AutoExperts Server Backend is a Node.js, Express, and MongoDB backend API for the AutoExperts platform. It powers admin authentication, member registration, vehicle inspection bookings, used-car listings, auction cars, bidding, email verification, Stripe payments, subscriptions, file uploads, real-time auction updates, and scheduled background jobs.
- Admin registration and login
- JWT-based protected admin routes
- Member registration and login
- Member profile API
- Vehicle inspection booking system
- OTP verification for bookings
- Booking confirmation emails
- Used-car product management
- Auction-car management
- Image and PDF uploads
- Cloudinary file storage
- Product filtering
- Auction filtering
- Real-time auction bid updates with Socket.IO
- Bid placement and highest-bid tracking
- Highest bidder details
- Email verification using Hunter API
- Stripe payment checkout
- Stripe subscription checkout
- Subscription status updates
- Subscription cancellation and reactivation
- Scheduled cron jobs for auction cleanup and expired owner cleanup
- Docker and Docker Compose support
- Node.js
- Express.js
- MongoDB
- Mongoose
- Socket.IO
- JWT
- bcryptjs
- Multer
- Cloudinary
- Stripe
- Twilio
- Nodemailer
- Hunter Email Verifier API
- node-cron
- Moment Timezone
- Docker
AutoExperts-Server-BACKEND-/
├── Controller/
│ ├── AdminController.js
│ ├── AuctionController.js
│ ├── BidController.js
│ ├── BookingController.js
│ ├── EmailController.js
│ ├── MemberController.js
│ └── ProductController.js
├── Middlewear/
│ └── AuthenticateToken.js
├── Routes/
│ ├── AdminRoutes.js
│ ├── AuctionRoutes.js
│ ├── BidRoutes.js
│ ├── BookingRoutes.js
│ ├── EmailRoutes.js
│ ├── MemberRoutes.js
│ ├── PaymentRoutes.js
│ ├── ProductRoutes.js
│ └── SubscriptionRoutes.js
├── Services/
│ └── OtpService.js
├── models/
│ ├── Admin.js
│ ├── Bid.js
│ ├── Booking.js
│ ├── Car.js
│ ├── Member.js
│ ├── Product.js
│ └── Subscription.js
├── stripe/
├── uploads/
├── utils/
│ └── cron.js
├── .dockerignore
├── .env
├── Dockerfile
├── docker-compose.yml
├── index.js
├── package.json
└── package-lock.json
Before running the project, make sure you have:
- Node.js installed
- npm installed
- MongoDB database connection
- Cloudinary account for image and PDF uploads
- Stripe account for payments and subscriptions
- Twilio account for OTP messages
- Gmail or SMTP account for sending emails
- Hunter API key for email verification
- Docker installed if you want to run the app with Docker
Clone the repository:
git clone https://github.com/SalAkBuK/AutoExperts-Server-BACKEND-.git
cd AutoExperts-Server-BACKEND-Install dependencies:
npm installIf dependency installation fails, try:
npm install --legacy-peer-depsCreate a .env file in the root directory.
Example:
PORT=5000
MONGO_URI=your_mongodb_connection_string
SECRET_KEY=your_jwt_secret
CLIENT_URL=http://localhost:5173
CLOUDINARY_CLOUD_NAME=your_cloudinary_cloud_name
CLOUDINARY_API_KEY=your_cloudinary_api_key
CLOUDINARY_API_SECRET=your_cloudinary_api_secret
EMAIL_USER=your_email_address
EMAIL_PASS=your_email_app_password
HUNTER_API_KEY=your_hunter_api_key
TWILIO_ACCOUNT_SID=your_twilio_account_sid
TWILIO_AUTH_TOKEN=your_twilio_auth_token
TWILIO_PHONE_NUMBER=your_twilio_phone_number
STRIPE_SECRET_KEY=your_stripe_secret_key
STRIPE_WEBHOOK_SECRET=your_stripe_webhook_secretStart the backend server:
npm startThe server runs on:
http://localhost:5000
You can also run the server directly with Node:
node index.jsnpm startStarts the server using Nodemon.
npm testThe current test script is a placeholder and does not run an actual test suite.
| Base Route | Description |
|---|---|
/admin |
Admin registration, login, dashboard, and revenue APIs |
/api/bookings |
Booking OTP, booking form submission, and booking list APIs |
/api/products |
Used-car product listing, upload, update, delete, and filtering APIs |
/api/auth |
Member registration, login, member list, and profile APIs |
/api/cars |
Auction car listing, upload, update, details, highest bidder, and filtering APIs |
/api/bids |
Bid placement and bidder details APIs |
/api/email |
Email verification APIs |
/api/payments |
Stripe one-time payment checkout and webhook APIs |
/api/subscription |
Stripe subscription, cancellation, reactivation, and webhook APIs |
/api/items/:id |
Generic delete route for cars, members, and bookings |
| Method | Endpoint | Description |
|---|---|---|
POST |
/admin/register |
Register an admin |
POST |
/admin/login |
Login admin and return token |
GET |
/admin/dashboard |
Get logged-in admin details |
GET |
/admin/total-revenue |
Get total active subscription revenue |
Protected admin routes require a bearer token:
Authorization: Bearer your_token_here| Method | Endpoint | Description |
|---|---|---|
POST |
/api/bookings/send-otp |
Send OTP to contact number |
POST |
/api/bookings/verify-otp |
Verify OTP |
POST |
/api/bookings/submit-form |
Submit inspection booking form |
GET |
/api/bookings |
Get all bookings |
GET |
/api/bookings/booked-slots |
Get unavailable booking times for a date |
Example booked slots request:
GET /api/bookings/booked-slots?date=2026-05-14Used-car product routes.
