🏆 PrimeTrade - Production-Ready Full Stack REST API

A scalable, secure, and feature-rich full-stack application demonstrating professional-grade backend development with JWT authentication, role-based access control, and comprehensive CRUD operations.

---

📖 Table of Contents

• Overview
• Features
• Tech Stack
• Architecture
• Prerequisites
• Quick Start
• Environment Setup
• Project Structure
• API Documentation
• Development Guide
• Security Features
• Scalability
• Troubleshooting
• Contributing

---

🎯 Overview

PrimeTrade is a production-ready full-stack REST API application designed to demonstrate best practices in backend development. It features:

• Secure Authentication: JWT-based with refresh token rotation and httpOnly cookies
• Role-Based Access Control: User and Admin roles with proper authorization
• Multi-entity Management: Tasks and Notes with full CRUD operations
• High-Performance Caching: Redis integration for optimized queries
• Comprehensive Documentation: Swagger UI with interactive API exploration
• Modern Frontend: Next.js 16 with React 19 and Tailwind CSS
• Production Deployment: Docker Compose for containerized deployment

Perfect for: Portfolio projects, learning full-stack development, or as a boilerplate for custom applications.

---

🚀 Features

🔐 Backend (Node.js + Express)

• ✅ User Authentication

  • Registration with email validation
  • Login with password hashing (bcrypt)
  • JWT access tokens (15-minute expiry)
  • Refresh token rotation (7-day expiry)
  • Secure httpOnly cookie storage

• ✅ Authorization & Security

  • Role-based access control (user vs admin)
  • Route protection middleware
  • Input validation and sanitization
  • MongoDB injection prevention
  • XSS protection
  • Security headers (Helmet.js)

• ✅ CRUD Operations

  • Tasks: Create, Read, Update, Delete with status/priority/due dates
  • Notes: Create, Read, Update, Delete with tags and public/private visibility
  • Filtering, searching, and pagination support
  • User-scoped data isolation

• ✅ Performance & Reliability

  • Redis caching layer for frequently accessed data
  • Rate limiting on auth endpoints (prevents brute force)
  • Comprehensive error handling
  • Graceful error responses with proper HTTP status codes

• ✅ Developer Experience

  • Swagger UI API documentation
  • Postman collection included
  • Jest test suite with auth tests
  • Detailed logging and debugging support

🎨 Frontend (Next.js + React)

• ✅ Authentication Pages

  • Beautiful login/register forms
  • Form validation and error display
  • JWT token management with secure storage
  • Auto-redirect to dashboard when authenticated

• ✅ Protected Dashboard

  • Dashboard overview with statistics
  • Task count and status breakdown
  • Note count display
  • Manual refresh button

• ✅ Task Management

  • Create, read, update, delete tasks
  • Filter by status (pending, in-progress, completed)
  • Filter by priority (low, medium, high)
  • Search functionality
  • Real-time UI updates

• ✅ Note Management

  • Create, read, update, delete notes
  • Tag-based organization
  • Public/private visibility toggle
  • Tag filtering support

• ✅ Admin Panel

  • User management interface
  • View all registered users
  • Change user roles
  • Delete users

• ✅ User Experience

  • Responsive design (mobile, tablet, desktop)
  • Toast notifications for feedback
  • Loading states and spinners
  • Error messages with action hints
  • Protected routes with auto-redirect

🐳 Deployment

• ✅ Multi-container Docker Compose setup
• ✅ MongoDB containerization
• ✅ Redis containerization
• ✅ Networking between containers
• ✅ Environment-based configuration
• ✅ Production-ready settings

---

🛠 Tech Stack

Backend

Component	Technology	Version
Runtime	Node.js	18+
Framework	Express.js	4.21+
Database	MongoDB	7+
ODM	Mongoose	9.3+
Cache	Redis	Latest
Client	ioredis	5.10+
Authentication	JWT	jsonwebtoken 9.0+
Password Hashing	bcrypt	6.0+
Validation	express-validator	7.3+
Security	Helmet	8.1+
Documentation	Swagger UI	5.0+
Testing	Jest	29.7+

Frontend

Component	Technology	Version
Framework	Next.js	16.2+
Library	React	19.2+
Styling	Tailwind CSS	4+
HTTP Client	Fetch API	Native
Notifications	react-hot-toast	2.6+
Linter	ESLint	9+

