This is an Express application providing a REST API to the Booking Clone application.
Generally it is a RESTful API and returns results in JSON format.
It allows to register a new user.
POST /api/auth/register
-
Body
{ "email": "[valid user email address]", "password": "[user password in plain text]", "repeatPassword": "[repeated user password in plain text]", "firstName": "[user first name]", "lastName": "[user last name]", "role": "[role of the user (user | hotelOwner)]", "isSmsAllowed": [true | false], "phoneNumber": "[user phone number]", "tin": "[tax identification number of the hotel owner]" }
Required fields:
email, password, repeatPassword, firstName, lastName, role, isSmsAllowed
-
Success Response:
Status Code: 200 OK
Body:
{ "userId": "[user identifier]", "token": "[JWT Token]" }
-
Error Response:
-
Status Code: 409 Conflict
Body:
{ "message": "Account with this email address already exists." }
-
Status Code: 400 Bad Request
Body:
{ "message": "[Data validation error message]" }
-
It allows user to log in.
POST /api/auth/login
-
Body
{ "email": "[valid user email address]", "password": "[user password in plain text]" }
Required fields:
email, password
-
Success Response:
Status Code: 200 OK
Body:
{ "userId": "[user identifier]", "token": "[JWT Token]" }
The JWT token is also returned in response headers as
X-Auth-Token. This token must be sent in every future requests where user need to be authenticated. -
Error Response:
-
Status Code: 401 Unauthorized
Body:
{ "message": "Email or password is wrong." }
-
Status Code: 400 Bad Request
Body:
{ "message": "[Data validation error message]" }
-
It sends user an email with the link to reset his/her password.
POST /api/auth/requestPasswordReset
-
Body
{ "email": "[valid user email address]" }
Required fields:
email
-
Success Response:
Status Code: 200 OK
Body:
{ "success": true }
-
Error Response:
-
Status Code: 400 Bad Request
Body:
{ "message": "User does not exists." }
or
Body:
{ "message": "[Data validation error message]" }
-
It allows user to reset his/her password.
POST /api/auth/resetPassword
-
Body
{ "userId": "[user identifier]", "token": "[valid JWT token]", "password": "[user new password in plain text]" }
Required fields:
userId, token, password
-
Success Response:
Status Code: 200 OK
Body:
{ "success": true }
-
Error Response:
-
Status Code: 401 Unauthorized
Body:
{ "message": "Invalid or expired password reset token." }
-
Status Code: 400 Bad Request
Body:
{ "message": "[Data validation error message]" }
-
It returns data about logged in user.
GET /api/user/me
-
Body
No body data required.
-
Success Response:
Status Code: 200 OK
Body:
{ "isVerified": [true | false], "role": "[user role (user | hotelOwner)]", "_id": "[user identifier]", "email": "[user email]", "firstName": "[user first name]", "lastName": "[user last name]", "isSmsAllowed": [true | false] }
-
Error Response:
-
Status Code: 401 Unauthorized
Body:
{ "message": "Invalid token." }
-
It returns logged in user all hotel reservations.
GET /api/reservations
-
Body
No body data required.
-
Success Response:
Status Code: 200 OK
Body for standard user:
[ { "_id": "[reservation identifier]", "startDate": "[reservation start date]", "endDate": "[reservation end date]", "people": { "adults": [number of adults], "children": [number of children] }, "hotel": { "name": "[name of the hotel]", "address": { "country": "[country in which the hotel is located]", "city": "[city where the hotel is located]", "zipcode": "[postal code where the hotel is located]", "street": "[street the hotel is located on]", "buildingNumber": [number of the building where hotel is located] }, "room": { "roomNumber": "[room number]", "price": [price of the room for one night], "description": "[room description]" } } }, ... ]
Body for hotel owner:
[ { "_id": "[reservation identifier]", "isPaid": [true | false], "startDate": "[reservation start date]", "endDate": "[reservation end date]", "people": { "adults": [number of adults], "children": [number of children] }, "hotel": { "name": "[name of the hotel]", "address": { "country": "[country in which the hotel is located]", "city": "[city where the hotel is located]", "zipcode": "[postal code where the hotel is located]", "street": "[street the hotel is located on]", "buildingNumber": [number of the building where hotel is located] }, "room": { "roomNumber": "[room number]", "price": [price of the room for one night], "description": "[room description]" } }, "user": { "email": "[email of the user who booked the room]", "firstName": "[first name of the user who booked the room]", "lastName": "[last name of the user who booked the room]" } }, ... ]
-
Error Response:
-
Status Code: 401 Unauthorized
Body:
{ "message": "Invalid token." }
-
It allows user to book a room in the hotel.
