A robust RESTful API for managing user subscriptions built with Node.js, Express, and MongoDB. This API provides comprehensive subscription management capabilities with user authentication, security middleware, and workflow automation.
- User registration with secure password hashing (bcrypt)
- JWT-based authentication system
- Protected routes with authentication middleware
- User profile management
- Create, read, update, and delete subscriptions
- Support for monthly and yearly subscription frequencies
- Automatic renewal date calculation
- Subscription status tracking (active, inactive, cancelled)
- User-specific subscription access control
- Arcjet Integration for advanced security:
- Rate limiting with token bucket algorithm
- Bot detection and filtering
- Shield protection against common attacks
- Configurable security rules
- Comprehensive input validation with Mongoose schemas
- Email format validation
- Password strength requirements
- Subscription price and date validation
POST /api/v1/users/register - Register a new user
POST /api/v1/users/login - Login user
GET /api/v1/users/get-profile - Get user profile (authenticated)
All subscription routes require authentication.
POST /api/v1/subscriptions/ - Create a new subscription
GET /api/v1/subscriptions/ - Get all user's subscriptions
GET /api/v1/subscriptions/:id - Get subscription by ID
PUT /api/v1/subscriptions/:id - Update subscription
DELETE /api/v1/subscriptions/:id - Delete subscription
- Backend: Node.js, Express.js
- Database: MongoDB with Mongoose ODM
- Authentication: JWT (JSON Web Tokens)
- Security: Arcjet (rate limiting, bot detection, shield protection)
- Password Hashing: bcryptjs
- Name (required, 3-50 characters)
- Email (required, unique, validated format)
- Password (required, minimum 8 characters, hashed)
- Subscriptions (array of subscription references)
- Name (required, 3-50 characters)
- Price (required, 0-10000 range)
- Frequency (monthly/yearly)
- Status (active/inactive/cancelled)
- Start Date (required, defaults to current date)
- Renewal Date (auto-calculated based on frequency)
- User reference (required)
- Rate Limiting: 5 requests per 10 seconds with capacity of 3
- Bot Detection: Allows search engines and Postman, blocks malicious bots
- Shield Protection: Guards against common web attacks
- IP-based Characteristics: Tracks requests by source IP
- JWT tokens with configurable expiration
- Password hashing with bcrypt salt rounds
- Authorization header validation
- User-specific resource access control
-
Clone the repository
-
Install dependencies:
npm install
-
Set up environment variables
-
Start the server:
npm run dev
POST /api/v1/users/register
{
"name": "John Doe",
"email": "[email protected]",
"password": "securepassword123"
}POST /api/v1/subscriptions/
Authorization: Bearer <jwt_token>
{
"name": "Netflix Premium",
"price": 15.99,
"frequency": "monthly"
}GET /api/v1/subscriptions/
Authorization: Bearer <jwt_token>- Renewal Date Calculation: Automatically calculates renewal dates based on subscription frequency
- Status Updates: Updates subscription status based on renewal dates
- Security Monitoring: Real-time protection against malicious requests
- Request Validation: Comprehensive input validation and sanitization
The API includes comprehensive error handling with appropriate HTTP status codes:
- 400: Bad Request (validation errors)
- 401: Unauthorized (authentication required)
- 403: Forbidden (access denied, rate limited)
- 404: Not Found (resource doesn't exist)
- 429: Too Many Requests (rate limit exceeded)
- 500: Internal Server Error