| Method | Endpoint | Description |
|---|---|---|
POST |
/api/products |
Add a used car |
GET |
/api/products |
Get all used cars |
GET |
/api/products/filter-products |
Filter used cars |
GET |
/api/products/:id |
Get used car by ID |
PUT |
/api/products/:id |
Update used car |
DELETE |
/api/products/:id |
Delete used car |
Product upload supports:
- Multiple images
- One PDF inspection report
Expected upload field names:
images
pdf
Auction-car routes.
| Method | Endpoint | Description |
|---|---|---|
POST |
/api/cars |
Add auction car |
GET |
/api/cars |
Get all auction cars |
GET |
/api/cars/filter-cars |
Filter auction cars |
GET |
/api/cars/:id |
Get auction car details |
PUT |
/api/cars/car/:id |
Update auction car |
GET |
/api/cars/highest-bidders |
Get highest bidder details |
Auction car upload supports:
- Multiple images
- One PDF inspection report
Expected upload field names:
images
pdf
| Method | Endpoint | Description |
|---|---|---|
POST |
/api/bids |
Place a bid |
GET |
/api/bids/bidder/:bidderId |
Get bidder details |
Example bid request:
{
"carId": "car_id_here",
"bidderId": "member_id_here",
"bidAmount": 25000
}When a bid is placed successfully, the backend emits a Socket.IO event so connected clients can receive real-time auction updates.
| Method | Endpoint | Description |
|---|---|---|
POST |
/api/auth/register |
Register a member |
POST |
/api/auth/login |
Login a member |
GET |
/api/auth/members |
Get all members |
GET |
/api/auth/profile/:id |
Get member profile |
Member registration includes subscription checkout support through Stripe.
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/email/verify |
Verify an email address |
Example:
GET /api/email/verify?email=user@example.com| Method | Endpoint | Description |
|---|---|---|
POST |
/api/payments/create-checkout-session |
Create Stripe payment checkout session |
POST |
/api/payments/webhook |
Stripe payment webhook |
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/subscription |
Get Stripe products |
POST |
/api/subscription/create-checkout-session |
Create subscription checkout session |
POST |
/api/subscription/stripe-webhook |
Stripe subscription webhook |
POST |
/api/subscription/updateMemberStatus |
Update member subscription status |
POST |
/api/subscription/cancelSubscription |
Cancel subscription at period end |
POST |
/api/subscription/reactivateSubscription |
Reactivate cancelled subscription |
The server uses Socket.IO for real-time auction updates.
When a bid is placed successfully, the backend emits:
updateCar
Frontend clients can listen for this event to update auction car data in real time.
The backend uses Mongoose models for:
- Admin
- Member
- Booking
- Product
- Car
- Bid
- Subscription
The backend uses Multer for temporary local uploads and Cloudinary for final file storage.
Upload folders:
uploads/
Supported uploaded content includes:
- Car images
- Auction car images
- Inspection report PDFs
The backend includes scheduled background jobs for:
- Removing expired owner accounts
- Marking ended auctions as finished
- Sending auction-end notifications
- Cleaning invalid auction cars missing owner email data
Build and run with Docker Compose:
docker compose up --buildThe app will be exposed on:
http://localhost:5000
Stop containers:
docker compose downFor production deployment:
- Set all environment variables on the server.
- Make sure MongoDB is reachable from the server.
- Configure Cloudinary credentials.
- Configure Stripe keys and webhook secret.
- Configure email credentials.
- Configure Twilio credentials.
- Set the correct frontend
CLIENT_URL. - Run the server with a process manager such as PM2, Docker, or your hosting platform.
Example production start with Node:
node index.jsExample production start with PM2:
pm2 start index.js --name autoexperts-backendThis project may include example configuration values during development. Before deploying or making the repository public:
- Do not commit real
.envfiles. - Keep API keys, database URLs, and service credentials outside the repository.
- Use environment variables for secrets.
- Rotate any credentials that were ever used in a public commit.
- Review CORS, authentication, file uploads, and payment webhook settings before production use.
- This is the backend API for the AutoExperts platform.
- Frontend apps must run separately.
- Admin dashboard and frontend clients communicate with this server through REST APIs and Socket.IO.
- MongoDB is required for storing users, bookings, products, auction cars, bids, and subscriptions.
- Cloudinary is required for image and PDF storage.
- Stripe is required for payment and subscription features.
- Twilio is required for OTP messages.
- Nodemailer is used for email notifications.
- The current codebase contains several hard-coded service values, so review configuration before deployment.
This project is licensed under the ISC License.