Author: Kevin Le 1007952805
\nTo first introduce the context of the app, it is a blog post platform that allows users to share code and run code all in one app. This is the documentation for the backend server of the app.
\nIMPORTANT NOTE: - please read the directories of each endpoint section as it will help explain some prerequisites, order of execution for requests etc.
\nPlease ensure you have ran the ./startup.sh to set up a fresh new environment with fresh data and an admin account. After so, run ./run.sh to start up the backend server to start calling the endpoints.
If you run into permission issues running the scripts please run the following command: chmod +x ./startup.sh ./run.sh
Below is the admin account that should have been generated / created upon running the ./startup.sh script. Just for reference and whenever needed - but there is already a login admin postman request under the auth directory that has prefilled the admin data for you to just login as an admin.
email: admin@gmail.com
\npassword: 12345
\nFirst, the postman collection assumes that the baseUrl is http://localhost:3000 . If it is different, feel free to change the baseUrl environment variable of the postman collection to the your baseUrl. Make sure it is the environment variables.
Next, please head to the live folder to ensure that the app is running. This is just a health check endpoint to ensure that everything is up and running.
\nNext, head over to the auth folder where you can start logging in/ registering new users to initialize postman environment variables that will be propped to the other endpoint folders.
\nRegister the user register user , there is already data there for you to register immediately.
\nThe creds of the user email and passwordwill automatically be passed into the login user postman request
\nThere is also a login admin request that prefills the admin creds to log in with the user.
\nImportant Note: the tokens are set to expire in a 24h window for both access and login
\nThis is a good chance to try out the logout request and refresh request features
\nWith these, now you can navigate to specific directories with more information of the different endpoints. Again, please refer to the respective directory documentation for more information about order of execution and such.
\nHowever, the order of execution should be top to bottom respective in context of the requests with in the level of the directory.
\nHere is a database diagram showcasing the database tables and its relation, below will be a brief outline and explanation of each one. Here is the link: https://dbdiagram.io/d/scriptorium-backend-db-diagram-6727b01fb1b39dd858520245
\nHere is a brief skim of the database models that helps orchestrate all the endpoints together.
\nThis is the user table that stores all information relating to the user.
\nFields:
\nid (Int): Primary key, automatically increments.
\nemail (String): Unique email identifier for each user. (this is encrpyed in db)
\npassword (String): Hashed password for authentication.
\nfirstName (String): User's first name.
\nlastName (String): User's last name.
\navatar (String?): Optional URL to the user's profile image.
\nphone (String): Contact phone number.
\nrole (String): Role of the user, default is \"user\".
\nRelationships:
\ncodeTemplates (CodeTemplate[]): Code templates created by the user.
\nblogs (BlogPost[]): Blog posts created by the user.
\ncomments (Comment[]): Comments created by the user.
\nreports (Report[]): Reports created by the user.
\nvotes (Vote[]): Votes cast by the user.
\nThis is a saved code template that a user would have saved or forked.
\nFields:
\nid (Int): Primary key, automatically increments.
\ntitle (String): Title of the code template.
\ncode (String): The code content.
\nlanguage (String): Programming language of the code.
\nexplanation (String?): Optional explanation or documentation for the code.
\nuserId (Int): Foreign key linking to the user who created the template.
\ncreatedAt (DateTime): Timestamp when the template was created.
\nupdatedAt (DateTime): Timestamp when the template was last updated.
\nparentTemplateId (Int?): Optional ID of the parent template if the code is a fork.
\nRelationships:
\nuser (User): The user who created the template.
\ntags (CodeTemplateTag[]): Tags associated with the template.
\nblogPosts (BlogPostCodeTemplate[]): Blog posts associated with the template.
\nforkedTemplates (CodeTemplate[]): Templates forked from this template.
\nThis is a blog post by a certain user that can be hidden.
\nFields:
\nid (Int): Primary key, automatically increments.
\ntitle (String): Title of the blog post.
\ndescription (String): Short description or excerpt.
\ncontent (String): Full content of the blog post.
\nuserId (Int): Foreign key linking to the author.
\ncreatedAt (DateTime): Timestamp when the post was created.
\nupdatedAt (DateTime): Timestamp when the post was last updated.
\nhidden (Boolean): Flag indicating if the post is hidden due to reports or moderation.
\nRelationships:
\nuser (User): The author of the blog post.
\ntags (BlogPostTag[]): Tags associated with the blog post.
\ncodeTemplates (BlogPostCodeTemplate[]): Code templates linked to this post.
\ncomments (Comment[]): Comments on this post.
\nvotes (Vote[]): Votes on this post.
\nreport (Report[]): Reports filed against the post.
\nTo associate a relationship between blog post and code template, this table is created for blogposts to be able to easily fetch the code templates relating to the blog post (attached within the post)
\nFields:
\nid (Int): Primary key, automatically increments.
\nblogPostId (Int): Foreign key linking to the blog post.
\ncodeTemplateId (Int): Foreign key linking to the code template.
\nRelationships:
\nblogPost (BlogPost): The blog post associated with the template.
\ncodeTemplate (CodeTemplate): The code template associated with the blog post.
\nThis table is for commenting. It can either be a comment to a blog post or a comment to another comment (i.e a reply). This can also be hidden as well.
\nFields:
\nid (Int): Primary key, automatically increments.
\ncontent (String): Text content of the comment.
