Qzify is a REST API for managing online quizzes, offering endpoints for authentication, role-based user management, quiz creation, and attempt handling. It also includes security features such as JWT authentication, rate limiting, and protection against XSS and NoSQL injections.
- 🚀 Features
- 🌐 Deployment
- 🛠️ Installation
- 📖 Usage
- 📚 API Documentation
- 📂 Folder Structure
- 🌐 Environment Variables
- User registration with email verification.
- Login with JWT-based authentication.
- Password reset via email.
- Refresh token for session management.
- Revoke access through JWT token versioning.
- Admin-only access to manage users.
- View, update, and delete user profiles.
- CRUD operations for quiz questions (create, update, delete, fetch).
- Bulk question creation for efficiency.
- Categorize questions by difficulty and topic.
- Start, continue, and submit quiz attempts.
- Auto-submit expired attempts via cron jobs.
- Scoring and detailed review of quiz results.
- Rate limiting to prevent abuse.
- Protection against XSS and NoSQL injections.
- Helmet for secure HTTP headers.
The project is deployed on Railway. You can access the live version of the application at:
https://qzifybackend-production.up.railway.app
git clone <repository-url>
cd qzify_backendnpm installCreate a .env file in the root directory and configure the following:
PORT=3000
DB_USER=<your-db-user>
DB_PASSWORD=<your-db-password>
DB_HOST=<your-db-host>
DB_OPTIONS=<your-db-options>
ACCESS_TOKEN_SECRET=<your-access-token-secret>
ACCESS_TOKEN_EXPIRY=15m
REFRESH_TOKEN_SECRET=<your-refresh-token-secret>
REFRESH_TOKEN_EXPIRY=7d
SEND_GRID_API_KEY=<your-sendgrid-api-key>
USER_EMAIL=<your-email>
FRONTEND_URL=http://localhost:3000
For development:
npm run devFor production:
npm startRefer to the API Documentation section for detailed information about available endpoints.
Access the interactive API documentation at /api/docs.
For detailed information about each endpoint, refer to the API Routes Documentation.
- POST
/auth/register- Register a new user. - GET
/auth/verify-email/:token- Verify user email. - POST
/auth/login- User login. - POST
/auth/refresh-token- Refresh access token. - POST
/auth/logout- Logout the user. - POST
/auth/change-password- Change user password. - POST
/auth/forgot-password- Request password reset. - PATCH
/auth/reset-password/:token- Reset user password.
- GET
/users- Get all users (Admin only). - GET
/users/:id- Get user profile. - PUT
/users/:id- Update user profile. - DELETE
/users/:id- Delete user profile (Admin only).
- GET
/questions- Get all questions. - GET
/questions/:id- Get question by ID. - POST
/questions- Create a new question. - PUT
/questions/:id- Update a question. - DELETE
/questions/:id- Delete a question. - GET
/questions/category- Get all available categories. - GET
/questions/category/:category- Get questions by category. - POST
/questions/bulk- Create multiple questions. - GET
/questions/random- Generate random quiz.
- POST
/attempts/start- Start a new quiz attempt. - GET
/attempts/:id/continue- Continue an in-progress quiz attempt. - PATCH
/attempts/:id- Update a quiz attempt. - POST
/attempts/:id/submit- Submit answers for a quiz attempt. - GET
/attempts/:id- Get details of a quiz attempt. - GET
/attempts- Get all quiz attempts of the authenticated user.
qzify_backend/
├── src/
│ ├── features/
│ │ ├── auth/ # Authentication logic
│ │ ├── users/ # User management
│ │ ├── questions/ # Quiz questions
│ │ └── attempts/ # Quiz attempts
│ ├── shared/
│ │ ├── config/ # Configuration files
│ │ ├── middleware/ # Middleware functions
│ │ ├── swagger/ # Swagger API docs
│ │ └── utils/ # Utility functions
│ └── app.js # Express app setup
├── .gitignore # Ignored files for Git
├── package.json # Project metadata and dependencies
└── README.md # Project documentation
| Variable | Description |
|---|---|
PORT |
Port number for the server. |
DB_USER |
MongoDB username. |
DB_PASSWORD |
MongoDB password. |
DB_HOST |
MongoDB host. |
DB_OPTIONS |
MongoDB connection options. |
ACCESS_TOKEN_SECRET |
Secret for access tokens. |
ACCESS_TOKEN_EXPIRY |
Expiry time for access tokens. |
REFRESH_TOKEN_SECRET |
Secret for refresh tokens. |
REFRESH_TOKEN_EXPIRY |
Expiry time for refresh tokens. |
SEND_GRID_API_KEY |
API key for SendGrid email service. |
USER_EMAIL |
Sender email address. |
FRONTEND_URL |
URL of the frontend application. |