A progressive Node.js framework for building efficient and scalable server-side applications.
This REST interface is a working prototype of API for pizza ordering (written using NetsJS with TS).
The interface uses the JWT Bearer token in the authorization header for authentication.
The APIs use user roles (i.e., customer, maker, admin) to implement the authorization strategy.
It mocks the persistency layer in the in-memory data structure.
The implementation is for presentation/testing purposes.
$ npm install
# development
$ npm run start
# watch mode
$ npm run start:dev
# production mode
$ npm run start:prod
To demonstrate the usage, we show the following examples of CURL requests:
Start the application:
# start
$ npm run start
We look at the offering with the following:
# GET products
curl -X GET -H 'Content-Type: application/json' http://localhost:3000/products
The result is:
[
{
"id":"7733f582-2a64-4040-9e04-bd3f6e28af3",
"name":"Margarita",
"category":"Pizza",
"ingredients":"cheese, tomapto, oregano",
"weightGramm":330,
"priseBGN":12.99,
"created":"2023-08-15T14:47:14.859Z",
"updated":"2023-08-15T14:47:14.859Z",
"active":true
},
{
"id":"ca8ac377-be4f-4ceb-9496-7e7e0c982481",
"name":"Staropramen",
"category":"beer",
"ingredients":"hops, water",
"volumeLiter":0.33,
"priseBGN":3.5,
"created":"2023-08-15T14:47:14.859Z",
"updated":"2023-08-15T14:47:14.859Z",
"active":true
}
]
To order first, we need to register.
The register.json is the payload required for the registration:
{
"email": "[email protected]",
"name": "Customer",
"phone": "+359888777777",
"password": "11223344",
"active": true
}
The registration request:
# POST auth/register
curl -X POST -H 'Content-Type: application/json' http://localhost:3000/auth/register -d @register.json
The login.json is the payload required for the login:
{
"email": "[email protected]",
"password": "11223344",
}
The login request:
# POST auth/login
curl -X POST -H 'Content-Type: application/json' http://localhost:3000/auth/login -d @register.json
{"access_token":"eyJhbGciOiJIUzI1..."}
We get back the access token to use for the subsequent request.
The order.json is the payload with our product choice (two pizzas and two beers):
{
"purchase": [
{
"productId": "7733f582-2a64-4040-9e04-fbd3f6e28af3",
"quantity": 2,
"priceBGN": 12.99
},
{
"productId": "ca8ac377-be4f-4ceb-9496-7e7e0c982481",
"quantity": 2,
"priceBGN": 3.5
}
],
"totalBGN": 32.98,
"deliveryAddress": {
"street": "Vitoshka 777",
"city": "Sofia"
}
}
The order request:
# POST orders
curl -X POST -H 'Content-Type: application/json' http://localhost:3000/orders -d @order.json -H "Authorization: Bearer eyJhbGciOiJIUzI1..."
Now the pizza maker should do the job but must first sign in. We have in our system pre-registered makers, suppliers, and admin. The admin user can create/delete/update all kinds of users using GET/POST/PATCH/DELETE users endponts. All new registered users have a customer role assigned.
Our pre-defined pizza maker user has the following access data in maker.json:
{
"email": "[email protected]",
"password": "11223344"
}
The pizza maker login request looks like this:
# POST auth/login
curl -X POST -H 'Content-Type: application/json' http://localhost:3000/auth/login -d @maker.json
{"access_token":"eyJhbGciOiJIUzI..."}
The pizza maker checks for ordered pizzas:
# GET orders
curl -X GET -H 'Content-Type: application/json' http://localhost:3000/orders -H "Authorization: Bearer eyJhbGciOiJIUz..."
[
{
"purchase": [
{
"productId": "7733f582-2a64-4040-9e04-fbd3f6e28af3",
"quantity": 2,
"priceBGN": 12.99
},
{
"productId": "ca8ac377-be4f-4ceb-9496-7e7e0c982481",
"quantity": 2,
"priceBGN": 3.5
}
],
"totalBGN": 32.98,
"deliveryAddress": {
"street": "Vitoshka 777",
"city": "Sofia"
},
"userId": "6d5e3071-1524-4574-88af-207c5d62886a",
"status": "ordered",
"id": "aecb5187-16ec-44ec-accc-a5b2eb94a70d",
"created": "2023-08-15T16:23:34.146Z",
"updated": "2023-08-15T16:23:34.146Z"
}
]
After the order is done the pizza maker sets it to ready with the following call:
curl -X PATCH -H 'Content-Type: application/json' http://localhost:3000/orders/aecb5187-16ec-44ec-accc-a5b2eb94a70d -d '{"status": "ready"}' -H "Authorization: Bearer eyJhbGciOiJIU..."
In the same way, each order goes through its life cycle by setting other statuses (delivered, paid, etc.).
Only the admin users can delete an order.
This is a work in progress.
# unit tests
$ npm run test
# e2e tests
$ npm run test:e2e
# test coverage
$ npm run test:cov
Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support by the amazing backers. If you'd like to join them, please read more here.
- Author - Kamil Myśliwiec
- Website - https://nestjs.com
- Twitter - @nestframework
Nest is MIT licensed.