\nuserId (Int): Foreign key linking to the author of the comment.
\nblogPostId (Int?): Foreign key linking to the blog post, if the comment is on a post.
\nparentId (Int?): Foreign key linking to the parent comment, if it is a reply.
\ncreatedAt (DateTime): Timestamp when the comment was created.
\nhidden (Boolean): Flag indicating if the comment is hidden due to reports or moderation.
\nRelationships:
\nuser (User): The author of the comment.
\nblogPost (BlogPost?): The blog post associated with the comment, if applicable.
\nparent (Comment?): The parent comment if it is a reply.
\nreplies (Comment[]): Replies to the comment.
\nvotes (Vote[]): Votes on this comment.
\nreports (Report[]): Reports filed against the comment.
\nThis is a report table that stores all reports for blog posts or comments.
\nFields:
\nid (Int): Primary key, automatically increments.
\nreason (String): Reason for reporting the content.
\nuserId (Int): Foreign key linking to the user who reported the content.
\nblogPostId (Int?): Foreign key linking to the blog post if it was reported.
\ncommentId (Int?): Foreign key linking to the comment if it was reported.
\ncreatedAt (DateTime): Timestamp when the report was created.
\nRelationships:
\nuser (User): The user who reported the content.
\nblogPost (BlogPost?): The blog post being reported, if applicable.
\ncomment (Comment?): The comment being reported, if applicable.
\nThis is a generic tag table that stores a unique tag by its name.
\nFields:
\nid (Int): Primary key, automatically increments.
\nname (String): Unique name of the tag.
\nRelationships:
\ncodeTags (CodeTemplateTag[]): Tags associated with code templates.
\nblogTags (BlogPostTag[]): Tags associated with blog posts.
\nUsing the Tag table, this table helps declare a relationship / tag with a code template.
\nFields:
\nid (Int): Primary key, automatically increments.
\ncodeTemplateId (Int): Foreign key linking to the code template.
\ntagId (Int): Foreign key linking to the tag.
\nRelationships:
\ncodeTemplate (CodeTemplate): The code template associated with the tag.
\ntag (Tag): The tag associated with the code template.
\nUsing the Tag table, this table helps declare a relationship / tag with a blog post.
\nFields:
\nid (Int): Primary key, automatically increments.
\nblogPostId (Int): Foreign key linking to the blog post.
\ntagId (Int): Foreign key linking to the tag.
\nRelationships:
\nblogPost (BlogPost): The blog post associated with the tag.
\ntag (Tag): The tag associated with the blog post.
\nThis table stores a certain vote that a user has invoked on a blog post or comment. UP or DOWN.
\nFields:
\nid (Int): Primary key, automatically increments.
\nuserId (Int): Foreign key linking to the user who cast the vote.
\nblogPostId (Int?): Foreign key linking to the blog post, if applicable.
\ncommentId (Int?): Foreign key linking to the comment, if applicable.
\nvoteType (String): Type of vote (UP or DOWN).
\nRelationships:
\nuser (User): The user who cast the vote.
\nblogPost (BlogPost?): The blog post associated with the vote.
\ncomment (Comment?): The comment associated with the vote.
\nThis table is used to store all revoked tokens when the user logs out so that they can't use the same token to log back in again or else the backend server will know and decline access the respective endpoint.
\nFields:
\nid (Int): Primary key, automatically increments.
\ntoken (String): Unique identifier for the revoked token.
\ntokenType (String): Type of token (e.g., \"access\" or \"refresh\").
\ncreatedAt (DateTime): Timestamp when the token was revoked.
\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[{"content":"Getting Started","slug":"getting-started"},{"content":"Data Models","slug":"data-models"}],"owner":"30523314","collectionId":"00c0689b-beae-4a39-8929-4059abee70ee","publishedId":"2sAY4x9LpN","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"publishDate":"2024-11-01T09:44:40.000Z"},"item":[{"name":"live","item":[{"name":"health check","id":"1ed08fe6-642b-4404-8c2f-e0aebf3998a3","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"http://localhost:3000/api/live","description":"This endpoint is a health check to indicate if the server is running and up. It makes an HTTP GET request to http://localhost:3000/api/live and returns a status code of 200 with a JSON response containing a message field.
\n","urlObject":{"path":["api","live"],"host":["http://localhost:3000"],"query":[],"variable":[]}},"response":[],"_postman_id":"1ed08fe6-642b-4404-8c2f-e0aebf3998a3"}],"id":"34c94b2e-1a85-40f9-a916-9174d962693e","description":"First let's make sure that the server is running properly. This \"live\" endpoint does a basic ping to ensure that the server is running.