POST /api/reservations
-
Body
{ "user": "[user identifier]", "hotel": "[hotel identifier]", "room": "[room identifier]", "startDate": "[reservation start date]", "endDate": "[reservation end date]", "people": { "adults": [number of adults in the room], "children": [number of children in the room] } }
Required fields:
user, hotel, room, startDate, endDate, people
-
Success Response:
Status Code: 200 OK
{ "reservationId": "[reservation identifier]" }
-
Error Response:
-
Status Code: 401 Unauthorized
Body:
{ "message": "Invalid token." }
-
Status Code: 403 Forbidden
Body:
{ "message": "You are not allowed to make a reservation." }
-
Status Code: 400 Bad Request
Body:
{ "message": "The room is not available." }
or
Body:
{ "message": "Hotel does not exist." }
or
Body:
{ "message": "Room does not exist" }
or
Body:
{ "message": "Exceeded number of visitors." }
or
Body:
{ "message": "[Data validation error message]" }
-
It allows to update users reservation payment.
PUT /api/reservations/pay/:id
-
Body No body data required.
-
Params
:id- reservation identifier
-
Success Response:
Status Code: 200 OK
{ "success": true }
-
Error Response:
-
Status Code: 401 Unauthorized
Body:
{ "message": "Invalid token." }
-
Status Code: 400 Bad Request
Body:
{ "message": "Reservation not found." }
-
It allows user to cancel a room reservation in the hotel.
DELETE /api/reservations/:id
-
Body
No body data required.
-
Params
:id- reservation identifier
-
Success Response:
Status Code: 200 OK
{ "success": true }
-
Error Response:
-
Status Code: 401 Unauthorized
Body:
{ "message": "Invalid token." }
-
Status Code: 403 Forbidden
Body:
{ "message": "You are not allowed to cancel this reservation." }
-
Status Code: 400 Bad Request
Body:
{ "message": "Reservation not found." }
or
Body:
{ "message": "An error occurred while checking hotel owner." }
or
Body:
{ "message": "The reservation cannot be cancelled." }
-
It allows the hotel owner to get all his hotels
GET /api/hotelOwner/hotels
-
Success Response:
Status Code: 200 OK
Body:
[ { "description": "[hotel description]", "_id": "[hotel identifier]", "localization": { "_id": "[localization identifier]", "city": "[localization city]", "country": "[localization country]", "zipcode": "[localization zipcode]", "street": "[localization street]", "buildingNumber": [localization building number] }, "phoneNumber": "[hotel phone number]", "name": "[hotel name]", "email": "[hotel email]", "rooms": [ { "description": "[room description]", "_id": "[room identifier]", "roomNumber": "[room nuber]", "beds": { "single": "[single beds number]", "double": "[double beds number]" }, "price": [room price], "createdAt": "[created date]", "updatedAt": "[updated date]" } ], "ownerId": "[hotel owner identifier]", "clientsRates": [hotel clients rates], "createdAt": "[created date]", "updatedAt": "[updated date]" } ]
-
Error Response:
-
Status Code: 401 Unauthorized
Body:
{ "message": "Access denied." }
-
Status Code: 403 Forbidden
Body:
{ "message": "Access denied." }
or
Body:
{ "message": "User is not verified." }
-
It allows the hotel owner to add new hotel
POST /api/hotelOwner/hotels
-
Body
{ "name": "[hotel name]", "description": "[hotel description]", "localization": { "city": "[localization city]", "country": "[localization country]", "zipcode": "[localization zipcode]", "street": "[localization street]", "buildingNumber": [localization building number] }, "email": "[hotel email]", "rooms": [ { "description": "[room description]", "roomNumber": "[room nuber]", "beds": { "single": "[single beds number]", "double": "[double beds number]" }, "price": [room price] } ], }
Required fields:
all localization fields, phoneNumber, name, email, roomNumber, beds, price
-
Success Response:
Status Code: 200 OK
Body:
[ { "description": "[hotel description]", "_id": "[hotel identifier]", "localization": { "_id": "[localization identifier]", "city": "[localization city]", "country": "[localization country]", "zipcode": "[localization zipcode]", "street": "[localization street]", "buildingNumber": [localization building number] }, "phoneNumber": "[hotel phone number]", "name": "[hotel name]", "email": "[hotel email]", "rooms": [ { "description": "[room description]", "_id": "[room identifier]", "roomNumber": "[room nuber]", "beds": { "single": "[single beds number]", "double": "[double beds number]" }, "price": [room price], "createdAt": "[created date]", "updatedAt": "[updated date]" } ], "ownerId": "[hotel owner identifier]", "clientsRates": [hotel clients rates], "createdAt": "[created date]", "updatedAt": "[updated date]" } ]
