📝 Notes Management API

A robust, enterprise-grade RESTful API developed for the GDG Backend Task. This system provides a secure environment for managing personal notes with multi-user support, strict data ownership, and Role-Based Access Control (RBAC).

---

🚀 Core Features

1. Secure Authentication

• User Registration & Login: Integrated authentication flow using JWT (JSON Web Tokens).
• Password Security: State-of-the-art hashing using bcryptjs to ensure data protection.
• Secure Token Issuance: Stateless session management with expiring access tokens.

2. Advanced Notes Management

• Full CRUD Support: Create, Read, Update, and Delete operations for personal notes.
• Data Integrity: Each note automatically tracks id, title, content, created_at, and updated_at.
• Ownership Enforcement: Users are restricted to accessing and managing only their own data.

3. Role-Based Access Control (RBAC)

• Granular Roles: Support for user and admin roles.
• Admin Privileges: Administrative users can monitor all system activity, view every note, and perform system-wide deletions.

4. API Behavior & Reliability

• Standardized Responses: Consistent use of HTTP status codes (200, 201, 204, 400, 401, 403, 404, 500).
• Input Validation: Robust request validation powered by Zod.
• Centralized Error Handling: Sophisticated error management for handling invalid tokens, missing fields, and resource conflicts.

---

🛠️ Technology Stack

Category	Technology
Framework	Express.js
Language	TypeScript
ORM	Prisma
Database	SQLite
Validation	Zod
Auth	JWT & Bcrypt
Documentation	Swagger UI

---

⚙️ Setup & Installation

Prerequisites

• Node.js: v18.0.0 or higher
• npm: v9.0.0 or higher

1. Environment Configuration

Create a .env file in the root directory and configure the following variables:

PORT=5000
JWT_SECRET=your_secure_random_secret_key
DATABASE_URL="file:./prisma/dev.db"

2. Installation & Initialization

# Install dependencies
npm install

# Initialize the database and generate Prisma Client
npx prisma db push

---

🏃 Running the Application

Development Mode

Runs the server with hot-reload enabled via ts-node-dev.

npm run dev

The server will be accessible at http://localhost:5000

API Documentation

Interactive documentation with "Try it out" capabilities is built-in:

• Swagger UI: http://localhost:5000/api-docs

---

📑 API Reference

Authentication Endpoints

Method	Endpoint	Description	Auth
POST	/api/auth/register	Register a new user (user or admin)	No
POST	/api/auth/login	Authenticate and retrieve JWT	No

Notes Endpoints

Method	Endpoint	Description	Auth
GET	/api/notes	List notes (supports search, page, limit)	Yes
POST	/api/notes	Create a new note	Yes
GET	/api/notes/:id	Retrieve a specific note	Yes
PATCH	/api/notes/:id	Update an existing note	Yes
DELETE	/api/notes/:id	Delete a specific note	Yes

---

📮 Example Requests

1. Register a Regular User

curl -X POST http://localhost:5000/api/auth/register \
-H "Content-Type: application/json" \
-d '{"email": "user@example.com", "password": "password123", "role": "user"}'

2. Register an Admin

curl -X POST http://localhost:5000/api/auth/register \
-H "Content-Type: application/json" \
-d '{"email": "admin@example.com", "password": "adminpassword", "role": "admin"}'

3. Search & Paginate Notes (Authenticated)

curl -G http://localhost:5000/api/notes \
-H "Authorization: Bearer <YOUR_JWT_TOKEN>" \
-d "search=project" \
-d "page=1" \
-d "limit=5"

4. Update a Note

curl -X PATCH http://localhost:5000/api/notes/1 \
-H "Authorization: Bearer <YOUR_JWT_TOKEN>" \
-H "Content-Type: application/json" \
-d '{"title": "Updated Title", "content": "Updated content body"}'

---

Verified for GDG Backend Task Requirements.