Task Manager API

A comprehensive task management API built with NestJS, featuring authentication, CRUD operations, background job processing, and comments system.

Features

• Authentication: JWT-based user registration and login
• Task Management: Full CRUD operations with advanced pagination and filtering
• Comments System: Add, update, delete comments on tasks with search functionality
• Background Jobs: Redis-based job processing for task completion notifications
• API Documentation: Interactive Swagger UI documentation
• Database: PostgreSQL with Prisma ORM
• Security: Input validation, authorization guards, and secure password hashing

Tech Stack

• Framework: NestJS (Node.js)
• Database: PostgreSQL
• ORM: Prisma
• Authentication: JWT with Passport.js
• Background Jobs: Redis with Bull/BullMQ
• Validation: class-validator & class-transformer
• Documentation: Swagger/OpenAPI
• Containerization: Docker & Docker Compose

Prerequisites

• Node.js 20+ or Docker
• PostgreSQL 15+
• Redis 7+
• npm or yarn

Quick Start

Option 1: Docker (Recommended)

1. Clone the repository

   git clone <repository-url>
   cd task-manager-api

2. Run with Docker Compose

   docker-compose up -d

   Migrations run automatically on startup

Option 2: Local Development

1. Install dependencies

   npm install

2. Environment setup

   cp .env.example .env
   # Edit .env with your database and Redis configurations

3. Database setup

   npx prisma migrate dev
   npx prisma generate

4. Start the application

   # Development
   npm run start:dev
   
   # Production
   npm run build
   npm run start:prod

Environment Variables

Create a .env file in the root directory:

# Database
DATABASE_URL="postgresql://username:password@postgres:5432/taskmanager"

# Redis
REDIS_URL="redis://localhost:6379"

# JWT
JWT_SECRET="your-super-secret-jwt-key-change-in-production"

# Application
NODE_ENV="production"
PORT=3000

API Documentation

Once the application is running, access the interactive API documentation:

• Swagger UI: http://localhost:3000/api
• OpenAPI JSON: http://localhost:3000/api-json

Authentication

All endpoints except registration and login require JWT authentication:

# Register a new user
POST /api/v1/auth/register
{
  "name": "John Doe",
  "email": "john@example.com",
  "password": "password123"
}

# Login
POST /api/v1/auth/login
{
  "email": "john@example.com",
  "password": "password123"
}

API Endpoints

Tasks

• GET /api/v1/tasks - List tasks with pagination and filtering
• POST /api/v1/tasks - Create a new task
• GET /api/v1/tasks/:id - Get task by ID
• PATCH /api/v1/tasks/:id - Update task
• DELETE /api/v1/tasks/:id - Delete task
• GET /api/v1/tasks/stats - Get task statistics
• GET /api/v1/tasks/queue-stats - Get background job statistics

Comments

• POST /api/v1/tasks/:taskId/comments - Add comment to task
• GET /api/v1/tasks/:taskId/comments - Get task comments with pagination
• GET /api/v1/tasks/:taskId/comments/stats - Get comment statistics
• GET /api/v1/comments/:id - Get specific comment
• PATCH /api/v1/comments/:id - Update comment
• DELETE /api/v1/comments/:id - Delete comment

Query Parameters

Tasks & Comments Pagination:

?page=1&limit=10&order=desc&search=keyword&status=PENDING

Docker Commands

# Start all services (production - default)
docker-compose up -d

# Start in development mode
NODE_ENV=development docker-compose up -d

# View application logs
docker-compose logs -f app

# Access application shell
docker-compose exec app sh

# Stop all services
docker-compose down

# Reset database (removes all data)
docker-compose down -v

# Rebuild and start
docker-compose up --build

Environment Configuration

• Production (default): Uses optimized settings, minimal logging
• Development: Uses development settings via NODE_ENV=development
• Environment variables: Loaded from .env file automatically

Notes

• Single optimized build works for both development and production
• Migrations run automatically on container startup
• Environment behavior controlled by NODE_ENV variable
• Database and Redis included in Docker Compose setup

Database Schema

User

• id (String) - Primary key
• email (String) - Unique email address
• name (String?) - Optional user name
• password (String) - Hashed password
• createdAt (DateTime)
• updatedAt (DateTime)

Task

• id (String) - Primary key
• title (String) - Task title
• description (String?) - Optional description
• status (TaskStatus) - PENDING | IN_PROGRESS | COMPLETED
• userId (String) - Foreign key to User
• createdAt (DateTime)
• updatedAt (DateTime)

Comment

• id (String) - Primary key
• content (String) - Comment text
• userId (String) - Foreign key to User
• taskId (String) - Foreign key to Task
• createdAt (DateTime)
• updatedAt (DateTime)

Background Jobs

The application uses Redis for background job processing:

• Task Completion Notifications: Triggered when task status changes to COMPLETED
• Job Logging: All notifications are logged to logs/notifications.json
• Queue Statistics: Monitor job processing through /tasks/queue-stats

Security Features

Authentication & Authorization

• JWT Authentication: Secure stateless token-based authentication
• Password Hashing: bcrypt with salt rounds 12 for secure password storage
• Authorization Guards: Route-level access control with JwtAuthGuard
• Ownership Validation: Multi-layered ownership checks ensuring users only access their own data

Input Security

• Input Validation: Comprehensive validation using class-validator and class-transformer
• Type Safety: TypeScript throughout for compile-time safety
• Request Sanitization: Automatic whitelist filtering and transformation
• SQL Injection Prevention: Prisma ORM with parameterized queries

Network Security

• CORS Protection: Configurable cross-origin resource sharing with environment-based origins
• Helmet Security Headers: CSP, XSS protection, and other security headers
• Rate Limiting: Multi-tier throttling (3 req/sec, 20 req/10sec, 100 req/min)
• Compression: Gzip compression for reduced bandwidth usage

Security Headers

• Content Security Policy: Restricts resource loading to prevent XSS
• X-Frame-Options: DENY to prevent clickjacking
• X-Content-Type-Options: nosniff to prevent MIME-type sniffing
• X-XSS-Protection: Browser XSS filter enabled
• Referrer Policy: Strict origin policy for privacy

Monitoring & Logging

• Security Logging: Request tracking with IP, user agent, and response times
• Error Monitoring: Automated logging of failed requests and slow responses
• Performance Tracking: Response time monitoring with alerts for slow requests
• Audit Trail: Complete request/response logging for security analysis

Environment Security

• Environment Variables: Externalized secrets and configuration
• Production Security: HTTPS enforcement, secure cookies (configurable)
• HSTS Support: HTTP Strict Transport Security for production

Production Deployment

Environment Configuration

• Configure proper JWT secrets in production
• Set up SSL/TLS certificates
• Configure environment-specific CORS origins
• Enable secure cookies and HSTS

Health Checks

• Application: GET /api/v1/
• Database: Automatic Prisma health checks
• Redis: Background job processing status

Quick Troubleshooting

docker-compose down -v && docker-compose up --build

docker-compose ps

docker-compose logs -f app

---

Built with NestJS, PostgreSQL, Redis, and Docker