TodoList API with Authentication

Welcome to the TodoList API project! In this project, you’ll design and implement a fully functional TodoList API with user authentication. This project is a great way to build skills in backend development, covering essential concepts like authentication, CRUD operations, and data validation. You can use any supported programming language to complete this project.

Project Overview

In this project, you’ll build an API with the following core features:

• User Registration: Allow new users to create an account with a username and password.
• User Login: Authenticate users and issue a JSON Web Token (JWT) for secure access to protected routes.
• Task Management: Allow authenticated users to create, view, update, and delete tasks.
• Public Task Access: Enable anyone (authenticated or not) to view tasks.

Key Features

• Authentication: Implement JWT-based authentication to secure user actions like creating, updating, or deleting tasks.
• CRUD Operations: Build endpoints for creating, reading, updating, and deleting tasks.
• Data Validation: Validate input data to ensure correctness and provide helpful error messages.
• Authorization: Restrict certain actions to authenticated users.

API Endpoints

Here’s a summary of the expected endpoints:

1. User Registration (POST /register): Register a new user by providing a username and password.
2. User Login (POST /login): Log in to get a JWT, which is needed for access to protected routes.
3. Create a Task (POST /tasks): Create a new task (requires authentication).
4. Get All Tasks (GET /tasks): Retrieve a list of all tasks (accessible to everyone).
5. Get a Task by ID (GET /tasks/:id): Retrieve details of a specific task (accessible to everyone).
6. Update a Task (PUT /tasks/:id): Update task details, including title, description, and completion status (requires authentication).
7. Partial Update of a Task (PATCH /tasks/:id): Partially update task fields (requires authentication).
8. Delete a Task (DELETE /tasks/:id): Delete a task (requires authentication).

Requirements

• JWT for Authentication: Use JSON Web Tokens to handle user authentication. Ensure that each route requiring authentication checks for a valid token.
• Error Handling: Return informative error messages for validation errors, authentication failures, and other issues.
• In-Memory Data Storage: For simplicity, you may use in-memory storage for users and tasks. However, feel free to replace this with a database if you’d like a more realistic experience.

Suggested Steps

1. Set Up Authentication: Create routes for user registration and login. Use bcrypt to hash passwords and JWT to handle user authentication.
2. Implement Task Endpoints: Add routes for task creation, retrieval, updates, and deletion.
3. Add Validation: Validate inputs using libraries available in your language (e.g., Express Validator in Node.js).
4. Apply Authentication Middleware: Restrict access to specific routes using JWT authentication middleware.
5. Test and Refine: Test each route, both with and without authentication, to ensure everything works as expected.

---

This project provides hands-on experience in creating secure, robust APIs with modern authentication techniques. Good luck, and enjoy building your TodoList API!