-
Error Response:
-
Status Code: 401 Unauthorized
Body:
{ "message": "Access denied." }
-
Status Code: 403 Forbidden
Body:
{ "message": "Access denied." }
or
Body:
{ "message": "User is not verified." }
-
It allows the hotel owner to update hotel
PUT /api/hotelOwner/hotels/:id
-
Body
{ "[hotel field]": "[new value]" }
-
Success Response:
Status Code: 200 OK
-
Body:
[ { "description": "[hotel description]", "_id": "[hotel identifier]", "localization": { "_id": "[localization identifier]", "city": "[localization city]", "country": "[localization country]", "zipcode": "[localization zipcode]", "street": "[localization street]", "buildingNumber": [localization building number] }, "phoneNumber": "[hotel phone number]", "name": "[hotel name]", "email": "[hotel email]", "rooms": [ { "description": "[room description]", "_id": "[room identifier]", "roomNumber": "[room nuber]", "beds": { "single": "[single beds number]", "double": "[double beds number]" }, "price": [room price], "createdAt": "[created date]", "updatedAt": "[updated date]" } ], "ownerId": "[hotel owner identifier]", "clientsRates": [hotel clients rates], "createdAt": "[created date]", "updatedAt": "[updated date]" } ]
-
Error Response:
-
Status Code: 400 Bad Request
Body:
{ "message": "Hotel not found." }
-
Status Code: 401 Unauthorized
Body:
{ "message": "Access denied." }
-
Status Code: 403 Forbidden
Body:
{ "message": "Access denied." }
or
Body:
{ "message": "User is not verified." }
-
It allows the hotel owner to delet hotel
DELETE /api/hotelOwner/hotels/:id
-
Query
It allows to remove a hotel even if they have any reservation.
forceDelete = true -
Body
No body data required.
-
Success Response:
Status Code: 200 OK
-
Error Response:
-
Status Code: 400 Bad Request
Body:
{ "message": "Remove reservations first or check `force delete` flag" }
-
Status Code: 401 Unauthorized
Body:
{ "message": "Access denied." }
-
Status Code: 403 Forbidden
Body:
{ "message": "Forbidden" }
or
Body:
{ "message": "User is not verified." }
-
It allows the hotel owner to add room to a hotel
POST /api/hotelOwner/hotels/:id/addRoom
-
Body
[ { "description": "[room description]", "roomNumber": [room number]", "beds": { "single": "[single beds number]", "double": "[double beds number]" }, "price": "[price]" } ]Required fields:
roomNumber, beds, single, double, price
-
Success Response:
Status Code: 200 OK
[ { "description": "[hotel description]", "_id": "[hotel identifier]", "localization": { "_id": "[localization identifier]", "city": "[localization city]", "country": "[localization country]", "zipcode": "[localization zipcode]", "street": "[localization street]", "buildingNumber": [localization building number] }, "phoneNumber": "[hotel phone number]", "name": "[hotel name]", "email": "[hotel email]", "rooms": [ { "description": "[room description]", "_id": "[room identifier]", "roomNumber": "[room nuber]", "beds": { "single": "[single beds number]", "double": "[double beds number]" }, "price": [room price], "createdAt": "[created date]", "updatedAt": "[updated date]" } ], "ownerId": "[hotel owner identifier]", "clientsRates": [hotel clients rates], "createdAt": "[created date]", "updatedAt": "[updated date]" } ]
-
Error Response:
-
Status Code: 400 Bad Request
Body:
{ "message": "Hotel with provided ID was not found." }
-
Status Code: 401 Unauthorized
Body:
{ "message": "Access denied." }
-
Status Code: 403 Forbidden
Body:
{ "message": "Forbidden" }
or
Body:
{ "message": "User is not verified." }
-
It allows to get all hotels
GET /api/hotels
-
Query
pageNumber = [ page number ]pageSize = [ page size ]city = [ "city" ]
-
Success Response:
Status Code: 200 OK
Body:
