A RESTful API for managing events, user authentication, and RSVPs built with TypeScript, Node.js, Express, and MongoDB.
- Node.js (v14 or higher)
- MongoDB (v4.4 or higher)
- npm or yarn
- Clone the repository:
git clone https://github.com/yourusername/event-management-API.git cd event-management-API - Install dependencies:
npm install
- Create a
.envfile in the root directory and add your MongoDB connection string:MONGODB_URI=mongodb://localhost:27017/event-management JWT_SECRET=your_jwt_secret PORT=3000
- Start the server:
npm start
- The API will be available at
http://localhost:3000. - Database Seeding
To populate the database with initial data for testing and development:
# Seed the database using the default environment
npm run seedThe seed script creates:
5 users (including an admin user) 6 events of different categories 8 RSVPs with different statuses
Admin user credentials:
Email: admin@example.com Password: admin123
Regular user credentials:
Email: john@example.com, jane@example.com, etc. Password: password123
- Run tests:
npm test
Authentication Endpoints
Register a new user:
POST /api/auth/registerRequest Body:
{
"name": "John Doe",
"email": "john@example.com",
"password": "password123"
}Response (201 Created):
{
"message": "User registered successfully"
}Login a user:
POST /api/auth/loginRequest Body:
{
"email": "john@example.com",
"password": "password123"
}Response (200 OK):
json
{
"user": {
"id": "60d21b4667d0d8992e610c85",
"name": "John Doe",
"email": "john@example.com"
},
"tokens": {
"accessToken": "jwt-token-string",
"refreshToken": "refresh-token-string"
}
}
Get current user:
GET /api/auth/meHeaders:
Authorization: Bearer jwt-token-stringResponse (200 OK):
{
"id": "60d21b4667d0d8992e610c85",
"name": "John Doe",
"email": "john@example.com"
}Logout a user:
POST /api/auth/logoutResponse (200 OK):
{
"message": "User logged out successfully"
}Get all events:
GET /api/event?page=1&limit=10&category=workshop&location=San+Francisco&date=2025-10-15Response (200 OK):
{
"events": [
{
"id": "60d21b4667d0d8992e610c86",
"title": "JavaScript Workshop",
"description": "Learn about the latest JavaScript features",
"date": "2025-04-05T14:00:00.000Z",
"location": "New York City Tech Hub",
"organizer": "60d21b4667d0d8992e610c85",
"category": "workshop",
"maxAttendees": 50,
"attendees": ["60d21b4667d0d8992e610c87"]
}
],
"pagination": {
"total": 6,
"page": 1,
"limit": 10,
"pages": 1
}
}Get a specific event:
GET /api/event/:idResponse (200 OK):
{
"id": "60d21b4667d0d8992e610c86",
"title": "JavaScript Workshop",
"description": "Learn about the latest JavaScript features",
"date": "2025-04-05T14:00:00.000Z",
"location": "New York City Tech Hub",
"organizer": {
"id": "60d21b4667d0d8992e610c85",
"name": "John Doe"
},
"category": "workshop",
"maxAttendees": 50,
"attendees": [
{
"id": "60d21b4667d0d8992e610c87",
"name": "Jane Smith"
}
]
}Create a new event:
POST /api/eventHeaders:
Authorization: Bearer jwt-token-stringRequest Body:
{
"title": "Tech Conference 2025",
"description": "Annual technology conference",
"date": "2025-10-15T10:00:00Z",
"location": "Convention Center",
"maxAttendees": 500,
"category": "conference"
}Response (201 Created):
{
"id": "60d21b4667d0d8992e610c88",
"title": "Tech Conference 2025",
"description": "Annual technology conference",
"date": "2025-10-15T10:00:00.000Z",
"location": "Convention Center",
"organizer": {
"id": "60d21b4667d0d8992e610c85",
"name": "John Doe"
},
"category": "conference",
"maxAttendees": 500,
"attendees": []
}Update an event:
PUT /api/event/:idHeaders:
Authorization: Bearer jwt-token-stringRequest Body:
{
"title": "Updated Event Title",
"description": "Updated event description"
}Response (200 OK):
{
"id": "60d21b4667d0d8992e610c88",
"title": "Updated Event Title",
"description": "Updated event description",
"date": "2025-10-15T10:00:00.000Z",
"location": "Convention Center",
"organizer": {
"id": "60d21b4667d0d8992e610c85",
"name": "John Doe"
},
"category": "conference",
"maxAttendees": 500,
"attendees": []
}Delete an event:
DELETE /api/event/:idHeaders:
Authorization: Bearer jwt-token-stringResponse (204 No Content):
