A production-ready RESTful E-Commerce API built with Node.js, Express.js 5, and MongoDB Atlas.
This project demonstrates modern backend development practices including JWT Authentication, Role-Based Authorization, Product Management, Reviews, Orders, Image Uploads, API Security, and Interactive API Documentation using Swagger UI.
https://nodejs-ecommerce-api-xg1q.onrender.com
https://nodejs-ecommerce-api-xg1q.onrender.com/api-docs
- JWT Authentication
- HTTP-Only Cookie Authentication
- User Registration
- User Login
- Logout
- Role-Based Authorization (Admin/User)
- Protected Routes
- View Current User
- Update User Profile
- Update Password
- Get Single User (Admin)
- Get All Users (Admin)
- Create Product
- Update Product
- Delete Product
- Get Single Product
- Get All Products
- Upload Product Images
- Product Image Validation
- Create Reviews
- Update Reviews
- Delete Reviews
- Get Product Reviews
- Prevent Duplicate Reviews
- Populate User Information
- Populate Product Information
- Create Orders
- Get Current User Orders
- Get Single Order
- Get All Orders (Admin)
- Update Order Status
- MongoDB Aggregation Pipelines
- Mongoose Populate
- Mongoose Virtual Populate
- Mongoose Middleware
- Schema Validation
- Password Hashing with bcrypt
- Model Relationships
- Helmet Security Headers
- CORS
- Rate Limiting
- HTTP-Only Cookies
- JWT Verification
- Protected Routes
- Input Validation
- Interactive Swagger UI
- Organized REST Endpoints
- Built-in Request/Response Testing
- Node.js
- Express.js 5
- MongoDB Atlas
- Mongoose
- JSON Web Tokens (JWT)
- bcrypt
- Helmet
- express-rate-limit
- cookie-parser
- CORS
- express-fileupload
- Swagger UI
- swagger-jsdoc
- Morgan
ecommerce-api/
β
βββ controllers/
βββ db/
βββ docs/
βββ errors/
βββ middleware/
βββ models/
βββ public/
β βββ uploads/
βββ routes/
βββ utils/
β
βββ app.js
βββ package.json
βββ .env
βββ .gitignore
βββ README.md
git clone https://github.com/iamskyy666/nodejs-ecommerce.gitcd nodejs-ecommercenpm installPORT=5000
MONGO_URI=your_mongodb_connection_string
JWT_SECRET=your_super_secret_key
JWT_LIFETIME=1d
NODE_ENV=developmentnpm run devnpm startAfter starting the server locally, open:
http://localhost:5000/api-docs
The interactive Swagger documentation allows you to:
- Explore all endpoints
- Test API requests
- View request bodies
- View response schemas
- Understand authentication requirements
Protected endpoints require authentication.
After logging in successfully, the API stores a signed HTTP-Only JWT Cookie, which is automatically used for subsequent authenticated requests.
Role-based permissions ensure that administrative operations are restricted to authorized users.
- Password hashing using bcrypt
- JWT Authentication
- HTTP-Only Cookies
- Role-Based Authorization
- Helmet Security Headers
- CORS Protection
- Rate Limiting
- Input Validation
- Secure Cookie Support
- express
- mongoose
- bcrypt
- jsonwebtoken
- cookie-parser
- dotenv
- helmet
- cors
- express-rate-limit
- express-fileupload
- validator
- morgan
- swagger-jsdoc
- swagger-ui-express
- Stripe Payment Integration
- Email Verification
- Forgot/Reset Password
- Docker Support
- Unit & Integration Testing
- GitHub Actions CI/CD
- Redis Caching
- Search, Filtering & Pagination
- Order History Analytics
Screenshots of the application, Swagger documentation, MongoDB Atlas collections, and Postman API testing will be added soon.
Soumadip Banerjee
Backend Developer β’ MERN Stack Developer
GitHub:
If you found this project useful, consider giving it a β Star on GitHub.
It helps others discover the project and motivates future improvements.
This project is licensed under the ISC License.