API - Learnathon-By-Geeky-Solutions/codeclusters GitHub Wiki
- User and Admin login using JWT.
- OTP-based email verification and password reset.
- Token-based protected routes.
- Registration & Login.
- Profile info fetching.
- Password reset flow via OTP.
----for Admin---- - Admin login.
- Password change.
- Admin-only product & order management.
- Add, update, remove, and search products.
- Multiple image support.
- Filtering, sorting, pagination.
- COD and Stripe payment options.
- Order placement, Stripe session, and verification.
- Admin order listing and status update with email notifications.
- Submit reviews with rating and comment.
- Fetch all reviews for a product.
Some routes require authentication via Bearer Token.
Header Format:
Authorization: Bearer <your_token>/api/user
Endpoint: POST /register
Description: Registers a new user..
{
"name": "John Doe",
"email": "[email protected]",
"password": "yourpassword"
}-
201 Created: User created successfully. -
200 OK: User already exists or validation failed. -
500 Internal Server Error: Server error. -
400 Bad Request: Invalid user data
Endpoint: POST /login
Authentication: User (JWT)
Description: Logs in a user if credentials are valid and email is verified.
{
"email": "[email protected]",
"password": "yourpassword"
}-
201 Created: Returns user info and token. -
200 OK: Incorrect password or email not verified. -
404 Not Found: User doesnβt exist. -
500 Internal Server Error: Server error.
POST /api/auth/google-login
This endpoint handles user authentication via Google login:
- If the user already exists and is a Google-registered account, it logs them in.
- If the user exists but registered using email/password, login is denied with a suggestion to use the password.
- If the user does not exist, a new user account is created using the provided
emailandname.
{
"email": "[email protected]",
"name": "John Doe"
}{
"success": true,
"_id": "user_id_here",
"name": "John Doe",
"email": "[email protected]",
"token": "jwt_token_here",
"emailVerified": true
}{
"success": true,
"_id": "new_user_id_here",
"name": "John Doe",
"email": "[email protected]",
"token": "jwt_token_here"
}{
"success": false,
"message": "Email and name are required"
}{
"success": false,
"message": "You have Already registered. Use your password to login!"
}{
"success": false,
"message": "Google login failed. Please try again."
}Endpoint: POST /admin
Authentication: Admin (JWT)
Description: Logs in an admin using email and password.
{
"email": "[email protected]",
"password": "adminpassword"
}-
201 Created: Token returned. -
200 OK: Incorrect password. -
404 Not Found: Invalid credentials. -
500 Internal Server Error: Server error.
Endpoint: POST /admin/changePassword
Authentication: Admin (JWT)
Description: Changes admin password (requires authentication).
Authorization: Bearer <admin_token>{
"currentPassword": "oldpassword",
"newPassword": "newsecurepassword"
}-
200 OK: Password changed. -
400 Bad Request: Invalid admin ID. -
401 Unauthorized: Wrong current password. -
500 Internal Server Error: Server error.
Endpoint: POST /userInfo
Authentication: User (JWT)
Description: Fetches basic user profile (name, email).
Authorization: Bearer <user_token>-
200 OK: User profile returned. -
404 Not Found: User not found. -
500 Internal Server Error: Server error.
INTERNAL
This function is run internally on server start to create a default admin using environment variables:
ADMIN_EMAIL=[email protected]
ADMIN_PASSWORD=yourpassword/api/user
Make sure you have the following environment variables defined in your .env file:
EMAIL_USER=[email protected]
EMAIL_PASS=your_email_passwordEndpoint: POST /verifyEmail
Description: Sends an OTP to a registered user's email address for email verification.
Request Body:
{
"email": "[email protected]"
}Response:
-
200 OK: OTP sent successfully. -
404 Not Found: User not found. -
500 Internal Server Error: Server error.
{
"success": true,
"message": "OTP sent successfully"
}Endpoint: POST /forgotPassword
Description: Sends an OTP to a registered user's email address for password reset.
Request Body:
{
"email": "[email protected]"
}Response:
-
200 OK: OTP sent successfully. -
404 Not Found: User not found. -
500 Internal Server Error: Server error.
{
"success": true,
"message": "OTP sent successfully"
}Endpoint: POST /verify?otpFor=email|password
Description: Verifies an OTP for either email verification or password reset.
