A comprehensive movie database API built with Node.js, Express, and MongoDB. ScyDB (Screen Database) provides a robust backend for managing movies, users, reviews, genres, and roles with advanced authentication and authorization features.
- Authentication & Authorization: JWT-based auth with role-based access control
- Movie Management: CRUD operations for movies with advanced filtering and search
- Review System: Users can review movies with ratings and comments
- Genre Management: Dynamic genre system with color coding
- Role-Based Access: Three-tier role system (client, admin, super-admin) extra roles can be added
- User Management: Profile management and watchlist functionality
- Rate Limiting: Protection against abuse with configurable limits
- Security: Helmet, CORS, HPP protection, and XSS cleaning
- File Upload: Cloudinary integration for image handling
- Data Seeding: Pre-populated roles and genres
- Backend: Node.js, Express.js
- Database: MongoDB with Mongoose ODM
- Authentication: JWT (JSON Web Tokens)
- Security: CORS, HPP, XSS-Clean
- File Storage: Cloudinary
- Rate Limiting: Express Rate Limit
- Validation: Custom middleware validation
- Development: Nodemon for hot reloading
- scydb-website β The frontend client built with HTML, CSS, and JavaScript
- Clone the repository
git clone https://github.com/Scylox56/scydb-api.git
cd scydb-api- Install dependencies
npm install- Environment Setup Create a .env file in the root directory:
DB_URI=mongodb://127.0.0.1:27017/scydb
JWT_SECRET=your-super-secret-jwt-key
JWT_EXPIRES_IN=90d
JWT_COOKIE_EXPIRES_IN=7
NODE_ENV=development
CLOUDINARY_CLOUD_NAME=your-cloudinary-name
CLOUDINARY_API_KEY=your-cloudinary-key
CLOUDINARY_API_SECRET=your-cloudinary-secret- Start MongoDB Make sure MongoDB is running on your system.
- Seed the database
npm run seed:import- Start the server
# Development mode
npm run dev
# Production mode
npm start- Authentication
POST /api/v1/auth/signup - User registration
POST /api/v1/auth/login - User login
GET /api/v1/auth/logout - User logout
GET /api/v1/auth/check - Check auth status
- Movies
GET /api/v1/movies - Get all movies (with filtering/search)
GET /api/v1/movies/:id - Get single movie
POST /api/v1/movies - Create movie (admin only)
PATCH /api/v1/movies/:id - Update movie (admin only)
DELETE /api/v1/movies/:id - Delete movie (admin only)
- Reviews
GET /api/v1/movies/:movieId/reviews - Get movie reviews
POST /api/v1/movies/:movieId/reviews - Create review (authenticated)
PATCH /api/v1/reviews/:id - Update review (owner only)
DELETE /api/v1/reviews/:id - Delete review (owner/admin)
GET /api/v1/reviews/my - Get user's reviews
GET /api/v1/reviews/admin - Get all reviews (admin)
- Users
GET /api/v1/users/me - Get current user
PATCH /api/v1/users/updateMe - Update profile
PATCH /api/v1/users/updateMyPassword - Update password
DELETE /api/v1/users/deleteMe - Deactivate account
POST /api/v1/users/watchlist/:movieId - Add to watchlist
DELETE /api/v1/users/watchlist/:movieId - Remove from watchlist
GET /api/v1/users - Get all users (admin)
GET /api/v1/users/stats - User statistics (admin)
- Genres
GET /api/v1/genres - Get all genres
GET /api/v1/genres/active - Get active genres
GET /api/v1/genres/stats - Genre statistics
POST /api/v1/genres - Create genre (admin)
PATCH /api/v1/genres/:id - Update genre (admin)
DELETE /api/v1/genres/:id - Delete genre (admin)
PATCH /api/v1/genres/bulk - Bulk update genres (admin)
- Roles
GET /api/v1/roles - Get all roles
GET /api/v1/roles/stats - Role statistics
POST /api/v1/roles - Create role (super-admin)
PATCH /api/v1/roles/:id - Update role (super-admin)
DELETE /api/v1/roles/:id - Delete role (super-admin)
- Movie Filtering & Search
GET /api/v1/movies?search=batman - Search in title, director, cast, description
GET /api/v1/movies?genre=Action - Filter by genre
GET /api/v1/movies?director=Christopher - Filter by director
GET /api/v1/movies?cast=Leonardo - Filter by cast member
GET /api/v1/movies?yearFrom=2020 - Movies from 2020 onwards
GET /api/v1/movies?yearTo=2023 - Movies up to 2023
GET /api/v1/movies?duration=90-120 - Filter by duration range
GET /api/v1/movies?sort=newest - Sort options: newest, oldest, title, rating
GET /api/v1/movies?page=2&limit=10 - Pagination
Role-Based Access Control
- Client: Can view movies, create reviews, manage own profile
- Admin: All client permissions + manage movies, view all reviews
- Super-Admin: All permissions + manage users, roles, and system settings
scydb-api/
βββ config/
β βββ cloudinary.js # Cloudinary configuration
β βββ db.js # Database connection
βββ controllers/
β βββ authController.js # Authentication logic
β βββ movieController.js # Movie CRUD operations
β βββ userController.js # User management
β βββ reviewController.js # Review system
β βββ genreController.js # Genre management
β βββ roleController.js # Role management
βββ middlewares/
β βββ auth.js # Authentication middleware
β βββ error.js # Error handling
β βββ rateLimiter.js # Rate limiting config
β βββ validation.js # Input validation
βββ models/
β βββ User.js # User schema
β βββ Movie.js # Movie schema
β βββ Review.js # Review schema
β βββ Genre.js # Genre schema
β βββ Role.js # Role schema
βββ routes/
β βββ authRoutes.js # Auth endpoints
β βββ movieRoutes.js # Movie endpoints
β βββ userRoutes.js # User endpoints
β βββ reviewRoutes.js # Review endpoints
β βββ genreRoutes.js # Genre endpoints
β βββ roleRoutes.js # Role endpoints
βββ utils/
β βββ APIFeatures.js # Query helpers
β βββ appError.js # Custom error class
β βββ email.js # Email utilities
β βββ utils.js # General utilities
βββ app.js # Express app setup
βββ server.js # Server entry point
βββ seeder.js # Database seeding
User Schema
- Name, email, password (hashed)
- Role (client/admin/super-admin)
- Profile photo, watchlist
- Password change tracking Movie Schema
- Title, year, duration, description
- Genre array, director, cast array
- Poster, backdrop, trailer URLs
- Virtual reviews population Review Schema
- Rating (1-10), review text
- User and movie references
- A Constraint (one review per user per movie) Genre Schema
- Name, description, color
- Active status, movie count virtual Role Schema
- Name, description
- Permissions array
- User count tracking
- JWT Authentication: Secure token-based auth
- Password Hashing: bcryptjs encryption
- Rate Limiting: API abuse prevention
- CORS: Cross-origin request handling
- Helmet: Security headers
- HPP: HTTP Parameter Pollution protection
- XSS Protection: Input sanitization
- Input Validation: Custom middleware validation
npm start # Start production server
npm run dev # Start development server with nodemon
npm run seed:import # Import default roles and genres
npm run seed:delete # Clear all roles and genres
npm test # Run tests (placeholder)- Fork the project
- Create your feature branch (git checkout -b feature/a-feature)
- Commit your changes (git commit -m 'Added a feature')
- Push to the branch (git push origin feature/a-feature)
- Open a Pull Request
This project is licensed under the MIT License.
Created with β€οΈ by [Scylox56]
π Links Live Demo
β Don't forget to star this repo if you found it helpful!