[FEAT]: Implement API Endpoint for Adding Blog Categories

[Charlesmbuu]

Description

Develop backend logic to securely handle adding blog categories by superadmins. The API should allow superadmins to create new categories for organizing blog posts.

Acceptance Criteria

Blog Category Creation

• Implement server-side logic to add new blog categories.
• Restrict category creation capabilities to users with a super admin role.
• Authentication via token is required to access the category creation functionality.

Validation and Sanitization

• Validate and sanitize incoming category data to prevent injection attacks and ensure data integrity.

Data Storage

• Securely store new blog category details in the database, adhering to best practices for data security.

Response Handling

• Return appropriate success or error messages based on the outcome of the category creation process.
• Ensure error messages do not expose sensitive information and are handled gracefully.

Purpose

Enhance backend functionality for adding blog categories securely, enabling superadmins to organize blog posts effectively with strict access control enforced via token authentication.

Requirements

• [ ] Develop secure server-side endpoints (/api/v1/blog-categories) to handle the creation of blog categories, requiring token authentication.
• [ ] Implement validation and sanitization of incoming data to prevent security vulnerabilities.
• [ ] Ensure new blog category details are securely stored in the database with role-based access control and token verification.
• [ ] Handle and return appropriate responses for successful and failed category creation requests, enforcing token-based authentication and role restrictions.

Expected Outcome

The backend should securely manage the creation of blog categories, providing reliable functionality for superadmins to organize blog posts effectively with strict access control enforced via token authentication throughout the process.

Endpoint

Create Blog Category

Description: Handles requests to create new blog categories.
Endpoint: POST /api/v1/blog-categories

Request Body:

    {
      "name": "string"
    }

Success Response: Status Code: 201 Created Response Body:

    {
      "status": "success",
      "message": "Blog category created successfully.",
      "data": {
        "name": "Category Name"
      },
      "status_code": 201
    }

Error Responses:

Status Code: 400 Bad Request Response Body:

    {
      "status": "error",
      "message": "Invalid request data. Please provide a valid category name.",
      "status_code": 400
    }

Status Code: 401 Unauthorized (Token Issues) Response Body:

{
  "status": "error",
  "message": "Unauthorized. Token is missing or invalid.",
  "status_code": 401
}

Status Code: 403 Forbidden (Role Issues) Response Body:

{
  "status": "error",
  "message": "Forbidden. You do not have permission to create blog categories.",
  "status_code": 403
}

Status Code: 500 Internal Server Error Response Body:

    {
      "status": "error",
      "message": "Internal Server Error. Please try again later.",
      "status_code": 500
    }

Database Schema:

Table Name: blog_categories

Column Name	Data Type	Description
id	Integer	Primary key, auto-generated ID for the category.
name	String	Name of the blog category.
createdAt	Timestamp	Timestamp when the category was created.
updatedAt	Timestamp	Timestamp when the category was last updated.

Tasks

• [ ] Implement a secure POST endpoint (/api/blog-categories) to handle requests for creating blog categories, requiring token authentication.
• [ ] Validate and sanitize incoming data (category name) to prevent security vulnerabilities. ]Securely store new blog category details in the database with role-based access control and token verification.
• [ ] Handle and return appropriate success or error messages for category creation operations, ensuring token-based authentication and role restrictions are enforced.

Testing

• Write unit tests to validate the functionality of the secure blog category creation endpoint, including successful creations and error handling for failed creations.
• Test token authentication and role-based access control mechanisms to ensure only superadmins with valid tokens can perform category creation operations.
• Perform integration testing to validate end-to-end functionality of the secure blog category creation process, focusing on data validation, storage, and authentication.

Dependencies and Impact

Dependencies:

• Login Functionality: Ensure the login functionality is completed before this endpoint. The token generation and authentication must be in place.

• Token Verification: Verify that the token verification logic is implemented. This ensures that the token is validated before granting access to the endpoint.

• Role-Based Authorization: Ensure that role-based authorization is implemented and tested. The superadmin role must be defined and checked against incoming requests.

Impact Analysis:

• On Login and Token Verification: This endpoint relies on the login and token verification mechanisms to ensure only authenticated and authorized users (superadmins) can create blog categories.
• On Role-Based Access Control: Changes or additions to role-based access control might affect other endpoints or features. Ensure that any modifications to roles or permissions are well-tested to avoid unintended side effects.
• On Blog Categories Management: Introducing this endpoint affects how blog categories are managed. Ensure that existing features that interact with blog categories are compatible with this new functionality.

  API Documentation and Technical Notes

  API Documentation:

• Endpoint: POST /api/v1/blog-categories
• Description: Creates new blog categories. Accessible only to superadmins with a valid token.
• Request Body:

  {
  "name": "string"
  }

• Success Response:

  {
  "status": "success",
  "message": "Blog category created successfully.",
  "data": {
    "name": "Category Name"
  },
  "status_code": 201
  }

• Error Responses:
  • 400 Bad Request:

    {
    "status": "error",
    "message": "Invalid request data. Please provide a valid category name.",
    "status_code": 400
    }

  • 401 Unauthorized:

    {
    "status": "error",
    "message": "Unauthorized. Token is missing or invalid.",
    "status_code": 401
    }

  • 403 Forbidden:

    {
    "status": "error",
    "message": "Forbidden. You do not have permission to create blog categories.",
    "status_code": 403
    }

  • 500 Internal Server Error:

    {
    "status": "error",
    "message": "Internal Server Error. Please try again later.",
    "status_code": 500
    }

    Technical Notes:

• Data Sanitization: Implement sanitization to prevent injection attacks.
• Role-Based Access Control: Ensure that role verification for superadmins is implemented securely.
• Rate Limiting: Consider implementing rate limiting to prevent abuse of the endpoint.

[Charlesmbuu]

This issue is linked to an already approved issue