: 'node',
};

Rationale: This configuration tells Jest to use a Node environment for testing.

Mock Test Cases

Let's consider some mock test cases for our application:

1. User registration should return 201.
2. User registration with an existing username should return 400.
3. User login should return a token.
4. Unauthorized route should return 401.
5. Create a new post should return 201.
6. Like a post should increment likes by 1.

Writing the Tests

Create a new folder in your root directory called __tests__.

1. User Registration

Create a file called user.test.js:

const request = require('supertest');
const app = require('../app');  // Import your Express app

describe('User Registration', () => {
  it('should create a new user and return 201', async () => {
    const res = await request(app)
      .post('/api/register')
      .send({
        username: 'john',
        password: 'doe12345'
      });
    expect(res.statusCode).toEqual(201);
  });

  it('should return 400 if username already exists', async () => {
    await request(app)
      .post('/api/register')
      .send({
        username: 'john',
        password: 'doe12345'
      });
    
    const res = await request(app)
      .post('/api/register')
      .send({
        username: 'john',
        password: 'doe12346'
      });
    expect(res.statusCode).toEqual(400);
  });
});

2. User Login

Add these tests to user.test.js:

describe('User Login', () => {
  it('should return a token', async () => {
    // Make sure the user is registered first
    await request(app)
      .post('/api/register')
      .send({
        username: 'john',
        password: 'doe12345'
      });

    const res = await request(app)
      .post('/api/login')
      .send({
        username: 'john',
        password: 'doe12345'
      });
    expect(res.body).toHaveProperty('token');
  });
});

3. Unauthorized Routes

Create a file called auth.test.js:

const request = require('supertest');
const app = require('../app');

describe('Unauthorized Routes', () => {
  it('should return 401', async () => {
    const res = await request(app)
      .get('/api/protected-route');
    expect(res.statusCode).toEqual(401);
  });
});

Run your tests:

npm test

Benefits of Unit Testing

1. Quick Feedback: Detects issues early in the development phase.
2. Simplifies Debugging: Easier to identify which change led to the error.
3. Enhanced Collaboration: Makes it easier for other developers to understand your code and contribute.
4. Code Quality: Encourages writing cleaner, more modular code.
5. Documentation: Test cases demonstrate how a system is intended to behave, serving as a form of documentation.

That's it! You've now integrated Jest for unit testing with your Express + MongoDB application, making it more robust and maintainable.

[akash-coded]

Detailed Explanation

Let's delve into the details:

Dependencies

1. Express:

   • What: It's a fast, unopinionated, minimalist web framework for Node.js.
   • Why: Makes setting up robust APIs and web servers much easier.
   • Example: const app = express(); app.get('/', (req, res) => res.send('Hello World!'));

2. MongoDB:

   • What: A NoSQL database.
   • Why: Allows you to store data in a flexible, JSON-like format which can evolve over time.
   • Example: db.collection('users').insertOne({name: "John"})

3. Mongoose:

   • What: An object data modeling (ODM) library for MongoDB and Node.js.
   • Why: It provides a straight-forward, schema-based solution to model your application data.
   • Example: Defining a schema and model: const userSchema = new mongoose.Schema({ name: String }); const User = mongoose.model('User', userSchema);

4. bcryptjs:

   • What: A library to hash passwords.
   • Why: Security concern to store passwords in hashed form.
   • Example: bcrypt.hash("password", 10);

5. jsonwebtoken:

   • What: A library to handle JSON Web Tokens.
   • Why: Useful for authentication.
   • Example: jsonwebtoken.sign({ user: 'john' }, 'secretkey');

6. Jest:

   • What: A JavaScript Testing Framework.
   • Why: Enables a range of testing methods including unit, integration, and end-to-end testing.
   • Example: test('adds 1 + 2 to equal 3', () => { expect(1 + 2).toBe(3); });

7. supertest:

   • What: A library for testing HTTP assertions.
   • Why: Used in conjunction with Jest to test Express routes.
   • Example: await request(app).get('/').expect(200);

8. mongodb-memory-server:

   • What: Spins up a real MongoDB Server programmatically from node for testing.
   • Why: Ideal for unit tests and CI.
   • Example: new MongoMemoryServer({ binary: { version: 'latest' }});

Web Development Concepts

1. RESTful APIs:

   • What: Architectural style that uses standard HTTP requests.
   • Why: Easy to use and scalable.
   • Example: GET /users to fetch all users.

2. CRUD Operations:

   • What: Stands for Create, Read, Update, and Delete.
   • Why: These are the basic operations that your application will perform on any data.
   • Example: GET /users, POST /users, PUT /users/:id, DELETE /users/:id

3. Middleware:

   • What: Functions that have access to request and response objects.
   • Why: Useful for adding headers, logging, etc.
   • Example: app.use((req, res, next) => { console.log('Middleware'); next(); });

Security Concepts

1. Authentication:

   • What: Verifying the identity of a user.
   • Why: To restrict unauthorized access.
   • Example: Using JWT to confirm if a request is coming from a valid user.

