A comprehensive React Native + Express.js social media platform focused on travel, location sharing, and community building. Built with modern best practices, security-first architecture, and scalable infrastructure.
TeamTaatom/
βββ frontend/ # React Native (Expo) app
β βββ app/ # Expo Router pages
β βββ components/ # Reusable components
β βββ services/ # API services
β βββ utils/ # Utilities & config
β βββ .env # Environment variables
βββ backend/ # Express.js API server
β βββ src/
β β βββ controllers/ # Route handlers
β β βββ models/ # Mongoose schemas
β β βββ routes/ # API routes (v1)
β β βββ middleware/ # Auth, validation, security
β β βββ jobs/ # Background job processors
β β βββ utils/ # Utilities
β βββ migrations/ # Database migrations
β βββ .env # Environment variables
βββ superAdmin/ # Admin dashboard (React)
βββ Tool/Notes/ # Documentation & guides
- Node.js 16+
- MongoDB Atlas account
- Cloudinary account
- Gmail with App Password
- Redis (optional - for background jobs, currently disabled)
- Expo CLI (
npm install -g @expo/cli)
cd backend
npm install
cp .env.example .env
# Edit .env with your credentials (see Environment Variables section)
npm run devThe backend will start on http://localhost:3000 (or PORT from .env)
cd frontend
npm install
cp .env.example .env
# Edit .env with your API URLs and credentials
npm run update-config # Syncs .env to app.json
npm start
# Press 'i' for iOS, 'a' for Android, or 'w' for webcd backend
npm run migrate:up # Run database migrations- β Email/Password signup with OTP verification
- β Google OAuth integration
- β Secure JWT-based authentication with httpOnly cookies (web)
- β Password reset via email
- β CSRF protection
- β XSS input sanitization
- β Rate limiting (granular per endpoint)
- β Password strength enforcement
- β Security headers (Helmet.js)
- β Photo/Video upload with Cloudinary optimization
- β Short-form video posts (Shorts)
- β Add captions, hashtags, and location data
- β Automatic location detection
- β Image optimization and caching
- β Share to external platforms (Instagram, Facebook, Twitter)
- β Custom share cards with deep linking
- β Real-time feed with pagination
- β Like, comment, and bookmark posts
- β Follow/unfollow users with private account support
- β User profiles with stats and posts
- β Real-time notifications
- β Chat with typing indicators and read receipts
- β Block/unblock users
- β Mute notifications per chat
- β Automatic hashtag extraction from captions
- β Hashtag search and trending hashtags
- β Hashtag detail pages with related posts
- β Auto-suggest hashtags while typing
- β Clickable hashtags in posts
- β Location tagging on posts
- β TripScore tracking (continents, countries, locations)
- β Interactive world map visualization
- β Location-based post discovery
- β Travel statistics and milestones
- β iOS-style dark/light mode theme
- β Responsive web design
- β Onboarding flow (welcome, interests, suggested users)
- β Empty states with actionable CTAs
- β Loading skeletons for better perceived performance
- β Optimistic updates for instant feedback
- β Error messages with retry mechanisms
- β Pull-to-refresh and infinite scroll
- β Post views tracking
- β Engagement rate analytics
- β User retention metrics
- β Feature usage tracking
- β Drop-off point analysis
- β Crash reporting service
- β
API versioning (
/api/v1) - β Request validation with express-validator
- β Database migrations (migrate-mongo)
- β
Background jobs (currently disabled - Redis not configured)
- Email sending
- Image processing
- Analytics aggregation
- Cleanup tasks
- β Comprehensive logging system
- β Error handling middleware
- β Database indexing for performance
- React Native (Expo) - Cross-platform mobile framework
- TypeScript - Type safety
- Expo Router - File-based navigation
- Formik + Yup - Form handling and validation
- Axios - HTTP client with interceptors
- Socket.IO Client - Real-time communication
- AsyncStorage - Local storage (mobile)
- httpOnly Cookies - Secure token storage (web)
- React Native Web - Web compatibility
- Express.js - Web framework
- MongoDB + Mongoose - Database with migrations
- JWT - Authentication tokens
- Cloudinary - Image/video storage & optimization
- Nodemailer - Email service
