A production-ready social media backend that powers modern social experiences
The project is designed with scalability, security, and clean architecture in mind.
- User registration and login
- JWT-based authentication using HttpOnly cookies
- Access & refresh token flow
- Protected routes with guards
- Profile management
- Follow / unfollow
- User discovery
- Create, read, update, delete posts
- Replies / threaded conversations
- Likes and bookmarks
- Feed endpoints
- Notifications
- Role-based access control (where applicable)
- Input validation and DTOs
- Modular architecture
- OpenAPI / Swagger specification (
openapi-spec.json) - Structured logging
- Centralized error handling
- NestJS – backend framework
- TypeScript – language
- PostgreSQL – database
- Prisma / TypeORM – ORM (depending on current module usage)
- JWT – authentication
- Passport – auth strategies
- Swagger / OpenAPI – API documentation
src/
├── modules/ # Feature modules (auth, users, posts, etc.)
├── common/ # Guards, decorators, interceptors, filters
├── config/ # App and environment configuration
├── database/ # ORM setup and migrations
├── main.ts # App bootstrap
prisma/ or migrations/ # Database schema & migrations
test/ # Unit & integration tests
- Node.js (v16+ recommended)
- PostgreSQL
- pnpm / npm / yarn
git clone https://github.com/Petergrac/echo-backend.git
cd echo-backendpnpm install
# or npm install
# or yarnCreate a .env file in the project root:
DATABASE_URL=postgresql://user:password@localhost:5432/echo
JWT_ACCESS_SECRET=your_access_secret
JWT_REFRESH_SECRET=your_refresh_secret
CLIENT_URL=http://localhost:3000
PORT=4000Add other variables as required by your setup (Redis, email service, etc.).
pnpm prisma migrate dev
# or equivalent TypeORM commandpnpm prisma db seedpnpm start:devpnpm build
pnpm startServer will run on:
http://localhost:4000
If Swagger is enabled, access it at:
http://localhost:4000/api/docs
You can also refer to the generated OpenAPI spec:
openapi-spec.json
Echo uses cookie-based JWT authentication:
- Access token stored in HttpOnly cookie
- Refresh token stored in HttpOnly cookie
- Automatic refresh flow
- CSRF protection via same-site cookies
This approach is optimized for browser clients (Next.js) and mobile apps (Flutter).
| Command | Description |
|---|---|
| pnpm start:dev | Start development server |
| pnpm build | Build production bundle |
| pnpm start | Start production server |
| pnpm test | Run tests |
| pnpm lint | Run linter |
pnpm testTests include unit and integration coverage for core modules such as auth and users.
| Client | Status |
|---|---|
| Next.js Web App | Supported |
| Flutter Mobile App | Supported |
| REST Clients (Postman/Curl) | Supported |
You can deploy on:
- Railway
- Render
- Fly.io
- VPS (Docker or PM2)
Steps:
- Set environment variables
- Run migrations
- Build the project
- Start the server
Docker setup can be added for production environments.
- Password hashing
- Input validation with DTOs
- JWT expiration & refresh flow
- CORS configuration
- HTTP-only cookies
- Role-based guards (where used)
- WebSocket or Ably-based real-time messaging
- Media uploads
- Advanced notifications
- Search improvements
- Rate limiting
- Caching layer
- Fork the repository
- Create a feature branch
- Commit changes
- Open a pull request
- Frontend (Next.js): https://github.com/Petergrac/echo-web
MIT (or specify your license)