A robust and secure backend API for managing vehicle rentals, built with Node.js, TypeScript, and PostgreSQL. This system provides comprehensive functionality for vehicle inventory management, customer operations, and booking workflows with role-based access control.
Live API: https://vehicle-rental-system-chi-gray.vercel.app/
- Vehicle Management - Complete CRUD operations for vehicle inventory with real-time availability tracking
- Customer Management - User registration, profile management, and account operations
- Booking System - Handle rental bookings, returns, and automated cost calculations
- Authentication & Authorization - Secure JWT-based authentication with role-based access control
- Admin Dashboard - Full administrative access to manage all system resources
- Password hashing with bcrypt
- JWT token-based authentication
- Role-based access control (RBAC)
- Protected API endpoints
- Input validation and sanitization
- Runtime: Node.js
- Language: TypeScript
- Framework: Express.js
- Database: PostgreSQL
- bcrypt - Password hashing and validation
- jsonwebtoken (JWT) - Token generation and verification
- Platform: Vercel
- Full system access and privileges
- Manage vehicle inventory (add, update, delete vehicles)
- View and manage all customer accounts
- Access and modify all bookings across the system
- System configuration and settings
- Self-registration and profile management
- Browse available vehicles
- Create and manage personal bookings
- View booking history
- Update personal information
The API implements a secure authentication system using JWT tokens:
-
Registration/Login
- User passwords are hashed using bcrypt before storage
- Login via
/api/v1/auth/signinendpoint - Upon successful authentication, server issues a JWT token
-
Token Usage
- Include token in request headers:
Authorization: Bearer <your-token> - Token contains user role and permissions
- Include token in request headers:
-
Authorization
- Protected endpoints validate the JWT token
- Server checks user permissions based on role
- Returns
401 Unauthorizedfor invalid/missing tokens - Returns
403 Forbiddenfor insufficient permissions
- Node.js (v14 or higher)
- PostgreSQL (v12 or higher)
- npm or yarn package manager
-
Clone the repository
git clone <your-repository-url> cd vehicle-rental-system
-
Install dependencies
npm install
-
Environment Configuration
Create a
.envfile in the root directory:# Server Configuration PORT=5000 NODE_ENV=development # Database Configuration DATABASE_URL=postgresql://username:password@localhost:5432/vehicle_rental_db # JWT Configuration JWT_SECRET=your-super-secret-jwt-key JWT_EXPIRES_IN=7d # Bcrypt Configuration BCRYPT_SALT_ROUNDS=10
-
Database Setup
# Create the database createdb vehicle_rental_db # Run migrations npm run migrate # (Optional) Seed initial data npm run seed
-
Build TypeScript
npm run build
-
Start the server
# Development mode npm run dev # Production mode npm start
The API will be available at http://localhost:5000
POST /api/v1/auth/signup
Content-Type: application/json
{
"name": "John Doe",
"email": "john@example.com",
"password": "securePassword123",
"phone": "+1234567890"
}POST /api/v1/auth/signin
Content-Type: application/json
{
"email": "john@example.com",
"password": "securePassword123"
}Response:
{
"success": true,
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": 1,
"name": "John Doe",
"email": "john@example.com",
"role": "customer"
}
}GET /api/v1/vehicles?available=true
Authorization: Bearer <your-token>GET /api/v1/vehicles/:id
Authorization: Bearer <your-token>POST /api/v1/vehicles
Authorization: Bearer <admin-token>
Content-Type: application/json
{
"brand": "Toyota",
"model": "Camry",
"year": 2024,
"pricePerDay": 50.00,
"available": true,
"licensePlate": "ABC-1234"
}POST /api/v1/bookings
Authorization: Bearer <customer-token>
Content-Type: application/json
{
"vehicleId": 1,
"startDate": "2024-12-15",
"endDate": "2024-12-20"
}GET /api/v1/bookings/my-bookings
Authorization: Bearer <customer-token>PATCH /api/v1/bookings/:id/return
Authorization: Bearer <admin-token>vehicle-rental-system/
βββ src/
β βββ config/ # Configuration files
β βββ middlewares/ # Custom middlewares
β βββ modules/ # API routes, Business logic
β βββ types/ # express
β βββ app.ts # Express app setup
βββ .env # Environment variables
βββ .gitignore
βββ package.json
βββ tsconfig.json # TypeScript configuration
βββ README.md
- All passwords are hashed using bcrypt with configurable salt rounds
- JWT tokens expire after a configurable period (default: 7 days)
- Sensitive routes are protected with authentication middleware
- Role-based access control prevents unauthorized operations
- Environment variables store sensitive configuration
- Input validation on all API endpoints
Contributions are welcome! Please follow these steps:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
For questions, issues, or support:
- Create an issue in the repository
- Contact the development team
Built with β€οΈ using Node.js, TypeScript, and PostgreSQL