A comprehensive backend API for an online course marketplace with separate admin and user authentication, built with Express.js and MongoDB.
Topics: course-selling marketplace backend mongodb express jwt nodejs rest-api e-learning
- Dual Authentication System: Separate signup/signin for admins and users
- Course Management: Admins can create, update, and manage courses
- Course Marketplace: Users can browse and purchase courses
- Purchase System: Complete purchase tracking and history
- JWT Authentication: Secure token-based authentication for both user types
- Password Security: Bcrypt password hashing
- Input Validation: Comprehensive validation with Zod
- MongoDB Integration: Efficient data storage with Mongoose ODM
- Express.js - Backend server
- MongoDB - Database
- Mongoose - MongoDB ODM
- JWT - Authentication
- Bcrypt - Password hashing
- Zod - Input validation
- Nodemon - Development server
course-selling-app/
├── index.js # Main server & routes setup
├── db.js # Database models & connection
├── package.json # Dependencies & scripts
├── .env # Environment variables
├── .env.example # Environment template
├── .gitignore # Git ignore rules
├── middleware/
│ ├── admin.js # Admin authentication middleware
│ └── user.js # User authentication middleware
└── routes/
├── admin.js # Admin-specific routes
├── course.js # Course browsing & purchase routes
└── users.js # User-specific routes
-
Clone the repository
git clone <repository-url> cd course-selling-app
-
Install dependencies
npm install
-
Set up environment variables
cp .env.example .env # Edit .env file with your values: # DB_URL=your-mongodb-connection-string # JWT_ADMIN_SECRET=your-admin-jwt-secret # JWT_USER_SECRET=your-user-jwt-secret
-
Start the server
# Development npm run dev # Production npm start
-
Server runs on -
http://localhost:3001
| Method | Endpoint | Description |
|---|---|---|
POST |
/admin/signup |
Admin account creation |
POST |
/admin/signin |
Admin login |
POST |
/admin/course |
Create new course |
PUT |
/admin/course |
Update existing course |
GET |
/admin/course/bulk |
Get admin's courses |
| Method | Endpoint | Description |
|---|---|---|
POST |
/user/signup |
User account creation |
POST |
/user/signin |
User login |
GET |
/user/purchases |
Get user's purchases |
| Method | Endpoint | Description |
|---|---|---|
GET |
/course/preview |
Browse all courses |
POST |
/course/purchase |
Purchase a course |
- Email, password, firstName, lastName
- JWT authentication with separate secrets for admin/user
- Title, description, price, imageUrl, creatorId
- Created and managed by admins
- Links users to purchased courses
- Tracks purchase history with timestamps
- Admin creates account with email validation
- Admin signs in and receives JWT token
- Admin can create, update, and manage courses
- Admin can view all their created courses
- User creates account with email validation
- User signs in and receives JWT token
- User can browse all available courses
- User can purchase courses
- User can view their purchase history with course details
- Separate JWT secrets for admin and user authentication
- Password hashing with bcrypt for secure storage
- Token-based authentication for all protected routes
- Middleware protection for admin and user-specific endpoints
- Admins can create courses with title, description, price, and image
- Course updates are restricted to the creator
- Bulk retrieval of admin's courses
- Users can purchase any available course
- Purchase history with populated course details
- Prevents duplicate purchases (can be enhanced)
- Input validation with Zod schemas
- Password complexity requirements
- Separate authentication contexts for admins and users
# Run in development mode with auto-restart
npm run dev
# Run tests (when implemented)
npm testDB_URL=mongodb://localhost:27017/course-selling-app
JWT_ADMIN_SECRET=your-super-secret-admin-key
JWT_USER_SECRET=your-super-secret-user-keyBuilt with ❤️ by Sahil Singh