A production-ready REST API that extends Template 11 with JWT authentication, MongoDB integration, and social features. Transform your gamified quest system into a scalable, multi-user application.
This extended version transforms the original Template 11 into a production-ready API:
quest-tracker-api-extended/
βββ package.json # Updated dependencies
βββ server.js # Enhanced server with JWT & DB
βββ .env.example # Environment configuration template
βββ README.md # This file
βββ database/
β βββ connection.js # MongoDB connection setup
β βββ models/
β βββ User.js # User model with gamification
β βββ Quest.js # Quest model with sharing
β βββ Achievement.js # Achievement definitions
βββ middleware/
β βββ auth.js # JWT + legacy API key auth
β βββ validation.js # Input validation (existing)
βββ routes/
β βββ auth.js # Authentication endpoints
β βββ quests.js # Quest CRUD with ownership
β βββ players.js # User profiles & leaderboards
β βββ categories.js # Quest categories (existing)
β βββ social.js # Social features & discovery
βββ utils/
β βββ jwt.js # JWT token utilities
βββ database/migrations/
β βββ seed.js # Database seeding script
βββ docs/ # Documentation
# Navigate to the extended project
cd quest-tracker-api-extended
# Install dependencies
npm install
# Copy environment template
cp .env.example .env
# Edit .env with your settings
Required Environment Variables:
# Server
PORT=3000
NODE_ENV=development
# JWT
JWT_SECRET=your-super-secret-jwt-key-change-in-production
JWT_EXPIRES_IN=7d
# Database
DATABASE_URL=mongodb://localhost:27017/quest-tracker
# OR for MongoDB Atlas:
# DATABASE_URL=mongodb+srv://username:password@cluster.mongodb.net/quest-tracker
# CORS
CORS_ORIGIN=http://localhost:3000,http://localhost:3001
# Legacy API Keys (comma-separated)
LEGACY_API_KEYS=demo_key_12345,test_key_67890,student_key_abcde
# Ensure MongoDB is running
# For local MongoDB:
mongod
# Seed the database with sample data
npm run db:seed
# Development mode (with auto-reload)
npm run dev
# Production mode
npm start
The API will be available at http://localhost:3000
The API supports two authentication methods:
# 1. Register a new user
curl -X POST http://localhost:3000/api/auth/register \
-H "Content-Type: application/json" \
-d '{
"username": "demo",
"email": "demo@example.com",
"password": "Password123",
"displayName": "Demo User"
}'
# 2. Login to get token
curl -X POST http://localhost:3000/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"identifier": "demo",
"password": "Password123"
}'
# 3. Use token in subsequent requests
curl http://localhost:3000/api/quests \
-H "Authorization: Bearer <your-jwt-token>"
curl http://localhost:3000/api/quests \
-H "X-API-Key: demo_key_12345"
| Method | Endpoint | Description | Auth |
|βββ|βββ-|ββββ-|ββ|
| POST | /api/auth/register | Register new user | Public |
| POST | /api/auth/login | Login and get JWT | Public |
| POST | /api/auth/refresh | Refresh access token | Public |
| GET | /api/auth/me | Get current user | JWT |
| Method | Endpoint | Description | Auth |
|βββ|βββ-|ββββ-|ββ|
| GET | /api/quests | List userβs quests | JWT/API Key |
| POST | /api/quests | Create new quest | JWT |
| GET | /api/quests/:id | Get quest details | JWT/API Key |
| PUT | /api/quests/:id | Update quest | JWT (owner) |
| DELETE | /api/quests/:id | Soft delete quest | JWT (owner) |
| POST | /api/quests/:id/complete | Complete quest | JWT (owner) |
| POST | /api/quests/:id/share | Share quest | JWT (owner) |
| POST | /api/quests/:id/clone | Clone shared quest | JWT |
| Method | Endpoint | Description | Auth |
|βββ|βββ-|ββββ-|ββ|
| GET | /api/players | Leaderboard | JWT/API Key |
| GET | /api/players/:id | Player profile | JWT/API Key |
| GET | /api/players/me | Current user profile | JWT |
| PUT | /api/players/me | Update profile | JWT |
| GET | /api/players/me/achievements | User achievements | JWT |
| POST | /api/players/:id/follow | Follow/unfollow | JWT |
| Method | Endpoint | Description | Auth |
|βββ|βββ-|ββββ-|ββ|
| GET | /api/quests/shared/public | Browse public quests | Public |
| GET | /api/quests/templates | Quest templates | Public |
| GET | /api/discover/trending | Trending quests | Public |
| GET | /api/discover/recommended | Personalized | JWT |
| GET | /api/social/feed | Activity feed | JWT |
| POST | /api/social/quests/:id/like | Like/unlike quest | JWT |
All responses follow a consistent format:
{
"success": true,
"data": {
// Response data here
},
"message": "Human readable message",
"meta": {
// Pagination, filters, etc.
}
}
# Check API status
curl http://localhost:3000/api/status
# Test with legacy API key
curl http://localhost:3000/api/quests?api_key=demo_key_12345
# Register new user
curl -X POST http://localhost:3000/api/auth/register \
-H "Content-Type: application/json" \
-d '{
"username": "testuser",
"email": "test@example.com",
"password": "TestPass123",
"displayName": "Test User"
}'
# Login
curl -X POST http://localhost:3000/api/auth/login \
-H "Content-Type: application/json" \
-d '{"identifier":"demo","password":"Password123"}'
# Create a quest (with JWT)
curl -X POST http://localhost:3000/api/quests \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <token>" \
-d '{
"title": "Learn Node.js",
"description": "Complete Node.js tutorial",
"category": "learning",
"priority": "high",
"difficulty": "medium"
}'
{
username: String, // Unique, required
email: String, // Unique, required
password: String, // Hashed with bcrypt
displayName: String,
level: Number, // Gamification level
totalXP: Number,
currentStreak: Number,
achievements: Array,
preferences: {
categories: Array,
difficulty: String,
theme: String,
privacy: Object
},
social: {
followers: Array,
following: Array
},
stats: {
totalQuestsStarted: Number,
totalQuestsCompleted: Number
}
}
{
title: String,
description: String,
owner: ObjectId, // Reference to User
status: String, // pending, in_progress, completed
category: String,
priority: String,
difficulty: String,
xpReward: Number, // Auto-calculated
deadline: Date,
tags: Array,
sharing: {
isPublic: Boolean,
isTemplate: Boolean,
likes: Array,
clones: Number
},
completion: {
completedAt: Date,
totalXPEarned: Number
},
isDeleted: Boolean // Soft delete
}
NODE_ENV=production
PORT=3000
JWT_SECRET=your-production-secret-key
DATABASE_URL=mongodb+srv://prod-user:password@cluster.mongodb.net/quest-tracker
CORS_ORIGIN=https://your-frontend-domain.com
Authorization: Bearer <token> header in requestsowner field referencing the creating userDatabase Connection Failed
# Check MongoDB is running
mongod --version
# Verify connection string in .env
DATABASE_URL=mongodb://localhost:27017/quest-tracker
JWT Token Invalid
Bearer <token>Cannot Create Quests
Port Already in Use
# Kill process on port 3000
npx kill-port 3000
# Or change PORT in .env
PORT=3001
This project extends Template 11 from the W3.5 curriculum.
This is a student project for learning purposes. Feel free to extend it with:
For issues or questions:
/api/docs when server is running| Built with β€οΈ extending Template 11 | Version 2.0.0 |