Skip to content
/ CourseSellingApp Public

backed for a Course Selling App built using Express and MongoDB (MERN Stack)

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CSVaishakh/CourseSellingApp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
.vscode
.vscode
 
 
middleware
middleware
 
 
routes
routes
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
db.js
db.js
 
 
index.js
index.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

Course Selling App Backend

Project Objective

This project is a backend system for a course marketplace where administrators can create and manage courses, while users can browse, purchase, and access their purchased courses. The system implements role-based authentication using JWT tokens to separate admin and user permissions.

Codebase Overview

Core Architecture

The application follows a modular Express.js architecture with clear separation of concerns:

index.js - Entry point that initializes the Express server, connects to MongoDB, and mounts three main routers (/user, /admin, /course) on their respective paths.

db.js - Defines the MongoDB data models using Mongoose schemas:

  • User Model: Stores user credentials (email, hashed password) and profile info (firstName, lastName)
  • Admin Model: Similar to User but separate table for admin accounts
  • Course Model: Contains course details (title, description, price, imgUrl) with a reference to the creator admin
  • Purchase Model: Junction table linking users to their purchased courses

Route Handlers

routes/user.js - Handles user-related operations:

  • /signup - Creates new user accounts with bcrypt password hashing
  • /signin - Validates credentials and issues JWT tokens
  • /purchases - Protected route (requires JWT) to view purchased courses
  • /purchase - Protected route to buy a course

routes/admin.js - Manages admin operations:

  • /signup - Creates admin accounts with hashed passwords
  • /signin - Validates admin credentials and returns JWT
  • /course - Protected POST endpoint to create courses
  • /course - Protected PUT endpoint to update existing courses
  • /course/bulk - Protected GET endpoint to retrieve all courses created by the authenticated admin

routes/course.js - Public course browsing:

  • /preview - Returns all available courses without authentication

Middleware Layer

middleware/user.js - JWT verification middleware for user routes. Extracts the token from request headers, verifies it against JWT_USER_PASSWORD, and attaches the decoded user ID to the request object for downstream handlers.

middleware/admin.js - Similar JWT verification for admin routes using JWT_ADMIN_PASSWORD, ensuring only authenticated admins can create/modify courses.

Utilities

utils/handlePassword.js - Encapsulates bcrypt operations for password hashing and comparison, providing a consistent interface for password security throughout the application.

Key Technical Decisions

  1. Separate Authentication Domains: Users and admins have distinct JWT secrets and authentication flows to prevent privilege escalation
  2. Password Security: All passwords are hashed with bcrypt before storage; plaintext passwords never persist
  3. Token-based Auth: Stateless JWT authentication allows horizontal scaling without session management
  4. Schema Validation: Mongoose schemas enforce data structure and unique email constraints at the database level
  5. Middleware Pattern: Authentication logic is centralized in middleware functions to keep route handlers clean and focused on business logic

About

backed for a Course Selling App built using Express and MongoDB (MERN Stack)

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages