This will be the API for the front-end React app part of your practicum project.
These instructions are for the front-end team so they can setup their local development environment to run both the back-end server and their front-end app. You can go through these steps during your first group meeting in case you need assistance from your mentors.
The back-end server will be running on port 8000. The front-end app will be running on port 3000. You will need to run both the back-end server and the front-end app at the same time to test your app.
- Create a folder to contain both the front-end and back-end repos
- Clone this repository to that folder
- Run
npm installto install dependencies - Pull the latest version of the
mainbranch (when needed) - Run
npm run devto start the development server - Open http://localhost:8000/api/v1/ with your browser to test.
- Your back-end server is now running. You can now run the front-end app.
Note: In the below example, the group's front-end repository was named bb-practicum-team1-front and the back-end repository was named bb-practicum-team-1-back. Your repository will have a different name, but the rest should look the same.
Update the .node-version file to match the version of Node.js the team is using. This is used by Render.com to deploy the app.
-
Make sure you have cloned the backend repo.
-
Run
npm installto install dependencies -
In the root of the project, create a .env file with the following content:
MONGO_URI=mongodb+srv://:@cluster.mongodb.net/?retryWrites=true&w=majority
-
Run
npm run devto start the backend development server -
Use the following test route to verify that the database connection is working:
GET /api/v1/test/test-db
This means the batchCode value in the test route (testRoutes.js) already exists in the database. MongoDB enforces a unique constraint on the batchCode field to ensure no duplicates. To fix it, open the testRoutes.js file and update the batchCode field in the test data to a unique string. Save the file and rerun the server. To prevent this error, ensure that batchCode values in the test data are unique each time you test the application.
This document provides instructions for testing the User model, including creating users, retrieving user details, validating passwords, resetting passwords, and deleting users. The routes provided are part of the testRoutes router.
- Endpoint:
POST /api/v1/test/test-create-user - Description: Creates a new user in the database.
- Request Body Example(JSON):
{ "name": "John", "email": "[email protected]", "password": "StrongPassword123", "role": "admin", "store": "Main Clinic" } - Expected Response Example:
{ "success": true, "message": "User created successfully", "data": { "name": "John", "email": "[email protected]", "role": "admin", "store": "Main Clinic", "_id": "6742891fea2350eb11162634", "createdAt": "2024-11-24T02:02:07.237Z", "updatedAt": "2024-11-24T02:02:07.237Z", "__v": 0 } }
- Endpoint:
GET /api/v1/test/test-get-user - Description: Retrieves a user by their email address.
- Query Parameter:
- Request Example:
GET http://localhost:8000/api/v1/test/[email protected] - Expected Response Example (if user exists):
{ "success": true, "data": { "name": "John", "email": "[email protected]", "role": "admin", "store": "Main Clinic", "createdAt": "2024-11-24T02:02:07.237Z", "updatedAt": "2024-11-24T02:02:07.237Z", "_id": "6742891fea2350eb11162634" } }
- Endpoint:
POST /api/v1/test/test-validate-password - Description: Validates a user's password against the hashed password stored in the database.
- Request Body (JSON):
{ "email": "[email protected]", "password": "StrongPassword123" } - Expected Response (if password is correct):
{ "success": true, "message": "Password is valid" }
- Endpoint:
POST /api/v1/test/test-reset-password - Description: Resets a user's password if they provide their current password and a new password.
- Request Body (JSON):
{ "email": "[email protected]", "currentPassword": "StrongPassword123", "newPassword": "NewSecurePassword456" } - Expected Response:
{ "success": true, "message": "Password updated successfully" } - Error Responses:
- Incorrect Password:
{ "success": false, "message": "Current password is incorrect" } - User Not Found:
{ "success": false, "message": "User not found" }
- Incorrect Password:
- Endpoint:
DELETE /api/v1/test/test-delete-user/:id - Description: Deletes a user by their ID.
- Request Example:
DELETE http://localhost:8000/api/v1/test/test-delete-user/6742891fea2350eb11162634 - Expected Response (if user exists):
{ "success": true, "message": "User deleted successfully" } - Error Response (if user does not exist):
{ "success": false, "message": "User not found" }
-
Install Postman:
- Download and install Postman if not already installed.
-
Create New Requests:
- For each route, create a new request in Postman.
- Configure the method (
POST,GET, orDELETE) and URL. - Add headers (
Content-Type: application/jsonfor requests with a body).
-
Enter Request Bodies:
- For routes requiring a request body (e.g.,
test-create-user,test-reset-password), provide the JSON data in the Body tab.
- For routes requiring a request body (e.g.,
-
Send Requests:
- Ensure your backend server is running locally on
http://localhost:8000. - Send the requests and verify the responses.