\n","_postman_id":"34c94b2e-1a85-40f9-a916-9174d962693e"},{"name":"auth","item":[{"name":"register user","event":[{"listen":"test","script":{"id":"a77fff7e-eff5-481a-b333-3c77aa551408","exec":["","const requestString= pm.request.body.raw","const requestBody = JSON.parse(requestString)","","pm.test(requestBody.email)","pm.test(requestBody.password)","","pm.environment.set(\"userEmail\", String(requestBody.email));","pm.environment.set(\"userPassword\", String(requestBody.password));","","const response = pm.response.json();","","pm.test(response.user.id)","pm.environment.set(\"userId\", response.user.id);"],"type":"text/javascript","packages":{}}}],"id":"16d4587e-7d72-4c56-bf76-f0d1e104d029","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"email\": \"user@gmail.com\",\n \"phone\": \"+16479903830\",\n \"firstName\": \"John\",\n \"lastName\": \"Doe\",\n \"password\": \"12345\",\n \"role\": \"user\",\n \"avatar\": \"https://example.com/avatar.png\"\n}\n","options":{"raw":{"language":"json"}}},"url":"http://localhost:3000/api/users/register","description":"Registers a new user, supporting both user and admin roles
\n{
\"email\": \"user@example.com\",
\"phone\": \"+123456789\",
\"firstName\": \"John\",
\"lastName\": \"Doe\",
\"password\": \"your_password\",
\"role\": \"user\",
\"avatar\": \"https://example.com/avatar.png\"
}
Required Fields: email, phone, firstName, lastName, password, role
Optional Field: avatar
{
\"message\": \"User registered successfully\",
\"user\": {
\"id\": 1,
\"email\": \"user@example.com\",
\"phone\": \"+123456789\",
\"firstName\": \"John\",
\"lastName\": \"Doe\",
\"avatar\": \"https://example.com/avatar.png\"
}
}
Authenticates a user and returns access and refresh tokens if credentials are valid.
\nRequired Fields: email, password
returns:
\n{
\"accessToken\": \"your_access_token\",
\"refreshToken\": \"your_refresh_token\",
\"user\": {
\"id\": 1,
\"email\": \"user@example.com\",
\"phone\": \"+123456789\",
\"firstName\": \"John\",
\"lastName\": \"Doe\",
\"avatar\": \"https://example.com/avatar.png\",
\"role\": \"user\"
}
}
same as login user but here to login to admin user to test admin operations later on (down below in admin directory)
Refreshes the access token using a valid, non-revoked refresh token. If the refresh token is not revoked and valid, new tokens are issued
\nRequired Field: refreshToken
returns
\n{
\"accessToken\": \"new_access_token\",
\"refreshToken\": \"new_refresh_token\"
}
Logs out the user by revoking both the access token provided in the request headers and the refresh token in the request body.
\nHeaders
\n![https://example.com/avatar.png](\"https://example.com/avatar.png\"){kind=link}
Authorization: BearerBody:
\nRequired Field: refreshToken
returns
\n{
\"message\": \"Logged out successfully\"
}
This directory holds all endpoints relating to authentication and authorization. The login user and login admin is recommended to be ran before going to other directories to automatically associate environment accessToken and refreshToken variables that will use in other requests in other directories.
Fetches the user profile by ID. This endpoint performs an identity check by matching the idToken in the request headers with the user ID in the path. If the IDs do not match, access is denied.
Headers
\nAuthorization: BearerPath Parameters
\nid: The ID of the user to fetch.returns
\n{
\"message\": \"User fetched successfully\",
\"user\": {
\"id\": 1,
\"email\": \"user@example.com\",
\"phone\": \"+123456789\",
\"firstName\": \"John\",
\"lastName\": \"Doe\",
\"avatar\": \"https://example.com/avatar.png\"
}
}
Updates the user's profile details based on provided fields. This endpoint also performs an identity check by matching the idToken in the request headers with the user ID in the path, ensuring only the respective user can modify their data.
Headers
\nAuthorization: BearerPath Parameters
\nid: The ID of the user to update.Body Parameters (at least one field is required)
\nemail (optional): Updated email address.
phone (optional): Updated phone number.
firstName (optional): Updated first name.
lastName (optional): Updated last name.
avatar (optional): Updated avatar URL.
returns
\n{
\"message\": \"User updated successfully\",
\"user\": {
\"id\": 1,
\"email\": \"updated@example.com\",
\"phone\": \"+123456789\",
\"firstName\": \"John\",
\"lastName\": \"Doe\",
\"avatar\": \"https://example.com/new-avatar.png\"
}
}
Before trying requests in this user folder, make sure you have ran any of the login requests in the auth folder of this postman request to make sure postman environment variables as respective userId , tokens etc.
This endpoint allows users to execute a code snippet in a specified programming language with optional input. If the execution is successful, it returns the output of the code; otherwise, it returns an error message.
\nBody Parameters (all required):
\nlanguage: The programming language to execute the code in. Supported values might include python, javascript, c, cpp, or java.
code: The code snippet to be executed.
stdin (optional): Standard input to provide to the code during execution (useful for interactive programs).
returns {
\"message\": \"Code executed successfully\",
\"result\": \"Hello, World!\"
}
returns a 400 if there is a code execution error and the logs will be sent in the response body
\n","urlObject":{"path":["api","code","execute"],"host":["http://localhost:3000"],"query":[],"variable":[]}},"response":[],"_postman_id":"22da905b-d97c-40c0-b7a7-5c975ad00711"},{"name":"c++","id":"01ce4cfd-9de9-4bc2-8f7b-407549c2f365","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"language\": \"c++\",\n \"code\": \"#includeThis endpoint allows users to execute a code snippet in a specified programming language with optional input. If the execution is successful, it returns the output of the code; otherwise, it returns an error message.
