Requirements Getting Started Setting up the basic structure Creating Task and User Models Creating endpoints and testing with Postman Deploying to Heroku The user and tasks models Code used in this article is AI generated. Disclaimer: Requirements To follow this tutorial, you'll need the following: Node.js installed on your computer A code editor like Visual Studio Code or Sublime Text A good understanding of JavaScript: The Fundamentals of JavaScript Getting started Create a new directory for your project and navigate to it in your terminal or command prompt: mkdir task-manager-app
cd task-manager-app Initialize a new Node.js project by running the following command: npm init This will create a new file in your project directory that contains information about your project and its dependencies. package.json Install the following packages by running the following commands: npm install express
npm install mongoose
npm install bcrypt
npm install jsonwebtoken
npm install dotenv
npm install multer These packages will help us build our task management application. Express is a popular Node.js web framework that provides a set of tools for building web applications, while Mongoose is an Object Data Modeling (ODM) library for MongoDB that provides a higher-level abstraction over the MongoDB Node.js driver. Bcrypt is a library for hashing passwords, while Jsonwebtoken is a library for creating and verifying JSON Web Tokens (JWTs). Dotenv is a zero-dependency module that loads environment variables from a file, and Multer is a middleware for handling file uploads. .env Create a new file called in your project directory and add the following environment variables: .env PORT=3000
MONGODB_URL=mongodb://localhost/task-manager
JWT_SECRET=mysecretkey This file will be used to store sensitive information like your MongoDB URL and JWT secret key. Setting up the Basic Structure for our Task Manager API Create a new directory called in your project directory. This will be the directory where you'll write your application code. src Create a new file called in the directory. This will be the entry point for your application. server.js src Open in your code editor and add the following code: server.js require('dotenv').config();
const express = require('express');
const mongoose = require('mongoose');
const bodyParser = require('body-parser');
const multer = require('multer');
const bcrypt = require('bcrypt');
const jwt = require('jsonwebtoken');

const app = express();
const port = process.env.PORT || 3000;

// Connect to MongoDB
mongoose.connect(process.env.MONGODB_URL, {
  useNewUrlParser: true,
  useUnifiedTopology: true,
  useCreateIndex: true,
  useFindAndModify: false
}).then(() => {
  console.log('Connected to MongoDB');
}).catch(error => {
  console.error(error);
});

// Middleware
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));

// Routes
app.get('/', (req, res) => {
  res.send('Task Manager API');
});

// Start the server
app.listen(port, () => {
  console.log(`Server running at http://localhost:${port}`);
}); This code sets up the basic structure for your application. It loads environment variables from the file using the package, sets up an Express app with some middleware, connects to MongoDB using Mongoose, and starts the server. .env dotenv Note that we're using the and packages for password hashing and authentication. We'll be using them later on when we build the authentication and authorization system for our application. bcrypt jsonwebtoken Creating Task and User Models Create a new file called in the directory. This file will define the model for our application. task.js src/models Task const mongoose = require('mongoose');

const taskSchema = new mongoose.Schema({
  title: {
    type: String,
    required: true
  },
  description: {
    type: String,
    required: true
  },
  completed: {
    type: Boolean,
    default: false
  },
  dueDate: {
    type: Date
  },
  owner: {
    type: mongoose.Schema.Types.ObjectId,
    required: true,
    ref: 'User'
  }
}, {
  timestamps: true
});

const Task = mongoose.model('Task', taskSchema);

module.exports = Task; This code defines a schema with the following properties: Task : A string that represents the title of the task. title : A string that represents the description of the task. description : A boolean that indicates whether the task is completed or not. completed : A date that represents the due date of the task. dueDate : A reference to the user who created the task. owner The option automatically adds and fields to the schema. timestamps createdAt updatedAt Create a new file called in the directory. This file will define the model for our application. user.js src/models User const mongoose = require('mongoose');
const validator = require('validator');
const bcrypt = require('bcrypt');
const jwt = require('jsonwebtoken');

const userSchema = new mongoose.Schema({
  name: {
    type: String,
    required: true,
    trim: true
  },
  email: {
    type: String,
    required: true,
    unique: true,
    trim: true,
    lowercase: true,
    validate(value) {
      if (!validator.isEmail(value)) {
        throw new Error('Invalid email address');
      }
    }
  },
  password: {
    type: String,
    required: true,
    trim: true,
    minlength: 6,
    validate(value) {
      if (value.toLowerCase().includes('password')) {
        throw new Error('Password cannot contain "password"');
      }
    }
  },
  tokens: [{
    token: {
      type: String,
      required: true
    }
  }]
}, {
  timestamps: true
});

userSchema.virtual('tasks', {
  ref: 'Task',
  localField: '_id',
  foreignField: 'owner'
});

userSchema.methods.toJSON = function () {
  const user = this.toObject();

