A secure RESTful E-Commerce backend built with Node.js, Express.js, and MongoDB following the MVC Architecture. The API implements authentication, role-based authorization (RBAC), product management, and shopping cart functionality.
- Register new users
- Login users
- JWT Authentication
- Password hashing using bcryptjs
- Role-Based Access Control (RBAC)
- Protected routes
- Admin-only product management
- Get all products
- Get a product by ID
- Create products (Admin)
- Update products (Admin)
- Delete products (Admin)
- Automatically create cart for new users
- View cart
- Add products to cart
- Update cart item quantity
- Remove products from cart
- View a specific cart item
- Centralized Error Handling
- Environment Variables
- MongoDB Atlas Support
- CORS Enabled
- Seed Script
- Postman Collection Included
- Node.js
- Express.js
- MongoDB
- Mongoose
- JWT
- bcryptjs
- dotenv
- CORS
back_end/
│
├── config/
│ └── db.js
│
├── controllers/
│ ├── authController.js
│ ├── cartController.js
│ └── productController.js
│
├── middleware/
│ ├── authMiddleware.js
│ ├── adminMiddleWare.js
│ └── errorHandler.js
│
├── models/
│ ├── User.js
│ ├── Product.js
│ └── Cart.js
│
├── routes/
│ ├── authRoutes.js
│ ├── cartRoutes.js
│ └── productRoutes.js
│
├── utils/
│ └── generateToken.js
│
├── postman demo/
│ ├── E-Commerce.postman_collection.json
│ └── E-Commerce Environment.postman_environment.json
│
├── seed.js
├── app.js
├── index.js
├── package.json
└── README.md
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/auth/register |
Register user |
| POST | /api/auth/login |
Login |
| GET | /api/auth/me |
Get current user |
| Method | Endpoint | Access |
|---|---|---|
| GET | /api/products |
Public |
| GET | /api/products/:id |
Public |
| POST | /api/products |
Admin |
| PATCH | /api/products/:id |
Admin |
| DELETE | /api/products/:id |
Admin |
| Method | Endpoint |
|---|---|
| GET | /api/carts |
| POST | /api/carts |
| PATCH | /api/carts/:productId |
| DELETE | /api/carts/:productId |
| GET | /api/carts/:productId |
Protected routes require a JWT token.
Authorization: Bearer YOUR_TOKEN
Clone the repository
git clone https://github.com/Mohammed-Er/E-Commerce-API.gitInstall dependencies
npm installCreate a .env file
PORT=5000
MONGO_URI=your_mongodb_uri
JWT_SECRET=your_secretRun the server
npm run devor
npm startThe project includes a seed script that clears the database and inserts sample users and products for testing.
Run:
npm run seedThis will:
- Delete existing Users
- Delete existing Products
- Delete existing Carts
- Insert sample Admin and User accounts
- Insert sample Products
A complete Postman Collection and Environment are included inside:
postman demo/
Import both files into Postman to test every endpoint immediately.
The environment already contains variables such as:
baseUrljwtproductId
Simply login once to generate a JWT and paste it into the jwt variable.
Note that some operations requires an admin jwt token like adding a new product
and some operations like cart endpoints requires user jwt token
- Order System
- Product Search
- Filtering
- Sorting
- Pagination
- Wishlist
- Product Reviews
- Checkout
- Stripe Integration
- React Frontend