\nBody Parameters (all required):
\nlanguage: The programming language to execute the code in. Supported values might include python, javascript, c, cpp, or java.
code: The code snippet to be executed.
stdin (optional): Standard input to provide to the code during execution (useful for interactive programs).
returns {
\"message\": \"Code executed successfully\",
\"result\": \"Hello, World!\"
}
returns a 400 if there is a code execution error and the logs will be sent in the response body
\n","urlObject":{"path":["api","code","execute"],"host":["http://localhost:3000"],"query":[],"variable":[]}},"response":[],"_postman_id":"01ce4cfd-9de9-4bc2-8f7b-407549c2f365"},{"name":"c","id":"eb7cff70-3b94-4a3c-b53b-cc80ce74e75c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"language\": \"c\",\n \"code\": \"#includeThis endpoint allows users to execute a code snippet in a specified programming language with optional input. If the execution is successful, it returns the output of the code; otherwise, it returns an error message.
\nBody Parameters (all required):
\nlanguage: The programming language to execute the code in. Supported values might include python, javascript, c, cpp, or java.
code: The code snippet to be executed.
stdin (optional): Standard input to provide to the code during execution (useful for interactive programs).
returns {
\"message\": \"Code executed successfully\",
\"result\": \"Hello, World!\"
}
returns a 400 if there is a code execution error and the logs will be sent in the response body
\n","urlObject":{"path":["api","code","execute"],"host":["http://localhost:3000"],"query":[],"variable":[]}},"response":[],"_postman_id":"eb7cff70-3b94-4a3c-b53b-cc80ce74e75c"},{"name":"javascript","id":"90c229db-0b69-4d83-8480-e47931f0a9fa","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"language\": \"javascript\",\n \"code\": \"process.stdin.on('data', data => {\\n console.log(data.toString().trim());\\n process.exit();\\n});\",\n \"stdin\": \"Hello, World!\"\n}\n","options":{"raw":{"language":"json"}}},"url":"http://localhost:3000/api/code/execute","description":"This endpoint allows users to execute a code snippet in a specified programming language with optional input. If the execution is successful, it returns the output of the code; otherwise, it returns an error message.
\nBody Parameters (all required):
\nlanguage: The programming language to execute the code in. Supported values might include python, javascript, c, cpp, or java.
code: The code snippet to be executed.
stdin (optional): Standard input to provide to the code during execution (useful for interactive programs).
returns {
\"message\": \"Code executed successfully\",
\"result\": \"Hello, World!\"
}
returns a 400 if there is a code execution error and the logs will be sent in the response body
\n","urlObject":{"path":["api","code","execute"],"host":["http://localhost:3000"],"query":[],"variable":[]}},"response":[],"_postman_id":"90c229db-0b69-4d83-8480-e47931f0a9fa"},{"name":"java","id":"5b901cd1-f20a-43a4-89c0-23f35bf1d550","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"language\": \"java\",\n \"code\": \"import java.util.Scanner;\\n\\npublic class Main {\\n public static void main(String[] args) {\\n Scanner scanner = new Scanner(System.in);\\n String input = scanner.nextLine();\\n System.out.println(\\\"You entered: \\\" + input);\\n scanner.close();\\n }\\n}\",\n \"stdin\": \"Hello, Java!\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:3000/api/code/execute","description":"This endpoint allows users to execute a code snippet in a specified programming language with optional input. If the execution is successful, it returns the output of the code; otherwise, it returns an error message.
\nBody Parameters (all required):
\nlanguage: The programming language to execute the code in. Supported values might include python, javascript, c, cpp, or java.
code: The code snippet to be executed.
stdin (optional): Standard input to provide to the code during execution (useful for interactive programs).
returns {
\"message\": \"Code executed successfully\",
\"result\": \"Hello, World!\"
}
returns a 400 if there is a code execution error and the logs will be sent in the response body
\n","urlObject":{"path":["api","code","execute"],"host":["http://localhost:3000"],"query":[],"variable":[]}},"response":[],"_postman_id":"5b901cd1-f20a-43a4-89c0-23f35bf1d550"}],"id":"0bb3a75a-09fb-4c46-9933-edd7157ccbea","description":"no auth required to run these.
\n","_postman_id":"0bb3a75a-09fb-4c46-9933-edd7157ccbea"},{"name":"save / create code template","event":[{"listen":"test","script":{"id":"7f9b9c2a-61dc-4b34-a97b-52c3c5773798","exec":["const response = pm.response.json();","","pm.test(response.codeTemplate.id)","pm.environment.set(\"codeTemplateId\", response.codeTemplate.id);"],"type":"text/javascript","packages":{}}}],"id":"59c33912-b44e-4012-8c6f-7148763ac895","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{accessToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"title\": \"Hello World 2 Example\",\n \"userId\": {{userId}},\n \"code\": \"print('Hello, World!')\",\n \"parentTemplateId\": null,\n \"language\": \"Python\",\n \"explanation\": \"This code prints 'Hello, World!' to the console.\",\n \"tags\": [\"basic\", \"hello world\", \"python\"]\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:3000/api/code/","description":"Description: Creates a new code template for a user, requiring userId, title, language, and code fields. The user's authorization is validated based on userId from the request.
