Store Helper

Project online

https://store-helper.vercel.app/

Tech stack

This project is built with Next.js + TypeScript + Styled Components + MongoDB

Description

Case study project I've made for one of the subjects in college.

The task was to create an application to help customers find an information about shop's product by scanning a QR code placed on a product or by writing product's reference number. Also shop's staff needs a posibiilty to add / edit / delete products. I combined this two functionalities in one web app.

Admin access

If you want to try admin functionality, log in using the following credentials:

• Username: testadmin
• Password: adminadmin

!IMPORTANT! After testing the system for staff, please return everything as it was before you. Thank you.

API Documentation

Overview

This API provides a way to create, retrieve, update and delete products using conventional HTTP requests.

Models

Product

interface Product {
  _id: string;
  name: string;
  description: string;
  price: number;
  image: {
    id: number;
    src: string;
  };
}

User

interface User {
  username: string;
  isAdmin: boolean;
  token: string;
  expiresIn: number;
}

Authentication

In order to interact with the API, you or your application must authenticate.

The API handles this through JSON Web Token.

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

To generate your Token, send a POST request to /api/v1/accounts/login/. The username and password must be provided as body parameter.

Payload

{
  "username": "testadmin",
  "password": "adminadmin"
}

Responses

200 - OK

{
  "username": "testadmin",
  "isAdmin": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MjAzZmQzODc5Y2I5ZjFmZDBhNjBkNDciLCJpc0FkbWluIjp0cnVlLCJpYXQiOjE2NDQ1ODYxNDMsImV4cCI6MzI4OTI1ODY4Nn0.KPZqiPgq-o9BC5165SNiJHxcLsCZMlVxdZqIkhp3eJw",
  "expiresIn": 1644672543
}

400 - Bad Request

{
  "error": "Authentication failed. Provided credentials are incorrect."
}

How to authenticate with obtained token

In order to make an authenticated request, include an Authorization header containing your auth token. All requests must be made over HTTPS.

Header example

Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MjAzZmQzODc5Y2I5ZjFmZDBhNjBkNDciLCJpc0FkbWluIjp0cnVlLCJpYXQiOjE2NDQ1ODYxNDMsImV4cCI6MzI4OTI1ODY4Nn0.KPZqiPgq-o9BC5165SNiJHxcLsCZMlVxdZqIkhp3eJw

Resources

Accounts

POST Sign Up

To sign up, send POST request to /api/v1/accounts/signup/ including username and password to request's body.

Payload

{
  "username": "username",
  "password": "password"
}

Responses

201 - Created

{
  "username": "username",
  "password": "$2b$12$3cDym37KOQ24.oYqNKLWT.mVKib1x5iy4qDCPRGHQ0qLnGGyAifMy",
  "isAdmin": false,
  "_id": "620665c10ef5fef8336c05a7",
  "__v": 0
}

400 - Bad Request

{
  "error": "Username and password body parameters are required"
}

Products

GET List all products

In order to list all products, send GET request to /api/v1/products/.

Responses

200 - OK

[
    {
        "image": {
            "src": "https://sobolevmax.pythonanywhere.com/media/uploads/imac.jpeg",
            "id": 6
        },
        "_id": "620510bc621655a6a462473f",
        "name": "Apple iMac 24\" Retina 8K",
        "description": "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco",
        "price": 1869,
        "__v": 0
    }
]

POST Create a product

Authorizations: JWT Authentication Permissions: Is Admin User

To create a product, send POST request to /api/v1/products/.

Payload

{
  "name": "Some new product",
  "description": "Product's description",
  "price": 999,
  "image": {
    "id": 6,
    "src": "https://sobolevmax.pythonanywhere.com/media/uploads/imac.jpeg"
  }
}

Responses

201 - Created

{
  "name": "Some new product",
  "description": "Product's description",
  "image": {
    "src": "https://sobolevmax.pythonanywhere.com/media/uploads/imac.jpeg",
    "id": 6
  },
  "price": 999,
  "_id": "620668430ef5fef8336c05b0",
  "__v": 0
}

403 - Forbidden

{
  "error": "jwt must be provided"
}

GET Retrieve product by _id

In order to retrieve a specific product by it's _id, send GET request to /api/v1/products/[_id]/.

Responses

200 - OK

{
  "image": {
    "src": "https://sobolevmax.pythonanywhere.com/media/uploads/imac.jpeg",
    "id": 6
  },
  "_id": "620668430ef5fef8336c05b0",
  "name": "Some new product",
  "description": "Product's description",
  "price": 999,
  "__v": 0
}

PATCH Update specific product

Authorizations: JWT Authentication Permissions: Is Admin User

To update a specific product, send PATCH request to /api/v1/products/[_id]/.

Payload

{
  "name": "New product name"
}

Responses

202 - Accepted

{
  "name": "New product name",
  "_id": "620668430ef5fef8336c05b0",
  "description": "Product's description",
  "price": 999,
  "image": {
    "src": "https://sobolevmax.pythonanywhere.com/media/uploads/imac.jpeg",
    "id": 6
  },
  "__v": 0
}

403 - Forbidden

{
  "error": "Permission denied."
}

DELETE Delete specific product

Authorizations: JWT Authentication Permissions: Is Admin User

To update a specific product, send DELETE request to /api/v1/products/[_id]/.

Responses

204 - No content

403 - Forbidden

{
  "error": "jwt must be provided"
}