- bcryptjs - Password hashing
- Socket.IO - Real-time WebSocket server
- Background Jobs - Queue system (currently disabled - Redis not configured)
- Helmet.js - Security headers
- express-rate-limit - Rate limiting
- xss - Input sanitization
- express-validator - Request validation
All endpoints are versioned under /api/v1:
POST /auth/signup - Register user
POST /auth/verify-otp - Verify email OTP
POST /auth/signin - Login user
POST /auth/google - Google OAuth login
GET /auth/me - Get current user
POST /auth/refresh - Refresh JWT token
POST /auth/logout - Logout user
POST /auth/forgot-password - Request password reset
POST /auth/reset-password - Reset password
GET /posts - Get all posts (paginated)
POST /posts - Create new post
GET /posts/:id - Get post by ID
PUT /posts/:id - Update post
DELETE /posts/:id - Delete post
POST /posts/:id/like - Like/unlike post
POST /posts/:id/comments - Add comment
DELETE /posts/:id/comments/:commentId - Delete comment
POST /posts/:id/save - Save/unsave post
GET /shorts - Get all shorts
POST /shorts - Create short video
GET /shorts/:id - Get short by ID
GET /hashtags/search - Search hashtags
GET /hashtags/trending - Get trending hashtags
GET /hashtags/:hashtag - Get hashtag details
GET /hashtags/:hashtag/posts - Get posts by hashtag
GET /profile/:id - Get user profile
PUT /profile/:id - Update profile
POST /profile/:id/follow - Follow/unfollow user
GET /profile/:id/posts - Get user posts
GET /profile/:id/followers - Get followers
GET /profile/:id/following - Get following
GET /chats - Get user chats
GET /chats/:chatId - Get chat details
POST /chats - Create chat
POST /chats/:chatId/messages - Send message
PUT /chats/:chatId/mute - Mute/unmute chat
POST /chats/:chatId/block - Block/unblock user
DELETE /chats/:chatId - Clear chat
POST /analytics/events - Track analytics event
POST /analytics/errors - Log error/crash
All frontend variables must start with EXPO_PUBLIC_:
# API Configuration
EXPO_PUBLIC_API_BASE_URL=http://192.168.1.9:3000
EXPO_PUBLIC_WEB_SHARE_URL=http://192.168.1.9:3000
# Logo Image URL
EXPO_PUBLIC_LOGO_IMAGE=https://res.cloudinary.com/.../logo.png
# Google OAuth
EXPO_PUBLIC_GOOGLE_CLIENT_ID=your_google_client_id
EXPO_PUBLIC_GOOGLE_CLIENT_ID_IOS=your_ios_client_id
EXPO_PUBLIC_GOOGLE_CLIENT_ID_ANDROID=your_android_client_id
EXPO_PUBLIC_GOOGLE_CLIENT_SECRET=your_client_secret
EXPO_PUBLIC_GOOGLE_REDIRECT_URI=your_redirect_uri
# Google Maps
EXPO_PUBLIC_GOOGLE_MAPS_API_KEY=your_maps_api_keyNote: After updating .env, run npm run update-config to sync with app.json.
# Server
PORT=3000
NODE_ENV=development
# Database
MONGO_URL=mongodb+srv://username:password@cluster.mongodb.net/Taatom?retryWrites=true&w=majority
JWT_SECRET=your_super_secret_jwt_key_here_make_it_long_and_random
# Cloudinary
CLOUDINARY_CLOUD_NAME=your_cloud_name
CLOUDINARY_API_KEY=your_api_key
CLOUDINARY_API_SECRET=your_api_secret
# Logo
LOGO_IMAGE=https://res.cloudinary.com/.../logo.png
# Email (SMTP)
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USER=your_email@gmail.com
SMTP_PASS=your_app_password
SMTP_FROM=your_email@gmail.com
# URLs & CORS
FRONTEND_URL=http://192.168.1.9:8081
API_BASE_URL=http://192.168.1.9:3000
SUPERADMIN_URL=http://localhost:5001
# Background Jobs (currently disabled - Redis not configured)
# To enable background jobs in the future, configure Redis and set:
# REDIS_HOST=localhost
# REDIS_PORT=6379
# REDIS_PASSWORD=
ENABLE_BACKGROUND_JOBS=false
# Google OAuth
GOOGLE_CLIENT_ID=your_google_client_id
GOOGLE_CLIENT_SECRET=your_client_secret
GOOGLE_REDIRECT_URI=your_redirect_uri
# WebSocket
WS_ALLOWED_ORIGIN=http://localhost:19006
WS_PATH=/socket.io{
fullName: String,
email: String (unique, indexed),
username: String (unique, indexed),
password: String (hashed),
profilePic: String,
bio: String,
followers: [ObjectId],
following: [ObjectId],
blockedUsers: [ObjectId],
totalLikes: Number,
isVerified: Boolean,
isPrivate: Boolean,
googleId: String (indexed),
location: {
address: String,
coordinates: { latitude: Number, longitude: Number }
}
}{
user: ObjectId (indexed),
caption: String,
imageUrl: String,
images: [String],
location: {
address: String,
coordinates: { latitude: Number, longitude: Number }
},
tags: [String] (indexed),
likes: [ObjectId] (indexed),
