A robust RESTful API for managing tour-related data like locations, users, bookings, and reviews. Built using the Node.js + Express + MongoDB stack and designed for scalability, security, and performance.
- Node.js
- Express.js
- MongoDB + Mongoose
- dotenv (Environment config)
- JWT Authentication
- Multer + Sharp (Image uploads)
- Stripe API (for payments)
- Swagger/OpenAPI (optional docs)
- Mongoose Aggregation, Geospatial queries
- Helmet, Rate Limiting, Data Sanitization (Security)
natours-api/
βββ controllers/ β Business logic for routes
βββ models/ β Mongoose schemas for Tour, User, Review
βββ routes/ β Express routes (modular)
βββ utils/ β Custom error handlers, helpers
βββ public/ β Static assets
βββ config.env β Environment variables
βββ app.js β Express app config
βββ server.js β App entry point
βββ README.md β Project documentation
git clone https://github.com/your-username/natours-api.git
cd natours-api
npm install
NODE_ENV=development
PORT=3000
# If you are using mongodb Atlas
DATABASE=mongodb+srv://<USERNAME>:<PASSWORD>@cluster0.nod8l.mongodb.net/<DATABASE_NAME>?retryWrites=true&w=majority
# If you are using mongodb in your local pc
DATABASE_LOCAL=mongodb://127.0.0.1:27017/<DATABASE_NAME>
# You can keep passsword ans username empty if you are using it on your local pc
DATABASE_USERNAME=your actual username
DATABASE_PASSWORD=your actual aassword
DATABASE_NAME=your actual database name
JWT_SECRET=my-ultra-secure-and-ultra-long-secret
JWT_EXPIRES_IN=90d
JWT_COOKIE_EXPIRES_IN=90
EMAIL_USERNAME=
EMAIL_PASSWORD=
EMAIL_HOST=
EMAIL_PORT=
EMAIL_FROM=
npm run start:dev
For production:
npm start
npm run start # Start app in production
npm run start:dev # Start app in development with nodemon
npm test # Run test suite (if implemented)
Method | Endpoint | Description |
---|---|---|
GET | /api/v1/tours |
Get all tours |
GET | /api/v1/tours/:id |
Get a tour by ID |
POST | /api/v1/tours |
Create a new tour |
PATCH | /api/v1/tours/:id |
Update an existing tour |
DELETE | /api/v1/tours/:id |
Delete a tour |
POST | /api/v1/users/signup |
Create new user account |
POST | /api/v1/users/login |
Login user |
GET | /api/v1/users/me |
Get current user profile |
Swagger-style docs (if set up):
π http://localhost:3000/api-docs
- Upload user and tour images using
Multer
- Images resized using
Sharp
- HTTP headers using
Helmet
- Rate limiting (100 reqs/hour)
- Data sanitization against NoSQL injection
- XSS protection
- CORS enabled
You can deploy this API to platforms like:
- Render
- Railway
- Heroku (legacy)
- Vercel (as backend functions)
Make sure to configure
config.env
and database access accordingly.
Add your test cases using tools like:
- Mocha + Chai
- Supertest (for HTTP testing)
Example:
npm install --save-dev mocha chai supertest
Licensed under the MIT License.
Gaurav Sharma β @gsharma101
Give this repo a βοΈ if you found it helpful!