{ "hotels":[ { "description": "[hotel description]", "_id": "[hotel identifier]", "localization": { "_id": "[localization identifier]", "city": "[localization city]", "country": "[localization country]", "zipcode": "[localization zipcode]", "street": "[localization street]", "buildingNumber": [localization building number] }, "phoneNumber": "[hotel phone number]", "name": "[hotel name]", "email": "[hotel email]", "rooms": [ { "description": "[room description]", "_id": "[room identifier]", "roomNumber": "[room nuber]", "beds": { "single": "[single beds number]", "double": "[double beds number]" }, "price": [room price], "createdAt": "[created date]", "updatedAt": "[updated date]" } ], "ownerId": "[hotel owner identifier]", "clientsRates": [hotel clients rates], "createdAt": "[created date]", "updatedAt": "[updated date]" } ], "pages": [pages number] }
-
Error Response:
No error
It allows to get all hotels
GET /api/hotels/getAvailable
-
Query
pageNumber = [ page number ]pageSize = [ page sizecity = [ "page number" ]adults = [ "adults number" ]children = [ "children number" ]startDate = [ "start date" ]endDate = [ "end date" ]
-
Success Response:
Status Code: 200 OK
Body:
{ "hotels":[ { "description": "[hotel description]", "_id": "[hotel identifier]", "localization": { "_id": "[localization identifier]", "city": "[localization city]", "country": "[localization country]", "zipcode": "[localization zipcode]", "street": "[localization street]", "buildingNumber": [localization building number] }, "phoneNumber": "[hotel phone number]", "name": "[hotel name]", "email": "[hotel email]", "rooms": [ { "description": "[room description]", "_id": "[room identifier]", "roomNumber": "[room nuber]", "beds": { "single": "[single beds number]", "double": "[double beds number]" }, "price": [room price], "createdAt": "[created date]", "updatedAt": "[updated date]" } ], "ownerId": "[hotel owner identifier]", "clientsRates": [hotel clients rates], "createdAt": "[created date]", "updatedAt": "[updated date]" } ], "pages": [pages number] }
-
Error Response:
No error
It allows to get limited amount hotels
GET /api/hotels/getLimitedHotels/:limit
-
Success Response:
Status Code: 200 OK
Body:
[ { "description": "[hotel description]", "_id": "[hotel identifier]", "localization": { "_id": "[localization identifier]", "city": "[localization city]", "country": "[localization country]", "zipcode": "[localization zipcode]", "street": "[localization street]", "buildingNumber": [localization building number] }, "phoneNumber": "[hotel phone number]", "name": "[hotel name]", "email": "[hotel email]", "rooms": [ { "description": "[room description]", "_id": "[room identifier]", "roomNumber": "[room nuber]", "beds": { "single": "[single beds number]", "double": "[double beds number]" }, "price": [room price], "createdAt": "[created date]", "updatedAt": "[updated date]" } ], "ownerId": "[hotel owner identifier]", "clientsRates": [hotel clients rates], "createdAt": "[created date]", "updatedAt": "[updated date]" } ]
-
Error Response:
No error
It allows to get hotel by id
GET /api/hotels/:id
-
Success Response:
Status Code: 200 OK
Body:
{ "description": "[hotel description]", "_id": "[hotel identifier]", "localization": { "_id": "[localization identifier]", "city": "[localization city]", "country": "[localization country]", "zipcode": "[localization zipcode]", "street": "[localization street]", "buildingNumber": [localization building number] }, "phoneNumber": "[hotel phone number]", "name": "[hotel name]", "email": "[hotel email]", "rooms": [ { "description": "[room description]", "_id": "[room identifier]", "roomNumber": "[room nuber]", "beds": { "single": "[single beds number]", "double": "[double beds number]" }, "price": [room price], "createdAt": "[created date]", "updatedAt": "[updated date]" } ], "ownerId": "[hotel owner identifier]", "clientsRates": [hotel clients rates], "createdAt": "[created date]", "updatedAt": "[updated date]" }
-
Error Response:
-
Status Code: 404 Not found
Body:
{ "message": "Hotel not found." }
-
It allows to get available hotel rooms
GET /api/hotels/:id/availableRooms
-
Query
startDate = [ "start date" ]endDate = [ "end date" ]adults = [ "adults number" ]children = [ "children number" ]
-
Success Response:
Status Code: 200 OK
Body:
[ { "description": "[room description]", "_id": "[room identifier]", "roomNumber": "[room nuber]", "beds": { "single": "[single beds number]", "double": "[double beds number]" }, "price": [room price], "createdAt": "[created date]", "updatedAt": "[updated date]" } ]
-
Error Response:
-
Status Code: 404 Not found
Body:
{ "message": "Hotel not found." }
-
It allows the administrator to get all users
GET /api/admin/users
-
Body
No body data required.
