A RESTful backend API for an e-commerce bookstore, built with Express.js and deployed as serverless functions on Netlify. It handles everything from user authentication to order management.
| Technology | Purpose |
|---|---|
| Node.js | Runtime environment |
| Express.js | Web framework for building the API |
| MongoDB + Mongoose | Database and data modeling |
| Netlify Functions | Serverless deployment of the Express app |
| netlify-cli | Local development server |
| JWT | User authentication (JSON Web Tokens) |
| Cloudinary | Book cover image storage |
| Nodemailer | Sending password reset emails |
| Stripe | Payment processing |
Make sure you have the following installed:
- Node.js (v18 or higher)
- npm
- Netlify CLI — install it globally with:
npm install -g netlify-cliFor HTTPS:
git clone https://github.com/ZeyadHMostafa/Book-Store-BackEnd-Node.git
cd book-store-backend-nodeFor SSH:
git clone git@github.com:ZeyadHMostafa/Book-Store-BackEnd-Node.git
cd book-store-backend-nodenpm installCreate a .env file in the root of the project. You can use the existing .env.example file as a reference. It should include values for your MongoDB connection string, JWT secret, Cloudinary credentials, Stripe credentials, and any other secrets.
npm startThis runs netlify dev under the hood, which spins up a local server at:
http://localhost:8888
All API routes are available at http://localhost:8888/api/.
.
├── netlify/
│ └── functions/
│ └── api.js # Entry point — wraps Express for Netlify
├── src/
│ ├── controllers/ # Route handler logic
│ ├── models/ # Mongoose database schemas
│ ├── routes/ # Express route definitions
│ ├── services/ # Business logic (auth, email, orders)
│ └── validators/ # Request validation schemas (Joi)
├── docs/
│ └── swagger-output.json # Auto-generated API documentation
├── scripts/
│ └── swagger.js # Script to regenerate API docs
├── netlify.toml # Netlify configuration (functions, redirects, rate limiting)
└── package.json
Most write operations (POST, PATCH, DELETE) require you to be logged in.
- Register or log in via the
/api/user/registeror/api/user/loginendpoints. - You'll receive a JWT token in the response.
- Include it in the
Authorizationheader of all protected requests:
Authorization: Bearer <your_token_here>
Endpoints marked with 🔐 below require this token.
To protect the API from being overwhelmed with too many requests, rate limiting is configured at the infrastructure level in netlify.toml.
Limit: 10 requests per 60 seconds, per IP address and domain.
If you exceed this limit, the server will return a 429 Too Many Requests error. This is handled automatically by Netlify — no extra code needed on our end.
Base URL (local): http://localhost:8888/api
| Method | Endpoint | Description | Auth |
|---|---|---|---|
POST |
/user/register |
Register a new user account | — |
POST |
/user/login |
Log in and receive a JWT token | — |
GET |
/user/me |
Get your own profile | 🔐 |
PATCH |
/user/me |
Update your profile details | 🔐 |
| Method | Endpoint | Description | Auth |
|---|---|---|---|
POST |
/auth/forgot-password |
Request a password reset email | — |
POST |
/auth/verify-reset-code |
Verify the 6-digit reset code | — |
POST |
/auth/update-password |
Set a new password using reset code | — |
| Method | Endpoint | Description | Auth |
|---|---|---|---|
GET |
/book/ |
List all books | — |
GET |
/book/count |
Get total number of books | — |
GET |
/book/:id |
Get a single book by its ID | — |
GET |
/book/author/:authorId |
Get all books by a specific author | — |
GET |
/book/category/:categoryId |
Get all books in a specific category | — |
POST |
/book/ |
Create a new book (with cover image upload) | 🔐 |
PATCH |
/book/:id |
Update book details | 🔐 |
DELETE |
/book/:id |
Delete a book | 🔐 |
| Method | Endpoint | Description | Auth |
|---|---|---|---|
GET |
/author/ |
List all authors | — |
GET |
/author/count |
Get total number of authors | — |
GET |
/author/:id |
Get a single author by ID | — |
POST |
/author/ |
Create a new author | 🔐 |
PATCH |
/author/:id |
Update author details | 🔐 |
DELETE |
/author/:id |
Delete an author | 🔐 |
| Method | Endpoint | Description | Auth |
|---|---|---|---|
GET |
/category/ |
List all categories | — |
GET |
/category/count |
Get total number of categories | — |
GET |
/category/:id |
Get a single category by ID | — |
POST |
/category/ |
Create a new category | 🔐 |
PATCH |
/category/:id |
Update category details | 🔐 |
DELETE |
/category/:id |
Delete a category | 🔐 |
| Method | Endpoint | Description | Auth |
|---|---|---|---|
GET |
/cart/ |
View your current cart | 🔐 |
POST |
/cart/ |
Add or update an item in your cart | 🔐 |
DELETE |
/cart/:bookId |
Remove a specific item from your cart | 🔐 |
| Method | Endpoint | Description | Auth |
|---|---|---|---|
POST |
/order/ |
Place a new order from your cart | 🔐 |
GET |
/order/my-orders |
View your own order history | 🔐 |
GET |
/order/ |
Get all orders — Admin only | 🔐 |
GET |
/order/count |
Count all orders — Admin only | 🔐 |
PATCH |
/order/:id |
Update order status — Admin only | 🔐 |
DELETE |
/order/:id |
Delete an order — Admin only | 🔐 |
| Method | Endpoint | Description | Auth |
|---|---|---|---|
GET |
/review/ |
Get all reviews | — |
GET |
/review/:id |
Get a single review by ID | — |
POST |
/review/ |
Create a review for a book | 🔐 |
PATCH |
/review/:id |
Update your review | 🔐 |
DELETE |
/review/:id |
Delete a review | 🔐 |
| Command | What it does |
|---|---|
npm start |
Start the local dev server via netlify dev |
npm run swagger |
Regenerate the API documentation from the routes |
npm run mermaid |
Regenerate the database ERD diagram |
| Name | GitHub |
|---|---|
| Ibrahim Mostafa | @ebrahimmostafa133 |
| Ziad Hesham | @ZeyadHMostafa |
| Ahmed Ehab | @ahmed-ehab-reffat |