This document outlines the requirements and specifications for implementing the Authentication Module and Inventory Management APIs in the backend of the project.
The project aims to create a web application for local shopkeepers to manage their inventory, customers, purchases, sales, and billing efficiently. The backend plays a critical role in securely managing data and providing reliable APIs for the frontend.
This phase focuses on implementing:
- Authentication Module: Ensures that only authorized users can access the system.
- Inventory Management APIs: Provides functionality for shopkeepers to manage their inventory.
The authentication module ensures secure access to the application by implementing:
- User Registration: New users can sign up.
- User Login: Existing users can log in with their credentials.
- JWT Authentication: Protects routes by issuing JSON Web Tokens to authenticated users.
- Endpoints to Implement:
POST /auth/register- Accepts user details (e.g.,
name,email,password). - Encrypts the password using
bcrypt. - Saves the user in the database.
- Accepts user details (e.g.,
POST /auth/login- Verifies user credentials.
- Issues a JWT token if credentials are valid.
- Middleware:
authMiddleware- Protects API routes by verifying the JWT token.
- Use
bcryptfor password hashing. - Use
jsonwebtokento issue and verify JWT tokens. - Include validation for all input fields (e.g., email format, password strength).
- Store only the hashed password in the database.
- JWT tokens should have an expiration time (e.g., 1 day).
- Users Table:
id: Primary key.name: Full name of the user.email: Unique email of the user.password: Encrypted password.created_at: Timestamp of user registration.
The inventory management module allows shopkeepers to:
- Add new products to their inventory.
- Edit product details.
- Delete products.
- Retrieve a list of all products.
- Endpoints to Implement:
POST /products- Adds a new product to the inventory.
- Fields:
name,quantity,price,supplier,description(optional).
GET /products- Retrieves all products in the inventory.
PUT /products/:id- Updates details of an existing product.
- Fields:
name,quantity,price,supplier,description.
DELETE /products/:id- Deletes a product from the inventory.
- Use input validation to ensure correct data types and mandatory fields.
- Handle errors such as invalid product IDs or duplicate product names.
- Ensure secure operations by protecting endpoints with
authMiddleware.
- Products Table:
id: Primary key.name: Name of the product.quantity: Quantity available.price: Price per unit.supplier: Supplier name or ID.description: Optional field for product details.created_at: Timestamp of product creation.updated_at: Timestamp of the last update.
- Create
authMiddlewareto verify JWT tokens for protected routes. - Create utility functions for password hashing (
bcrypt.hash) and token generation (jsonwebtoken.sign).
- Develop the
POST /auth/registerandPOST /auth/loginendpoints. - Test user registration and login flows using
Postman.
- Develop CRUD operations for the
/productsendpoint. - Test each endpoint for different scenarios (e.g., successful addition, invalid data).
- Test all API endpoints using
PostmanorSwagger. - Add unit tests for key functions and integration tests for endpoints.
- Functional authentication module (register, login, JWT-based protection).
- Functional inventory management APIs (add, edit, delete, retrieve products).
- API documentation for all implemented endpoints (using Swagger/OpenAPI).
- Unit and integration tests for critical features.
- Ensure code readability and maintainability by adhering to best practices.
- Log errors and critical events for easier debugging.
- Update the
Product Feature Tracker.mdafter completing each feature.