Natours is a full-stack tour-booking app with a RESTful API backend (Node.js, Express, MongoDB/Mongoose) and a server-side rendered frontend (Pug, Vanilla JS, CSS).
-
- REST API with filtering, sorting, pagination, and aliasing
- Stack: Node.js, Express
- Endpoints:
/tours,/users,/reviews,/bookings - Auth & Security: JWT (HTTP-only cookies), rate limiting (100 req/hr), Helmet headers, NoSQL sanitization
- Responses: JSON, proper HTTP status codes
-
- Templating: Pug
- Bundling & ES6: Webpack, modern JavaScript
- API Calls: Axios
-
- JWT-based login/signup (bcrypt-hashed passwords)
- Rate limiting, Helmet, data sanitization
-
- Nodemailer (Gmail) for welcome, password reset & booking confirmations
-
- Stripe checkout, webhook listener → booking creation
-
- Radius search & distance calculations
- Leaflet map integration
-
- Multer + Sharp for upload, resize (500×500), JPEG conversion & optimization
-
Clone repository:
git clone https://github.com/SamerYaserr/Natours.git
-
Initialize a Package.json File (if not already done):
npm init
-
Install dependencies:
npm install
-
Setting up env variables:
# Server Configuration NODE_ENV=development PORT=3000 # Database Configuration DATABASE=<your_mongo_db_URL> DATABASE_PASSWORD=<your_mongo_db_password> # Authentication JWT_SECRET=<your_jwt_secret_key> JWT_EXPIRES_IN=<JWT_expiration_date> JWT_COOKIE_EXPIRES_IN=<JWT_cookie_expiration_date> # Email Services ## Mailtrap (Development) EMAIL_HOST=<sandbox.smtp.mailtrap.io> EMAIL_PORT=587 EMAIL_USERNAME=<your_mailtrap_username> EMAIL_PASSWORD=<your_mailtrap_password> ## Gmail (Production) GMAIL_LOGIN=<your_gmail> GMAIL_PASSWORD=<your_gmail_app_key> # Payments STRIPE_SECRET_KEY=<your_stripe_secret_key> STRIPE_WEBHOOK_SECRET=<your_stripe_webhook_secret_key> # General Settings EMAIL_FROM=<your_sender_email>