This project is a small application that allows users to authenticate and make requests to the OpenAI API using NestJS. The application includes user management, OpenAI integration, and security measures to protect user data.
- Registration Endpoint: Allows users to register by providing necessary details (e.g., email, password).
- Authentication Endpoint: Allows users to log in and receive a JWT token for session management.
- Question Endpoint: Allows authenticated users to send questions to the OpenAI API and receive responses via Server-Sent Events (SSE). Each question and its corresponding response are stored in the database.
- Error Handling: Properly handles errors from the OpenAI API.
- Data Protection: Ensures sensitive user data is stored securely.
- Authentication & Authorization: Protects endpoints using JWT tokens and ensures proper access control.
- Node.js
- yarn
- Docker (optional, for containerized environments)
git clone https://github.com/linc-inc/mini-chat.git
cd mini-chat
yarn install
Create a .env
file in the root directory and add the necessary environment variables:
JWT_SECRET=your_jwt_secret
OPENAI_API_KEY=your_openai_api_key
This project uses SQLite for the database.
yarn run start:dev
To view and manage your SQLite database, you can use TablePlus or any other SQLite database viewer.
- POST /auth/register: Register a new user.
- Request Body:
{ "email": "[email protected]", "password": "password123" }
- Request Body:
- POST /auth/login: Authenticate a user.
- Request Body:
{ "email": "[email protected]", "password": "password123" }
- Response:
{ "access_token": "jwt_token" }
- Request Body:
-
POST /openai/question: Send a question to OpenAI and receive the response via Server-Sent Events (SSE).
- Headers:
{ "Authorization": "Bearer jwt_token" }
- Request Body:
{ "question": "What is NestJS?" }
- Response: If streaming is chosen, the response will be handled via Server-Sent Events (SSE). Otherwise, the response of this endpoint will be the AI's response directly.
- The question and its corresponding response will be stored in the database.
- Headers:
-
(Optional) GET /openai/stream: Stream responses to the client's questions in real time via Server-Sent Events (SSE).
- Headers: { "Authorization": "Bearer jwt_token" }
- Response: The response from the AI will be streamed back to the client
- Password Hashing: Ensure passwords are hashed before storing in the database.
- JWT Expiry: Implement expiration for JWT tokens to enhance security.
- Approach: Be ready to discuss how you approached the project.
- Tradeoffs: Discuss any tradeoffs made due to time constraints.
- Next Steps: Be prepared to outline next steps for improving scalability and security.