Skip to content

🌍 Natours 2025 – A sleek and powerful tour booking web app built with modern JavaScript (ES6+), Node.js, Express, and MongoDB. Reimagined from the ground up for better performance, cleaner code architecture, and real-world scalability. Includes features like secure authentication, advanced filtering, user reviews, and role-based access control.

Notifications You must be signed in to change notification settings

gsharma101/Natours-API

Repository files navigation

🏞️ Natours API

A robust RESTful API for managing tour-related data like locations, users, bookings, and reviews. Built using the Node.js + Express + MongoDB stack and designed for scalability, security, and performance.


πŸ“¦ Technologies Used

  • Node.js
  • Express.js
  • MongoDB + Mongoose
  • dotenv (Environment config)
  • JWT Authentication
  • Multer + Sharp (Image uploads)
  • Stripe API (for payments)
  • Swagger/OpenAPI (optional docs)
  • Mongoose Aggregation, Geospatial queries
  • Helmet, Rate Limiting, Data Sanitization (Security)

πŸ“ Folder Structure

natours-api/
β”œβ”€β”€ controllers/        β†’ Business logic for routes
β”œβ”€β”€ models/             β†’ Mongoose schemas for Tour, User, Review
β”œβ”€β”€ routes/             β†’ Express routes (modular)
β”œβ”€β”€ utils/              β†’ Custom error handlers, helpers
β”œβ”€β”€ public/             β†’ Static assets
β”œβ”€β”€ config.env          β†’ Environment variables
β”œβ”€β”€ app.js              β†’ Express app config
β”œβ”€β”€ server.js           β†’ App entry point
└── README.md           β†’ Project documentation

πŸš€ Getting Started

πŸ”§ 1. Clone the repo

git clone https://github.com/your-username/natours-api.git
cd natours-api

πŸ“¦ 2. Install dependencies

npm install

πŸ” 3. Create .env file

NODE_ENV=development
PORT=3000

# If you are using mongodb Atlas
DATABASE=mongodb+srv://<USERNAME>:<PASSWORD>@cluster0.nod8l.mongodb.net/<DATABASE_NAME>?retryWrites=true&w=majority
# If you are using mongodb in your local pc
DATABASE_LOCAL=mongodb://127.0.0.1:27017/<DATABASE_NAME>

# You can keep passsword ans username empty if you are using it on your local pc
DATABASE_USERNAME=your actual username
DATABASE_PASSWORD=your actual aassword
DATABASE_NAME=your actual database name

JWT_SECRET=my-ultra-secure-and-ultra-long-secret
JWT_EXPIRES_IN=90d
JWT_COOKIE_EXPIRES_IN=90

EMAIL_USERNAME=
EMAIL_PASSWORD=
EMAIL_HOST=
EMAIL_PORT=

EMAIL_FROM=

▢️ 4. Run in development

npm run start:dev

For production:

npm start

πŸ§ͺ Scripts

npm run start         # Start app in production
npm run start:dev     # Start app in development with nodemon
npm test              # Run test suite (if implemented)

πŸ”— API Routes Overview

Method Endpoint Description
GET /api/v1/tours Get all tours
GET /api/v1/tours/:id Get a tour by ID
POST /api/v1/tours Create a new tour
PATCH /api/v1/tours/:id Update an existing tour
DELETE /api/v1/tours/:id Delete a tour
POST /api/v1/users/signup Create new user account
POST /api/v1/users/login Login user
GET /api/v1/users/me Get current user profile

Swagger-style docs (if set up):
πŸ‘‰ http://localhost:3000/api-docs


πŸ“Έ File Uploads

  • Upload user and tour images using Multer
  • Images resized using Sharp

πŸ›‘οΈ Security Features

  • HTTP headers using Helmet
  • Rate limiting (100 reqs/hour)
  • Data sanitization against NoSQL injection
  • XSS protection
  • CORS enabled

🌐 Deployment

You can deploy this API to platforms like:

  • Render
  • Railway
  • Heroku (legacy)
  • Vercel (as backend functions)

Make sure to configure config.env and database access accordingly.


βœ… Testing

Add your test cases using tools like:

  • Mocha + Chai
  • Supertest (for HTTP testing)

Example:

npm install --save-dev mocha chai supertest

πŸ“„ License

Licensed under the MIT License.


πŸ‘¨β€πŸ’» Author

Gaurav Sharma β€” @gsharma101


πŸ™Œ Support

Give this repo a ⭐️ if you found it helpful!

About

🌍 Natours 2025 – A sleek and powerful tour booking web app built with modern JavaScript (ES6+), Node.js, Express, and MongoDB. Reimagined from the ground up for better performance, cleaner code architecture, and real-world scalability. Includes features like secure authentication, advanced filtering, user reviews, and role-based access control.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published