2. Authorization:

   • What: Verifying if a user has permission to perform a given operation.
   • Why: To provide role-based access.
   • Example: Only admins can delete users.

3. Hashing:

   • What: Transforming a string of characters into a fixed-size string.
   • Why: Storing passwords securely.
   • Example: Using bcrypt to hash passwords.

4. HTTPS:

   • What: Secure version of HTTP.
   • Why: Encrypts the data sent between client and server.
   • Example: SSL certificates.

5. Data Validation:

   • What: The process of ensuring that user-supplied data is within expected boundaries.
   • Why: To prevent malformed data and security vulnerabilities like SQL injection, XSS, etc.
   • Example: Using joi or express-validator libraries.

Development Process

1. Requirement Gathering: Understand what you are going to build. Is it an API, a frontend app, or both? What features do you need?

2. Design and Planning: Choose the architecture, database, and libraries.

3. Development: Start by setting up your development environment, followed by the databases and then begin actual coding.

4. Testing: Perform unit tests, integration tests, and end-to-end tests.

5. Deployment: Once everything looks good, you can deploy your application.

6. Maintenance: Even after deployment, you'll need to update your application regularly.

I hope this serves as a comprehensive guide to understanding the various elements, dependencies, and concepts involved in the complete

---

Now let's go deeper into each topic.

Dependencies: Deeper Dive

1. Express:

   • Rationale: Express streamlines many HTTP server functionalities into simple methods and middleware, allowing for more readable, maintainable code.
   • Best Practices: Use middleware for tasks like logging, request parsing, or CORS configurations. Keep your routes modular by using express.Router.

2. MongoDB:

   • Rationale: Its schema-less architecture allows flexibility in your data structure, ideal for projects where quick iteration is necessary.
   • Best Practices: Use indexes for faster queries, and utilize its powerful Aggregation Pipeline for complex data manipulation.

3. Mongoose:

   • Rationale: Mongoose provides a strong, typed model to work from, ensuring data consistency.
   • Best Practices: Always define default values and validations in your schema. Also, leverage pre and post hooks for data integrity.

4. bcryptjs:

   • Rationale: Storing user passwords in plain text is a security risk. Bcrypt hashes passwords in a way that is computationally intensive, making brute-force attacks impractical.
   • Best Practices: Always salt your hashes and consider using asynchronous hashing functions.

5. jsonwebtoken:

   • Rationale: JSON Web Tokens are an open standard for securely transmitting information between parties.
   • Best Practices: Never store sensitive user information in the payload and always use a strong secret key.

6. Jest:

   • Rationale: Testing ensures your codebase stays error-free as it grows. Jest offers a feature-rich, well-documented environment for all types of JavaScript testing.
   • Best Practices: Use descriptive test case names and keep tests small and focused on a single functionality.

7. supertest:

   • Rationale: Supertest allows you to test RESTful endpoints with various HTTP assertions.
   • Best Practices: Always clean up any data you add into the database for testing purposes.

8. mongodb-memory-server:

   • Rationale: This package allows for fast, reliable testing that doesn't interfere with your actual database.
   • Best Practices: Clean up after tests to free up memory.

Web Development Concepts: Deeper Dive

1. RESTful APIs:

   • Rationale: RESTful APIs use HTTP requests to perform CRUD operations, an intuitive and straightforward way to interact with your data.
   • Best Practices: Stick to the standard HTTP methods (GET, POST, PUT, DELETE) and keep your API stateless.

2. CRUD Operations:

   • Rationale: Nearly every application performs CRUD operations as it's the fundamental way to interact with databases.
   • Best Practices: Always validate data both client-side and server-side before performing CRUD operations.

3. Middleware:

   • Rationale: Middleware functions can execute any code, make changes to request and response objects, or end the request-response cycle.
   • Best Practices: Keep your middleware functions small and focused on a single task.

Security Concepts: Deeper Dive

1. Authentication:

   • Rationale: Knowing who is interacting with your application is the first step towards security.
   • Best Practices: Always use HTTPS for authentication and use token-based authentication for RESTful APIs.

2. Authorization:

   • Rationale: Not every user should have the same permissions, and some data should remain restricted.
   • Best Practices: Implement role-based access control and always re-check permissions server-side.

3. Hashing:

   • Rationale: Passwords should never be stored in plain text for security reasons.
   • Best Practices: Use a strong hashing algorithm like bcrypt and always salt your hashes.

4. HTTPS:

   • Rationale: Encryption is a fundamental aspect of data security.
   • Best Practices: Always use strong SSL certificates and keep them updated.

