A production-ready full-stack web application demonstrating modern web development practices.
- Frontend: https://task-app-io.vercel.app/
- Backend API: https://task-app-io.onrender.com/
- GitHub Repository: https://github.com/Mahendrakumar19/task-app.io
Note: Backend is hosted on Render's free tier and may take 30-60 seconds to wake up on first request.
Hi! I'm Mahendra Kumar, and this is my submission for the Frontend Developer Intern position. I've built this project from scratch to showcase my understanding of modern web development, focusing on creating a scalable, secure, and user-friendly application.
The challenge was to build a complete authentication system with a functional dashboard in 3 days. I went beyond the basic requirements to demonstrate best practices I've learned and would apply in a real-world scenario.
- Next.js 14 with App Router
- TailwindCSS for responsive design
- Protected Routes with JWT authentication
- Form Validation (client + server side)
- Dashboard with CRUD operations
- Search & Filter functionality
- Express.js REST API
- MongoDB database with Mongoose
- JWT Authentication with refresh tokens
- Password Hashing with bcrypt
- Input Validation with express-validator
- Error Handling middleware
- β Password hashing with bcrypt
- β JWT token-based authentication
- β HTTP-only cookies for refresh tokens
- β Input validation and sanitization
- β Protected API routes
- β CORS configuration
During development, I made several conscious decisions:
-
Next.js over plain React: I chose Next.js because it provides better performance out of the box with server-side rendering and automatic code splitting. This matters when scaling to thousands of users.
-
MongoDB over SQL: For a task management app, the schema might evolve. MongoDB's flexibility made sense here, though I'd use PostgreSQL for more relational data.
-
Refresh Token Pattern: Instead of just access tokens, I implemented refresh tokens. This is more secure and provides better UX - users stay logged in longer without compromising security.
-
Real-time Statistics: The dashboard shows live stats because I wanted to make data actionable at a glance, not just display lists.
assessment/
βββ frontend/ # Next.js application
β βββ src/
β β βββ app/ # App router pages
β β βββ components/
β β βββ lib/ # Utilities
β β βββ context/ # React context
β βββ public/
βββ backend/ # Express.js API
β βββ src/
β β βββ models/ # Mongoose models
β β βββ routes/ # API routes
β β βββ middleware/ # Auth & validation
β β βββ controllers/
β β βββ config/ # Configuration
β βββ server.js
βββ docs/ # Documentation & Postman
- Next.js 14
- React 18
- TailwindCSS
- Axios
- React Hook Form
- Zod (validation)
- Node.js
- Express.js
- MongoDB + Mongoose
- JWT (jsonwebtoken)
- bcrypt
- express-validator
- Node.js (v18 or higher)
- MongoDB (local or Atlas)
- npm or yarn
git clone <repository-url>
cd assessmentcd backend
npm install
# Create .env file
cp .env.example .env
# Edit .env with your MongoDB URI and secrets
# Start backend
npm run devBackend runs on: http://localhost:5000
cd frontend
npm install
# Create .env.local file
cp .env.example .env.local
# Start frontend
npm run devFrontend runs on: http://localhost:3000
POST /api/auth/register- Register new userPOST /api/auth/login- Login userPOST /api/auth/logout- Logout userPOST /api/auth/refresh- Refresh access tokenGET /api/auth/profile- Get user profile
GET /api/tasks- Get all tasks (with search/filter)POST /api/tasks- Create new taskGET /api/tasks/:id- Get task by IDPUT /api/tasks/:id- Update taskDELETE /api/tasks/:id- Delete task
PORT=5000
MONGODB_URI=mongodb://localhost:27017/taskapp
JWT_SECRET=your_jwt_secret_key
JWT_REFRESH_SECRET=your_refresh_secret_key
JWT_EXPIRE=15m
JWT_REFRESH_EXPIRE=7d
NODE_ENV=development
FRONTEND_URL=http://localhost:3000NEXT_PUBLIC_API_URL=http://localhost:5000- Register with email, username, password
- Login with email/username
- JWT tokens with refresh mechanism
- Protected routes
- View user profile
- CRUD operations on tasks
- Search tasks by title/description
- Filter by status (pending, in-progress, completed)
- Responsive design for all devices
- Create tasks with title, description, status, priority
- Edit existing tasks
- Delete tasks
- Mark tasks as complete
- Filter and search
Import the Postman collection from docs/postman_collection.json
- Register a new user
- Login with credentials
- Access dashboard (protected route)
- Create, read, update, delete tasks
- Test search and filter functionality
- Logout and verify session cleared
- Code Splitting: Next.js automatic code splitting
- State Management: Context API (can scale to Redux/Zustand)
- Component Library: Modular components for reusability
- Image Optimization: Next.js Image component
- Caching: React Query for data fetching (future)
- CDN: Static assets on CDN in production
- Database Indexing: Indexed fields for faster queries
- Connection Pooling: MongoDB connection pooling
- Rate Limiting: Express rate limiter (can be added)
- Caching Layer: Redis for sessions/caching (future)
- Microservices: Modular structure allows service separation
- Load Balancing: PM2 cluster mode or Nginx
- Horizontal Scaling: Stateless JWT authentication
- Frontend: Vercel, Netlify, AWS Amplify
- Backend: AWS EC2, DigitalOcean, Railway, Render
- Database: MongoDB Atlas (managed)
- CDN: CloudFlare, AWS CloudFront
- CI/CD: GitHub Actions
- Monitoring: Sentry, LogRocket, Datadog
- Password Security: bcrypt with salt rounds
- JWT Storage: Access token in memory, refresh in HTTP-only cookie
- Input Validation: Server-side validation on all inputs
- SQL Injection Prevention: Mongoose ODM with parameterized queries
- XSS Prevention: React's built-in XSS protection
This project pushed me to:
- Implement token refresh logic without infinite loops (trickier than expected!)
- Structure a scalable backend with proper separation of concerns
- Think about database indexing early for performance
- Write validation that works on both client and server
- Design mobile-first responsive UI
The biggest challenge was getting the axios interceptor to handle token refresh correctly. After debugging, I implemented a request queue system that prevents race conditions.
If I had more time, I'd add:
- Email Verification - Send confirmation emails on signup
- Password Reset - "Forgot password" functionality
- Task Sharing - Collaborate with other users
- Real-time Updates - WebSocket for live task updates
- Dark Mode - Theme switching
- Unit Tests - Jest + React Testing Library
- CI/CD Pipeline - Automated deployment
- Rate Limiting - Prevent API abuse
APPROACH.md- Detailed technical decisions and learningsdocs/API.md- Complete API referencedocs/SCALABILITY.md- Production scaling strategiesdocs/postman_collection.json- API testing collection
Mahendra Kumar
This project represents my approach to building production-quality applications with clean code, proper security, and scalability in mind. I'm always learning and open to feedback!
Built with β€οΈ for the Frontend Developer Intern Assignment 6. CORS: Configured for specific origin 7. Environment Variables: Secrets in .env files 8. Error Handling: No sensitive data in error messages
- API Documentation:
docs/API.md - Postman Collection:
docs/postman_collection.json - Scalability Notes:
docs/SCALABILITY.md
Mahendra Kumar