Request Body:
{
"email": "[email protected]",
"otp": "123456"
}Query Parameter:
-
otpFor: Specify"email"or"password".
Response:
{
"result": {
"valid": true
}
}Endpoint: POST /resetPassword
Description: Resets the user's password if OTP is already verified.
Request Body:
{
"email": "[email protected]",
"newPassword": "newSecurePassword123"
}Response:
-
400 Bad Request: Invalid Email. -
404 Not Found: User not found. -
500 Internal Server Error: Server error.
{
"success": true,
"message": "Password reset"
}-
generateOTP()- Generates a 6-digit OTP using crypto. -
storeOTP(email, otp, otpFor)- Stores OTP with expiration (2 minutes). -
verifyOTP(email, otp, otpFor)- Validates the OTP. -
resetPass(email, newPassword)- Validates OTP and resets the password. -
sendOTPEmail({ email, otp, purpose })- Sends OTP email via Gmail SMTP. -
processOTPRequest({ email, otpFor, res })- Handles OTP logic for both verification and password reset.
- OTP expires after 2 minutes.
- Password must be at least 8 characters.
- OTP is stored in a separate
OTPMongoDB collection. - Make sure
EMAIL_USERandEMAIL_PASScredentials are enabled for less secure apps or app password is used.
/api/product
Endpoint: POST /add
Authentication: Admin (JWT)
Description: Adds a new product with optional multiple images.
Form Data Parameters:
-
name(string, required) -
description(string, required) -
price(number, required) -
sellingPrice(number, required) -
category(string, required) -
subCategory(string, optional) -
sizes(JSON array as string, required) -
bestSeller(boolean, optional) -
image1,image2,image3,image4(files, optional)
Success Response:
-
200 OKβ
{
"success": "true",
"message": "Product added"
}-
500 Internal Server Error: Server error.
Endpoint: POST /updateProduct
Authentication: Admin (JWT)
Description: Updates an existing product.
Body Parameters:
-
productId(string, required) -
name,description,price,sellingPrice,category,subCategory,sizes,bestSeller
Success Response:
-
200 OKβ
{
"success": "true",
"message": "Product updated"
}-
500 Internal Server Error: Server error.
Endpoint: GET /list
Description: Retrieves paginated list of products with filtering and sorting.
Query Parameters:
-
page(number, default: 1) -
limit(number, default: 20) -
category(comma-separated string) -
subCategory(comma-separated string) -
sort(string: "lowHigh" or "highLow")
Success Response:
-
200 OKβ
{
"success": true,
"products": [],
"totalProducts": 2,
"totalPages": 1,
"currentPage": 1
}-
500 Internal Server Error: Server error.
Endpoint: POST /remove
Authentication: Admin (JWT)
Description: Removes a product by ID.
Body Parameters:
-
id(string, required)
Success Response:
-
200 OKβ
{
"success": "true",
"message": "Product removed"
}-
500 Internal Server Error: Server error.
Endpoint: GET /single
Description: Retrieves a product by ID.
Body Parameters:
-
productId(string, required)
Success Response:
-
200 OKβ
{
"success": "true",
"product": { ... }
}-
500 Internal Server Error: Server error.
Endpoint: GET /search
Description: Searches products by name with filters.
Query Parameters:
-
search(string, required) -
page,limit,category,subCategory,sortβ same as/list
Success Response:
-
200 OKβ
{
"success": true,
"products": [],
"totalProducts": 2,
"totalPages": 1,
"currentPage": 1
}-
500 Internal Server Error: Server error.
/api/order
- All endpoints require authentication via a
Bearer Token. - For Admin-specific routes, token must belong to an authenticated Admin.
Endpoint: POST /place
Authentication: User(JWT)
Description: Place an order with Cash on Delivery (COD).