5. Data Validation:

   • Rationale: Incorrect or malformed data can lead to security vulnerabilities and bugs.
   • Best Practices: Never trust user input; always validate and sanitize data that comes from outside systems.

Development Process: Deeper Dive

1. Requirement Gathering:

   • Rationale: The more clearly you understand what is needed, the more efficient your development process will be.
   • Best Practices: Document requirements meticulously and make sure all stakeholders agree.

2. Design and Planning:

   • Rationale: A good design will serve as a strong foundation for your project.
   • Best Practices: Use design patterns where appropriate and consider future scalability.

3. Development:

   • Rationale: This is where the actual product begins to take shape.
   • Best Practices: Follow coding standards and best practices. Keep your code modular and well-commented.

4. Testing:

   • Rationale: A well-tested application is easier to debug and maintain.
   • Best Practices: Write tests as you go (Test-Driven Development) and aim for high code coverage.

5. Deployment:

   • Rationale: Your application needs to be accessible to end-users.
   • Best Practices: Use CI/CD pipelines for automated testing and deployments.

6. Maintenance:

   • Rationale: Software needs to be updated and improved continuously.
   • Best Practices: Keep dependencies up to date, and always monitor for and fix security vulnerabilities.

This deeper dive aims to provide a comprehensive understanding of the various elements involved in building a secure, efficient, and scalable web application.

[akash-coded]

Here's a detailed guide to run and test all functionalities of the hypothetical Express + MongoDB backend application, focusing on features like authentication, authorization, logging, middlewares, and security. Since we haven't actually created a specific application, the following examples are to be used as a generic guide.

How to Run the Application

Step 1: Install Dependencies

First, navigate to your project directory and install the required dependencies using npm or yarn.

npm install

Step 2: Start MongoDB

Ensure that MongoDB is running.

mongod

Step 3: Start the Server

Start the server by running:

npm start

How to Test Functionalities

User Registration:

• Endpoint: POST /api/users/register
• Payload:

{
  "username": "john_doe",
  "password": "123456",
  "email": "john@example.com"
}

• Expected: Should return a 201 Created and a JWT token if successful.

User Login:

• Endpoint: POST /api/users/login
• Payload:

{
  "username": "john_doe",
  "password": "123456"
}

• Expected: Should return a 200 OK and a JWT token if successful.

Fetch User Profile (Authorized):

• Endpoint: GET /api/users/profile
• Headers:

{
  "Authorization": "Bearer <Your_JWT_Token>"
}

• Expected: Should return a 200 OK and the user's profile details if the token is valid.

Update User Profile (Authorized):

• Endpoint: PUT /api/users/profile
• Headers:

{
  "Authorization": "Bearer <Your_JWT_Token>"
}

• Payload:

{
  "email": "john_new@example.com"
}

• Expected: Should return a 200 OK and the updated user details.

Create Post (Authorized):

• Endpoint: POST /api/posts/
• Headers:

{
  "Authorization": "Bearer <Your_JWT_Token>"
}

• Payload:

{
  "content": "This is a new post."
}

• Expected: Should return a 201 Created and the post details.

Fetch Posts:

• Endpoint: GET /api/posts/
• Expected: Should return a 200 OK and an array of posts.

Like a Post (Authorized):

• Endpoint: POST /api/posts/<Post_ID>/like
• Headers:

{
  "Authorization": "Bearer <Your_JWT_Token>"
}

• Expected: Should return a 200 OK and the updated post details with incremented likes count.

Add a Comment to Post (Authorized):

• Endpoint: POST /api/posts/<Post_ID>/comment
• Headers:

{
  "Authorization": "Bearer <Your_JWT_Token>"
}

• Payload:

{
  "comment": "This is a comment."
}

• Expected: Should return a 200 OK and the updated post details with the new comment.

Testing with Jest

1. Run Jest Tests
   Run the Jest test suite with the following command:

npm test

2. Test Scenarios to Cover
   • Test successful registration and login.
   • Test fetching and updating profile with valid and invalid JWT tokens.
   • Test creating, fetching, liking, and commenting on posts with authorized and unauthorized requests.

Each test should cover these basic scenarios, plus edge cases like invalid data formats, unauthorized access, and so forth. Make sure to mock your database using a package like mongodb-memory-server to isolate the test environment.

This guide aims to provide a comprehensive methodology to run and test the backend application thoroughly, covering all major scenarios.

[akash-coded]

Mocking the API with json-server

Certainly! I'll create a comprehensive db.json file for a mock JSON server that covers all the endpoints needed for the online bookstore UI React application. This file will include diverse dummy data for users, books, reviews, and other relevant information.

