Having gone through some of the overviews of the project in our previous article such as setting up our node enviroment, .env, .gitignore and installing all required packages for the project. Let's talk about the Blog API!
The Blog API allows you to perform CRUD (Create, Read, Update and Delete) operations. For the Create, Update and Delete operations, you as an authenticated user can create your own blog and have it as either draft (which is the default) or published, update and delete only your own blog. The owner of the blog is also allowed to update the state of the blog from draft to published
For the Read operation, both authenticated and unauthenticated users can read published blogs. Only authenticated users can view their own drafts.
A summary of endpoints based on the decription given above
| HTTP Method | Routes | Authenticated? | Description |
|---|---|---|---|
| GET | /api/v1/home/blog | No | Get all published blogs |
| GET | /api/v1/home/blog/:id | No | Get all published blogs by ID |
| GET | /api/v1/blog | Yes | Get all published and drafted blogs created by the user |
| GET | /api/v1/blog/:id | Yes | Get all published and drafted blogs by ID created by the user |
| POST | /api/v1/blog | Yes | Post blog as an authticated user |
| PUT | /api/v1/blog/:id | Yes | Update blog as an authenticated user |
| PATCH | /api/v1/blog/:id | Yes | Update blog state as an authenticated user |
| DELETE | /api/v1/blog/:id | Yes | Delete blog as an authticated user |
Having drafted out the endpoints, let us look at other features that we will be implementing and the packages that will help us achieve them.
Setting up our Server
The server is the link between our client and the database. It allows us to run logic that helps us in interacting with the database. All of our CRUD operations run on the server.
Authentication
The type of authentication used in this API is the Token Based Authentication. The user creates an account by signing up then uses the credentials to sign in. This then generates a token that the user will use to access protected Routes.
The packages used:
Summary of endpoints required for authentication
| HTTP Method | Routes | Description |
|---|---|---|
| POST | /api/v1/signup | signup user |
| POST | /api/v1/login | login user |
Input Validation
Even with a proper API documentation, humans are bound to make mistakes while filling in or supplying details to be sent to the database. So, in order to curb this error, we have packages joi and mongoose that help us do this. They allow us to run some validator checks on inputted data to ensure uniformity in the data collected in the database.
Error Handling
There are several errors generated from the API and they were properly handled using the error handler middleware and the express-async-errors package. Some of the errors that were includes:
| Error Type | Error Status Code |
|---|---|
| Bad Request Error | 400 |
| Page not Found Error | 404 |
| Unauthenticated Error | 401 |
| Unauthorised Error | 403 |
You can read more on HTTP status codes.
All of these error modules are found in the error folder shown in the project folder structure.
Middlewares
Middleware functions are functions that have access to the request object (req), the response object (res), and the next middleware function in the application’s request-response cycle. These functions are used to modify req and res objects for tasks like parsing request bodies, adding response headers.
In this project we used middleware functions to handle certain tasks like:
- Input validation
- Authentication
- Filtering blog by query parameters
- Pagination
- Error handling
Rate Limiting
The rate limiting middleware limits the number of requests that come from a specific user, IP address or location within a given window (period of time). This can be achieved using a package called express-rate-limit as middleware
Cross Origin Resource Sharing (CORS)
This allows us to be able to set sites that can have access to making direct request to our API. These sites that are allowed are whitelisted.This can be achieved using a package called cors as middleware. You can read more on it
We have learnt the major features we'd be implementing in this project. Let's get into the full implementation of some of these features in our API with codes. BRACE UP! for you're about to enter the world of codes!
Top comments (0)