-
Success Response:
Status Code: 200 OK
Body:
[ { "isVerified": [true | false], "role": "[role of the user (user | hotelOwner)]", "_id": "[user identifier]", "email": "[user email address]" "password": "[user password]", "firstName": "[user first name]", "lastName": "[user last name]", "phoneNumber": "[user phone number]", "tin": "[tax identification number of the hotel owner]" "isSmsAllowed": [true | false], } ]
-
Error Response:
-
Status Code: 401 Unauthorized
Body:
{ "message": "Access denied." }
-
Status Code: 403 Forbidden
Body:
{ "message": "Forbidden" }
-
It allows the administrator to get all hotel owners
GET /api/admin/hotelOwner
-
Body
No body data required.
-
Success Response:
Status Code: 200 OK
Body:
[ { "isVerified": [true | false], "role": "[role of the user (user | hotelOwner)]", "_id": "[user identifier]", "email": "[user email address]" "password": "[user password]", "firstName": "[user first name]", "lastName": "[user last name]", "phoneNumber": "[user phone number]", "tin": "[tax identification number of the hotel owner]" "isSmsAllowed": [true|false], } ]
-
Error Response:
-
Status Code: 401 Unauthorized
Body:
{ "message": "Access denied." }
-
Status Code: 403 Forbidden
Body:
{ "message": "Forbidden" }
-
It allows the administrator to change user role
PUT /api/admin/acceptUserToHotelOwner/:id
-
Body
No body data required.
-
Success Response:
Status Code: 200 OK
-
Error Response:
-
Status Code: 401 Unauthorized
Body:
{ "message": "Access denied." }
-
Status Code: 403 Forbidden
Body:
{ "message": "Access denied" }
-
It allows the administrator to verify hotel owner
PUT /api/admin/verifyHotelOwner/:id
-
Body
No body data required.
-
Success Response:
Status Code: 200 OK
-
Error Response:
-
Status Code: 401 Unauthorized
Body:
{ "message": "Access denied." }
-
Status Code: 403 Forbidden
Body:
{ "message": "Access denied" }
-
It allows the administrator to remove hotel owner
DELETE /api/admin/hotelOwner/:id
-
Body
No body data required.
-
Success Response:
Status Code: 200 OK
-
Error Response:
-
Status Code: 400 Bad Request
Body:
{ "message": "Remove hotel(s) first" }
or
Body:
{ "message": "Hotel owner with provided id not found" }
-
Status Code: 401 Unauthorized
Body:
{ "message": "Access denied." }
-
Status Code: 403 Forbidden
Body:
{ "message": "Access denied" }
-
It allows the administrator to remove users
DELETE /api/admin/users
-
Query
It allows to remove a user even if they have any reservation.
forceDelete = true -
Body
;['user identifier']
-
Success Response:
Status Code: 200 OK
-
Error Response:
-
Status Code: 400 Bad Request
Body:
{ "message": "User not found" }
or
Body:
{ "message": "Remove reservations first" }
-
Status Code: 401 Unauthorized
Body:
{ "message": "Access denied." }
-
Status Code: 403 Forbidden
Body:
{ "message": "Access denied" }
-
It allows the administrator to remove users
DELETE /api/admin/hotels/:id
-
Query
It allows to remove a hotel even if they have any reservation.
forceDelete = true -
Body
No body data required.
-
Success Response:
Status Code: 200 OK
-
Error Response:
-
Status Code: 400 Bad Request
Body:
{ "message": "Hotel not found" }
or
Body:
{ "message": "Remove reservations first" }
-
Status Code: 401 Unauthorized
Body:
{ "message": "Access denied." }
-
Status Code: 403 Forbidden
Body:
{ "message": "Access denied" }
-