Event Management REST API

A robust RESTful API for managing events, built with Node.js and Express.js. This backend provides endpoints for user authentication, event creation, management, and user registrations for events.

🚀 Features

• User Authentication: Secure signup and login with JWT tokens
• Event Management: Create, read, update, and delete events
• User Registration: Users can register for events
• Image Uploads: Support for uploading event images
• Validation: Input validation using express-validator
• Database: SQLite database for data persistence

🛠️ Tech Stack

• Backend: Node.js, Express.js
• Database: SQLite (better-sqlite3)
• Authentication: JWT (jsonwebtoken), bcryptjs for password hashing
• File Uploads: Multer
• Validation: express-validator
• CORS: cors middleware
• Environment: dotenv for configuration

📄 Package.json

The package.json file is the heart of any Node.js project. It contains metadata about the project, including:

• Project Information: Name, version, description, author, and license details.
• Dependencies: Lists all the npm packages required for the project to run, such as:
  • express: Web framework for Node.js
  • better-sqlite3: SQLite database driver
  • bcryptjs: Password hashing utility
  • jsonwebtoken: JWT token generation and verification
  • multer: Middleware for handling file uploads
  • express-validator: Input validation middleware
  • cors: Cross-origin resource sharing middleware
  • dotenv: Environment variable management
• Scripts: Defines npm scripts for common tasks, e.g., "dev": "node --watch app.js" to start the development server with auto-reload on file changes.

Note: This file is gitignored in the repository, so it won't be included in version control. To recreate it, run npm init and install the dependencies listed above.

📦 Managing Dependencies

1. Clone the repository:

   git clone <repository-url>
   cd express-rest-api

2. Install dependencies:

   npm install

   This will install all required packages including:

   • express
   • better-sqlite3
   • bcryptjs
   • jsonwebtoken
   • multer
   • express-validator
   • cors
   • dotenv

🏗️ Building the App

The application is written in JavaScript and does not require a build step. All source files are ready to run.

However, ensure the database is initialized by running the server, which automatically creates the necessary tables.

🔧 Environment Configuration

The application uses environment variables for configuration management. These variables are loaded from a .env file in the root directory using the dotenv package.

Setting up the .env file

1. Create a .env file in the root directory of the project:

   touch .env

2. Add the following environment variables to your .env file:

   # Server Configuration
   HOST=localhost
   PORT=3000
   
   # Environment
   NODE_ENV=development
   
   # JWT Secret (REQUIRED - Generate using methods below)
   JWT_SECRET=your_generated_secret_here

Environment Variables Reference

Variable	Description	Default	Required
HOST	Host where the application will run	localhost	No
PORT	Port where the application will run	3000	No
NODE_ENV	Application environment (development or production)	development	No
JWT_SECRET	Secret key for JWT token signing and verification	None	Yes

Generating a Secure JWT Secret

The JWT_SECRET must be a cryptographically strong random string. Here are several secure methods to generate it:

Method 1: Using Node.js Crypto (Recommended)

node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"

Method 2: Using OpenSSL

openssl rand -hex 64

Method 3: Using /dev/urandom (Linux/macOS)

head -c 64 /dev/urandom | xxd -p -c 64

Method 4: Online Generator (Development Only)

For development purposes, you can use an online secret generator, but never use this method for production as it compromises security.

Example generated secret:

JWT_SECRET="0ab863ab944fb0e431fc0ccc73c683a40373b966c27323b761f60c4be379602e8aec4f0848de851a651da9797fd9ef6cfc32fccaf1fbd69c53ed93d6e5d89d8c"

Security Best Practices

1. Never commit .env files - The .env file should be added to .gitignore
2. Use strong secrets - Generate JWT secrets with at least 256 bits (32 bytes) of entropy
3. Rotate secrets regularly - Change JWT secrets periodically in production
4. Use different secrets per environment - Development and production should have different secrets
5. Restrict file permissions - Set .env file permissions to 600 (owner read/write only)

Running the Server

1. After setting up your .env file with all required variables, start the server:

   npm run dev

2. The server will start on the specified port and initialize the database automatically.

   The application will log the port it's running on (e.g., "Server is running on port 3000").

📚 API Endpoints

Authentication

• POST /users/signup - User registration
• POST /users/login - User login

Events

• GET /users/events - Get all events (Note: Route might be under /user as per app.js)
• Additional event routes (check routes/events.js if implemented)

Static Files

• /images/* - Serve uploaded images from public/images

🗄️ Database Schema

• Users: id, name, email, password, created_at
• Events: id, title, description, address, date, image, created_by, created_at
• Registrations: id, event_id, user_id, created_at

🔧 Configuration

• Environment variables are loaded from .env file
• Database file: database.db
• Uploaded images: public/images/

📝 License

This project is licensed under the Apache 2.0 License.