  delete user.password;
  delete user.tokens;

  return user;
};

userSchema.methods.generateAuthToken = async function () {
  const user = this;
  const token = jwt.sign({ _id: user._id.toString() }, process.env.JWT_SECRET);

  user.tokens = user.tokens.concat({ token });
  await user.save();

  return token;
};

userSchema.statics.findByCredentials = async (email, password) => {
  const user = await User.findOne({ email });

  if (!user) {
    throw new Error('Invalid email or password');
  }

  const isMatch = await bcrypt.compare(password, user.password);

  if (!isMatch) {
    throw new Error('Invalid email or password');
  }

  return user;
};

userSchema.pre('save', async function (next) {
  const user = this;

  if (user.isModified('password')) {
    user.password = await bcrypt.hash(user.password, 8);
  }

  next();
});

const User = mongoose.model('User', userSchema);

module.exports = User; This code defines a schema with the following properties: User : A string that represents the name of the user. name : A string that represents the email address of the user. email : A string that represents the password of the user. password : An array of authentication tokens for the user. tokens The method creates a virtual property on the user model that references the tasks owned by the user. virtual The method is used to remove the and fields from the user object before sending it to the client. toJSON password tokens The method generates a JWT token and adds it to the user's array. generateAuthToken tokens The method is used to find a user by email and password. findByCredentials The middleware is used to hash the password before saving it to the database. pre Creating Endpoints for our NodeJS MongoDB API Now that we have defined the model, we can create the endpoints for our API. Let's create a new file called in the directory. In this file, we will define the routes for creating a new user, logging in a user, and logging out a user. User user.js src/routes const express = require('express');
const User = require('../models/user');
const auth = require('../middleware/auth');

const router = new express.Router();

// Create a new user
router.post('/users', async (req, res) => {
  const user = new User(req.body);

  try {
    await user.save();
    const token = await user.generateAuthToken();
    res.status(201).send({ user, token });
  } catch (e) {
    res.status(400).send(e);
  }
});

// Login user
router.post('/users/login', async (req, res) => {
  try {
    const user = await User.findByCredentials(req.body.email, req.body.password);
    const token = await user.generateAuthToken();
    res.send({ user, token });
  } catch (e) {
    res.status(400).send(e);
  }
});

// Logout user
router.post('/users/logout', auth, async (req, res) => {
  try {
    req.user.tokens = req.user.tokens.filter((token) => {
      return token.token !== req.token;
    });
    await req.user.save();
    res.send();
  } catch (e) {
    res.status(500).send(e);
  }
});

module.exports = router; Let's go over what each of these routes does: : Creates a new user in the database. The user's information is sent in the request body. If the user is created successfully, the API returns the user's information and a JWT token. POST /users : Logs in a user with their email and password. If the login is successful, the API returns the user's information and a JWT token. POST /users/login : Logs out the current user by removing their current authentication token from the array in the database. The user must be authenticated to access this route, which is why we use the middleware. POST /users/logout tokens auth Now that we have our user routes, let's create the task routes. Create a new file called in the directory. task.js src/routes const express = require('express');
const Task = require('../models/task');
const auth = require('../middleware/auth');

const router = new express.Router();

// Create a new task
router.post('/tasks', auth, async (req, res) => {
  const task = new Task({
    ...req.body,
    owner: req.user._id
  });

  try {
    await task.save();
    res.status(201).send(task);
  } catch (e) {
    res.status(400).send(e);
  }
});

// Get all tasks
router.get('/tasks', auth, async (req, res) => {
  try {
    const tasks = await Task.find({ owner: req.user._id });
    res.send(tasks);
  } catch (e) {
    res.status(500).send(e);
  }
});

// Get a task by id
router.get('/tasks/:id', auth, async (req, res) => {
  const _id = req.params.id;

  try {
    const task = await Task.findOne({ _id, owner: req.user._id });

    if (!task) {
      return res.status(404).send();
    }

    res.send(task);
  } catch (e) {
    res.status(500).send(e);
// Update a task by id
router.patch('/tasks/:id', auth, async (req, res) => {
  const updates = Object.keys(req.body);
  const allowedUpdates = ['description', 'completed'];
  const isValidOperation = updates.every((update) => allowedUpdates.includes(update));

  if (!isValidOperation) {
    return res.status(400).send({ error: 'Invalid updates!' });
  }

  try {
    const task = await Task.findOne({ _id: req.params.id, owner: req.user._id });

    if (!task) {
      return res.status(404).send();
    }

    updates.forEach((update) => task[update] = req.body[update]);
    await task.save();
    res.send(task);
  } catch (e) {
    res.status(400).send(e);
  }
});