Authorization: Requires identity verification to ensure userId in the request matches the authenticated user.
userId (required): ID of the user creating the template.
title (required): Title of the code template.
language (required): Programming language of the template.
code (required): The code snippet content.
tags (optional): Tags associated with the code template.
parentTemplateId (optional): ID of the parent template if this is a forked template.
returns
\n{
\"message\": \"Code Template created successfully\",
\"codeTemplate\": {
\"id\": 2,
\"userId\": 1,
\"title\": \"New JavaScript Template\",
\"language\": \"javascript\",
\"code\": \"console.log('Hello World');\",
\"tags\": [\"javascript\", \"console\"],
\"createdAt\": \"2023-01-01T00:00:00Z\",
\"updatedAt\": \"2023-01-01T00:00:00Z\"
}
}
Description: Creates a new code template for a user, requiring userId, title, language, and code fields. The user's authorization is validated based on userId from the request.
Authorization: Requires identity verification to ensure userId in the request matches the authenticated user.
userId (required): ID of the user creating the template.
title (required): Title of the code template.
language (required): Programming language of the template.
code (required): The code snippet content.
tags (optional): Tags associated with the code template.
parentTemplateId (optional): ID of the parent template if this is a forked template.
returns
\n{
\"message\": \"Code Template created successfully\",
\"codeTemplate\": {
\"id\": 2,
\"userId\": 1,
\"title\": \"New JavaScript Template\",
\"language\": \"javascript\",
\"code\": \"console.log('Hello World');\",
\"tags\": [\"javascript\", \"console\"],
\"createdAt\": \"2023-01-01T00:00:00Z\",
\"updatedAt\": \"2023-01-01T00:00:00Z\"
}
}
Description: Updates an existing code template by ID, modifying attributes like title, code, language, and tags. Only the original author (identified by userId) is permitted to update.
Authorization: Requires user identity verification to ensure the userId in the request matches the template's creator.
Path Parameters:Request Body:
\nid (required): The unique identifier for the code template to be updated.
title (optional): New title for the code template.
code (optional): Updated code snippet.
language (optional): Programming language.
explanation (optional): Explanation for the code template.
tags (optional): Updated tags for the code template.
returns
\n{
\"message\": \"Code template updated successfully\",
\"codeTemplate\": {
\"id\": 1,
\"userId\": 1,
\"title\": \"Updated Template Title\",
\"code\": \"console.log('Updated Code');\",
\"language\": \"javascript\",
\"explanation\": \"Logs an updated message.\",
\"tags\": [\"javascript\", \"update\"]
}
}
Description: Fetches a code template by its ID, returning all relevant details including tags, language, and explanation if provided.
\nAuthorization: No authorization check for this endpoint; anyone can access code templates by ID.
\nPath Parameters:
\n![https://example.com/new-avatar.png](\"https://example.com/new-avatar.png\"){kind=link}
id (required): The unique identifier for the code template.returns
\n{
\"message\": \"Code template fetched successfully\",
\"codeTemplate\": {
\"id\": 1,
\"userId\": 1,
\"title\": \"Example Template\",
\"code\": \"console.log('Hello World');\",
\"language\": \"javascript\",
\"explanation\": \"Logs a message to the console.\",
\"tags\": [\"javascript\", \"console\"]
}
}
For this example, we filter by userId for when we want to fetch a user's saved code templates
\nDescription: Fetches code templates based on optional filters like title, content, tags, userId, page, and limit.
Authorization: Requires user identity verification if userId is provided to ensure only authorized users can access data.
Query Parameters:
\npage (optional): Page number for pagination (e.g., 1, 2).
limit (optional): Number of templates per page.
userId (optional): User ID to filter code templates by a specific user.
title (optional): Filters by title.
content (optional): Searches templates containing specific content.
tags (optional): Comma-separated list of tags to filter templates (e.g., javascript,api).
Description: Fetches code templates based on optional filters like title, content, tags, userId, page, and limit.
Authorization: Requires user identity verification if userId is provided to ensure only authorized users can access data.
Query Parameters:
\npage (optional): Page number for pagination (e.g., 1, 2).
limit (optional): Number of templates per page.
userId (optional): User ID to filter code templates by a specific user.
title (optional): Filters by title.
content (optional): Searches templates containing specific content.
tags (optional): Comma-separated list of tags to filter templates (e.g., javascript,api).
returns {
\"message\": \"Code templates fetched successfully\",
\"codeTemplates\": [
{
\"id\": 1,
\"userId\": 1,
\"title\": \"Sample Template\",
\"language\": \"javascript\",
\"code\": \"console.log('Hello World');\",
\"tags\": [\"javascript\", \"console\"],
\"createdAt\": \"2023-01-01T00:00:00Z\",
\"updatedAt\": \"2023-01-01T00:00:00Z\"
}
],
\"totalCount\": 50
}
Before trying requests in this folder, make sure you have ran any of the login requests in the auth folder of this postman request to ensure that the environment variables for userId , accessToken etc are. set.
Description: Retrieves a list of blog posts, with options to filter by title, content, tags, and associated code templates. Supports pagination and sorting.
\nAuthorization: Checks the user ID from the request header and filters blog posts accordingly.
