"build": "del /q dist\\* && npx tsc"
node v18.20.4 (npm v10.7.0)
MONGODB_PASSWORD=
MONGODB_HOST=
MONGODB_DB=
MONGODB_USER=
CLUSTER=
PORT=
NODE_ENV=
JWT_SECRET_KEY=
JWT_EXPIRE_IN=
JWT_REFRESH_KEY=
JWT_COOKIE_EXPIRE_IN=
EMAIL_USERNAME=
EMAIL_PASSWORD=
EMAIL_HOST=
EMAIL_PORT=
GOOGLE_CLIENT_ID=
http://localhost:8080/api/v1
POST /sign-up
Request body:
{
"name": "John Doe",
"email": "[email protected]",
"password": "password123",
"passWordConfirm": "password123"
}POST /log-in
Request body:
{
"email": "[email protected]",
"password": "password123"
}POST /google-login
Request body:
{
"idToken": "google-oauth-token"
}POST /forgot-password
Request body:
{
"email": "[email protected]"
}PATCH /reset-password/:token
Request body:
{
"password": "newPassword123",
"passWordConfirm": "newPassword123"
}PATCH /change-password
Requires authentication
Request body:
{
"passWordCurrent": "currentPassword",
"password": "newPassword123",
"passWordConfirm": "newPassword123"
}PATCH /active-account
Requires authentication and admin role
Request body:
{
"email": "[email protected]"
}GET /tour
Query parameters:
duration[lte]=5- Filter by durationdifficulty=difficult- Filter by difficultyname=The Snow Adventurer- Filter by namesort=price,ratingsAverage- Sort resultsfields=name,price- Select specific fieldspage=2&limit=4- Pagination
GET /tour/:id
GET /tour/top-5-cheap
GET /tour/tour-stast
GET /tour/monthly-plan/:year
Requires authentication (admin, lead-guide, guide)
GET /tour/tours-within/:distance/center/:latlng/unit/:unit
Example: /tour/tours-within/200/center/34.111745,-118.113491/unit/mi
GET /tour/distances/:latlng/unit/:unit
Example: /tour/distances/34.111745,-118.113491/unit/mi
POST /tour
Requires authentication (admin, lead-guide)
Request body:
{
"name": "The Sea Explorer",
"duration": 7,
"maxGroupSize": 15,
"difficulty": "medium",
"ratingsQuantity": 6,
"ratingsAverage": 4.5,
"price": 497,
"summary": "Exploring the jaw-dropping US east coast by foot and by boat",
"description": "Test",
"imageCover": "tour-2-cover.jpg",
"images": ["tour-2-1.jpg", "tour-2-2.jpg", "tour-2-3.jpg"],
"startDates": [
"2021-06-19T09:00:00.000Z",
"2021-07-20T09:00:00.000Z",
"2021-08-18T09:00:00.000Z"
]
}PATCH /tour/:id
Requires authentication (admin, lead-guide)
Supports multipart/form-data for image uploads:
imageCover- Single cover imageimages- Multiple tour images (max 3)
Request body example:
{
"name": "Updated Tour Name",
"price": 599
}DELETE /tour/:id
Requires authentication (admin, lead-guide)
GET /user
Requires authentication (admin)
GET /user/me
Requires authentication
GET /user/:id
Requires authentication (admin)
PATCH /user/update-profile
Requires authentication
Supports multipart/form-data for photo upload:
photo- User profile photo
Request body:
{
"name": "Updated Name",
"email": "[email protected]"
}DELETE /user/delete-me
Requires authentication
GET /review
Requires authentication
GET /tour/:id/reviews
Requires authentication
GET /review/:id
Requires authentication
POST /review
Requires authentication (guest)
POST /tour/:id/reviews
Requires authentication (guest)
Request body:
{
"review": "Amazing tour! Highly recommended.",
"rating": 5
}PATCH /review/:id
Requires authentication (guest - own reviews only)
Request body:
{
"review": "Updated review text",
"rating": 4
}DELETE /review/:id
Requires authentication (guest - own reviews only)
GET /bookings
Requires authentication (admin, lead-guide)
GET /bookings/:id
Requires authentication (admin, lead-guide)
POST /bookings
Requires authentication (admin, lead-guide)
Request body:
{
"tour": "tour-id",
"user": "user-id",
"price": 497
}PATCH /bookings/:id
Requires authentication (admin, lead-guide)
DELETE /bookings/:id
Requires authentication (admin, lead-guide)
### Get all tours with filters
GET http://localhost:8080/api/v1/tour?duration[lte]=5&difficulty=difficult
### Get tours by name
GET http://localhost:8080/api/v1/tour?name=The Snow Adventurer
### Get sorted tours
GET http://localhost:8080/api/v1/tour?sort=price,ratingsAverage
### Get specific fields only
GET http://localhost:8080/api/v1/tour?fields=name,price
### Pagination
GET http://localhost:8080/api/v1/tour?page=2&limit=4
### Get top 5 cheap tours
GET http://localhost:8080/api/v1/tour/top-5-cheap
### Get tour statistics
GET http://localhost:8080/api/v1/tour/tour-stast
### Get monthly plan
GET http://localhost:8080/api/v1/tour/monthly-plan/2021
### Delete tour
DELETE http://localhost:8080/api/v1/tour/66e01edbb827da77d259c699For protected routes, include the JWT token in the Authorization header:
Authorization: Bearer <your-jwt-token>
- admin: Full access to all resources
- lead-guide: Can manage tours and bookings
- guide: Can view tours and monthly plans
- guest: Can create reviews and view content
All errors follow this format:
{
"status": "error",
"message": "Error description"
}Common HTTP status codes:
400: Bad Request401: Unauthorized403: Forbidden404: Not Found500: Internal Server Error