Authorization: Bearer <userToken>
{
"items": [
{
"name": "Product Name",
"price": 100,
"quantity": 1,
"size": "M"
}
],
"amount": 200,
"address": {
"email": "[email protected]",
"street": "123 Main St",
"city": "Dhaka"
}
}-200 -
{
"success": true,
"message": "Order Placed"
}Endpoint: POST /stripe
Authentication: User(JWT)
Description: Place an order with Stripe Payment.
Authorization: Bearer <userToken>Origin: <frontend_url>
Same as /place endpoint.
200 -
{
"success": true,
"session_url": "https://checkout.stripe.com/..."
}Endpoint: POST /verifyStripe
Authentication: User(JWT)
Description: Verify Stripe payment success or cancellation.
Authorization: Bearer <userToken>
{
"orderId": "<order_id>",
"success": "true"
}200 -
{
"success": true
}200 -
{
"success": false
}Endpoint: POST /list
Authentication: Admin(JWT)
Description: Fetch all orders (Admin only)..
Authorization: Bearer <adminToken>
-
page(optional, default: 1) -
limit(optional, default: 20)
200-
{
"success": true,
"orders": [...],
"totalOrders": 100,
"totalPages": 5,
"currentPage": 1
}Endpoint: POST /userorders
Authentication: User(JWT)
Description: Fetch orders of the currently logged-in user.
Authorization: Bearer <userToken>
{
"success": true,
"orders": [...]
}Endpoint: POST /status
Authentication: Admin(JWT)
Description: Update order status and notify the user via email.
Authorization: Bearer <adminToken>
{
"orderId": "<order_id>",
"status": "Packing"
}β Allowed statuses:
- Order placed
- Packing
- Shipped
- Out for delivery
- Delivered
200 -
{
"success": true,
"message": "Status Updated"
}All endpoints return:
{
"success": false,
"message": "Error description"
}When order status is updated, a styled email is sent to the customer using nodemailer with:
- Product info
- Price
- Order status
- Delivery date
ROUTE: api/review
Endpoint: GET /allReview
Description: Get all review of product.
Query Parameters:
-
productId(string) - Required. The ID of the product to fetch reviews for.
200 OK -
{
"success": "true",
"reviews": [
{
"_id": "...",
"productId": "...",
"email": "[email protected]",
"rating": 4,
"comment": "Great product!",
"createdAt": "...",
"updatedAt": "..."
},
...
]
}500 Internal Server Error
{
"error": "Internal server error"
}Endpoint: post /addReview
Authentication: User(JWT)
Description: Add a Review for a Product.
Request Body:
{
"productId": "...",
"email": "[email protected]",
"rating": 5,
"comment": "Amazing quality!"
}200 OK -
{
"success": "true",
"savedReview": {
"_id": "...",
"productId": "...",
"email": "[email protected]",
"rating": 5,
"comment": "Amazing quality!",
"createdAt": "...",
"updatedAt": "..."
}
}500 Internal Server Error -
{
"message": "Error message details"
}- The
ratingfield is typically expected to be a number (e.g., 1-5). - The review timestamps (
createdAt,updatedAt) are automatically generated by Mongoose if timestamps are enabled in the model.
Some routes require authentication via Bearer Token.
Header Format:
Authorization: Bearer <your_token>/api/cart
Endpoint: POST /add
Authentication: User(JWT)
Description: Add to cart .
{
"itemId": "string",
"size": "string"
}200 OK -
{
"success": true,
"message": "Added to cart"
}400 Bad Request -
{
"success": false,
"message": "Invalid userId"
}Endpoint: POST /update
Authentication: User(JWT)
Description: Update Cart data .
{
"itemId": "string",
"size": "string",
"quantity": number
}200 OK -
{
"success": true,
"message": "Cart updated"
}Endpoint: POST /get
Authentication: User(JWT)
Description: Get user Cart data .
{
"userId": "string"
}200 OK -
{
"success": true,
"cartData": {
"itemId": {
"size": quantity
}
},
"name": "User's Name"
}400 Bad Request -
{
"success": false,
"message": "Invalid userId"
}| Code | Description |
|---|---|
| 200 | Request successful but validation failed |
| 201 | Resource created |
| 400 | Invalid input / ID |
| 401 | Unauthorized |
| 404 | Not found |
| 500 | Server error |