Rentverse API

This is the backend for Rentverse, a property rental application. It provides a RESTful API for managing users, properties, and authentication.

Features

• User registration and authentication (login/logout) with role-based access control (Admin, Owner, Tenant).
• JWT-based authentication for secure endpoints.
• Full CRUD (Create, Read, Update, Delete) operations for properties.
• Image uploads for properties using multer and cloud storage with Cloudinary.
• Data validation for incoming requests using class-validator and class-transformer.
• Structured and consistent API responses.
• Centralized error handling middleware.
• Property availability check to prevent double-booking.

Technologies Used

• Backend: Node.js, Express.js, TypeScript
• Database: MongoDB (managed with Prisma ORM)
• Authentication: JWT (JSON Web Tokens) with jsonwebtoken
• Image Storage: Cloudinary
• ORM: Prisma
• Validation: class-validator, class-transformer
• Password Hashing: bcryptjs
• Middleware: cors, helmet, morgan
• File Uploads: multer

API Documentation

All endpoints are prefixed with /api.

---

Note: For all authenticated requests, you must include an Authorization header with the value Bearer <your_jwt_token>.

Auth

• POST /auth/register

  • Description: Register a new user.
  • Role: Public
  • Body:

    {
      "name": "John Doe",
      "email": "john.doe@example.com",
      "password": "password123",
      "role": "Tenant" 
    }

    Note: role can be Tenant or Owner.

• POST /auth/login

  • Description: Login a user to get a JWT token.
  • Role: Public
  • Body:

    {
      "email": "john.doe@example.com",
      "password": "password123"
    }

Profile

• GET /profile

  • Description: Get the profile of the currently logged-in user.
  • Role: Admin, Owner, Tenant

• PUT /profile

  • Description: Update the profile of the currently logged-in user.
  • Role: Admin, Owner, Tenant

Public (Guest)

• GET /api/properties

  • Description: Get all approved properties. Can be filtered by a search query parameter.
  • Role: Public

• GET /api/properties/:id

  • Description: Get a specific approved property by its ID.
  • Role: Public

Tenant

• GET /api/tenant/properties

  • Description: Get all available properties (status: Approved). Can be filtered by propertyType query parameter.
  • Role: Tenant

• GET /api/tenant/properties/:id

  • Description: Get a specific available property by its ID.
  • Role: Tenant

• POST /api/tenant/rent/:propertyId

  • Description: Create a new rent for a property. Checks availability to prevent overlapping rentals.
  • Role: Tenant
  • Body (JSON):

  {
    "startDate": "2025-10-01T00:00:00.000Z",
    "duration": 6,
    "eSignature": "optional string",
    "eMaterai": "optional string"
  }

  Notes:

  • duration is treated as months (end date = start date + duration months).
  • rentalAmount is calculated as property.price * duration.

• GET /api/tenant/rent/history

  • Description: Get the rent history for the logged-in tenant.
  • Role: Tenant

Owner

• POST /api/owner/property

  • Description: Create a new property listing.
  • Role: Owner
  • Upload (multipart/form-data):
  • images (up to 5 files, JPG/PNG/JPEG)
  • ownershipCertificate (1 PDF). The certificate is encrypted server-side and stored in Cloudinary.

• GET /api/owner/properties

  • Description: Get all properties owned by the logged-in user.
  • Role: Owner

• GET /api/owner/property/:id

  • Description: Get a specific property by its ID, owned by the logged-in user.
  • Role: Owner

• PUT /api/owner/property/:id

  • Description: Update an existing property owned by the logged-in user.
  • Role: Owner

• DELETE /api/owner/property/:id

  • Description: Delete a property owned by the logged-in user.
  • Role: Owner

• GET /api/owner/property/:id/certificate

  • Description: Downloads and decrypts the ownership certificate for a specific property.
  • Role: Owner

Admin

• GET /api/admin/users

  • Description: Get all users. Can be filtered by role query parameter.
  • Role: Admin

• GET /api/admin/users/:id

  • Description: Get a specific user by their ID.
  • Role: Admin

• GET /api/admin/property

  • Description: Get all properties from all users.
  • Role: Admin

• GET /api/admin/property/owner/:ownerId

  • Description: Get all properties for a specific owner.
  • Role: Admin

• GET /api/admin/property/:id

  • Description: Get a specific property by its ID.
  • Role: Admin

• PUT /api/admin/property/:id

  • Description: Update the status of a property (e.g., Pending, Approved, Rejected).
  • Role: Admin

Environment Variables

Create a .env file with the following variables:

DATABASE_URL="mongodb+srv://<user>:<pass>@<cluster>/<db>?retryWrites=true&w=majority"

# JWT
# JWT_SECRET="your_jwt_secret"            # If your auth module uses it

# Cloudinary
CLOUDINARY_CLOUD_NAME="your_cloud_name"
CLOUDINARY_API_KEY="your_api_key"
CLOUDINARY_API_SECRET="your_api_secret"

# File encryption (must be exactly 32 characters)
FILE_ENCRYPTION_KEY="32-characters-long-secret-key!!!"

# Price prediction service (Owner feature)
PREDICT_API_URL="https://your-flask-service/predict"

Notes:

• FILE_ENCRYPTION_KEY must be exactly 32 characters (AES-256-CBC).
• Ownership certificate files are encrypted and stored as raw files in Cloudinary.
• Tenant rent duration is treated as months in the current implementation.