Merge pull request #1299 from Code-A2Z/avdhesh/postman-docs

Creating Code A2Z API Postman Docs

Author: Avdhesh-Varshney

client/package-lock.json

@@ -1,16 +1,24 @@
 # Server Environment Variables
 PORT=8000
-NODE_ENV=production # Change to 'development' for local development
+NODE_ENV=production # Change to 'development' for development environment
 VITE_SERVER_DOMAIN=https://code-a2z-server.vercel.app
+
+# Database Configuration
 MONGODB_URL=mongodb://localhost:27017/code-a2z
+
+# Authentication Configuration
 JWT_SECRET_ACCESS_KEY=
-JWT_EXPIRES_IN=7D
+JWT_ACCESS_EXPIRES_IN=15m
+JWT_ACCESS_EXPIRES_IN_NUM=900000
+JWT_SECRET_REFRESH_KEY=
+JWT_REFRESH_EXPIRES_IN=7D
+JWT_REFRESH_EXPIRES_IN_NUM=604800000
 
 # Cloudinary Configuration (for media uploads)
 CLOUDINARY_CLOUD_NAME=
 CLOUDINARY_API_KEY=
 CLOUDINARY_API_SECRET=
 
-# Email Configuration (Gmail)
+# Admin Credentials (for sending emails)
 ADMIN_EMAIL=
-ADMIN_PASSWORD=
+RESEND_API_KEY=

docs/Code A2Z.postman_collection.json

@@ -1,16 +1,18 @@
 import { v2 as cloudinary } from 'cloudinary';
 
+import { NodeEnv } from '../typings/index.js';
 import {
   CLOUDINARY_CLOUD_NAME,
   CLOUDINARY_API_KEY,
   CLOUDINARY_API_SECRET,
+  NODE_ENV,
 } from '../config/env.js';
 
 cloudinary.config({
   cloud_name: CLOUDINARY_CLOUD_NAME,
   api_key: CLOUDINARY_API_KEY,
   api_secret: CLOUDINARY_API_SECRET,
-  secure: true,
+  secure: NODE_ENV === NodeEnv.PRODUCTION,
 });
 
 export default cloudinary;

server/.env.example

@@ -7,26 +7,34 @@ dotenv.config();
 export const PORT = process.env.PORT || 8000;
 export const NODE_ENV = process.env.NODE_ENV || 'development';
 export const VITE_SERVER_DOMAIN =
-    process.env.VITE_SERVER_DOMAIN || 'https://code-a2z-server.vercel.app';
+  process.env.VITE_SERVER_DOMAIN || 'https://code-a2z-server.vercel.app';
 
 // MongoDB Configuration
 export const MONGODB_URL =
-    process.env.MONGODB_URL || 'mongodb://localhost:27017/code-a2z';
+  process.env.MONGODB_URL || 'mongodb://localhost:27017/code-a2z';
 
 // JWT Configuration
 export const JWT_SECRET_ACCESS_KEY =
-    process.env.JWT_SECRET_ACCESS_KEY || 'default_secret_key';
-export const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || '7D';
+  process.env.JWT_SECRET_ACCESS_KEY || 'default_secret_key';
+export const JWT_ACCESS_EXPIRES_IN = process.env.JWT_ACCESS_EXPIRES_IN || '15m';
+export const JWT_ACCESS_EXPIRES_IN_NUM =
+  process.env.JWT_ACCESS_EXPIRES_IN_NUM || 15 * 60 * 1000; // 15 minutes in ms
+
+export const JWT_SECRET_REFRESH_KEY =
+  process.env.JWT_SECRET_REFRESH_KEY || 'default_refresh_secret_key';
+export const JWT_REFRESH_EXPIRES_IN =
+  process.env.JWT_REFRESH_EXPIRES_IN || '7d';
+export const JWT_REFRESH_EXPIRES_IN_NUM =
+  process.env.JWT_REFRESH_EXPIRES_IN_NUM || 7 * 24 * 60 * 60 * 1000; // 7 days in ms
 
 // Cloudinary Configuration (for media uploads)
 export const CLOUDINARY_CLOUD_NAME =
-    process.env.CLOUDINARY_CLOUD_NAME || 'admin';
+  process.env.CLOUDINARY_CLOUD_NAME || 'admin';
 export const CLOUDINARY_API_KEY = process.env.CLOUDINARY_API_KEY || 'admin';
 export const CLOUDINARY_API_SECRET =
-    process.env.CLOUDINARY_API_SECRET || 'admin';
+  process.env.CLOUDINARY_API_SECRET || 'admin';
 
 //  Resend / Email Configuration
-export const ADMIN_EMAIL =
-  process.env.ADMIN_EMAIL || "dev.admin@example.com";
+export const ADMIN_EMAIL = process.env.ADMIN_EMAIL || 'dev.admin@example.com';
 export const RESEND_API_KEY =
-  process.env.RESEND_API_KEY || "dev_resend_key_abc123";
+  process.env.RESEND_API_KEY || 'dev_resend_key_abc123';

server/package-lock.json

@@ -1,8 +1,8 @@
-import { Resend } from "resend";
-import { RESEND_API_KEY } from "./env.js";
+import { Resend } from 'resend';
+import { RESEND_API_KEY } from './env.js';
 
 if (!RESEND_API_KEY) {
-  throw new Error("Resend API key is not set in environment variables.");
+  throw new Error('Resend API key is not set in environment variables.');
 }
 
