A secure RESTful API backend for logging workouts, tracking custom exercises, and compiling progress analytics. Built with Node.js, Express, and MongoDB.
- Node.js v18+
- MongoDB running locally
git clone https://github.com/git-o3/workout-tracker-api.git
cd workout-tracker-api
npm installCreate a .env file in the root directory:
PORT=3000
NODE_ENV=development
MONGODB_URI=mongodb://127.0.0.1:27017/workout-tracker
JWT_SECRET=your_jwt_secret_herenode seeds/exerciseSeed.jsSeeds the database with global exercises across strength, cardio, and flexibility categories.
npm startServer runs at http://localhost:3000
Interactive Swagger UI available at:
http://localhost:3000/api/v1/docs
All protected routes require a Bearer token in the Authorization header:
Authorization: Bearer <token>
Tokens are returned on login/register and expire in 7 days.
Base URL: /api/v1
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| GET | /health |
None | Check if server is running |
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| POST | /auth/register |
None | Register a new user |
| POST | /auth/login |
None | Login and get token |
POST /api/v1/auth/register
Content-Type: application/json
{
"name": "Chief",
"email": "chief@example.com",
"password": "SuperSecurePassword123"
}POST /api/v1/auth/login
Content-Type: application/json
{
"email": "chief@example.com",
"password": "SuperSecurePassword123"
}| Method | Endpoint | Auth | Description |
|---|---|---|---|
| GET | /exercises |
Required | Get all global + your custom exercises |
| POST | /exercises |
Required | Create a custom exercise |
| PUT | /exercises/:id |
Required | Update your custom exercise |
| DELETE | /exercises/:id |
Required | Delete your custom exercise |
GET /api/v1/exercises
Authorization: Bearer <token>Returns all global exercises combined with the authenticated user's custom exercises.
POST /api/v1/exercises
Authorization: Bearer <token>
Content-Type: application/json
{
"name": "Incline Dumbbell Fly",
"description": "Targeting upper chest isolation",
"category": "strength",
"muscleGroup": "chest"
}Categories:
strength,cardio,flexibility
PUT /api/v1/exercises/:id
Authorization: Bearer <token>
Content-Type: application/json
{
"name": "Incline Dumbbell Fly Updated",
"description": "Updated description"
}Only the owner of the exercise can update it. Global seeded exercises cannot be modified.
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| GET | /workouts |
Required | Get all active workout plans |
| POST | /workouts |
Required | Create a new workout plan |
| PUT | /workouts/:id |
Required | Update a workout plan |
| DELETE | /workouts/:id |
Required | Delete a workout plan |
| GET | /workouts/reports |
Required | Get progress analytics report |
POST /api/v1/workouts
Authorization: Bearer <token>
Content-Type: application/json
{
"name": "Leg Day",
"scheduledAt": "2026-05-22T08:00:00.000Z",
"comments": "Focus on form",
"exercises": [
{
"exerciseId": "<exercise_id>",
"sets": 4,
"reps": 8,
"weight": 135,
"weightUnit": "lbs"
}
]
}Weight units:
lbsorkg. Status defaults toIn Progress.
GET /api/v1/workouts/reports
Authorization: Bearer <token>Returns analytics summary and full history of completed workouts:
{
"summary": {
"totalCompletedWorkouts": 5,
"totalExercisesLogged": 18
},
"history": [...]
}workout-tracker-api/
├── src/
│ ├── config/
│ │ ├── db.js # MongoDB connection
│ │ └── swagger.js # Swagger config
│ ├── controllers/ # Route handlers
│ ├── middleware/
│ │ ├── asyncHandler.js # Async error wrapper
│ │ ├── authMiddleware.js # JWT protect middleware
│ │ ├── errorHandler.js # Global error handler
│ │ ├── morganMiddleware.js # HTTP request logger
│ │ └── rateLimiter.js # Rate limiting
│ ├── models/ # Mongoose schemas
│ ├── routes/ # Express routers
│ ├── services/ # Business logic
│ ├── utils/
│ │ └── logger.js # Winston logger
│ └── app.js # Express app setup
├── seeds/
│ └── exerciseSeed.js # Global exercise seeder
├── docs/
│ └── swagger.yaml # API documentation
└── server.js # Entry point
- JWT Authentication — secure token-based auth with 7-day expiry
- Custom Exercises — users create and manage their own exercises alongside global ones
- Workout Planning — schedule workouts with exercises, sets, reps, and weight tracking
- Progress Analytics — reports summarizing completed workouts and exercises logged
- Ownership Checks — users can only modify their own data
- Swagger UI — interactive API documentation at
/api/v1/docs - Rate Limiting — protects all routes from abuse
- Global Error Handling — structured error responses with logging
- HTTP Request Logging — Morgan middleware for request tracking
- Runtime: Node.js (ESM)
- Framework: Express
- Database: MongoDB + Mongoose
- Auth: JSON Web Tokens (jsonwebtoken)
- Password Hashing: bcryptjs
- Documentation: Swagger UI + swagger-jsdoc
- Logging: Winston + Morgan
- Rate Limiting: express-rate-limit
- Dev Tools: Nodemon, dotenv
Project URL: https://roadmap.sh/projects/fitness-workout-tracker