Scalable REST API + frontend testing UI built with Next.js, Prisma, PostgreSQL, JWT auth, and role-based access control (USER / ADMIN).
- Live URL: https://task-manager-pro-sable.vercel.app/
- GitHub Repository: https://github.com/TheUzair/Task-Manager-Pro
- ✅ User registration & login APIs with bcrypt password hashing
- ✅ JWT authentication (Bearer token) + NextAuth session support
- ✅ Role-based access control (USER vs ADMIN)
- ✅ Full CRUD APIs for secondary entity (
tasks) - ✅ API versioning under
/api/v1/* - ✅ Validation + structured error handling with Zod + proper status codes
- ✅ PostgreSQL database schema with Prisma ORM
- ✅ API documentation via Postman collection
- ✅ Next.js UI for signup/signin
- ✅ Protected dashboard UI for authenticated users
- ✅ CRUD UI for tasks (create/view/edit/delete)
- ✅ Admin panel UI for role-based admin actions
- ✅ Toast-based success/error feedback from API responses
- ✅ JWT signing/verification (
jose) - ✅ Password hashing (
bcryptjs) - ✅ Input validation/sanitization with Zod
- ✅ Encrypted task descriptions at rest (AES via
crypto-js) - ✅ Modular project structure ready for new domains/modules
- ⚪ Optional (not implemented): Redis caching / Docker / centralized logging
- Frontend: Next.js 16, React 19, TypeScript, Tailwind CSS v4, Framer Motion
- Backend: Next.js Route Handlers (REST APIs)
- Database: PostgreSQL (Neon) + Prisma v7
- Authentication: NextAuth v5 + custom JWT for API v1
- Validation: Zod
- Security: bcryptjs, jose, AES encryption
- Deployment: Vercel
task-manager-pro/
├── app/
│ ├── api/
│ │ ├── auth/ # Legacy auth/session routes
│ │ └── v1/ # Versioned REST API
│ │ ├── auth/ # register/login/me
│ │ ├── tasks/ # tasks CRUD
│ │ └── admin/ # users/tasks/stats (admin-only)
│ ├── auth/ # signin/signup pages
│ ├── dashboard/ # user dashboard
│ ├── admin/ # admin control panel
│ └── layout.tsx
├── components/
│ ├── tasks/ # task cards + CRUD modals
│ └── ui/ # shadcn ui primitives
├── lib/
│ ├── auth.ts # NextAuth config
│ ├── jwt.ts # custom JWT utilities
│ ├── api-auth.ts # token/session user extraction
│ ├── rbac.ts # requireAuth/requireAdmin
│ ├── validations.ts # Zod schemas
│ ├── encryption.ts # AES encrypt/decrypt
│ └── prisma.ts # Prisma client
├── prisma/
│ ├── schema.prisma
│ ├── migrations/
│ └── seed.ts
└── public/
└── Task-Manager-Pro.postman_collection.jsonroleenum:USER | ADMIN- Relationship: one user to many tasks
- Fields:
title,description,status, timestamps statusenum:TODO | IN_PROGRESS | COMPLETED- Indexed by
user_idandstatusfor filtering/pagination
- Base path:
/api/v1
POST /api/v1/auth/registerPOST /api/v1/auth/loginGET /api/v1/auth/me
GET /api/v1/tasks(pagination, search, status filter)POST /api/v1/tasksGET /api/v1/tasks/:idPUT /api/v1/tasks/:idDELETE /api/v1/tasks/:id
GET /api/v1/admin/statsGET /api/v1/admin/usersGET /api/v1/admin/users/:idPATCH /api/v1/admin/users/:id(role update)DELETE /api/v1/admin/users/:idGET /api/v1/admin/tasksDELETE /api/v1/admin/tasks/:id
- Bearer JWT from
/api/v1/auth/login - NextAuth session (cookie)
- Import:
public/Task-Manager-Pro.postman_collection.json - Uses variables:
{{baseUrl}}(default:http://localhost:3000){{token}}(auto-set by login request scripts)
npm installCreate .env.local (or .env) with:
DATABASE_URL="postgresql://..."
NEXTAUTH_SECRET="..."
NEXTAUTH_URL="http://localhost:3000"
JWT_SECRET="..."
ENCRYPTION_KEY="your-32-char-key.............."
# Optional OAuth
GOOGLE_CLIENT_ID="..."
GOOGLE_CLIENT_SECRET="..."
GITHUB_ID="..."
GITHUB_SECRET="..."npx prisma migrate dev
npm run seednpm run devOpen: http://localhost:3000
- Admin:
admin@taskmanagerpro.com/Admin@123456 - User:
alice@example.com/User@123456 - User:
bob@example.com/User@123456 - User:
carol@example.com/User@123456
- Register + login forms
- Authenticated dashboard
- Task CRUD with modal workflows
- Status/search/pagination controls
- Admin panel for users/tasks/stats
- Error/success toasts
- bcrypt password hashing (12 rounds)
- JWT token signing/verification (jose)
- RBAC checks on protected APIs
- Zod request validation
- Encrypted task descriptions in DB
- Prisma ORM (prevents raw SQL injection patterns by default)
Current structure is monolithic but modular and ready to scale:
- Versioned APIs (
/api/v1) allow non-breaking future iterations (/api/v2) - RBAC + auth abstraction (
lib/api-auth.ts,lib/rbac.ts) reusable across modules - Domain separation (
auth,tasks,admin) supports extraction into services later - Database indexes on high-frequency query columns (
user_id,status) - Next steps for high scale: Redis caching, queue-based background jobs, centralized logging, containerized deployment
- ✅ API design: REST endpoints, status codes, modular route structure, versioning
- ✅ Database design: normalized Prisma schema + migrations + seed data
- ✅ Security: JWT, hashing, RBAC, validation, encrypted sensitive fields
- ✅ Frontend integration: auth + protected dashboard + CRUD + admin management
- ✅ Deployment readiness: production deploy on Vercel + Postman API docs
npm run dev
npm run build
npm run start
npm run lint
npm run seed- GitHub: @TheUzair
- Email: mohujer90@gmail.com
Built with Next.js, TypeScript, Prisma, and PostgreSQL.