📚 BookStore REST API

A backend RESTful API for managing books, users, and ratings.
Built with Node.js, Express.js, MySQL, and secured using JWT authentication, bcrypt, and role-based access control.
Includes features like CRUD operations, file uploads, ratings system, search, filtering, and pagination.

📑 Table of Contents

• Features
• Tech Stack
• Project Structure
• Getting Started
• API Overview
• Screenshots / Demo(Coming Soon)
• Detailed API Reference
• Security Notes
• Deployment
• Author

---

🚀 Features

• Authentication & Authorization

  • Secure login/signup using JWT and bcrypt password hashing
  • Role-based access control for users and admins

• Books Management

  • CRUD operations for books (create, update, delete, fetch)
  • Advanced search, filtering, and pagination

• Ratings System

  • Users can add ratings & reviews for books

• File Uploads

  • Upload book cover images with Multer

• Architecture

  • Built with MVC pattern
  • Middleware validation and centralized error handling

---

🛠 Tech Stack

• Backend: Node.js, Express.js
• Database: MySQL
• Authentication & Security: JWT, bcrypt, Helmet, CORS
• File Uploads: Multer
• Architecture: MVC

---

📂 Project Structure

Bookstore-api-main/
│── server.js # Entry point
│── config/
│ └── db.js # Database connection
│── controllers/ # Controllers (Auth, Books, Ratings)
│── middleware/ # Auth & Upload middleware
│── routes/ # API Routes
│── experimental_features/ # AI & Payment (in progress)

---

⚡ Getting Started

1️⃣ Clone the repository

git clone https://github.com/your-username/bookstore-api.git
cd bookstore-api

2️⃣ Install dependencies

npm install

3️⃣ Set up environment variables

Create a .env file in the root directory:

PORT=5000
DB_HOST=localhost
DB_USER=your-mysql-user
DB_PASSWORD=your-mysql-password
DB_NAME=bookstore
JWT_SECRET=your-secret-key

4️⃣ Run the server

npm start

🔑 API Overview

🔐 Auth Routes

• POST /api/auth/register → Register a new user (role forced to "user")
• POST /api/auth/login → returns JWT + token_type + expires_in + user

📖 Book Routes

• GET /api/book/get → Get books (requires authentication, with validation on title & author)
• GET /api/book → Get paginated & filtered book list (public)
• GET /api/book/:id → Get a book by its ID (public)
• POST /api/book/add → Add a new book (Admin only)
• POST /api/book/upload → Upload book cover image (authenticated users only)

⚠️ Note: In this demo project, only the seeded admin account (manually inserted in the database) can add or edit books.
All users who register through /api/auth/register are assigned the role "user" by default.

⭐ Rating Routes

• POST /api/rating/:bookId → Rate a book (only logged-in users)
• GET /api/rating/book/:bookId → Get all ratings for a specific book

---

📌 Experimental Features

• AI Controller → early integration with AI for book-related features
• Payment Controller → payment API integration (work in progress)

---

📘 Detailed API Reference

➡️ Register User — POST /api/auth/register

Validations (express-validator)

• name → required (cannot be empty)
• email → required, must be a valid email format
• password → required, minimum 8 characters and must include at least 1 number

Request Body

{
  "name": "Tirth Patel",
  "email": "[email protected]",
  "password": "123456",
}

Response (201 Created)

{
  "message": "User registered successfully",
  "user": {
  "id": 12,
  "name": "Tirth Patel",
  "email": "[email protected]",
  "role": "user" }
}

➡️ Login User — POST /api/auth/login

Validations (express-validator)

• email → required, must be a valid email format
• password → required (cannot be empty)

Request Body

{
  "email": "[email protected]",
  "password": "password123"
}

Response (200 OK)

{
  "message": "Login successful",
  "token_type": "Bearer",
  "expires_in": 2592000,
  "token": "your-jwt-token",
  "user": {
    "id": 12,
    "name": "Tirth Patel",
    "role": "user"
  }
}

➡️ Add Book — POST /api/book/add (Admin only)

Headers: Authorization: Bearer

{
  "title": "Clean Code",
  "author": "Robert C. Martin",
  "price": 499,
  "category": "Programming"
}

Response (200 OK)

{
  "success": true,
  "data":{
    "id": 101,
    "title": "Clean Code",
    "author": "Robert C. Martin",
    "price": 499,
    "category": "Programming"
  }
}

➡️ List/Search — GET /api/book?search=code&category=Programming&page=1&limit=10

Response (200 OK)

{
  "success": true,
  "page": 1,
  "limit": 10,
  "total": 42,
  "data": [ {
    "id": 101,
    "title": "Clean Code",
    "author": "Robert C. Martin"
  } ]
}

➡️ Add Rating — POST /api/rating/:bookId (Auth)

Headers: Authorization: Bearer <JWT>

{ "rating": 5, "review": "Excellent!" }

Response (200 OK)

{
  "success": true,
  "message": "Rating added",
  "data": {
    "bookId": 101,
    "rating": 5,
    "review": "Excellent!"
  }
}

🔒 Security Notes

• Public register always creates "user"; client role is ignored.
• Admin-only endpoints guarded by checkRole("admin").
• /login & /register have per-route rate limits; optional global limiter in server.js.
• Helmet, CORS, morgan recommended.
• Do not commit .env. Rotate any leaked secrets.

📦 Deployment

• Can be deployed on Render, Railway, or Vercel
• MySQL database can be hosted on Railway / PlanetScale / AWS RDS

---

👨‍💻 Author

Tirth Patel