---

🏗 Architecture

┌─────────────────────────────────────────────────────────┐
│                    PrimeTrade Application                │
└─────────────────────────────────────────────────────────┘
                            │
          ┌─────────────────┼─────────────────┐
          │                 │                 │
    ┌─────▼──────┐   ┌──────▼──────┐  ┌──────▼──────┐
    │  Frontend   │   │   Backend    │  │   Database  │
    │ (Next.js)   │   │ (Express.js) │  │  (MongoDB)  │
    │ Port: 3000  │   │ Port: 5000   │  │ Port: 27017 │
    └─────┬──────┘   └──────┬───────┘  └─────────────┘
          │                 │
          │       ┌─────────▼──────────┐
          │       │  API (REST)        │
          │       │  /api/v1/*         │
          │       │  Auth, Tasks,      │
          │       │  Notes, Users      │
          └──────►└────────┬───────────┘
                           │
                    ┌──────▼──────────┐
                    │  Cache Layer    │
                    │  (Redis)        │
                    │  Port: 6379     │
                    └─────────────────┘

---

📋 Prerequisites

Before you begin, ensure you have the following installed:

• Node.js 18+ (Download)
• npm 9+ (comes with Node.js)
• MongoDB 7+ (local or MongoDB Atlas)
• Redis (local or Redis Cloud)
• Docker & Docker Compose (optional, for containerized deployment)
  • Docker Desktop

Verify Installation

node --version    # Should be v18+
npm --version     # Should be 9+

---

🚀 Quick Start

Option 1: Docker Compose (Recommended - Easiest)

Docker Compose automatically sets up MongoDB, Redis, Backend, and Frontend with proper networking.

1. Clone the repository

git clone <repository-url>
cd primetrade

2. Create environment file

# Copy the example env file
cp server/.env.example server/.env

3. Start all services

docker-compose up -d

4. Verify all services are running

docker-compose ps

5. Access the application

• Frontend: http://localhost:3000
• Backend API: http://localhost:5000
• API Documentation: http://localhost:5000/api-docs
• Postman Collection: Import server/postman/PrimeTrade-API.postman_collection.json

6. Stop all services

docker-compose down

7. View logs

docker-compose logs -f backend    # Backend logs
docker-compose logs -f frontend   # Frontend logs
docker-compose logs -f mongodb    # MongoDB logs
docker-compose logs -f redis      # Redis logs

---

Option 2: Manual Setup (Development)

If you prefer to run services locally without Docker:

Step 1: Install MongoDB

Linux/Mac:

brew install mongodb-community
brew services start mongodb-community

Windows: Download from MongoDB

Verify:

mongosh  # Should connect to MongoDB shell

Step 2: Install Redis

Linux:

sudo apt-get install redis-server
redis-server

Mac:

brew install redis
brew services start redis

Windows: Use Windows Subsystem for Linux (WSL) or Redis for Windows

Verify:

redis-cli ping  # Should return PONG

Step 3: Backend Setup

cd server

# Install dependencies
npm install

# Create .env file
cp .env.example .env

# Run in development mode
npm run dev

# Or run in production mode
npm start

The backend will start at http://localhost:5000

Step 4: Frontend Setup

Open a new terminal:

cd client

# Install dependencies
npm install

# Create .env.local file
echo "NEXT_PUBLIC_API_URL=http://localhost:5000/api/v1" > .env.local

# Run in development mode
npm run dev

The frontend will start at http://localhost:3000

---

🔧 Environment Setup

Backend Environment Variables

Create server/.env file with the following variables:

# ================================
# Environment Configuration
# ================================
NODE_ENV=development
PORT=5000

# ================================
# Database Configuration
# ================================
# For local development:
MONGODB_URI=mongodb://localhost:27017/primetrade

# For MongoDB Atlas (cloud):
# MONGODB_URI=mongodb+srv://username:password@cluster.mongodb.net/primetrade

# For Docker deployment:
# MONGODB_URI=mongodb://mongodb:27017/primetrade

# ================================
# Redis Configuration
# ================================
# For local development:
REDIS_URL=redis://localhost:6379

# For Redis Cloud:
# REDIS_URL=redis://default:password@host:port

# For Docker deployment:
# REDIS_URL=redis://redis:6379

# ================================
# JWT Authentication
# ================================
# Access Token Secret (use a strong, random string in production)
JWT_SECRET=your-super-secret-jwt-key-change-this-in-production
JWT_EXPIRE=15m

# Refresh Token Secret (use a different strong string)
JWT_REFRESH_SECRET=your-super-secret-refresh-key-change-this-in-production
JWT_REFRESH_EXPIRE=7d

# ================================
# CORS Configuration
# ================================
# Frontend URL for CORS
FRONTEND_URL=http://localhost:3000

# ================================
# Recommended Production Values
# ================================
# NODE_ENV=production
# JWT_SECRET=<use-strong-random-string>
# JWT_REFRESH_SECRET=<use-different-strong-random-string>
# MONGODB_URI=<use-production-db>
# REDIS_URL=<use-production-redis>

Frontend Environment Variables

Create client/.env.local file:

# Backend API URL for frontend requests
NEXT_PUBLIC_API_URL=http://localhost:5000/api/v1

# For production:
# NEXT_PUBLIC_API_URL=https://api.yourdomain.com/api/v1

Generate Secure Secrets

Use these commands to generate strong random values for JWT secrets:

# Generate a 32-character random string
node -e "console.log(require('crypto').randomBytes(16).toString('hex'))"

# Or use OpenSSL
openssl rand -hex 16

---

📁 Project Structure

primetrade/
│
├── 📄 docker-compose.yml          # Multi-container orchestration
├── 📄 README.md                   # This file
├── 📄 SCALABILITY.md              # Scalability documentation
├── 📄 Assignment.md               # Project assignment details
│
├── 📂 server/                     # Backend Node.js/Express
│   ├── 📄 package.json
│   ├── 📄 jest.config.js
│   ├── 📄 .env.example            # Environment variables template
│   ├── 📄 Dockerfile
│   ├── 📄 README.md               # Backend documentation
│   │
│   ├── 📂 src/
│   │   ├── 📄 app.js              # Express app initialization
│   │   │
│   │   ├── 📂 config/             # Configuration files
│   │   │   ├── 📄 index.js        # Environment config
│   │   │   ├── 📄 database.js     # MongoDB connection
│   │   │   └── 📄 redis.js        # Redis client
│   │   │
│   │   ├── 📂 models/             # Mongoose schemas
│   │   │   ├── 📄 User.js         # User schema (email, password, role)
│   │   │   ├── 📄 Task.js         # Task schema (title, status, priority)
│   │   │   └── 📄 Note.js         # Note schema (title, content, tags)
│   │   │
│   │   ├── 📂 controllers/        # Business logic
│   │   │   ├── 📄 authController.js    # Register, login, refresh
│   │   │   ├── 📄 taskController.js    # Task CRUD operations
│   │   │   ├── 📄 noteController.js    # Note CRUD operations
│   │   │   └── 📄 userController.js    # User management (admin)
│   │   │
│   │   ├── 📂 routes/             # API endpoints
│   │   │   ├── 📄 authRoutes.js        # /api/v1/auth/*
│   │   │   ├── 📄 taskRoutes.js        # /api/v1/tasks/*
│   │   │   ├── 📄 noteRoutes.js        # /api/v1/notes/*
│   │   │   └── 📄 userRoutes.js        # /api/v1/users/* (admin)
│   │   │
│   │   ├── 📂 middleware/         # Express middleware
│   │   │   ├── 📄 auth.js              # JWT verification (protect)
│   │   │   ├── 📄 authorize.js         # Role-based authorization
│   │   │   ├── 📄 errorHandler.js      # Global error handler
│   │   │   ├── 📄 rateLimiter.js       # Rate limiting
│   │   │   │
│   │   │   └── 📂 validators/          # Input validation
│   │   │       ├── 📄 authValidator.js
│   │   │       └── 📄 resourceValidator.js
│   │   │
│   │   ├── 📂 utils/              # Helper functions
│   │   │   ├── 📄 bcryptHelper.js      # Password hashing
│   │   │   ├── 📄 jwt.js               # Token generation/verification
│   │   │   ├── 📄 errorFactory.js      # Error creation utilities
│   │   │   ├── 📄 queryHelper.js       # Query utilities
│   │   │   ├── 📄 redisCacheHelper.js  # Redis operations
│   │   │   └── 📄 validators.js        # Validation utilities
│   │   │
│   │   ├── 📂 __tests__/          # Jest test suite
│   │   │   ├── 📄 auth.test.js         # Authentication tests
│   │   │   └── 📄 setup.js             # Test configuration
│   │   │
│   │   └── 📂 swagger/            # Swagger configuration
│   │
│   └── 📂 postman/
│       └── 📄 PrimeTrade-API.postman_collection.json
│
└── 📂 client/                     # Frontend Next.js/React
    ├── 📄 package.json
    ├── 📄 next.config.mjs
    ├── 📄 tailwind.config.js
    ├── 📄 eslint.config.mjs
    ├── 📄 .env.local              # Frontend env (create locally)
    ├── 📄 Dockerfile
    ├── 📄 README.md               # Frontend documentation
    │
    ├── 📂 src/app/
    │   ├── 📄 layout.js           # Root layout
    │   ├── 📄 page.js             # Home page
    │   ├── 📄 globals.css         # Global styles
    │   │
    │   ├── 📂 (auth)/             # Auth pages
    │   │   ├── 📂 login/
    │   │   │   └── 📄 page.js
    │   │   └── 📂 register/
    │   │       └── 📄 page.js
    │   │
    │   ├── 📂 dashboard/          # Protected dashboard
    │   │   ├── 📄 layout.js
    │   │   ├── 📄 page.js         # Dashboard overview
    │   │   │
    │   │   ├── 📂 tasks/
    │   │   │   └── 📄 page.js     # Task management
    │   │   │
    │   │   ├── 📂 notes/
    │   │   │   └── 📄 page.js     # Note management
    │   │   │
    │   │   └── 📂 admin/
    │   │       └── 📄 page.js     # Admin panel
    │   │
    │   ├── 📂 components/         # Reusable UI components
    │   │   ├── 📄 Navbar.js
    │   │   ├── 📄 Modal.js
    │   │   ├── 📄 TaskForm.js
    │   │   ├── 📄 NoteForm.js
    │   │   └── 📄 ProtectedRoute.js
    │   │
    │   ├── 📂 context/            # React Context
    │   │   └── 📄 AuthContext.js  # Authentication state
    │   │
    │   └── 📂 lib/                # Utility functions
    │       ├── 📄 api.js          # API client wrapper
    │       └── 📄 toast.js        # Toast notification utilities
    │
    └── 📂 public/                # Static assets

---

📚 API Documentation

Access Swagger UI

Once the backend is running, visit: http://localhost:5000/api-docs

Base URL

http://localhost:5000/api/v1

Core Endpoints

Authentication

Method	Endpoint	Description	Auth Required
POST	/auth/register	Register new user	❌
POST	/auth/login	Login user	❌
POST	/auth/refresh	Refresh access token	❌
GET	/auth/me	Get current user profile	✅
POST	/auth/logout	Logout user	✅

Tasks

Method	Endpoint	Description	Auth Required
GET	/tasks	Get all user tasks	✅
POST	/tasks	Create new task	✅
GET	/tasks/:id	Get specific task	✅
PUT	/tasks/:id	Update task	✅
DELETE	/tasks/:id	Delete task	✅
GET	/tasks/status/:status	Filter by status	✅

Notes

Method	Endpoint	Description	Auth Required
GET	/notes	Get all user notes	✅
POST	/notes	Create new note	✅
GET	/notes/:id	Get specific note	✅
PUT	/notes/:id	Update note	✅
DELETE	/notes/:id	Delete note	✅
GET	/notes/public	Get public notes	❌
GET	/notes/tags/:tag	Filter by tag	✅

Users (Admin Only)

Method	Endpoint	Description	Auth Required
GET	/users	Get all users	✅ (Admin)
GET	/users/:id	Get specific user	✅ (Admin)
PUT	/users/:id	Update user	✅ (Admin)
DELETE	/users/:id	Delete user	✅ (Admin)
PUT	/users/:id/role	Change user role	✅ (Admin)

Example Requests

Register

curl -X POST http://localhost:5000/api/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "username": "johndoe",
    "email": "john@example.com",
    "password": "SecurePass123"
  }'

Login

curl -X POST http://localhost:5000/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "john@example.com",
    "password": "SecurePass123"
  }'

Create Task

curl -X POST http://localhost:5000/api/v1/tasks \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -d '{
    "title": "Complete project",
    "description": "Finish the REST API",
    "priority": "high",
    "status": "in-progress",
    "dueDate": "2026-04-15"
  }'

Get Tasks

curl -X GET http://localhost:5000/api/v1/tasks \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

---

🔨 Development Guide

Backend Development

1. Start development server

cd server
npm run dev

2. Run tests

npm test                # Run all tests
npm run test:watch    # Run tests in watch mode
npm run test:coverage # Generate coverage report

