This is the backend API for the Library Management System built with Node.js, Express.js, and MongoDB, supporting both student and admin roles with secure JWT authentication.
- Backend: Node.js, Express.js
- Database: MongoDB (with Mongoose)
- Authentication: JWT with httpOnly cookies
- File Upload: Cloudinary
- Payment: Razorpay integration
- Emailing: Nodemailer
📦lms_api
┣ 📂Controllers
┣ 📂Models
┣ 📂Routes
┣ 📂Utils
┣ 📂Middlewares
┣ 📂Data
┃ ┣ 📄config.dev.env
┃ ┗ 📄config.prod.env
┣ 📄server.js
┗ 📄package.json
| Method | Endpoint | Description | Access |
|---|---|---|---|
| POST | /api/user/register |
Register new user | Public |
| POST | /api/user/login |
Login and set cookie | Public |
| GET | /api/verifyToken |
Verify token and get role | Authenticated |
| POST | /api/books/addNewBook |
Add new book | Admin |
| GET | /api/books/getBooks |
Get all books | public |
| POST | /api/extensionRequests/addNewRequest |
Request extension | Student |
| GET | /api/extensionRequests/getRequestsData |
View extension request history | Student |
| POST | /api/extensionRequests/acceptRequest |
Accept extension | Admin |
| POST | /api/allottedBooks/allotBooks |
Allot book to student | Admin |
| GET | /api/allottedBooks/getAllottedBooksById |
View allotted books | Student |
| GET | /api/allottedBooks/getPenaltyBooksById |
View penalties | Student |
(More APIs included in source)
- Dev:
http://localhost:PORT - Production:
https://your-api.onrender.com
- Login/Register → receives JWT (httpOnly cookie)
- Use
/verifyTokento check auth status on frontend - Role is stored for route protection
student: Can issue, return, request extension, and pay penalty.admin: Can manage books, handle extension requests, update penalty amount, and track user activity.
Use separate environment files for development and production.
NODE_ENV=development PORT=Port_no MONGODB_URI=Your-mongoDB-URI TOKEN_KEY=your-dev-secret FRONTEND_URL=Your-react-frontend-URL RAZORPAY_KEY_ID=your-test-key-id RAZORPAY_SECRET_KEY=your-test-secret CLOUDINARY_API_KEY=your-dev-key CLOUDINARY_API_SECRET=your-dev-secret CLOUDINARY_CLOUD_NAME=your-cloud-name EMAIL_USER=youremail@example.com EMAIL_PASSWORD=your-app-password
NODE_ENV=production PORT=Port_no MONGODB_URI=your-production-uri TOKEN_KEY=your-prod-secret FRONTEND_URL=https://your-frontend.vercel.app RAZORPAY_KEY_ID=your-live-key-id RAZORPAY_SECRET_KEY=your-live-secret CLOUDINARY_API_KEY=your-prod-key CLOUDINARY_API_SECRET=your-prod-secret CLOUDINARY_CLOUD_NAME=your-cloud-name EMAIL_USER=youremail@example.com EMAIL_PASSWORD=your-app-password
import dotenv from 'dotenv'; const envPath = process.env.NODE_ENV === 'production' ? './Data/config.prod.env' : './Data/config.dev.env'; dotenv.config({ path: envPath });
- Push code to a GitHub private repo.
- Connect Render to that repo.
- Set environment variables from
config.prod.env. - Set Build Command:
npm install - Set Start Command:
node server.js(ornpm start)
- Deploy your React/Vite frontend.
- Set your VITE_API_URL to your Render API endpoint in Vercel Environment Settings.
httpOnlycookies for secure authentication- Role-based route protection
- Middleware-based token checks
- Input validation and sanitization
Use Postman or frontend integration with withCredentials: true for cookie-based auth.
Integrated with Cloudinary for book cover images.
Email uses Nodemailer with your Gmail or custom SMTP settings. Ensure your Gmail allows less secure app access or generate an App Password if 2FA is on.
Used for penalty payments. Keys are loaded from the environment.