This travel plan app API is a backend service for a travel planning application. It provides endpoints for user authentication, user management, and travel planning.
The API is built using the NestJS framework, which provides a scalable and modular architecture, as well as a range of features for security, validation, and performance.
The API uses JSON Web Tokens (JWT) for authentication and authorization, and includes a local strategy for validating user credentials.
The API is also designed with security in mind, including rate limiting, CORS support, and request validation with the class-validator library and the ValidationPipe middleware.
With this API, users can create and manage travel plans, view and edit their user profiles, and authenticate securely.
$ npm installThe neccessary environmental variables and their short description is available in .env.template.
# development
$ npm run start
# watch mode
$ npm run start:dev
# production mode
$ npm run start:prod# unit tests
$ npm run test
# e2e tests
$ npm run test:e2e
# test coverage
$ npm run test:covThe API supports user authentication using JSON Web Tokens (JWT) and local strategy.
To authenticate a user, send a POST request to /auth/login with the following body:
{
"email": "[email protected]",
"password": "password"
}
If the email and password match a user in the database, the server will respond with a JWT token in the following format:
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
}
Include the JWT token in the Authorization header of subsequent requests:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
The API includes the following security measures:
Requests to the API are rate limited to prevent abuse. If a client exceeds the rate limit, the server will respond with a 429 Too Many Requests status code.
The API is configured to only allow requests from specified domains. Requests from other domains will be blocked.
All requests are validated using NestJS' ValidationPipe. Requests with invalid data will be rejected with a 400 Bad Request status code.
The backend utilizes Redis for caching responses to improve performance and reduce load on the database.
When a request comes in, the server checks if there is data in the Redis cache for the requested key. If there is, it returns the cached data. If not, it generates the new data, stores it in the Redis cache under the requested key, and returns it.
To use the Redis caching functionality, you will need to set the following environment variables:
REDIS_URL: the Redis connection URL
CACHE_EXPIRATION: the cache expiration time in seconds
The cacheService provides the following methods:
getAllKeys(): retrieves all the keys stored in RedisgetItem(key: string): retrieves the cached data for the specified key, or undefined if the key doesn't existsetItem(key: string, value: any, expiration?: number): stores the specified data under the given key in Redis, with an optional expiration time which overrides the expiration time set in the corresponding environmental variableinvalidateKeys(pattern: string): deletes all keys matching the specified patternflushAll(): deletes all keys in Redis
Please note that the cacheService uses JSON.stringify and JSON.parse to serialize and deserialize the cached data, so the data should be JSON-serializable.
This application uses AWS S3 to store trip pictures. The S3Util class provides a simple way to upload a file to an S3 bucket and get the URL for the uploaded file.
The S3Util requires the following environment variables to be set:
AWS_S3_ACCESS_KEY: The access key for the AWS S3 account.AWS_S3_SECRET_KEY: The secret access key for the AWS S3 account.AWS_S3_REGION: The AWS region where the S3 bucket is located.S3_PICTURES_BUCKET: The name of the S3 bucket where trip pictures will be stored.
To use the S3Util to upload a file to an S3 bucket, create an instance of the S3Util class and call its upload method, passing in the S3 bucket name and the file to upload as arguments.
The upload method returns the URL of the uploaded file, which can be stored in the pictures array of the trip object.