| FR001 |
Workout CRUD |
As a user, I want to create, read, update, and delete my workouts so I can manage my fitness activities. |
Implement RESTful CRUD operations using Express.js for workout logs. Store data in MongoDB with Mongoose models. |
Users can add, view, update, and delete workouts. Server returns correct status codes. Invalid/missing fields throw validation errors. |
High |
Use Joi or express-validator. Add timestamps. Future: soft delete? |
| FR002 |
Filtering Workouts |
As a user, I want to filter workouts by type, date, or duration so I can find what I need faster. |
Add optional query params to GET /api/workouts endpoint (e.g., ?type=cardio&minDuration=20). |
Results reflect filter criteria. Empty results return 200 with empty array. Invalid filters return 400. |
Medium |
Future optimization: add MongoDB indexes on filter fields. |
| FR003 |
Progress Tracking |
As a user, I want to view my workout history so I can track my fitness progress. |
Create a timeline-style view or calendar that displays all past workouts with relevant data. |
Historical data shows correctly. Users can click to expand details. Sorted by date descending. Edge case: no data fallback message. |
High |
Use Chart.js or similar for visual charts later. |
| FR004 |
RESTful API |
As a developer, I want a clean API so I can build frontend/mobile integrations easily. |
Build clear, REST-compliant endpoints (/api/workouts, /api/workouts/:id) with full documentation. |
API conforms to REST standards. Returns JSON responses. Status codes used correctly. Documented in README or Swagger. |
High |
Include Postman collection or Swagger for demo clarity. |
| FR005 |
Authentication |
As a user, I want my data to be private, accessible only after I log in. |
Add JWT-based user authentication with secure password hashing (bcrypt). Optional: add Google OAuth. |
Users must be authenticated to manage workouts. Unauthorized access returns 401. Token expiration handled properly. |
High |
Keep scalable: use middleware to protect routes. Add refresh tokens later. |
| FR006 |
User Registration |
As a new user, I want to sign up so I can start tracking workouts. |
Add signup form with basic validation. Save user credentials securely. |
Valid signup creates new user entry. Duplicate email returns error. Passwords hashed before DB insert. |
High |
Don’t store plaintext passwords. Sanitize inputs. |
| FR007 |
Error Handling |
As a user, I want clear error messages so I know what went wrong. |
Centralized error handling middleware for API responses. Include meaningful messages and status codes. |
All failed requests return clear JSON error object. No raw stack traces exposed. 404 for invalid IDs. 400 for bad input. |
High |
Don't skip this. It’s your debugging and UX lifeline. |
| FR008 |
Environment Config |
As a developer, I want to manage secrets and environment variables safely. |
Use dotenv for local dev configs. Sensitive info (DB URI, JWT secret) in .env only. |
App loads config from .env. Secrets are not committed to GitHub. Errors if env vars missing on startup. |
Medium |
Add .env.example for clarity. Include startup script checks. |
| FR009 |
Basic UI (optional MVP) |
As a user, I want a simple UI to log my workouts without Postman. |
Add minimal frontend using EJS or static HTML forms to test API without tools. |
Users can add/view/edit/delete workouts using a browser. No advanced UI – raw but functional. |
Low |
Skip if pure API MVP. Add later for demo purposes. |