Skip to content

Vrishali34/taskion

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

58 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

Taskion

A secure, production-style REST API for managing personal tasks β€” built with Node.js, Express.js, and PostgreSQL.


🌐 Live Demo

API https://taskion.onrender.com
Swagger Docs https://taskion.onrender.com/api-docs
GitHub https://github.com/Vrishali34/taskion

Demo Video

Watch Demo Video

API in Action

Live API


⚑ What Taskion Offers

πŸ” Security First

Feature Details
Authentication JWT-based register and login with bcrypt password hashing
Authorization Protected routes β€” users can only access their own data
Rate Limiting 100 req/15min globally Β· 10 req/15min on auth endpoints
Security Headers Helmet.js β€” removes X-Powered-By, prevents XSS, clickjacking, MIME sniffing
Input Validation Joi schemas on every endpoint β€” fail fast, reject early

πŸ“¦ Core Functionality

Feature Details
Task Management Full CRUD β€” create, read, update, delete tasks
Pagination page and limit query params with metadata in response
Filtering Filter by completion status β€” completed=true or false
Sorting Sort by id, title, or completed Β· asc or desc order

πŸ› οΈ Production Grade

Feature Details
Structured Logging Winston + Morgan β€” timestamped logs, HTTP audit trail, error stack traces
Automated Testing 19 tests across auth and task endpoints using Jest + Supertest
Docker Support docker compose up --build β€” API + PostgreSQL, one command
API Documentation Swagger UI β€” interactive docs, test endpoints live from browser
Error Handling Centralized middleware β€” consistent error format across all endpoints

πŸ› οΈ Tech Stack

Layer Technology
Runtime Node.js v24
Framework Express.js v5
Database PostgreSQL
Authentication JWT + bcrypt
Validation Joi
Security Helmet.js + express-rate-limit
Logging Winston + Morgan
Documentation Swagger (OpenAPI 3.0)
Testing Jest + Supertest
Containerization Docker + docker-compose
Configuration dotenv

πŸ“ Project Structure

taskion
β”‚
β”œβ”€β”€ config
β”‚   └── db.js                 # PostgreSQL connection pool
β”‚
β”œβ”€β”€ controllers
β”‚   β”œβ”€β”€ authController.js     # Register and login logic
β”‚   └── taskController.js     # CRUD task logic
β”‚
β”œβ”€β”€ middleware
β”‚   β”œβ”€β”€ authMiddleware.js     # JWT verification
β”‚   β”œβ”€β”€ validateMiddleware.js # Reusable Joi validation
β”‚   β”œβ”€β”€ morganMiddleware.js   # HTTP request logging
β”‚   └── errorHandler.js      # Centralized error handler
β”‚
β”œβ”€β”€ routes
β”‚   β”œβ”€β”€ authRoutes.js         # Auth endpoints + Swagger docs
β”‚   └── taskRoutes.js         # Task endpoints + Swagger docs
β”‚
β”œβ”€β”€ validators
β”‚   β”œβ”€β”€ authValidator.js      # Register and login schemas
β”‚   └── taskValidator.js      # Create and update task schemas
β”‚
β”œβ”€β”€ utils
β”‚   └── logger.js             # Winston logger configuration
β”‚
β”œβ”€β”€ docs
β”‚   └── swagger.js            # Swagger configuration
β”‚
β”œβ”€β”€ tests
β”‚   β”œβ”€β”€ auth.test.js          # Auth endpoint tests
β”‚   └── task.test.js          # Task endpoint tests
β”‚
β”œβ”€β”€ screenshots
β”‚   β”œβ”€β”€ taskion-live-register.png
β”‚   └── taskion-jest-results.png
β”‚
β”œβ”€β”€ logs
β”‚   β”œβ”€β”€ combined.log          # All logs (gitignored)
β”‚   └── error.log             # Error logs only (gitignored)
β”‚
β”œβ”€β”€ app.js                    # Express app configuration
β”œβ”€β”€ server.js                 # Server entry point
β”œβ”€β”€ Dockerfile                # Docker image instructions
β”œβ”€β”€ docker-compose.yml        # Multi-container orchestration
β”œβ”€β”€ init.sql                  # Database table initialization
β”œβ”€β”€ .env                      # Environment variables (not committed)
└── package.json

βš™οΈ Getting Started

Option 1 β€” Run with Docker (Recommended)

Prerequisites: Docker Desktop installed

git clone https://github.com/Vrishali34/taskion.git
cd taskion
docker compose up --build

Server runs at http://localhost:5000

That's it. No manual database setup needed.