// Delete a task by id
router.delete('/tasks/:id', auth, async (req, res) => {
  try {
    const task = await Task.findOneAndDelete({ _id: req.params.id, owner: req.user._id });

    if (!task) {
      return res.status(404).send();
    }

    res.send(task);
  } catch (e) {
    res.status(500).send(e);
  }
});

module.exports = router; Here's what each of these routes does: : Creates a new task in the database. The task's information is sent in the request body. The field of the task is set to the ID of the authenticated user. Only authenticated users can access this route. POST /tasks owner : Retrieves all tasks from the database that belong to the authenticated user. GET /tasks : Retrieves a task by its ID from the database if it belongs to the authenticated user. GET /tasks/:id : Updates a task by its ID with the specified fields in the request body. Only the and fields can be updated. Only authenticated users can update their own tasks. PATCH /tasks/:id description completed : Deletes a task by its ID if it belongs to the authenticated user. DELETE /tasks/:id Now that we have our routes defined, let's modify index.js to use them: const express = require('express');
require('./db/mongoose');
const userRouter = require('./routes/user');
const taskRouter = require('./routes/task');

const app = express();
const port = process.env.PORT || 3000;

app.use(express.json());
app.use(userRouter);
app.use(taskRouter);

app.listen(port, () => {
  console.log(`Server is up on port ${port}`);
}); Testing Endpoints with Postman or cURL We're now ready to test our API! You can use tools like Postman or cURL to test the endpoints we defined above. For example, you can create a new user by sending a POST request to with a JSON body like this: http://localhost:3000/users {
  "name": "John Doe",
  "email": "johndoe@example.com",
  "password": "password123"
} You should receive a response with the newly created user's information and a JWT token. Next, you can use the token to create a new task by sending a POST request to with a JSON body like this: http://localhost:3000/tasks {
  "description": "Buy groceries"
} You should receive a response with the newly created task's information. Finally, you can retrieve all of the user's tasks by sending a GET request to with the JWT token in the `Authorization http://localhost:3000/tasks Now that we have our API up and running, let's take a look at how we can deploy it to a production environment. Deployment to a Production Environment There are many ways to deploy a Node.js application to a production environment, but one of the most popular ways is to use a Platform as a Service (PaaS) provider like Heroku or AWS Elastic Beanstalk. In this tutorial, we'll be using Heroku to deploy our application. Heroku Heroku is a cloud platform that allows you to deploy, manage, and scale your applications. To use Heroku, you'll need to create an account and install the Heroku CLI on your computer. Once you've done that, you can use the following commands to deploy your application: First, create a new Heroku application by running the following command: heroku create This will create a new Heroku application and add a new remote to your local Git repository. Next, push your code to the Heroku remote by running the following command: git push heroku main This will deploy your application to Heroku. Finally, start your application by running the following command: heroku ps:scale web=1 This will start a single instance of your application on Heroku. That's it! Your application should now be live on Heroku. Environment Variables When deploying your application to a production environment, it's important to keep your secrets (like database passwords and JWT secrets) secure. One way to do this is to use environment variables. To use environment variables in your application, you can use the package. This package allows you to store your environment variables in a file in your project directory, which is ignored by Git. To use , install it by running the following command: dotenv .env dotenv npm install dotenv Then, create a new file called in your project directory and add your environment variables like this: .env PORT=3000
MONGODB_URL=mongodb://localhost:27017/task-manager-api
JWT_SECRET=mysecretkey Finally, modify to use the package: index.js dotenv require('dotenv').config();
const express = require('express');
require('./db/mongoose');
const userRouter = require('./routes/user');
const taskRouter = require('./routes/task');

const app = express();
const port = process.env.PORT || 3000;

app.use(express.json());
app.use(userRouter);
app.use(taskRouter);

app.listen(port, () => {
  console.log(`Server is up on port ${port}`);
}); Now, when you deploy your application to a production environment, you can set your environment variables using the provider's interface (for example, Heroku allows you to set environment variables using the Heroku Dashboard or the Heroku CLI). Conclusion In this tutorial, we've covered a lot of ground! We started by building a simple Node.js application that uses Express, Mongoose, and JWT authentication to manage tasks for users. Then, we added more advanced features like middleware, file uploads, and error handling. Finally, we deployed our application to a production environment using Heroku. There's a lot more to learn about Node.js and web development in general, but hopefully, this tutorial has given you a good starting point. I'd love to connect with you via & Twitter LinkedIn Happy coding!

This story contains AI-generated text. The author has used AI either for research, to generate outlines, or write the text itself. 

Walkthroughs, tutorials, guides, and tips. This story will teach you how to do something new or how to do something better.

The code in this story is for educational purposes. The readers are solely responsible for whatever they build with it.

Building a Task Manager API with NodeJS, Express, MongoDB, and Heroku

Too Long; Didn't Read

People Mentioned

Bonaventure Ogeto

STORY’S CREDIBILITY

AI-assisted

Guide

Code License

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...