Advanced Node.

js, TypeScript API Development Course:

Building a Robust Inventory Management System with
POS
• Welcome to this advanced course where we will build a powerful
API for an Inventory Management System with a Point of Sale (POS)
using Node.js, TypeScript, Express, MongoDB, and Prisma.

• This course is designed for developers who want to deepen their

understanding of backend development using TypeScript and
Node.js, and it will guide you through building a production-ready
API that you can use in real-world applications.

• The API we will build is intended for a client managing multiple

drug shops, requiring comprehensive features like user roles, shop
What We Will Build:
In this course, we will create an API that supports the following
functionalities:
•Authentication and Authorization: Implementing a robust
system where the admin can log in, create shop attendants, and
manage user roles and permissions.
•Shop Management: Allowing the admin to create and manage
multiple shops.
•Product Management: Admin can create products with complex
relationships, including categories, manufacturers, product families,
industries, and units.
Course Outline:
1.Introduction & Setup
1. Overview of the project
2. Setting up the development environment
3. Installing Node.js, TypeScript, and Express
4. Initializing a new Node.js project
2.Setting Up TypeScript & Express
1. Configuring TypeScript in a Node.js project
2. Setting up Express with TypeScript
3. Creating basic route handlers
4. Handling errors and middlewares
3.Integrating Prisma with MongoDB
1. Setting up Prisma in a Node.js project
2. Configuring MongoDB as the database
3. Defining the Prisma schema
4. Running migrations and seeding the database
4.Building Authentication & Authorization
1. Implementing JWT for authentication
2. Setting up roles and permissions
3. Creating middleware for role-based access control
4. Building routes for user registration, login, and role management
5. Shop Management Module
1. Creating the Shop model in Prisma
2. Building routes for shop creation and management
3. Associating shops with users (admin and attendants)
4. Implementing CRUD operations for shops
6.Product Management Module
1. Defining the Product model with relationships (category, manufacturer, etc.)
2. Building routes for creating and managing products
3. Implementing filters and search functionality for products
4. Managing product inventory and stock levels
7.Customer & Sales Tracking Module
1. Creating models for customers, sales, and orders
2. Building routes for managing customers
3. Implementing order processing and sales tracking
4. Generating reports and summaries for shop performance
8.Testing & Deploying the API
1. Writing unit and integration tests for the API
2. Setting up CI/CD for continuous deployment
3. Deploying the API to a production environment (e.g., Railway)
4. Monitoring and logging API performance
9.Future Extensions
1. Overview of building a React Native app to consume the API
2. Planning for future updates and feature enhancements
 INVENTORY MANAGEMNT
• User Management SYSTEM
• Login
• Suppliers Management API• Category
• Customer Management • Unit Mgt
• Shop Management • Brand
• Product Management • Sales
• Point of Sale • SaleItem
• Expenses Management • Forgot Password
• Employee Management • Verify-token
• Roles and Permissions • Change Password
• Reports • Stock Alerts
• Customer Credit Management • Stock Purchase
• Stock Adjustment
SHOP OWNER
 USER AND SHOP
MANAGEMENT

- Shape - Fields (Get these from a

form)
- Relationships (Dropdowns
/Selections in forms)
 USER AND A SHOP

One-to-Many Relationship
User as Admin:
A User can be an Admin of multiple Shops. This means that a single
user, when assigned the role of ADMIN, has the ability to manage
more than one shop.The relationship is represented by the admin field
in the Shop model. Each shop has an adminId which is a foreign key
linking it to a specific user (the admin).In Prisma, this is implemented
as a one-to-many relationship, where one user (admin) can be
associated with multiple shops.

User as Attendant:
A User can also be an Attendant in a shop. Attendants work in shops
created by the admin.This is represented by the attendants field in
the Shop model, where the shop can have multiple attendants.
USER
MODEL
SHOP MODEL
CUSTOMER
MODEL
SUPPLIER
MODEL
Authentication: Register
and Login
1. Register (Sign Up):
Definition: Registration is the process where a new user creates an account in a system by
providing their credentials and other required information. This process typically involves
collecting data like a username, email address, password, and possibly other details like
name or phone number.

Purpose:
•User Identity Creation: Registering creates a new, unique user identity in the system. The
system stores the user's credentials securely in a database.
•Credential Storage: The password is usually hashed (encrypted) before storage to ensure
security.
•Account Activation: Some systems may also require email verification or other steps to
activate the account.
Authentication: Register
and Login
2. Login (Sign In):
Definition: Login is the process where a registered user provides their credentials (e.g.,
username/email and password) to gain access to their account. This process involves
verifying the provided credentials against those stored in the system.