- Ensure your backend server is running locally on
- Endpoint:
POST /auth/signup - Description: Registers a new user. The default role is
clerk. - Required Fields:
name(String, required)email(String, required, unique)password(String, required, minimum 6 characters)store(String, required)role(Optional, defaults toclerk; can beadmin,inventoryManager, orclerk)
{
"name": "John",
"email": "[email protected]",
"password": "SecurePassword123",
"store": "Main Clinic"
}{
"success": true,
"message": "User registered successfully",
"data": {
"id": "64f8d3...",
"email": "[email protected]",
"role": "clerk"
}
}- Endpoint:
POST /auth/login - Description: Logs in a user and returns a JWT token.
- Required Fields:
email(String, required)password(String, required)
{
"email": "[email protected]",
"password": "SecurePassword123"
}{
"success": true,
"message": "Login successful",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": "64f8d3...",
"email": "[email protected]",
"role": "clerk"
}
}- Endpoint:
GET /auth/admin-dashboard - Description: Accessible only to
adminusers.
- Endpoint:
GET /auth/clerk-dashboard - Description: Accessible to
admin,inventoryManager, andclerkusers.
- Endpoint:
GET /auth/inventory-manager - Description: Accessible to
adminandinventoryManagerusers.
Ensure the backend server is running:
npm run devThe server should be accessible at http://localhost:8000.
- Open Postman and set the method to
POST. - Use the endpoint:
http://localhost:8000/api/v1/auth/signup - Go to the Body tab and select raw and JSON.
- Enter the following:
{ "name": "Jane", "email": "[email protected]", "password": "SecurePassword123", "store": "Clinic B" } - Click Send.
- Confirm the user is created successfully.
- Use the endpoint:
http://localhost:8000/api/v1/auth/login - Go to the Body tab and select raw and JSON.
- Enter the following:
{ "email": "[email protected]", "password": "SecurePassword123" } - Click Send.
- Copy the
tokenfrom the response.
- Use the endpoint:
http://localhost:8000/api/v1/auth/admin-dashboard - Set the method to
GET. - Go to the Headers tab.
- Add the following header:
Key: Authorization Value: Bearer <your_token> - Click Send.
- Use the endpoint:
http://localhost:8000/api/v1/auth/clerk-dashboard - Follow the same steps as above for adding the
Authorizationheader. - Confirm the response.
- Use the endpoint:
http://localhost:8000/api/v1/auth/inventory-manager - Follow the same steps as above for adding the
Authorizationheader. - Confirm the response.
-
Admin Dashboard:
{ "message": "Welcome, Admin!" } -
Clerk Dashboard:
{ "message": "Welcome, Clerk!" } -
Inventory Manager Dashboard:
{ "message": "Welcome, Inventory Manager!" } -
Unauthorized Access (Role Mismatch):
{ "success": false, "message": "Access denied. You do not have the required permissions." }
This section explains how to seed the database with sample data for testing purposes. The script will populate the database with predefined medications and users.
-
Install Dependencies
Ensure all necessary dependencies are installed:npm install
-
Run the Backend
Start the backend to verify the database connection:npm run dev
-
Seed the Database
In a new terminal window, run the seeding script:npm run seed
-
Check the Output
You should see messages in the terminal like:- "MongoDB connected..."
- "Existing data cleared!"
- "Users seeded!"
- "Medications seeded!"
- "Database seeding completed and connection closed!"
-
Verify the Data
- Test the
GETendpoints in Postman to confirm the seeded data is accessible. - To GET all users, use: /api/v1/test/test-get-users
- To GET all meds, use: /api/v1/inventory
- Test the
- Example Data:
[ { "name": "Ibuprofen", "batchCode": "AX12345", "expirationDate": "2024-12-31T00:00:00.000Z", "type": "Antiinflammatory" }, { "name": "Amoxicillin", "batchCode": "BX67890", "expirationDate": "2025-06-30T00:00:00.000Z", "type": "Antibiotic" }, { "name": "Acetaminophen", "batchCode": "CX13579", "expirationDate": "2024-03-15T00:00:00.000Z", "type": "Analgesic" } ]
- Example Data:
[ { "name": "Admin", "email": "[email protected]", "password": "$2b$10$eW5DjhOtaPwM/KxU0N2eZOU41jnpJqlI/lPpuFTB/X/Y1ZgxhsdpG", "role": "admin", "store": "Main Clinic", "createdAt": "2024-11-24T02:02:07.237Z", "updatedAt": "2024-11-24T02:02:07.237Z" }, { "name": "Manager", "email": "[email protected]", "password": "$2b$10$eW5DjhOtaPwM/KxU0N2eZOU41jnpJqlI/lPpuFTB/X/Y1ZgxhsdpG", "role": "inventoryManager", "store": "Main Clinic", "createdAt": "2024-11-24T02:02:07.237Z", "updatedAt": "2024-11-24T02:02:07.237Z" }, { "name": "Clerk", "email": "[email protected]", "password": "$2b$10$eW5DjhOtaPwM/KxU0N2eZOU41jnpJqlI/lPpuFTB/X/Y1ZgxhsdpG", "role": "clerk", "store": "Main Clinic", "createdAt": "2024-11-24T02:02:07.237Z", "updatedAt": "2024-11-24T02:02:07.237Z" } ]
Database seeding instructions end