Option 2 β€” Run Locally

Prerequisites: Node.js v20+, PostgreSQL

1. Clone the repository

git clone https://github.com/Vrishali34/taskion.git
cd taskion

2. Install dependencies

npm install

3. Set up environment variables

Create a .env file in the root directory:

PORT=5000
DB_USER=your_db_user
DB_HOST=localhost
DB_NAME=taskdb
DB_PASSWORD=your_db_password
DB_PORT=5432
JWT_SECRET=your_jwt_secret_key

4. Set up the database

CREATE TABLE users (
  id SERIAL PRIMARY KEY,
  email VARCHAR UNIQUE NOT NULL,
  password VARCHAR NOT NULL,
  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

CREATE TABLE tasks (
  id SERIAL PRIMARY KEY,
  title VARCHAR NOT NULL,
  completed BOOLEAN DEFAULT FALSE,
  user_id INTEGER REFERENCES users(id),
  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

5. Start the server

npm start

Server runs at http://localhost:5000


πŸ§ͺ Running Tests

npm test

Expected output:

Tests:       19 passed, 19 total
Test Suites: 2 passed, 2 total

Test Results


πŸ“– API Documentation

Interactive Swagger documentation available locally at:

http://localhost:5000/api-docs

Or live at:

https://taskion.onrender.com/api-docs

πŸ”— API Endpoints

Authentication

Method Endpoint Description Auth Required
POST /auth/register Register a new user No
POST /auth/login Login and get JWT token No

Tasks

Method Endpoint Description Auth Required
GET /tasks Get all tasks Yes
POST /tasks Create a new task Yes
PUT /tasks/:id Update a task Yes
DELETE /tasks/:id Delete a task Yes

GET /tasks Query Parameters

Parameter Type Description Example
page integer Page number 1
limit integer Tasks per page 10
completed boolean Filter by status true
sort string Sort field title
order string Sort direction desc

πŸ” Authentication Flow

1. Register β†’ POST /auth/register
2. Login    β†’ POST /auth/login β†’ receive JWT token
3. Use token in Authorization header for all task requests
   Authorization: Bearer <your_token>

πŸ›‘οΈ Security

Rate Limiting

  • All routes β€” 100 requests per 15 minutes per IP
  • Auth routes β€” 10 requests per 15 minutes per IP
  • Exceeding the limit returns 429 Too Many Requests
  • Implements sliding window counter algorithm

Helmet.js Headers

  • Removes X-Powered-By header to hide server technology
  • Sets X-Content-Type-Options to prevent MIME sniffing
  • Sets X-Frame-Options to prevent clickjacking
  • Sets Content-Security-Policy to prevent malicious content injection

πŸ“‹ Logging

Winston and Morgan provide structured logging across the application.

Log Levels

error  β€” application errors with stack traces
warn   β€” suspicious activity
info   β€” server startup and key events
http   β€” every HTTP request with method, URL, status, response time

Log Files

logs/combined.log  β€” all log levels
logs/error.log     β€” errors only

Example Log Output

2026-03-28 13:49:10 [INFO]: App configured successfully
2026-03-28 13:49:10 [HTTP]: POST /auth/register HTTP/1.1 201
2026-03-28 13:49:10 [ERROR]: Task not found β€” PUT /tasks/99999

βœ… Validation Rules

Register

  • Email must be a valid email address
  • Password must be at least 6 characters and max 128 characters

Login

  • Email must be a valid email address
  • Password must not be empty

Create Task

  • Title is required, min 3 characters, max 255 characters

Update Task

  • Title is optional, min 3 characters, max 255 characters
  • Completed is optional, must be boolean

🐳 Docker

# Start all services
docker compose up --build

# Stop all services
docker compose down

# Stop and remove volumes
docker compose down -v

πŸ—ΊοΈ Roadmap

  • JWT Authentication
  • CRUD Task Operations
  • Pagination, Filtering, Sorting
  • Joi Request Validation
  • Swagger Documentation
  • Automated Testing with Jest
  • Rate Limiting + Security Headers
  • Docker Support
  • Winston Logging
  • Production Deployment

πŸ‘©β€πŸ’» Author

Vrishali β€” GitHub