Purpose:
•Identity Verification: The login process ensures that the user is who they claim to be by
checking their credentials.
•Access Granting: Once verified, the user is granted access to the system and its protected
resources. This might involve generating a session or an authentication token (like a JWT)
that the user will use in subsequent requests.
AUTHENTICATION
(LOGIN )
For a Tech Person:
Authentication is the process of verifying the identity of a user or system.
It involves checking credentials such as a username and password,
biometric data, or tokens against a database to ensure that the entity
attempting to access a system or resource is indeed who they claim to
be.

For a Non-Tech Person:

Authentication is like showing your ID to get into a secured building. It's
the way a system checks that you are who you say you are before letting
you in.
AUTHORIZATIO
N
For a Tech Person:
Authorization is the process of determining what actions, resources, or
services a user or system is permitted to access after their identity has
been authenticated. It involves enforcing access controls based on roles,
permissions, or other policies.

For a Non-Tech Person:

Authorization is like having a key that only opens certain doors in a
building. Even after you've shown your ID, the system decides what
you're allowed to do or see based on the permissions you have.
AUTHENTICATION
FLOW
1. Crate Login Api and Implement JWT Authentication api = '/auth/login'
2. Get The User Data From Body .
3. destructure the information from user.
4. Check the (email/user) exist in database or not .
5. if there is not any user with the email we send user not found.
6. if the (user) exist in database we will check the password is valid or
not .
7. compare the password in database and the password in the request
body.
8. if not matched send response that wrong password.
9. if the email and password is valid create a token .
10. To create a token JsonWebToken (JWT) receive's 3 parameter
• Payload - This contains the claims or data you want to include
in the token.
• Secret Key - A secure key known only to the server used for
signing the token.
• expiration - Additional settings like token expiration or
algorithm selection.
WHAT IS JWT and ITS PURPOSE
JWT (JSON Web Token) is a compact, URL-safe token format that is used for
securely transmitting information between parties as a JSON object. It is composed
of three parts: a header, a payload, and a signature, which are encoded as Base64
strings and concatenated with periods.

•Header: Contains metadata about the token, such as the type (JWT) and the
hashing algorithm used (e.g., HS256).

•Payload: Contains the claims or data you want to transmit, such as user
information (e.g., user ID, roles) or other relevant information.

•Signature: A cryptographic signature generated using a secret key (and the

specified hashing algorithm), which ensures the token's integrity and authenticity.
WHAT IS JWT and ITS PURPOSE
What is its Purpose?
The primary purpose of JWT is to securely transfer information between two parties. It's commonly
used for:

1.Authentication: JWTs are often used as access tokens in authentication systems. Once a user logs in
and their identity is verified, the server generates a JWT and sends it back to the client. The client then
includes this token in subsequent requests to access protected resources, and the server verifies the
token to ensure the request is from an authenticated user.

2.Authorization: JWTs can also carry information about user permissions and roles. After
authentication, the JWT can be used to authorize access to specific resources or actions based on the
encoded data in the payload.

3.Stateless Sessions: JWT allows for stateless authentication, meaning the server does not need to
store session information. The information is encoded directly in the token and can be verified and
decoded by the server for each request. This makes JWT ideal for scalable, distributed systems.
Generate JWT
Return access token to the Logged in
User
Protect a route with JWT when a user tries
to access a route
Middleware to verify the token
UNIT MODEL
BRAND MODEL
CATEGORY MODEL
PRODUCT MODEL
OrderItem MODEL
Order MODEL
Sale MODEL
Sale MODEL
Forgot Password Routes
Forgot-Password Route:

1. Generate a secure token and store it in the

resetToken field.
2. Set the resetTokenExpiry to a future date, e.g.,
1 hour from the time of the request.
3. Send an email to the user with the reset token.

Verify-Token Route:

4. Check if the token exists and is valid.

5. Verify that the token has not expired by
comparing the current date with
resetTokenExpiry.

Change-Password Route:

6. Validate the token again.

7. Allow the user to change their password if the
token is valid and not expired.
8. Clear the resetToken and resetTokenExpiry fields
Sales Analytics

• Sales Period
• Sales Paid in Cash
• Sales Paid in Credit
• Sales in Mobile Money
• Sales by Hand Cash
Advise
• Tutorials
• Learn and Build Unique
• Weaknesses & Poor Routines
• Help More
• AI
• Share your work
Mobile App
Progress
Notifications
Adjustments
Adjustment Item
PurchaseOrder
Purchase Order
Item