\nQuery Parameters:
\npage (optional): Page number for pagination.
limit (optional): Number of blog posts per page.
title (optional): Filter blog posts by title.
content (optional): Filter blog posts by content.
codeTemplateIds (optional): Comma-separated list of code template IDs to filter by.
tags (optional): Comma-separated list of tags to filter by.
orderBy (optional): Sort blog posts by mostReported, mostValued, or mostControversial. (NOTE mostValued is only available to be used in admin endpoint, so it will be canceled / nulled at this endpoint)
returns {
\"message\": \"Blog Posts fetched successfully\",
\"blogPosts\": [
{
\"id\": 1,
\"userId\": 2,
\"title\": \"Understanding Async in JavaScript\",
\"description\": \"An intro to asynchronous programming in JS.\",
\"content\": \"Content goes here...\",
\"hidden\": false,
\"codeTemplateIds\": [1, 3],
\"createdAt\": \"2024-11-01T12:00:00Z\",
\"updatedAt\": \"2024-11-01T12:30:00Z\",
\"tags\": [\"javascript\", \"async\"],
\"commentIds\": [10, 11]
}
],
\"totalCount\": 1
}
same as search blog posts but this time just an example of the orderBy usage for most controversial blog posts which means most impressions (upvotes and downvotes)
same as search blog posts but this time just an example of the orderBy usage for most valued which is the highest positive difference between upvotes and downvotes.
before fetching blogposts make sure to have created some blog posts to see results and such
\n","_postman_id":"42bbe8fd-09ba-40ee-affc-f1dde13e8e63"},{"name":"comments","item":[{"name":"comment on blog post","event":[{"listen":"test","script":{"id":"2605f2fa-79f8-4066-b371-0a0d28f5ba74","exec":["const response = pm.response.json();","","pm.test(response.comment.id)","pm.environment.set(\"commentId\", response.comment.id);"],"type":"text/javascript","packages":{}}}],"id":"f8a0dadc-e53a-4be7-a38c-2cffb37fe1d3","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{accessToken}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"userId\": {{userId}},\n \"content\": \"Wow!\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:3000/api/blogs/{{blogPostId}}/comment","description":"Description: Allows an authorized user to add a comment to a specific blog post by id. This endpoint ensures the user making the comment matches the userId specified in the request.
Authorization: Requires an identity check to confirm that the user making the request matches the userId associated with the comment.
id (required): The ID of the blog post to comment on.userId (required): The ID of the user adding the comment.
content (required): The content of the comment.
return {
\"message\": \"Blog Post successfully commented on\",
\"comment\": {
\"id\": 45,
\"userId\": 3,
\"blogPostId\": 12,
\"content\": \"Great post!\",
\"createdAt\": \"2024-10-01T12:00:00.000Z\"
}
}
Description: Retrieves a paginated list of direct comments for a specific blog post by id. Optionally filters comments to only include those visible to the userId making the request.
Authorization: Requires an identity check to confirm that the requesting user has permission to view comments on the blog post if any comments are restricted.
\nid (required): The ID of the blog post for which to retrieve comments.page (optional): The page number to fetch (default: 1).
limit (optional): The number of comments per page (default: 10).
{
\"message\": \"Blog Post direct comments fetched successfully\",
\"comments\": [
{
\"id\": 45,
\"userId\": 3,
\"blogPostId\": 12,
\"content\": \"Great post!\",
\"createdAt\": \"2024-10-01T12:00:00.000Z\"
}
],
\"totalCount\": 25
}
Description: Allows an authorized user to add a reply to a specific comment by id. The endpoint ensures that the user making the request matches the userId specified in the request.
Authorization: Requires an identity check to confirm that the user making the request matches the userId associated with the reply; otherwise, the request is rejected.
id (required): The ID of the comment to reply to.userId (required): The ID of the user adding the reply.
content (required): The content of the reply.
returns {
\"message\": \"Comment successfully replied\",
\"comment\": {
\"id\": 78,
\"userId\": 3,
\"parentId\": 45,
\"content\": \"Thanks for the insight!\"
}
}
Description: Retrieves a paginated list of direct replies for a specific comment by id. Optionally filters replies to only include those visible to the userId making the request.
Authorization: Requires an identity check to confirm that the requesting user has permission to view replies on the comment if any replies are restricted.
\nPath Parameters:Query Parameters:
\nid (required): The ID of the comment for which to retrieve replies.
page (optional): The page number to fetch (default: 1).
limit (optional): The number of replies per page (default: 10).
returns {
\"message\": \"Comment direct replies fetched successfully\",
\"comments\": [
{
\"id\": 78,
\"userId\": 3,
\"parentId\": 45,
\"content\": \"Thanks for the insight!\"
}
],
\"totalCount\": 5
}
Description: Retrieves details of a specific comment by id. If the comment is hidden, only the comment owner can access it.
Authorization: If the comment is hidden, the authorization check ensures only the comment owner can view it.
\nid (required): The ID of the comment to retrieve.return {
\"message\": \"Comment fetched successfully\",
\"comment\": {
\"id\": 12,
\"content\": \"This is a comment.\",
\"userId\": 3,
\"blogPostId\": 5,
\"parentId\": null,
\"createdAt\": \"2023-10-31T10:00:00Z\",
\"hidden\": false,
\"replyIds\": [13, 14],
\"upVotes\": 10,
\"downVotes\": 2,
\"reportIds\": [21, 22]
}
}
Description: Updates the content of a specific comment by id. Only the comment owner can update it.
Authorization: Requires an identity check to confirm that the user making the request matches the comment's userId.
id (required): The ID of the comment to update.content (required): The updated content of the comment.return {
\"message\": \"Comment updated successfully\",
\"comment\": {
\"id\": 12,
\"userId\": 3,
\"content\": \"Updated comment content.\"
}
}
Description: Allows a user to report a specific comment by id, specifying a reason for the report. Only accessible if the user matches the userId provided in the request.
