🌐 Live Base URL: https://the-notes-backend.onrender.com/
A robust, enterprise-grade RESTful API built with Node.js, Express, and TypeScript. This API serves as the backend for a Notes application, featuring advanced authentication, user management, and "Pro" note-taking capabilities.
- JWT Authentication: Secure stateless authentication using JSON Web Tokens.
- Password Reset: Secure email-based password reset flow (using Mailtrap/Nodemailer).
- Security Middleware: Integrated protection against common vulnerabilities:
- Helmet: Secure HTTP headers.
- Rate Limiting: Protection against Brute Force and DDoS attacks.
- Mongo Sanitization: Custom middleware to prevent NoSQL Injection.
- HPP: Protection against HTTP Parameter Pollution.
- CORS: Configured for secure cross-origin requests.
- Profile Management: Update bio, avatar, and username.
- Soft Delete: Users can deactivate their accounts without permanent data loss.
- Admin Roles: Specialized Admin role with capabilities to:
- View all users (including deleted ones).
- Edit any user profile.
- Permanently delete users.
- Smart Search: Regex-based search across titles and content.
- Filtering: Filter by Tags (
?tag=work) or Archive status (?isArchived=true). - Pagination: Efficient data loading with
pageandlimit. - Pro Features:
- Pin notes to top.
- Color-code notes.
- Archive/Unarchive logic.
- Auto-generated "Untitled" titles.
- Security: Strict data isolation (users can only access their own notes).
- Runtime: Node.js
- Framework: Express.js
- Language: TypeScript
- Database: MongoDB (Mongoose ODM)
- Validation: Zod
- Email: Nodemailer
All endpoints are prefixed with the Base URL:
https://the-notes-backend.onrender.com/
| Method | Endpoint | Description |
|---|---|---|
| POST | api/auth/register |
Register a new user |
| POST | api/auth/login |
Login and receive JWT |
| POST | api/auth/forgot-password |
Send password reset email |
| PATCH | api/auth/reset-password/:token |
Set new password |
| PATCH | api/auth/update-password |
Update password (logged in) |
| Method | Endpoint | Description |
|---|---|---|
| GET | api/users/me |
Get current user profile |
| PATCH | api/users/update-me |
Update bio, avatar, username |
| DELETE | api/users/delete-me |
Soft delete account |
| GET | api/users |
(Admin) Get all users |
| DELETE | api/users/:id |
(Admin) Hard delete user |
| Method | Endpoint | Description |
|---|---|---|
| GET | api/notes |
Get all notes (supports ?page=, ?search=, ?tag=) |
| POST | api/notes |
Create a new note |
| GET | api/notes/:id |
Get a single note |
| PATCH | api/notes/:id |
Update a note |
| DELETE | api/notes/:id |
Delete a note |