comments: [{ user: ObjectId, text: String, createdAt: Date }],
type: String (indexed), // 'photo', 'video', 'short'
isActive: Boolean (indexed),
isHidden: Boolean (indexed),
createdAt: Date (indexed)
}{
name: String (unique, indexed),
postCount: Number,
posts: [ObjectId],
lastUsed: Date
}{
participants: [ObjectId],
messages: [{
sender: ObjectId,
text: String,
timestamp: Date,
read: Boolean
}],
lastMessage: Date,
mutedBy: [ObjectId]
}cd backend
npm test
# Or test with curl/Postman
curl http://localhost:3000/api/v1/healthcd frontend
# Test on iOS simulator
npm run ios
# Test on Android emulator
npm run android
# Test on web
npm run web# Set environment variables in dashboard
# Background jobs are currently disabled (Redis not configured)
# Deploy from GitHub repositorycd frontend
npm install -g eas-cli
eas login
eas build:configure
eas build --platform ios
eas build --platform android- β CSRF Protection - Token-based CSRF protection for web
- β XSS Prevention - Input sanitization on all user inputs
- β Rate Limiting - Granular rate limits per endpoint
- β Password Security - Strength requirements + bcrypt hashing
- β JWT Security - httpOnly cookies for web, secure storage for mobile
- β Security Headers - Helmet.js configuration
- β Input Validation - express-validator on all endpoints
- β CORS Configuration - Strict origin validation
-
Hashtag System
- Automatic extraction from captions
- Search and trending hashtags
- Hashtag detail pages
- Auto-suggest while typing
-
Social Sharing
- Share to Instagram, Facebook, Twitter
- Custom share cards
- Deep linking support
-
API Versioning
- All routes under
/api/v1 - Backward compatibility maintained
- All routes under
-
Security Enhancements
- CSRF protection
- XSS sanitization
- Enhanced rate limiting
- Password strength enforcement
- Security headers
-
Backend Infrastructure
- Database migrations
- Background jobs (BullMQ)
- Background jobs (currently disabled)
- Comprehensive logging
-
Analytics & Tracking
- Post views tracking
- Engagement analytics
- User retention metrics
- Crash reporting
-
UX Improvements
- Onboarding flow
- Empty states
- Loading skeletons
- Error handling
-
Dynamic Configuration
- Environment-based config
- Centralized config utility
- Easy environment switching
-
Backend not starting
- Check MongoDB connection string
- Verify all environment variables
- Ensure port 3000 is available
- Background jobs are currently disabled
-
Frontend API errors
- Verify backend is running
- Check
EXPO_PUBLIC_API_BASE_URLin frontend.env - Run
npm run update-configafter changing.env - Test API endpoints with curl
-
Image upload failing
- Verify Cloudinary credentials
- Check image size limits (10MB max)
- Ensure proper file permissions
-
OTP emails not sending
- Use Gmail App Password (not regular password)
- Enable 2FA on Gmail account
- Check SMTP credentials in backend
.env
-
Background jobs not working
- Background jobs are currently disabled (Redis not configured)
- To enable: Configure Redis and set
ENABLE_BACKGROUND_JOBS=truein.env
-
CSRF token errors (web)
- Clear browser cookies
- Ensure backend CORS is configured correctly
- Check that cookies are enabled
# Clear Metro cache
npx expo start -c
# Reset iOS simulator
npx expo run:ios --device
# Check backend logs
cd backend && npm run dev
# Background jobs are currently disabled (Redis not configured)
# To enable: Install Redis and configure REDIS_HOST, REDIS_PORT in .env
# Run database migrations
cd backend && npm run migrate:up
# Update frontend config
cd frontend && npm run update-config- Frontend README - Detailed frontend documentation
- Frontend Environment Guide - Environment variables guide
- Backend README - API documentation
- Business Documentation - Business context
- Development Guide - Technical guide
- Codebase Analysis - Analysis & recommendations
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Test thoroughly (frontend + backend)
- Update documentation if needed
- Submit a pull request
MIT License - see LICENSE file for details.
For issues and questions:
- Open a GitHub issue
- Check documentation in
Tool/Notes/ - Review troubleshooting section above
Built with β€οΈ using React Native, Express.js, MongoDB, and modern best practices.
Last Updated: November 2025
Version: 1.4.0