{
  "users": [
    {
      "id": 1,
      "username": "johndoe",
      "email": "john@example.com",
      "password": "hashed_password_1",
      "role": "user",
      "createdAt": "2023-01-15T10:30:00Z"
    },
    {
      "id": 2,
      "username": "janedoe",
      "email": "jane@example.com",
      "password": "hashed_password_2",
      "role": "admin",
      "createdAt": "2023-02-20T14:45:00Z"
    },
    {
      "id": 3,
      "username": "bobsmith",
      "email": "bob@example.com",
      "password": "hashed_password_3",
      "role": "user",
      "createdAt": "2023-03-10T09:15:00Z"
    },
    {
      "id": 4,
      "username": "alicejohnson",
      "email": "alice@example.com",
      "password": "hashed_password_4",
      "role": "user",
      "createdAt": "2023-04-05T16:20:00Z"
    },
    {
      "id": 5,
      "username": "charliebrooks",
      "email": "charlie@example.com",
      "password": "hashed_password_5",
      "role": "user",
      "createdAt": "2023-05-12T11:55:00Z"
    }
  ],
  "books": [
    {
      "id": 1,
      "title": "To Kill a Mockingbird",
      "author": "Harper Lee",
      "isbn": "9780446310789",
      "publishedDate": "1960-07-11",
      "genre": "Fiction",
      "description": "The unforgettable novel of a childhood in a sleepy Southern town and the crisis of conscience that rocked it.",
      "price": 12.99,
      "stock": 50,
      "coverImage": "https://example.com/images/to-kill-a-mockingbird.jpg"
    },
    {
      "id": 2,
      "title": "1984",
      "author": "George Orwell",
      "isbn": "9780451524935",
      "publishedDate": "1949-06-08",
      "genre": "Science Fiction",
      "description": "A dystopian novel set in a totalitarian society.",
      "price": 10.99,
      "stock": 30,
      "coverImage": "https://example.com/images/1984.jpg"
    },
    {
      "id": 3,
      "title": "Pride and Prejudice",
      "author": "Jane Austen",
      "isbn": "9780141439518",
      "publishedDate": "1813-01-28",
      "genre": "Romance",
      "description": "A classic tale of love and misunderstanding in class-conscious England.",
      "price": 9.99,
      "stock": 40,
      "coverImage": "https://example.com/images/pride-and-prejudice.jpg"
    },
    {
      "id": 4,
      "title": "The Great Gatsby",
      "author": "F. Scott Fitzgerald",
      "isbn": "9780743273565",
      "publishedDate": "1925-04-10",
      "genre": "Fiction",
      "description": "A portrait of the Jazz Age in all of its decadence and excess.",
      "price": 11.99,
      "stock": 25,
      "coverImage": "https://example.com/images/the-great-gatsby.jpg"
    },
    {
      "id": 5,
      "title": "To the Lighthouse",
      "author": "Virginia Woolf",
      "isbn": "9780156907392",
      "publishedDate": "1927-05-05",
      "genre": "Modernist",
      "description": "A landmark novel of high modernism, centering on the Ramsay family.",
      "price": 13.99,
      "stock": 20,
      "coverImage": "https://example.com/images/to-the-lighthouse.jpg"
    },
    {
      "id": 6,
      "title": "Moby-Dick",
      "author": "Herman Melville",
      "isbn": "9780142437247",
      "publishedDate": "1851-10-18",
      "genre": "Adventure",
      "description": "The saga of Captain Ahab and his monomaniacal pursuit of the white whale.",
      "price": 14.99,
      "stock": 0,
      "coverImage": "https://example.com/images/moby-dick.jpg"
    }
  ],
  "reviews": [
    {
      "id": 1,
      "bookId": 1,
      "userId": 3,
      "rating": 5,
      "comment": "A timeless classic that everyone should read.",
      "createdAt": "2023-06-15T08:30:00Z"
    },
    {
      "id": 2,
      "bookId": 1,
      "userId": 4,
      "rating": 4,
      "comment": "Beautifully written, but a bit slow-paced at times.",
      "createdAt": "2023-06-16T14:45:00Z"
    },
    {
      "id": 3,
      "bookId": 2,
      "userId": 1,
      "rating": 5,
      "comment": "A chilling and thought-provoking dystopian novel.",
      "createdAt": "2023-06-17T11:20:00Z"
    },
    {
      "id": 4,
      "bookId": 3,
      "userId": 2,
      "rating": 4,
      "comment": "A delightful romance with witty dialogue.",
      "createdAt": "2023-06-18T09:10:00Z"
    },
    {
      "id": 5,
      "bookId": 4,
      "userId": 5,
      "rating": 3,
      "comment": "Interesting portrayal of the Roaring Twenties, but I found the characters hard to relate to.",
      "createdAt": "2023-06-19T16:55:00Z"
    }
  ],
  "orders": [
    {
      "id": 1,
      "userId": 1,
      "books": [
        {"bookId": 1, "quantity": 2},
        {"bookId": 3, "quantity": 1}
      ],
      "totalAmount": 35.97,
      "status": "completed",
      "createdAt": "2023-06-20T10:30:00Z"
    },
    {
      "id": 2,
      "userId": 4,
      "books": [
        {"bookId": 2, "quantity": 1},
        {"bookId": 5, "quantity": 1}
      ],
      "totalAmount": 24.98,
      "status": "processing",
      "createdAt": "2023-06-21T15:45:00Z"
    },
    {
      "id": 3,
      "userId": 3,
      "books": [
        {"bookId": 4, "quantity": 1}
      ],
      "totalAmount": 11.99,
      "status": "shipped",
      "createdAt": "2023-06-22T09:20:00Z"
    },
    {
      "id": 4,
      "userId": 2,
      "books": [
        {"bookId": 1, "quantity": 1},
        {"bookId": 2, "quantity": 1},
        {"bookId": 3, "quantity": 1}
      ],
      "totalAmount": 33.97,
      "status": "cancelled",
      "createdAt": "2023-06-23T14:10:00Z"
    }
  ],
  "cart": [
    {
      "id": 1,
      "userId": 5,
      "books": [
        {"bookId": 1, "quantity": 1},
        {"bookId": 4, "quantity": 2}
      ]
    },
    {
      "id": 2,
      "userId": 3,
      "books": [
        {"bookId": 2, "quantity": 1},
        {"bookId": 5, "quantity": 1}
      ]
    }
  ],
  "wishlist": [
    {
      "id": 1,
      "userId": 1,
      "bookIds": [2, 5]
    },
    {
      "id": 2,
      "userId": 4,
      "bookIds": [1, 3, 4]
    }
  ]
}

