Backend API for workshop activity bookings, built with Express + TypeScript.
- User registration and login with JWT
- Activity lifecycle management (
draft→published→confirmed→done/cancelled) - Booking creation with capacity validation (no overbooking)
- Mock payment processing on booking creation
- JSON file persistence in
db/
# Install dependencies
npm install
# Development (secured mode by default)
npm run dev
# Development in open mode (no auth required on protected routes)
npm run dev:open
# Type check
npm run typecheck
# Run tests
npm test
# Build and run production
npm run build
npm run startServer default URL: http://localhost:3000 (override with PORT).
- Secured mode (
npm run dev): protected endpoints requireAuthorization: Bearer <token>. - Open mode (
npm run dev:open): protected endpoints bypass client auth and impersonate the first user fromdb/users.json. - If
db/users.jsonis empty, open mode fails at startup.
Manual env option (equivalent to dev:open):
SECURITY_MODE=open npm run devGET /healthPOST /usersPOST /loginGET|POST|PUT|DELETE /activitiesPATCH /activities/:id/statusGET|POST /bookingsGET /bookings/:id
See detailed behavior and acceptance criteria in specs/.
- API responses are aligned with DTO contracts in
client/. - Resource ids in API payloads are numeric (
id,userId,activityId). - Internal persisted ids remain string-based (
resource-<n>) and are mapped at the HTTP boundary. - Booking responses include nested
paymentshape:method:none | cash | creditCard | paypalstatus:none | pending | paid | refunded
- Date fields are emitted as ISO strings suitable for client-side
Dateparsing.
PUT /activities/:idaccepts partial payloads; omitted fields keep their current values.- When
statusis sent inPUT, lifecycle transition rules are still enforced. PATCH /activities/:id/statusremains available for explicit status-transition workflows.
-
Default branch:
master -
Author: Alberto Basalo
-
Ai Code Academy en Español: AI code Academy
-
Socials: