A robust, secure, and scalable REST API for blog management built with Node.js, Express, TypeScript, and MongoDB.
- Authentication & Authorization: JWT-based authentication with refresh tokens
- User Management: Complete CRUD operations for users
- Security: Rate limiting, CORS protection, Helmet security headers
- Validation: Request validation using express-validator
- Logging: Winston-based logging system
- Database: MongoDB with Mongoose ODM
- TypeScript: Full TypeScript support with type definitions
- Performance: Response compression and optimized middleware
- Runtime: Node.js
- Framework: Express.js 5.x
- Language: TypeScript
- Database: MongoDB with Mongoose
- Authentication: JWT (JSON Web Tokens)
- Security: Helmet, CORS, Rate Limiting
- Validation: Express Validator
- Logging: Winston
- Development: Nodemon, Prettier
- Node.js (v16 or higher)
- MongoDB instance
- npm or yarn package manager
-
Clone the repository
git clone <repository-url> cd blog-api
-
Install dependencies
npm install
-
Environment Setup Create a
.envfile in the root directory:PORT=3000 NODE_ENV=development MONGO_URI=mongodb://localhost:27017/blog-api JWT_ACCESS_SECRET=your_access_secret_here JWT_REFRESH_SECRET=your_refresh_secret_here ACCESS_TOKEN_EXPIRY=15m REFRESH_TOKEN_EXPIRY=7d LOG_LEVEL=info
-
Start Development Server
npm run dev
The API will be available at http://localhost:3000/api/v1
POST /api/v1/auth/register- User registrationPOST /api/v1/auth/login- User loginPOST /api/v1/auth/logout- User logoutPOST /api/v1/auth/refresh-token- Refresh access token
GET /api/v1/users- Get all users (Admin only)GET /api/v1/users/me- Get current user profileGET /api/v1/users/:id- Get user by IDPUT /api/v1/users/me- Update current userDELETE /api/v1/users/me- Delete current user
The API uses JWT tokens for authentication:
- Access Token: Short-lived (15 minutes) for API requests
- Refresh Token: Long-lived (7 days) for token renewal
- Protected Routes: Require valid access token in Authorization header
src/
├── @types/ # TypeScript type definitions
├── config/ # Configuration files
├── controllers/ # Route controllers
├── lib/ # Core libraries (JWT, MongoDB, etc.)
├── middlewares/ # Express middlewares
├── models/ # Mongoose models
├── routes/ # API route definitions
├── server.ts # Main server file
└── utils/ # Utility functions
npm run dev- Start development server with hot reload
- TypeScript: Strict type checking enabled
- Prettier: Code formatting
- ESLint: Code linting (if configured)
- Rate Limiting: Prevents API abuse
- CORS Protection: Configurable origin whitelist
- Security Headers: Helmet middleware
- Input Validation: Request body validation
- JWT Security: Secure token handling
| Variable | Description | Default |
|---|---|---|
PORT |
Server port | 3000 |
NODE_ENV |
Environment mode | development |
MONGO_URI |
MongoDB connection string | - |
JWT_ACCESS_SECRET |
JWT access token secret | - |
JWT_REFRESH_SECRET |
JWT refresh token secret | - |
ACCESS_TOKEN_EXPIRY |
Access token expiry time | 15m |
REFRESH_TOKEN_EXPIRY |
Refresh token expiry time | 7d |
LOG_LEVEL |
Logging level | info |
This is an open source project. We welcome contributions!
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Follow the existing code style
- Add tests for new features
- Update documentation as needed
- Ensure all tests pass before submitting
This project is licensed under the ISC License.
If you encounter any issues or have questions:
- Check the existing issues
- Create a new issue with detailed information
- Include error logs and reproduction steps
- Blog post CRUD operations
- Comment system
- File upload support
- Search functionality
- API documentation with Swagger
- Docker support
- Unit and integration tests
Happy Coding! 🎉