This db.json file includes:

1. Users: With different roles (user, admin) and registration dates.
2. Books: A variety of books with different attributes, including one out of stock (Moby-Dick).
3. Reviews: Various ratings and comments for different books.
4. Orders: Different order statuses (completed, processing, shipped, cancelled) and multiple items per order.
5. Cart: Shopping cart data for users with multiple items.
6. Wishlist: User wishlists with multiple books.

This data covers various scenarios:

• Books with and without stock
• Users with different roles
• Reviews with different ratings
• Orders in various states
• Shopping carts with multiple items
• Wishlists for different users

You can use this db.json file with json-server to create a mock API for your React application. It provides a good foundation for testing different scenarios and edge cases in your online bookstore UI.

Here are the detailed instructions on how to run the json-server with this db.json file and list all the available endpoints.

Setting up and running the json-server:

1. First, make sure you have Node.js installed on your system.

2. Install json-server globally (if you haven't already):

   npm install -g json-server
   

3. Save the db.json file in a directory of your choice.

4. Open a terminal/command prompt, navigate to the directory containing db.json, and run:

   json-server --watch db.json --port 3001
   

   This will start the json-server on port 3001. You can change the port number if needed.

Available Endpoints:

1. Users:

   • GET /users
   • GET /users/:id
   • POST /users
   • PUT /users/:id
   • PATCH /users/:id
   • DELETE /users/:id

2. Books:

   • GET /books
   • GET /books/:id
   • POST /books
   • PUT /books/:id
   • PATCH /books/:id
   • DELETE /books/:id

3. Reviews:

   • GET /reviews
   • GET /reviews/:id
   • POST /reviews
   • PUT /reviews/:id
   • PATCH /reviews/:id
   • DELETE /reviews/:id

4. Orders:

   • GET /orders
   • GET /orders/:id
   • POST /orders
   • PUT /orders/:id
   • PATCH /orders/:id
   • DELETE /orders/:id

5. Cart:

   • GET /cart
   • GET /cart/:id
   • POST /cart
   • PUT /cart/:id
   • PATCH /cart/:id
   • DELETE /cart/:id

6. Wishlist:

   • GET /wishlist
   • GET /wishlist/:id
   • POST /wishlist
   • PUT /wishlist/:id
   • PATCH /wishlist/:id
   • DELETE /wishlist/:id

Additional Features:

1. Filtering:
   You can filter results by adding query parameters. For example:

   • GET /books?author=Harper Lee
   • GET /reviews?bookId=1

2. Sorting:
   You can sort results using _sort and _order parameters. For example:

   • GET /books?_sort=price&_order=asc

3. Pagination:
   You can paginate results using _page and _limit parameters. For example:

   • GET /books?_page=1&_limit=5

4. Full-text search:
   You can perform a full-text search using the q parameter. For example:

   • GET /books?q=Mockingbird

5. Relationships:
   You can include related resources. For example:

   • GET /books?_embed=reviews
   • GET /users?_embed=orders

Example API Calls:

1. Get all books:

   GET http://localhost:3001/books
   

2. Get a specific book:

   GET http://localhost:3001/books/1
   

3. Get all reviews for a specific book:

   GET http://localhost:3001/reviews?bookId=1
   

4. Create a new order:

   POST http://localhost:3001/orders
   Content-Type: application/json
   
   {
     "userId": 1,
     "books": [
       {"bookId": 1, "quantity": 1},
       {"bookId": 2, "quantity": 2}
     ],
     "totalAmount": 34.97,
     "status": "processing",
     "createdAt": "2023-07-09T12:00:00Z"
   }
   

5. Update a book's stock:

   PATCH http://localhost:3001/books/1
   Content-Type: application/json
   
   {
     "stock": 49
   }
   

Remember to replace http://localhost:3001 with the appropriate URL if you're running the server on a different port or host.

These endpoints and features should provide a robust mock API for your React application to interact with, allowing you to develop and test various scenarios in your online bookstore UI.

[akash-coded]

Solution

Let's start by setting up a clear folder structure for our project:

/online-bookstore
|-- .env
|-- app.js
|-- /models
|   |-- User.js
|   |-- Book.js
|-- /routes
|   |-- auth.js
|   |-- books.js
|-- /middleware
|   |-- authorization.js
|   |-- logging.js
|-- /node_modules
|-- package.json

Step 1: Project Setup

In your terminal:

mkdir online-bookstore
cd online-bookstore
npm init -y
npm install express mongoose jsonwebtoken bcryptjs dotenv morgan validator helmet express-rate-limit winston

Create a .env file in the root of your project with:

MONGODB_URI="your_mongodb_uri"
JWT_SECRET="your_secret_key"

Step 2: Establish MongoDB Connection

In app.js:

const express = require('express');
const mongoose = require('mongoose');
const dotenv = require('dotenv');

dotenv.config();

mongoose.connect(process.env.MONGODB_URI, {
    useNewUrlParser: true,
    useUnifiedTopology: true,
});

const app = express();

Step 3: Basic Express Setup

Continue in app.js:

app.use(express.json());

const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
    console.log(`Server running on port ${PORT}`);
});

Step 4: Model Definitions

In /models/User.js:

const mongoose = require('mongoose');
const bcrypt = require('bcryptjs');

const userSchema = new mongoose.Schema({
    username: String,
    password: String,
    role: String,
});

userSchema.pre('save', function(next) {
    this.password = bcrypt.hashSync(this.password, 12);
    next();
});

module.exports = mongoose.model('User', userSchema);

Step 5: Authentication

In /routes/auth.js:

const express = require('express');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcryptjs');
const User = require('../models/User');

const router = express.Router();

router.post('/login', async (req, res) => {
    const user = await User.findOne({ username: req.body.username });
    if (!user) return res.status(400).send('Invalid username or password.');

    const validPassword = bcrypt.compareSync(req.body.password, user.password);
    if (!validPassword) return res.status(400).send('Invalid username or password.');

    const token = jwt.sign({ _id: user._id, role: user.role }, process.env.JWT_SECRET);
    res.send(token);
});

module.exports = router;

Step 6: Authorization Middleware

In /middleware/authorization.js:

const jwt = require('jsonwebtoken');

function authorize(role) {
    return (req, res, next) => {
        const token = req.header('x-auth-token');
        if (!token) return res.status(401).send('No token provided.');

        const decoded = jwt.verify(token, process.env.JWT_SECRET);
        if (!decoded || (role && decoded.role !== role)) return res.status(403).send('Forbidden.');

        req.user = decoded;
        next();
    }
}

module.exports = authorize;

Step 7: CRUD for Books

In /models/Book.js:

const mongoose = require('mongoose');

const bookSchema = new mongoose.Schema({
    title: String,
    author: String,
    price: Number,
});

module.exports = mongoose.model('Book', bookSchema);

In /routes/books.js:

const express = require('express');
const Book = require('../models/Book');
const authorize = require('../middleware/authorization');

const router = express.Router();

// All your CRUD operations here, e.g.,
router.get('/', async (req, res) => {
    const books = await Book.find();
    res.send(books);
});

// Use the authorize middleware as needed, e.g., 
router.post('/', authorize('admin'), async (req, res) => {
    const book = new Book(req.body);
    await book.save();
    res.send(book);
});

module.exports = router;

Step 8: Logging Middleware

In app.js:

const morgan = require('morgan');
app.use(morgan('tiny'));

For error-handling, logging, input validation, security, rate limiting, user registration, and advanced logging, follow the same method to break down your code into modular sections and use middleware appropriately.

Remember to use the app.use('/desired-route', require('./routes/route-file')) to link your route files in the main app.js file.