 const resend = new Resend(RESEND_API_KEY);

server/src/config/cloudinary.js

@@ -4,6 +4,6 @@ export const COLLECTION_NAMES = {
   PROJECTS: 'projects',
   COMMENTS: 'comments',
   NOTIFICATIONS: 'notifications',
-  COLLABORATORS: 'collaborators',
+  COLLABS: 'collabs',
   COLLECTIONS: 'collections',
 };

server/src/config/env.js

@@ -3,50 +3,69 @@ import jwt from 'jsonwebtoken';
 
 import User from '../../models/user.model.js';
 import Subscriber from '../../models/subscriber.model.js';
-
 import { sendResponse } from '../../utils/response.js';
+import { CookieToken, NodeEnv } from '../../typings/index.js';
 import {
   JWT_SECRET_ACCESS_KEY,
-  JWT_EXPIRES_IN,
+  JWT_SECRET_REFRESH_KEY,
+  JWT_ACCESS_EXPIRES_IN,
+  JWT_REFRESH_EXPIRES_IN,
+  JWT_ACCESS_EXPIRES_IN_NUM,
+  JWT_REFRESH_EXPIRES_IN_NUM,
   NODE_ENV,
 } from '../../config/env.js';
-import { NodeEnv } from '../../typings/index.js';
+
+// Helper function to generate both tokens
+const generateTokens = payload => {
+  const accessToken = jwt.sign(payload, JWT_SECRET_ACCESS_KEY, {
+    expiresIn: JWT_ACCESS_EXPIRES_IN || '15m',
+  });
+  const refreshToken = jwt.sign(payload, JWT_SECRET_REFRESH_KEY, {
+    expiresIn: JWT_REFRESH_EXPIRES_IN || '7d',
+  });
+  return { accessToken, refreshToken };
+};
 
 const login = async (req, res) => {
   const { email, password } = req.body;
 
   try {
+    // Check subscriber existence
     const isSubscriber = await Subscriber.exists({ email });
     if (!isSubscriber) {
-      return sendResponse(res, 404, 'error', 'Email not found', null);
+      return sendResponse(res, 404, 'error', 'Email not found');
     }
 
     const user = await User.findOne({
-      'personal_info.email': isSubscriber?._id,
+      'personal_info.email': isSubscriber._id,
     });
     if (!user) {
-      return sendResponse(res, 404, 'error', 'User not found', null);
+      return sendResponse(res, 404, 'error', 'User not found');
     }
 
-    if (!user.personal_info || !user.personal_info.password) {
-      return sendResponse(res, 500, 'error', 'User data is incomplete', null);
+    if (!user.personal_info?.password) {
+      return sendResponse(res, 500, 'error', 'User data is incomplete');
     }
 
     const isMatch = await bcrypt.compare(password, user.personal_info.password);
-    if (!isMatch)
-      return sendResponse(res, 401, 'error', 'Incorrect password', null);
+    if (!isMatch) return sendResponse(res, 401, 'error', 'Incorrect password');
 
-    const payload = { userId: user._id, email: user?.personal_info?.email };
-    const secret = JWT_SECRET_ACCESS_KEY;
-    const options = { expiresIn: JWT_EXPIRES_IN };
+    const payload = { userId: user._id, email: user.personal_info.email };
+    const { accessToken, refreshToken } = generateTokens(payload);
 
-    const token = jwt.sign(payload, secret, options);
+    // Set secure cookies
+    res.cookie(CookieToken.ACCESS_TOKEN, accessToken, {
+      httpOnly: true,
+      secure: NODE_ENV === NodeEnv.PRODUCTION,
+      sameSite: 'strict',
+      maxAge: JWT_ACCESS_EXPIRES_IN_NUM,
+    });
 
-    res.cookie('token', token, {
+    res.cookie(CookieToken.REFRESH_TOKEN, refreshToken, {
       httpOnly: true,
       secure: NODE_ENV === NodeEnv.PRODUCTION,
       sameSite: 'strict',
-      maxAge: 7 * 24 * 60 * 60 * 1000, // 7 days
+      maxAge: JWT_REFRESH_EXPIRES_IN_NUM,
     });
 
     return sendResponse(res, 200, 'success', 'Login successful', user);
@@ -55,8 +74,7 @@ const login = async (req, res) => {
       res,
       500,
       'error',
-      err.message || 'Internal Server Error',
-      null
+      err.message || 'Internal Server Error'
     );
   }
 };

server/src/config/resend.js

@@ -0,0 +1,31 @@
+import { sendResponse } from '../../utils/response.js';
+import { CookieToken, NodeEnv } from '../../typings/index.js';
+import { NODE_ENV } from '../../config/env.js';
+
+const logout = async (req, res) => {
+  try {
+    // Clear both access and refresh cookies
+    res.clearCookie(CookieToken.ACCESS_TOKEN, {
+      httpOnly: true,
+      secure: NODE_ENV === NodeEnv.PRODUCTION,
+      sameSite: 'strict',
+    });
+
+    res.clearCookie(CookieToken.REFRESH_TOKEN, {
+      httpOnly: true,
+      secure: NODE_ENV === NodeEnv.PRODUCTION,
+      sameSite: 'strict',
+    });
+
+    return sendResponse(res, 200, 'success', 'Logged out successfully');
+  } catch (err) {
+    return sendResponse(
+      res,
+      500,
+      'error',
+      err.message || 'Internal Server Error'
+    );
+  }
+};
+
+export default logout;