Changelog
Version History
Initial Submission
The original JournalHub project, submitted as a final full-stack project at #ALX_SE, had a basic implementation with several logical flaws and security vulnerabilities in the backend.
Improvements and New Features
v1.1.0
JWT Enhancement
- Feature: JWT now serves as a user data delivery system, extracting user data directly from the token.
More details
Initially, JWT was only used for generating and verifying tokens. Now, it also serves as a user data delivery system. Routes that previously required user ID and other info as parameters now extract these directly from the token. The token now includes the user's full name, nickname, and email.Token Blacklisting
- Feature: Replaced Redis with MongoDB’s TTL index for token blacklisting, simplifying the system.
More details
Previously, Redis was used solely for managing token blacklisting. Now, MongoDB's TTL index handles this, simplifying the system by eliminating the need for Redis. Blacklisted tokens are automatically removed upon expiration.Account Deletion
- Feature: Now deletes all associated journal entries and blacklists the access token.
More details
The account deletion process has been enhanced. It now deletes all associated journal entries and blacklists the access token used for the operation.User Profile
- Feature: Added nickname and profile picture support, with the picture stored as a base64-encoded string.
More details
The registration process has been expanded to include a nickname, and the name field has been updated to "fullName." Additionally, user profiles now include a base64-encoded profile picture stored as a string, with a default image provided.Password Update
- Feature: New route for updating passwords.
More details
A new route has been added to allow users to update their passwords, addressing a previous oversight in the user profile update process.Logging Enhancement
- Feature: Implemented Winston and Morgan for logging.
More details
- Implemented Winston for logging crucial information and errors to files, improving debugging and monitoring capabilities. - Added Morgan logger to track and log API access, providing insights into API usage patterns.Rate Limiting
- Feature: Global rate limit of 50 requests per 15-minute window.
More details
Implemented a global rate limit of 50 requests per 15-minute window for each IP address, enhancing API security and ensuring fair usage.Request Validation
- Feature: Added Joi-based request validation middleware.
More details
Added middleware for request validation using Joi schemas, improving data integrity and reducing invalid requests.Pagination
- Feature: Implemented pagination for journal entry retrieval.
More details
Implemented pagination for journal entry retrieval operations, including both user-specific and public entries. This improves performance and user experience when dealing with large datasets.Journal Entry Search
- Feature: Users can search their entries by title and content.
More details
Users can now search through their entries by title and content using indexed text fields in MongoDB.Public Entries
- Feature: Users can mark entries as public or private.
More details
Users can mark journal entries as public, making them viewable by anyone. Users can also revert public entries to private at any time.Mailer Integration
- Feature: Added automatic email notifications.
More details
A mailer system has been added to automatically send emails for registration, profile updates, and password resets. This was implemented using NodeMailer.Password Reset Feature
- Feature: Enhanced password reset functionality with token-based authentication.
More details
A new password reset functionality has been implemented, enhancing account security and user experience. This feature includes two new routes: 1. **Request Password Reset**: Allows users to initiate a password reset by providing their email. The system generates a reset token and sends an email containing a link with this token. 2. **Reset Password**: Enables users to set a new password using the token received via email. This route verifies the token and updates the user's password securely. These routes integrate with the new Mailer system, ensuring secure and user-friendly password recovery.Summary:
These updates are a significant improvements to the JournalHub API, focusing on enhancing security, improving user experience, and simplifying system architecture. Each change is designed to make the API more robust, scalable, and easier to use for developers and end-users alike.