Let's dive deeper and continue elaborating on the code.

Alternate Step 8: Logging Middleware

You've already added the morgan middleware for basic logging.

In app.js:

const morgan = require('morgan');
app.use(morgan('combined'));  // 'combined' gives detailed logs

Step 9: Error-handling

Add a centralized error-handling middleware at the bottom of your app.js:

app.use((err, req, res, next) => {
    console.error(err.stack);
    res.status(500).send('Something went wrong!');
});

Step 10: Input Validation

In /routes/books.js, add some basic validation:

const { check, validationResult } = require('express-validator');

router.post('/', 
    [
        check('title').isLength({ min: 1 }).withMessage('Title is required'),
        check('author').isLength({ min: 1 }).withMessage('Author is required'),
        check('price').isNumeric().withMessage('Valid price is required'),
    ],
    async (req, res) => {
        const errors = validationResult(req);
        if (!errors.isEmpty()) {
            return res.status(400).json({ errors: errors.array() });
        }
        
        // ... rest of the CRUD logic ...
    }
);

Part-2

Step 11: Securing the Application

You've already added helmet for basic security.

In app.js:

const helmet = require('helmet');
app.use(helmet());

Step 12: Rate Limiting

Again, in your main app.js:

const rateLimit = require("express-rate-limit");

const limiter = rateLimit({
    windowMs: 15 * 60 * 1000, // 15 minutes
    max: 100 // limit each IP to 100 requests per windowMs
});

app.use(limiter);

Step 13: User Registration and Validation

In /routes/auth.js, append:

router.post('/register',
    [
        check('username', 'Username is required').not().isEmpty(),
        check('password', 'Password should be at least 6 chars long').isLength({ min: 6 }),
    ],
    async (req, res) => {
        const errors = validationResult(req);
        if (!errors.isEmpty()) {
            return res.status(400).json({ errors: errors.array() });
        }
        
        const userExists = await User.findOne({ username: req.body.username });
        if (userExists) return res.status(400).send('Username already exists.');

        const user = new User(req.body);
        await user.save();
        res.send('User registered successfully!');
    }
);

Step 14: Testing with Postman

At this point, you would open Postman and test the following endpoints:

1. POST to /register with { "username": "your_username", "password": "your_password" }
2. POST to /login with { "username": "your_username", "password": "your_password" } and get a JWT token.
3. Test CRUD operations on /books using the received JWT token.

Step 15: Logging and Monitoring

For advanced logging, use winston.

In app.js:

const winston = require('winston');

const logger = winston.createLogger({
    level: 'info',
    format: winston.format.json(),
    defaultMeta: { service: 'online-bookstore-service' },
    transports: [
        new winston.transports.File({ filename: 'error.log', level: 'error' }),
        new winston.transports.File({ filename: 'combined.log' }),
    ],
});

// To log directly to the console in a development setting:
if (process.env.NODE_ENV !== 'production') {
    logger.add(new winston.transports.Console({
        format: winston.format.simple(),
    }));
}

// Replace console.error with logger.error and likewise for other log levels

Now, when you want to log anything, you can use logger.info('Your message'), logger.error('Your error message'), etc. These logs will be saved to the specified files.

This provides a comprehensive backend setup. Remember, in a real-world application, you would also want to set up proper HTTPS, ensure your environment variables are secure, and perhaps consider using a service like MongoDB Atlas for a more secure and scalable MongoDB solution.

[akash-coded]

Docker and WebSockets

I'll begin by explaining what they are and then dive into how they can be integrated with the app.

Docker

What is Docker?

Docker is a platform that allows developers to create, deploy, and run applications in containers. Containers allow a developer to package an application with all parts it needs, such as libraries and other dependencies, and ship it all out as one package. This ensures that the application will run the same regardless of where it's being run.

Setup Docker in Project

1. Dockerizing the Node.js Backend:

Create a Dockerfile in the root of the backend project:

FROM node:14

WORKDIR /usr/src/app

COPY package*.json ./

RUN npm install

COPY . .

EXPOSE 5000

CMD [ "node", "server.js" ]

Then, create a .dockerignore:

node_modules
npm-debug.log

To build and run the Docker container:

docker build -t online-bookstore-backend .
docker run -p 5000:5000 online-bookstore-backend

2. Dockerizing the React Frontend:

Similar to the backend, create a Dockerfile in the root of the frontend project:

FROM node:14 as build-stage

WORKDIR /app

COPY package*.json ./

RUN npm install

COPY . .

RUN npm run build

FROM nginx:1.17.1-alpine

COPY --from=build-stage /app/build /usr/share/nginx/html

EXPOSE 80

CMD ["nginx", "-g", "daemon off;"]

Build and run:

docker build -t online-bookstore-frontend .
docker run -p 80:80 online-bookstore-frontend

WebSockets

What are WebSockets?

