A production-ready full-stack application featuring a Node.js/Express REST API with JWT authentication, role-based access control, and a modern React frontend.
-
β Authentication & Authorization
- JWT-based authentication with access and refresh tokens
- Password hashing using bcrypt
- Role-based access control (User & Admin)
- Protected routes with middleware
-
β Task Management CRUD
- Create, Read, Update, Delete operations
- Task filtering by status and priority
- Pagination support
- Task statistics and analytics
-
β Security & Best Practices
- Input validation and sanitization
- Rate limiting
- Helmet.js for security headers
- CORS configuration
- Error handling middleware
- Request logging with Winston
-
β API Features
- RESTful API design
- API versioning (v1)
- Swagger/OpenAPI documentation
- Comprehensive error responses
- MongoDB with Mongoose ODM
-
β Modern React UI
- Built with React 18 and Vite
- Responsive design with Tailwind CSS
- Beautiful UI with Lucide icons
- Toast notifications
-
β Authentication Flow
- User registration and login
- Protected routes
- JWT token management
- Auto-redirect on token expiration
-
β Task Management Interface
- Dashboard with task statistics
- Create, edit, and delete tasks
- Filter by status and priority
- Search functionality
- Real-time updates
- Node.js (v16 or higher)
- MongoDB (v5 or higher)
- npm or yarn
git clone <repository-url>
cd backendtaskcd backend
npm install
# Create .env file
cp .env.example .env
# Update .env with your configuration
# Make sure MongoDB is runningcd frontend
npm installTerminal 1 - Backend:
cd backend
npm run devTerminal 2 - Frontend:
cd frontend
npm run devThe backend will run on http://localhost:5000 and frontend on http://localhost:3000.
# Build and start all services
docker-compose up -d
# View logs
docker-compose logs -f
# Stop services
docker-compose downThis will start:
- MongoDB on port 27017
- Backend API on port 5000
- Frontend on port 3000
Once the backend is running, access the interactive API documentation at:
- Swagger UI: http://localhost:5000/api-docs
POST /api/v1/auth/register- Register new userPOST /api/v1/auth/login- Login userGET /api/v1/auth/me- Get current user profilePUT /api/v1/auth/profile- Update user profilePUT /api/v1/auth/change-password- Change password
GET /api/v1/tasks- Get all tasks (with filters)GET /api/v1/tasks/:id- Get single taskPOST /api/v1/tasks- Create new taskPUT /api/v1/tasks/:id- Update taskDELETE /api/v1/tasks/:id- Delete taskGET /api/v1/tasks/stats- Get task statistics
PORT=5000
NODE_ENV=development
MONGODB_URI=mongodb://localhost:27017/scalable_api
JWT_SECRET=secret456
JWT_EXPIRE=7d
JWT_REFRESH_SECRET=your_refresh_token_secret_change_this
JWT_REFRESH_EXPIRE=30d
CORS_ORIGIN=http://localhost:3000
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100- Navigate to http://localhost:3000
- Register a new account or use demo credentials
- Login and access the dashboard
- Create, edit, and manage tasks
- Navigate to http://localhost:5000/api-docs
- Click "Authorize" and enter your JWT token
- Test all endpoints interactively
POST http://localhost:5000/api/v1/auth/register
Content-Type: application/json
{
"name": "John Doe",
"email": "john@example.com",
"password": "password123",
"role": "user"
}POST http://localhost:5000/api/v1/auth/login
Content-Type: application/json
{
"email": "john@example.com",
"password": "password123"
}POST http://localhost:5000/api/v1/tasks
Authorization: Bearer <your-jwt-token>
Content-Type: application/json
{
"title": "Complete project documentation",
"description": "Write comprehensive README and API docs",
"status": "pending",
"priority": "high",
"dueDate": "2025-10-15"
}backendtask/
βββ backend/
β βββ src/
β β βββ config/ # Configuration files
β β βββ controllers/ # Request handlers
β β βββ middleware/ # Custom middleware
β β βββ models/ # Database models
β β βββ routes/ # API routes
β β βββ utils/ # Utility functions
β β βββ app.js # Express app setup
β β βββ server.js # Server entry point
β βββ logs/ # Application logs
β βββ .env.example # Environment variables template
β βββ package.json
β βββ Dockerfile
βββ frontend/
β βββ src/
β β βββ components/ # React components
β β βββ context/ # Context providers
β β βββ pages/ # Page components
β β βββ utils/ # Utility functions
β β βββ App.jsx # Main app component
β β βββ main.jsx # Entry point
β βββ public/
β βββ package.json
β βββ vite.config.js
β βββ tailwind.config.js
β βββ Dockerfile
βββ docker-compose.yml
βββ README.md
- Password Hashing: bcrypt with salt rounds
- JWT Authentication: Secure token-based auth
- Rate Limiting: Prevent brute force attacks
- Input Validation: express-validator for request validation
- Helmet.js: Security headers
- CORS: Configured for specific origins
- Error Handling: Comprehensive error middleware
- MongoDB Injection Prevention: Mongoose sanitization
- Responsive Design: Mobile-first approach
- Modern UI: Tailwind CSS with custom components
- State Management: React Context API
- Protected Routes: Authentication-based routing
- Toast Notifications: User feedback for actions
- Loading States: Better UX with loading indicators
- Error Handling: Graceful error messages
- Set environment variables
- Ensure MongoDB connection string is correct
- Deploy using platform-specific commands
- Build the project:
npm run build - Deploy the
distfolder - Configure environment variables
docker-compose up -d --build{
"success": true,
"message": "Operation successful",
"data": {
// Response data
}
}{
"success": false,
"error": "Error message"
}- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Open a Pull Request
This project is licensed under the MIT License.
Built with β€οΈ as a demonstration of scalable REST API architecture.
- Express.js for the robust backend framework
- React for the powerful frontend library
- MongoDB for the flexible database
- Tailwind CSS for the beautiful styling
Note: Remember to change all default secrets and passwords in production!