Enhance Code - Add jwt auth, typescript, documentation, testing (TDD)

.env.sample

@@ -0,0 +1,36 @@
+# 📦 .env.sample
+# Copy this file to .env and fill in the actual values
+# Command: cp .env.sample .env
+
+# === MongoDB Configuration ===
+
+# MongoDB connection URI for development/production environments.
+# Format: mongodb://<username>:<password>@<host>:<port>/<database>
+# Example: mongodb://user:pass@localhost:27017/mydatabase
+MONGO_URL='mongodb://your_username:your_password@host:port/database_name'
+
+# Set the environment
+# NODE_ENV can be 'development', 'production', or 'test'
+# When set to `"test"`, a test database is used, and no `MONGO_URL` is required. This allows for out-of-the-box testing without a live database.
+NODE_ENV=test
+
+# === Notes ===
+# Do NOT use real credentials in this file.
+# In production, make sure this file is excluded from version control.
+# For test, the in-memory MongoDB server will be used automatically if NODE_ENV=test
+
+# === CORS Configuration ===
+# CORS (Cross-Origin Resource Sharing) settings
+# By default, CORS is disabled.
+# Default methods: GET, POST, PUT, DELETE
+ALLOWED_ORIGINS=
+ALLOWED_METHODS=
+ALLOWED_HEADERS=
+
+# === JWT Configuration ===
+# JWT (JSON Web Token) secret key for signing tokens
+# A cryptographically secure secret used to sign and verify JSON Web Tokens (JWTs).
+# This is required for authentication to work correctly.
+# 🔐 Use a long, random string—at least 32 characters, ideally generated using a password manager or Node.js:
+# $ node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"
+JWT_SECRET=

.github/workflows/tests.yml

@@ -0,0 +1,37 @@
+name: Backend Unit Tests
+
+on:
+  push:
+    branches: ["master"]
+  pull_request:
+    branches: ["master"]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [18.x, 20.x, 22.x]
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ matrix.node-version }}
+
+    # Install dependencies (without using lock file)
+    - name: Install dependencies
+      run: npm install
+
+    # Ensure consistent installs with npm ci
+    - name: Run npm ci (ensure clean node_modules)
+      run: npm ci
+
+    - name: Run tests
+      run: npm test
+      env:
+        NODE_ENV: test
+        JWT_SECRET: ${{ secrets.JWT_SECRET }}

.gitignore

@@ -37,6 +37,8 @@ build/Release
 # Dependency directories
 node_modules/
 jspm_packages/
+package-lock.json
+yarn.lock
 
 # Typescript v1 declaration files
 typings/
@@ -67,3 +69,6 @@ typings/
 .elasticbeanstalk/*
 !.elasticbeanstalk/*.cfg.yml
 !.elasticbeanstalk/*.global.yml
+
+# Test Coverage
+coverage

.prettierignore

@@ -0,0 +1,3 @@
+dist
+node_modules
+.github

.prettierrc

@@ -0,0 +1,7 @@
+{
+  "printWidth": 100,
+  "semi": true,
+  "singleQuote": true,
+  "trailingComma": "es5",
+  "arrowParens": "avoid"
+}

.vscode/settings.json

@@ -0,0 +1,6 @@
+{
+  "accessibility.signals.chatRequestSent": {
+    "sound": "off",
+    "announcement": "off"
+  }
+}

README.md

@@ -1,81 +1,54 @@
-# Node.js and Express Tutorial: Building and RESTful APIs
-
-## Requirements
-
-Identify your mongo db url used previously. Ask JR for a shared mongo db url if needed.
-
-We will configure the mongo db url on aws as well as in our local environment.
-
-## Objectives
-
-Be able to do the following:
-
-### AWS
-
-- understand changes required for production deployment to aws
-
-- update your week-10 storefront api for deployment to aws
-
-- deploy your updated repository to aws
-
-- add your mongo db url as an environment variable on aws
-
-### Heroku
-
-- understand heroku deployment
-
-- install the heroku cli
-
-- login to heroku from the cli
-
-- configure environment variables on heroku
-
-## Overview
-
-This readme outlines all of the changes included in this repository that allow aws deployment.
-
-After an overview, you will make changes to your week 10 repository and deploy it to aws.
-
-You will commit your changes to your week 10 repository and create a new PR.
-
-## AWS and Heroku Deployment
-
-New this week is AWS and Heroku deployment and the changes that were made to support the deployment process.
-
-Below we list out changes required from the original development-only version we previously built.
-
-### package.json
-
-- Changed the "start" script to use "node" in place of "nodemon". Nodemon is for development only.
-
-- Added a "dev" script to support using nodemon in development.
-
-- Added a "zip-for-aws" script to zip content for deployment to aws.
-
-- Installed `env-cmd` and `archiver` node modules
-
-`env-cmd` allows us to have a `.env` file in development to configure our MONGO db url safely where the setting is not shared in git.
-
-`archiver` supports a script to run to generate the `zip` file that aws requires for the aws web console upload.
-
-### index.js
-
-- Updated "port" settings to allow the production server to set the port value.
-
-- Added configuration check for MONGO_URL environment variable and start DB only when configured.
-
-### AWS and Heroku
-
-See AWS.md and HEROKU.md
-
-## Previously in the repo
-
-We built this repo in week 10 and then updated it for week 12 as an introduction to connecting an express node app to a mongo database.
-
-This app was configured originally only for development and required additional work this week for production readiness.
-
-Previous versions:
-
-- Week 10: <https://github.com/SummerOfCode2020/week-10-store-manager-api>
-
-- Week 12: <https://github.com/SummerOfCode2020/week-12-store-manager-api>
+# Node.js and Express Backend
+
+[![Backend API - CI Tests](https://github.com/pakeku/backend-api/actions/workflows/tests.yml/badge.svg)](https://github.com/pakeku/backend-api/actions/workflows/tests.yml)
+[![Known Vulnerabilities](https://snyk.io/test/github/pakeku/backend-api/badge.svg)](https://snyk.io/test/github/pakeku/backend-api)
+[![code Style: Prettier](https://img.shields.io/badge/code_style-prettier-ff69b4.svg?style=flat&logo=prettier)](https://prettier.io/)
+[![ESLint](https://img.shields.io/badge/linting-eslint-blue.svg?style=flat&logo=eslint)](https://eslint.org/)
+[![TypeScript](https://img.shields.io/badge/language-typescript-blue.svg?style=flat&logo=typescript)](https://www.typescriptlang.org/)
+[![Swagger UI](https://img.shields.io/badge/docs-Swagger_UI-blue?logo=swagger)](http://localhost:3000/api-docs)
+
+## Configuration
+
+You can define your environmental variables in a `.env` file at the root of the project. (Start by copying `.env.sample` → `.env`).\
+**⚠️ Important:** Never commit your `.env` file to version control.
+
+| Variable          | Required   | Description                                                                                          | Example                                                                                         |
+| ----------------- | ---------- | ---------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------- |
+| `MONGO_URL`       | ✅ Yes     | Connection string for MongoDB. Obtain this from your MongoDB provider.                               | `mongodb+srv://<username>:<password>@<cluster-url>/<database-name>?retryWrites=true&w=majority` |
+| `PORT`            | ❌ No      | Port for the Express server to listen on. Defaults to `3000`.                                        | `8080`                                                                                          |
+| `ALLOWED_ORIGINS` | ❌ No      | Comma-separated list of allowed origins for CORS.                                                    | `http://localhost:3000,https://your-frontend.com`                                               |
+| `ALLOWED_METHODS` | ❌ No      | Comma-separated list of allowed HTTP methods for CORS.                                               | `GET,POST,PUT,DELETE`                                                                           |
+| `ALLOWED_HEADERS` | ❌ No      | Comma-separated list of allowed request headers for CORS.                                            | `Content-Type,Authorization`                                                                    |
+| `NODE_ENV`        | ⚠️ Depends | Application environment: `development`, `production`, or `test`. `MONGO_URL` not required in `test`. | `development`                                                                                   |
+| `JWT_SECRET`      | ✅ Yes     | Secret key used for signing/verifying JWTs. Must be secure and private.                              | `Use: node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"`                 |
+
+## Getting Started
+
+1. Install Dependencies
+
+```bash
+npm run install
+```
+
+2. Create .env file and gather your variable values.
+
+```bash
+cp .env.sample .env
+```
+
+3. Run script:
+
+```json
+"scripts": {
+    "prebuild":"rm -rf dist",
+    "build":"tsc",
+    "start": "node ./src/index.js",
+    "dev": "env-cmd nodemon ./src/index.ts",
+    "test": "jest",
+    "test:watch": "jest --watch",
+    "lint": "eslint . --ext .ts",
+    "lint:fix": "eslint . --ext .ts --fix",
+    "lint:check": "eslint . --ext .ts --no-ignore",
+    "format": "prettier --write ."
+  }
+```