Authorization: Requires an identity check to confirm that the user making the request matches the userId associated with the report.
id (required): The ID of the comment to be reported.userId (required): The ID of the user reporting the comment.
reason (required): The reason for reporting the comment (e.g., \"Spam,\" \"Inappropriate content\").
return {
\"message\": \"Comment successfully reported\",
\"report\": {
\"id\": 45,
\"userId\": 3,
\"commentId\": 12,
\"reason\": \"Inappropriate content\"
}
}
Description: Allows an authorized user to toggle a vote on a specific comment by id. The endpoint verifies that the user making the request is the same as the userId specified.
Authorization: Requires an identity check to confirm that the userId in the request matches the authenticated user.
id (required): The ID of the comment to vote on.userId (required): The ID of the user toggling the vote.
voteType (required): The type of vote to toggle, such as upvote or downvote.
return {
\"message\": \"Comment vote toggle successfully applied\",
\"vote\": {
\"id\": 123,
\"userId\": 1,
\"commentId\": 456,
\"voteType\": \"upvote\"
}
}
Description: Fetches the current vote of an authenticated user for a specific comment by id.
Authorization: Requires that the user be authenticated, and the user ID must match the user associated with the vote.
\nid (required): The ID of the comment for which to fetch the vote.return {
\"message\": \"Comment vote successfully fetched for user\",
\"vote\": {
\"id\": 123,
\"userId\": 1,
\"commentId\": 456,
\"voteType\": \"upvote\"
}
}
Description: Deletes a specific comment by id.
Authorization: Only accessible if the user has permission to delete the comment.
\nPath Parameters:
\nid (required): The ID of the comment to delete.return {
\"message\": \"Comment deleted successfully\"
}
Before trying requests in this folder, make sure a blog post has been created within create blog post in the parent directory.
Description: Creates a new blog post with the provided details and associates it with code templates and tags. The request is authorized by checking the userId in the request with the authenticated user ID.
Authorization: Verifies that the userId in the request body matches the authorized user.
Request Body:
\ntitle (required): Title of the blog post.
description (required): Short description of the blog post.
content (required): Main content of the blog post.
userId (required): ID of the user creating the post.
codeTemplateIds (optional): Array of code template IDs associated with the blog post.
tags (optional): Array of tags associated with the blog post.
return {
\"message\": \"Blog Post created successfully\",
\"blogPost\": {
\"id\": 1,
\"userId\": 2,
\"title\": \"Getting Started with REST APIs\",
\"description\": \"A beginner's guide to REST APIs.\",
\"content\": \"Content of the blog post...\",
\"hidden\": false,
\"codeTemplateIds\": [1, 2],
\"createdAt\": \"2024-11-01T12:00:00Z\",
\"updatedAt\": \"2024-11-01T12:30:00Z\",
\"tags\": [\"REST\", \"API\", \"backend\"],
\"commentIds\": []
}
}
Description: Retrieves a specific blog post by ID. If the post is hidden, the endpoint verifies the user’s authorization to view it.
\nAuthorization: If the blog post is hidden, the userId of the request must match the userId of the post.
id (required): The ID of the blog post to fetch.returns {
\"message\": \"Blog Post fetched successfully\",
\"blogPost\": {
\"id\": 1,
\"userId\": 2,
\"title\": \"Understanding REST APIs\",
\"description\": \"Introduction to REST principles\",
\"content\": \"Content of the post...\",
\"hidden\": false,
\"codeTemplateIds\": [1, 2],
\"createdAt\": \"2024-11-01T12:00:00Z\",
\"updatedAt\": \"2024-11-01T12:30:00Z\",
\"upVotes\": 10,
\"downVotes\": 3,
\"tags\": [\"API\", \"REST\"],
\"commentIds\": [101, 102]
}
}
Description: Allows a user to toggle their vote on a specific blog post. The voteType specifies whether the vote is an upvote, downvote, or a removal of an existing vote.
Authorization: Requires an identity check by validating the userId in the request body against the authenticated user's ID in the authorization header.
id (required): The ID of the blog post to vote on.userId (required): The ID of the user casting the vote.
voteType (optional): The type of vote, either \"upvote\", \"downvote\", or null to remove the vote.
returns {
\"message\": \"Blog Post vote toggle successfully applied\",
\"vote\": {
\"id\": 45,
\"userId\": 2,
\"blogPostId\": 1,
\"voteType\": \"upvote\"
}
}
if the user doesn't have a vote or canceled out then the vote would be returned null
\n","urlObject":{"path":["api","blogs","{{blogPostId}}","rate"],"host":["http://localhost:3000"],"query":[],"variable":[]}},"response":[],"_postman_id":"7186a376-6e73-493f-bd19-3fe711d76705"},{"name":"get vote for blog post","id":"05b01b3e-9585-49c3-94b4-5c1fa37b752d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{accessToken}}"}]},"isInherited":false},"method":"GET","header":[],"url":"http://localhost:3000/api/blogs/{{blogPostId}}/rate","description":"Description: Retrieves the vote of the currently authenticated user on the specified blog post.
\nAuthorization: Requires authorization to fetch the current user's vote on the blog post.
\nid (required): The ID of the blog post to retrieve the vote for.returns {
\"message\": \"Blog Post vote successfully fetched for user\",
\"vote\": {
\"id\": 45,
\"userId\": 2,
\"blogPostId\": 1,
\"voteType\": \"downvote\"
}
}
Description: Reports a blog post by its ID, providing a reason for the report. The endpoint creates a new report entry for the specified blog post.
