A RESTful API for managing personal notes with user authentication, built using Express.js, MongoDB, and Passport.js.
- User Authentication: Register, login, and logout functionality with session management
- Note Management: Full CRUD operations for notes (Create, Read, Update, Delete)
- Search & Filtering: Search notes by title, filter by tags
- Pagination: Paginated results for better performance
- Security: Helmet for security headers, XSS protection, input sanitization
- Validation: Joi schema validation for input data
- Error Handling: Comprehensive error handling with custom error classes
- Backend: Node.js, Express.js
- Database: MongoDB with Mongoose ODM
- Authentication: Passport.js with Local Strategy
- Validation: Joi
- Security: Helmet, XSS-clean, Express Mongo Sanitize
- Session Management: Express Session
- Clone the repository:
git clone https://github.com/DevOlabode/notes_API- Install dependencies:
npm install- Set up environment variables:
Create a
.envfile in the root directory with the following variables:
PORT=3000
SECRET=your-secret-key-here
DATABASE_URL=mongodb://127.0.0.1:27017/notes_API-
Start MongoDB: Make sure MongoDB is running on your system (default:
mongodb://127.0.0.1:27017) -
Run the application:
node index.jsThe API will be available at http://localhost:3000
POST /register
Content-Type: application/json
{
"username": "johndoe",
"email": "john@example.com",
"password": "password123"
}POST /login
Content-Type: application/json
{
"username": "johndoe",
"password": "password123"
}POST /logoutGET /profileAll notes endpoints require authentication.
POST /notes
Content-Type: application/json
{
"title": "My First Note",
"content": "This is the content of my note",
"tags": ["work", "important"],
"isArchived": false,
"isPinned": false
}GET /notes?page=1&limit=10&q=searchTerm&tag=workQuery parameters:
page: Page number (default: 1)limit: Number of notes per page (default: 10)q: Search term for titletag: Filter by tag
GET /notes/:idPUT /notes/:id
Content-Type: application/json
{
"title": "Updated Note Title",
"content": "Updated content",
"tags": ["personal", "updated"],
"isArchived": true,
"isPinned": true
}DELETE /notes/:id{
"success": true,
"count": 5,
"page": 1,
"totalPages": 2,
"toatlNotes": 15,
"data": [...]
}{
"error": "Error message"
}{
email: String (required, unique),
username: String (auto-generated by passport-local-mongoose),
hash: String (password hash),
salt: String (password salt)
}{
title: String (required, max 50 chars),
content: String (required, min 3 chars),
tags: [String] (required),
user: ObjectId (reference to User),
isArchived: Boolean (default: false),
isPinned: Boolean (default: false),
createdAt: Date,
updatedAt: Date
}Notes are validated using Joi schema:
title: 1-50 characters, requiredcontent: Minimum 1 character, requiredtags: Array of strings (max 30 chars each), requiredisArchived: Boolean, optionalisPinned: Boolean, optional
notes-api/
├── index.js # Main application file
├── middleware.js # Custom middleware functions
├── schema.js # Joi validation schemas
├── package.json # Dependencies and scripts
├── models/
│ ├── user.js # User model
│ └── notes.js # Note model
├── routes/
│ ├── auth.js # Authentication routes
│ └── notes.js # Notes CRUD routes
└── utils/
├── catchAsync.js # Async error handler
└── expressError.js # Custom error class
- Helmet: Sets various HTTP headers for security
- XSS Protection: Prevents cross-site scripting attacks
- MongoDB Sanitization: Prevents NoSQL injection
- Session Management: Secure session handling with Passport.js
- Input Validation: Joi schemas validate all incoming data
The API uses custom error handling:
ExpressErrorclass for custom errorscatchAsyncutility for async error handling- Global error handler middleware
- Proper HTTP status codes and error messages
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
This project is licensed under the ISC License.