{
"message": "Event deleted successfully"
}RSVP to an event:
POST /api/event/:id/rsvpHeaders:
Authorization: Bearer jwt-token-stringRequest Body:
{
"status": "attending" // or "maybe" or "declined"
}Response (200 OK):
{
"eventId": "60d21b4667d0d8992e610c88",
"userId": "60d21b4667d0d8992e610c85",
"status": "attending",
"created": "2023-04-19T10:30:00.000Z"
}GET /api/event/:id/attendees
GET /api/event/:id/attendees{
"attendees": [
{
"id": "60d21b4667d0d8992e610c85",
"name": "John Doe",
"rsvpStatus": "attending"
},
{
"id": "60d21b4667d0d8992e610c87",
"name": "Jane Smith",
"rsvpStatus": "maybe"
}
]
}GET events the current user is attending:
GET /api/users/me/eventsHeaders:
Authorization: Bearer jwt-token-stringResponse (200 OK):
{
"events": [
{
"id": "60d21b4667d0d8992e610c88",
"title": "Tech Conference 2025",
"date": "2025-10-15T10:00:00.000Z",
"location": "Convention Center",
"status": "attending"
}
]
}- Framework: Chose Express.js for its simplicity and flexibility in building RESTful APIs.
- Database: MongoDB was selected for its scalability and ease of use with JSON-like documents.
- Authentication: Implemented JWT for stateless authentication, allowing easy scaling and session management.
- Error Handling: Centralized error handling middleware to manage errors consistently across the application.
- Validation: Used Joi for request validation to ensure data integrity and provide clear error messages.
- Testing: Chose Jest for unit and integration testing due to its simplicity and built-in mocking capabilities.
- Environment Variables: Used dotenv for managing environment variables, allowing easy configuration for different environments (development, testing, production).
- Logging: Integrated Winston for logging, providing a structured way to log application events and errors.
- Pagination: Implemented pagination for event listing to improve performance and user experience.
- Separation of Concerns: Organized the codebase into controllers, models, routes, and middleware to maintain a clean architecture and improve maintainability.
- Error handling: currently some routes lack comprehensive error handling, implement centralized error handling middleware to manage errors consistently across the application
- Input validation: currently input sanitization is limited, improve input validation using existing Zod dependency
- TODO: add validation for query parameters and path parameters
- Authentication & Authorization: currently only basic authentication is implemented and automatic setting of HTTP headers using Helmet, add CORS, use HTTPS, implement rate-limiting and input sanitization for bolstering security
- TODO: add JWT Security Headers
- Logging: prominently feature logging using Winston for better monitoring and debugging
- TODO: add separate loggers for different concerns (e.g. services, controllers, etc.)
- API Documentation: currently limited, use Swagger or Postman for comprehensive API documentation, facilitating easier onboarding and collaboration
- Environment management: currently handled locally, use dotenv for managing environment variables, ensuring sensitive information is not hard-coded
- Db schema: currently no explicit schema is illustrated, use dbdiagram.io or MongoDB Compass for visualizing the database schema
- Scalability concerns: improve API to handle increased loads and concurrent users w/ efficient database queries and caching strategies as well as modular code structure
- Plan breakdown into microservices: currently all deployed as a monolith, consider breaking down into microservices for scalability and maintainability
- Extend integration tests: currently limited to schema validation, extend integration tests to cover all endpoints and edge cases
- Plan cloud deployment (CI/CD): currently hosted locally, consider deploying to a cloud provider (e.g., AWS, Azure) for better scalability and availability and defining a CI/CD pipeline using GitHub Actions or CirleCI
- Measure & Improve performance: currently no performance metrics, consider using New Relic or Datadog for monitoring and improving performance