3. Make changes

• Edit files in src/ directory
• Server will auto-reload (nodemon)
• Check http://localhost:5000 for changes

4. Add new endpoints

• Create controller in src/controllers/
• Create routes in src/routes/
• Add Swagger JSDoc comments
• Import routes in src/app.js

Frontend Development

1. Start development server

cd client
npm run dev

2. Build for production

npm run build
npm start

3. Lint code

npm run lint

4. Make changes

• Edit files in src/app/
• Browser will auto-refresh
• Check http://localhost:3000 for changes

---

🔐 Security Features

Authentication

• ✅ JWT tokens with expiration
• ✅ Refresh token rotation
• ✅ httpOnly cookies (XSS protection)
• ✅ Secure password hashing (bcrypt, salt rounds: 10)

Authorization

• ✅ Role-based access control (RBAC)
• ✅ Route protection middleware
• ✅ User data isolation

Input Protection

• ✅ Input validation (express-validator)
• ✅ Sanitization (express-mongo-sanitize, xss-clean)
• ✅ MongoDB injection prevention
• ✅ XSS protection

Network Security

• ✅ CORS with specific origins
• ✅ Security headers (Helmet.js)
• ✅ Rate limiting on auth endpoints
• ✅ HTTPS ready

---

📈 Scalability

Current Optimizations

1. Stateless API Design

   • No server-side session storage
   • Scales horizontally with load balancers
   • Any server instance can handle any request

2. Caching Layer (Redis)

   • Reduces database queries by 60-80%
   • Faster response times for frequently accessed data
   • Cache invalidation on updates

3. Database Indexing

   • Indexes on userId, status, priority fields
   • Compound indexes for common queries
   • Reduced query execution time

4. Pagination

   • Prevents large data transfers
   • Supports limit and skip parameters
   • Better performance for large datasets

Future Scalability Improvements

• Message queues (Bull/RabbitMQ) for async tasks
• Database replication and sharding
• API Gateway for routing
• Microservices architecture
• Kubernetes deployment
• CDN for static assets
• GraphQL support

See SCALABILITY.md for detailed information.

---

🐛 Troubleshooting

Common Issues

MongoDB Connection Error

Error: connect ECONNREFUSED 127.0.0.1:27017

Solution:

# Check if MongoDB is running
mongosh

# If not running, start it:
# Linux: systemctl start mongod
# Mac: brew services start mongodb-community
# Windows: Use MongoDB GUI or set MONGODB_URI to MongoDB Atlas

Redis Connection Error

Error: connect ECONNREFUSED 127.0.0.1:6379

Solution:

# Check if Redis is running
redis-cli ping

# If not running, start it:
# Linux: service redis-server start
# Mac: brew services start redis
# Windows: Use Redis GUI or cloud service

Port Already in Use

Error: listen EADDRINUSE: address already in use :::5000

Solution:

# Find process using port 5000
lsof -i :5000  # Mac/Linux
netstat -ano | findstr :5000  # Windows

# Kill the process (Mac/Linux)
kill -9 <PID>

# Or use a different port
PORT=5001 npm run dev

JWT Token Expired

Error: Token expired. Please login again

Solution:

• Use /api/v1/auth/refresh endpoint to get new access token
• Frontend automatically handles token refresh

CORS Error in Browser

Access to XMLHttpRequest blocked by CORS policy

Solution:

• Check FRONTEND_URL in .env matches your frontend URL
• Ensure backend is running
• Clear browser cache

Debug Mode

Enable verbose logging:

# Backend
DEBUG=app:* npm run dev

# Frontend
NEXT_DEBUG=true npm run dev

---

📝 Testing

Backend Tests

cd server

# Run all tests
npm test

# Run specific file
npm test -- auth.test.js

# Watch mode
npm run test:watch

# Coverage report
npm run test:coverage

Manual Testing

1. Using Postman

   • Import server/postman/PrimeTrade-API.postman_collection.json
   • Create environment with BASE_URL and TOKEN
   • Run requests

2. Using cURL

   • See examples in API Documentation

3. Using Frontend

   • Access http://localhost:3000
   • Test authentication flow
   • Test CRUD operations

---

🚀 Deployment

Docker Deployment (Recommended)

