This is a RESTful API for managing employee records. It's built with Node.js and Express.js, and follows REST API standards. The API allows you to create, read, update, and delete employee records.
- Node.js
- Express.js
- Mongo DB
- `POST /api/v1/register`: Register a new employee. The request body must include `name` (string), `age` (number), `email` (string), and `password` (string).
- `POST /api/v1/login`: Login an employee. The request body must include `email` (string) and `password` (string).
- `POST /api/v1/refresh`: Refresh the access token.
- `POST /api/v1/logout`: Logout the employee.
- `POST /api/v1/save`: Create a new employee. The request body must include `name` (string), `age` (number), and `email` (string).
- `GET /api/v1/employees`: Get all employees.
- `GET /api/v1/employees/:id`: Get an employee by ID.
- `PUT /api/v1/employees`: Update an employee. The request body must include `id` and any fields to update.
- `DELETE /api/v1/employees/:id`: Delete an employee by ID.
All routes except `/register` and `/login` require a valid JWT in the `Authorization` header.-
User Registration: When a user registers, a refresh token is created and stored in the user's document in the database. This refresh token is created with a secret key (JWT_REFRESH_SECRET_KEY) and is stored in the refreshTokens array of the user's document.
-
User Login: When a user logs in, both an access token and a new refresh token are created. The access token is created with a different secret key (JWT_ACCESS_SECRET_KEY) and has a shorter lifespan (1 hour in your case). The refresh token is added to the user's refreshTokens array in the database.
-
Accessing Protected Routes: To access protected routes, the client must include the access token in the Authorization header of the request. The server verifies the access token and, if it's valid, allows the client to access the protected resource.
-
Refreshing the Access Token: When the access token expires, the client sends a request to the refresh endpoint with the refresh token. The server verifies the refresh token and, if it's valid and exists in the user's refreshTokens array, generates a new access token and sends it back to the client.
-
User Logout: When a user logs out, the refresh token they used is removed from the user's refreshTokens array in the database. This means that the refresh token can no longer be used to generate new access tokens.
If a request does not meet the required conditions, the API will return an error code related to the unmet conditions.
Employee data is stored in a MongoDB database. Mongoose is used as the Object Data Modeling (ODM) library to manage relationships between data, provide schema validation, and translate between objects in code and the representation of those objects in MongoDB.
Each employee is assigned a unique ID when they are created. This ID is generated by MongoDB and is used to retrieve, update, and delete employees.
To run the API, first install the required dependencies with npm install. Then, start the server with node index.js or nodemon index.js.
Please refer to the Postman documentation for detailed information on how to use each endpoint.