WebSockets provide a full-duplex communication channel over a single, long-lived connection. They're designed to work over the same ports as HTTP and HTTPS and share similar handshake processes. This makes them great for real-time updates in applications.

Integrating WebSockets in Project:

1. Backend Integration with socket.io:

Install socket.io:

npm install socket.io

Update the server initialization in the backend:

const express = require('express');
const http = require('http');
const socketIo = require('socket.io');

const app = express();
const server = http.createServer(app);
const io = socketIo(server);

io.on('connection', (socket) => {
    console.log('New client connected');

    // Sample: Emitting to the frontend
    socket.emit('message', 'Welcome to Online Bookstore!');

    socket.on('disconnect', () => {
        console.log('Client disconnected');
    });
});

server.listen(5000, () => console.log('Server running on port 5000'));

2. Frontend Integration with socket.io-client:

Install socket.io-client:

npm install socket.io-client

Integrate with React:

import { useEffect } from 'react';
import io from 'socket.io-client';

const socket = io('http://localhost:5000');

function App() {
    useEffect(() => {
        socket.on('message', (message) => {
            console.log(message);
        });

        return () => {
            socket.off();
        };
    }, []);

    // ... rest of the App component
}

Real-world application:

1. Docker:

   • Consistency: Ensures your application runs the same everywhere.
   • Microservices: Package and deploy individual services in different containers.
   • Isolation: Your app's environment is isolated from the host system.

2. WebSockets:

   • Chat Applications: Allow real-time communication between users.
   • Live Notifications: Notify users about updates instantly.
   • Online Gaming: Provide real-time interaction among players.

This is a basic introduction and integration guide. There are advanced topics like Docker Compose for managing multi-container Docker applications and advanced uses of WebSockets for handling real-time data at scale. Both Docker and WebSockets are vast topics, and their implementation can differ based on the complexity of your application and your specific needs.

---

Let's expand on integrating Docker Compose for our full-stack application and further enhance our WebSocket use-case for the bookstore.

Docker Compose

What is Docker Compose?

Docker Compose is a tool for defining and running multi-container Docker applications. With Docker Compose, you can set up an entire environment, including the backend, frontend, database, and any other services, all with a single docker-compose.yml file.

Integrating Docker Compose:

1. Create a docker-compose.yml at the root of your project:

version: '3'
services:
  backend:
    build:
      context: ./path-to-backend
      dockerfile: Dockerfile
    ports:
      - "5000:5000"
    depends_on:
      - mongo

  frontend:
    build:
      context: ./path-to-frontend
      dockerfile: Dockerfile
    ports:
      - "80:80"

  mongo:
    image: mongo:latest
    ports:
      - "27017:27017"
    volumes:
      - mongodata:/data/db

volumes:
  mongodata:

2. Run docker-compose up. This will start all three services: the backend, frontend, and the MongoDB instance.

3. To shut them down, use docker-compose down.

This allows you to define and manage all parts of your application infrastructure in one place, ensuring they are interconnected correctly.

Advanced WebSocket Use-case for Bookstore:

Real-time Book Stock Update:

Imagine this scenario: A limited stock of a new book is released, and many users are browsing the book's details simultaneously. With WebSockets, you can notify all connected users in real-time if the book goes out of stock.

1. Backend (Expanding on previous socket.io setup):

Modify the book purchasing or stock update endpoint:

app.post('/api/books/:id/purchase', (req, res) => {
  // After processing the purchase or stock update...

  // Check if the book is now out of stock.
  if (book.stock === 0) {
    io.emit('book-out-of-stock', book.id);
  }

  res.send("Purchase completed");
});

2. Frontend (Expanding on previous socket.io-client setup):

Update the BookPage component:

import { useEffect } from 'react';
import io from 'socket.io-client';

const socket = io('http://localhost:5000');

function BookPage() {
  useEffect(() => {
    socket.on('book-out-of-stock', (bookId) => {
      if (currentBookId === bookId) {
        alert('This book just went out of stock!');
      }
    });

    return () => {
      socket.off('book-out-of-stock');
    };
  }, [currentBookId]);

  // ... rest of the BookPage component
}

With this, every time a book goes out of stock, all users currently viewing or interested in that book get a real-time notification, enhancing user experience and ensuring customers are well-informed.

These integrations show how both Docker Compose and WebSockets can be valuable tools in building and deploying modern web applications. Docker Compose simplifies the management of multi-container apps, while WebSockets enable real-time features that can significantly improve user interaction.

[bipin-coded]

online-bookstore.zip

[mownica-p]

Online-bookStore: Backend
Testing endpoints:

1. POST /user_register:
   

Data stored in MongoDB :

2. GET /all_users:
   

3.Post /user_login