A Node.js backend for an agricultural e-commerce app with user registration, email OTP verification, JWT authentication, and role-based access.

• User registration with email OTP verification
• JWT-based authentication
• Role-based access control (farmer, pos, admin)
• Admin-only routes for POS creation and user deletion
• Modular code structure (controllers, routes, models, middleware)
• MongoDB with Mongoose
• Nodemailer for sending OTP emails

1. Clone the repository and install dependencies:

   npm install

2. Configure environment variables:

   Create a .env file in the root directory:

   PORT=5000
   MONGO_URI=your_mongodb_uri
   JWT_SECRET=your_jwt_secret_key
   EMAIL_USER=your_email@gmail.com
   EMAIL_PASS=your_email_password
   

3. Run the development server:

   npm run dev

   The server will start on http://localhost:5000.

backend/
  .env
  .gitignore
  package.json
  src/
    app.js
    server.js
    config/
      db.js
    controllers/
      authController.js
    middleware/
      authMiddleware.js
    models/
      userModel.js
    routes/
      authRoutes.js
      userRoutes.js
    utils/
      sendEmail.js

• POST /api/auth/register
• Body:

  {
    "name": "Farmer Name",
    "email": "farmer@email.com",
    "password": "password123"
  }

• Response:

  {
    "message": "Farmer registered, OTP sent to email"
  }

• POST /api/auth/verify-otp
• Body:

  {
    "email": "farmer@email.com",
    "otp": "123456"
  }

• Response:

  {
    "message": "OTP verified",
    "token": "<JWT_TOKEN>"
  }

• POST /api/auth/login
• Body:

  {
    "email": "user@email.com",
    "password": "password123"
  }

• Response:

  {
    "message": "Login successful",
    "token": "<JWT_TOKEN>"
  }

• GET /api/users/me
• Headers:

  Authorization: Bearer <JWT_TOKEN>
  

• Response:

  {
    "user": {
      "_id": "...",
      "name": "...",
      "email": "...",
      "role": "farmer|pos|admin",
      "isVerified": true
    }
  }

• POST /api/users/pos/register-farmer
• Headers:

  Authorization: Bearer <POS_JWT_TOKEN>
  

• Body:

  {
    "name": "Farmer Name",
    "email": "farmer@email.com",
    "password": "password123"
  }

• Response:

  {
    "message": "Farmer registered by POS, OTP sent to email"
  }

• POST /api/admin/create-pos
• Headers:

  Authorization: Bearer <ADMIN_JWT_TOKEN>
  

• Body:

  {
    "name": "POS Name",
    "email": "pos@email.com",
    "password": "password123",
    "role": "pos"
  }

• Response:

  {
    "message": "POS user created",
    "user": {
      "_id": "...",
      "name": "...",
      "email": "...",
      "role": "pos"
    }
  }

• DELETE /api/admin/delete-user
• Headers:

  Authorization: Bearer <ADMIN_JWT_TOKEN>
  

• Body:

  {
    "email": "user@email.com"
  }

• Response:

  {
    "message": "User deleted"
  }

• Import the above endpoints into Postman.
• Register a user, verify OTP, login, and use the JWT token for protected routes.

• Make sure to use a valid Gmail account and enable "less secure app access" or use an app password for Nodemailer.
• Update MONGO_URI and JWT_SECRET in .env for production.
• Admin user must be created manually in the database (not via API).
• Only one admin and one POS can exist at a time.
• Role spoofing is not possible via any endpoint.
• All passwords are hashed.
• All endpoints return proper error messages

• express
• mongoose
• dotenv
• nodemailer
• jsonwebtoken
• bcryptjs
• cors
• nodemon (dev)

MIT