\nAuthorization: Requires userId from the request body, which should be the ID of the user submitting the report.
Path Parameters:Request Body:
\nid (required): The ID of the blog post to report.
userId (required): The ID of the user reporting the blog post.
reason (required): A string describing the reason for reporting the blog post.
return {
\"message\": \"Blog Post successfully reported\",
\"report\": {
\"id\": 123,
\"userId\": 2,
\"blogPostId\": 1,
\"reason\": \"Inappropriate content\"
}
}
Description: Updates an existing blog post. Ensures the userId from the request header matches the userId of the blog post.
Authorization: Only the post author (matching userId) can update the blog post.
id (required): The ID of the blog post to update.title (optional): New title for the blog post.
description (optional): New description for the blog post.
content (optional): New content for the blog post.
codeTemplateIds (optional): List of associated code template IDs.
tags (optional): List of associated tags.
returns {
\"message\": \"Blog Post updated successfully\",
\"blogPost\": {
\"id\": 1,
\"userId\": 2,
\"title\": \"Updated REST API Guide\",
\"description\": \"Updated description for REST guide\",
\"content\": \"Updated content...\",
\"hidden\": false,
\"codeTemplateIds\": [1, 3],
\"createdAt\": \"2024-11-01T12:00:00Z\",
\"updatedAt\": \"2024-11-01T13:00:00Z\",
\"tags\": [\"API\", \"REST\", \"Backend\"],
\"commentIds\": [101, 102]
}
}
Description: Deletes a specific blog post by ID after verifying that the userId matches the post author’s ID.
Authorization: Only the post author (matching userId) can delete the blog post.
id (required): The ID of the blog post to delete.\"message\": \"Blog Post deleted successfully\"
}
Before trying requests in this folder, make sure you have ran any of the login requests in the auth folder of this postman request.
\nalso for the nested folders relating to
\nfetch sorted blog posts
comments
I suggest ensuring you have created a blog post already with the respective user before going any further into the nested folders. Go to create blog post request to do so.
hidden status of a comment. Setting a comment to hidden will make it invisible to regular users, while administrators will still be able to access it. Only users with admin privileges are authorized to perform this action.Authorization: Requires an admin-level authorization.id (required): The ID of the comment whose hidden status is to be toggled.hidden (required): A boolean value to set the comment as hidden (true) or visible (false).return {
\"message\": \"Comment hidden status has been updated\",
\"commentId\": 123,
\"hidden\": true
}
Description: Allows an administrator to update the hidden status of a blog post. This is intended to hide or unhide blog posts as needed. Only users with admin privileges are authorized to perform this action.
Authorization: Requires an admin-level authorization.
\nid (required): The ID of the blog post whose hidden status is to be toggled.hidden (optional): A boolean value to set the blog post as hidden (true) or visible (false). If not provided, the default is false.return {
\"message\": \"Blog Post hidden status has been updated\",
\"blogPostId\": 123,
\"hidden\": true
}
Description: Retrieves blog posts with the highest number of reports, allowing administrators to review potentially inappropriate or flagged content. Only posts that have received user reports are included in the response.
\nAuthorization: Requires an admin-level authorization.
\npage (optional): Specifies the page number of results to retrieve. Defaults to the first page if not provided.
limit (optional): Specifies the maximum number of blog posts to retrieve per page. Defaults to a preset limit if not provided.
returns {
\"message\": \"Most reported blog posts fetched successfully\",
\"blogPosts\": [
{
\"id\": 123,
\"userId\": 1,
\"title\": \"Inappropriate Post\",
\"content\": \"Flagged content\",
\"reportCount\": 10,
\"createdAt\": \"2024-01-01T12:00:00Z\"
},
{
\"id\": 456,
\"userId\": 3,
\"title\": \"Reported Post\",
\"content\": \"Content flagged by multiple users\",
\"reportCount\": 7,
\"createdAt\": \"2024-01-03T09:20:00Z\"
}
],
\"totalCount\": 2
}
Description: This endpoint retrieves the most reported comments to assist administrators in reviewing flagged content. Only comments that have one or more reports will be included in the results. Access to this endpoint is restricted to users with admin privileges.
\nAuthorization: Requires an admin-level authorization.
\npage (optional): The page number to fetch. Defaults to the first page if not provided.
limit (optional): The maximum number of comments to return per page. Defaults to a set limit if not provided.
return {
\"message\": \"Most reported comments fetched successfully\",
\"comments\": [
{
\"id\": 123,
\"userId\": 1,
\"content\": \"Inappropriate content\",
\"reportCount\": 5,
\"createdAt\": \"2024-01-01T12:00:00Z\"
},
{
\"id\": 124,
\"userId\": 2,
\"content\": \"Another reported comment\",
\"reportCount\": 3,
\"createdAt\": \"2024-01-02T15:30:00Z\"
}
]
}
IN ORDER TO RUN THESE ADMIN ENDPOINTS YOU MUST BE LOGGED IN AS ADMIN
\nBefore trying requests in this folder, make sure you have ran the admin login requests in the auth folder of this postman request - login admin
Running login admin request in the auth directory will set idTokens and userIds to an ADMIN role user to run these requests within this directory