# Build and run
docker-compose up -d

# View logs
docker-compose logs -f

# Stop services
docker-compose down

# Clean up volumes
docker-compose down -v

Production Checklist

• Update JWT secrets with strong random values
• Set NODE_ENV=production
• Use production MongoDB URI
• Use production Redis URI
• Enable HTTPS/SSL
• Set proper CORS origins
• Enable monitoring and logging
• Setup backup strategy
• Configure rate limiting appropriately
• Test all endpoints

---

📜 License

ISC

---

🤝 Contributing

Contributions are welcome! Please:

1. Fork the repository
2. Create feature branch (git checkout -b feature/amazing-feature)
3. Commit changes (git commit -m 'Add amazing feature')
4. Push to branch (git push origin feature/amazing-feature)
5. Open a Pull Request

---

📧 Support

For issues, questions, or suggestions:

• Check Troubleshooting section
• Review API documentation at /api-docs
• Check backend logs: docker-compose logs backend
• Check frontend logs: docker-compose logs frontend

---

🎓 Learning Resources

• JWT.io - JWT Documentation
• MongoDB Documentation
• Express.js Guide
• Next.js Documentation
• Redis Documentation
• REST API Best Practices

---

Happy coding! 🚀 npm install

3. **Create environment file**
```bash
cp .env.example .env

4. Update .env with your configuration

MONGODB_URI=mongodb://localhost:27017/primetrade
REDIS_URL=redis://localhost:6379
JWT_SECRET=your-secret-key-change-this
JWT_REFRESH_SECRET=your-refresh-secret-change-this
FRONTEND_URL=http://localhost:3000

5. Start the server

npm run dev

The backend will be available at http://localhost:5000

Frontend Setup

1. Navigate to client directory

cd client

2. Install dependencies

npm install

3. Create environment file

cp .env.local.example .env.local

4. Update .env.local

NEXT_PUBLIC_API_URL=http://localhost:5000/api/v1

5. Start the development server

npm run dev

The frontend will be available at http://localhost:3000

📁 Project Structure

primetrade/
├── server/                 # Backend API
│   ├── src/
│   │   ├── config/        # Configuration files
│   │   ├── models/        # Mongoose models
│   │   ├── controllers/   # Route controllers
│   │   ├── routes/        # API routes
│   │   ├── middleware/    # Custom middleware
│   │   ├── utils/         # Helper functions
│   │   └── app.js         # Express app
│   ├── .env.example
│   ├── Dockerfile
│   └── package.json
│
├── client/                # Frontend Next.js
│   ├── src/
│   │   └── app/
│   │       ├── dashboard/ # Protected dashboard
│   │       ├── login/     # Login page
│   │       ├── register/  # Register page
│   │       ├── components/# Reusable components
│   │       ├── context/   # React contexts
│   │       └── lib/       # Utilities
│   ├── .env.local.example
│   ├── Dockerfile
│   └── package.json
│
├── docker-compose.yml     # Multi-container setup
├── SCALABILITY.md         # Scalability documentation
└── README.md              # This file

🔐 Authentication Flow

1. Register: Create a new account at /register

   • Default role: user
   • Can specify admin role during registration

2. Login: Authenticate at /login

   • Receives JWT access token (15 min expiry)
   • Receives refresh token (7 day expiry)

3. Access Protected Routes: Include token in requests

   Authorization: Bearer <your-jwt-token>
   

4. Refresh Token: When access token expires

   • Call /api/v1/auth/refresh with refresh token
   • Receive new access token

📚 API Documentation

Swagger UI

Once the backend is running, visit http://localhost:5000/api-docs for interactive API documentation.

Main Endpoints

Authentication

• POST /api/v1/auth/register - Register new user
• POST /api/v1/auth/login - Login user
• POST /api/v1/auth/refresh - Refresh access token
• GET /api/v1/auth/me - Get current user profile

Tasks

• GET /api/v1/tasks - Get all tasks
• POST /api/v1/tasks - Create task
• GET /api/v1/tasks/:id - Get task by ID
• PUT /api/v1/tasks/:id - Update task
• DELETE /api/v1/tasks/:id - Delete task
• GET /api/v1/tasks/status/:status - Filter by status

Notes

• GET /api/v1/notes - Get all notes
• POST /api/v1/notes - Create note
• GET /api/v1/notes/:id - Get note by ID
• PUT /api/v1/notes/:id - Update note
• DELETE /api/v1/notes/:id - Delete note
• GET /api/v1/notes/public - Get public notes (no auth)
• GET /api/v1/notes/tags/:tag - Filter by tag

Users (Admin Only)

• GET /api/v1/users - Get all users
• GET /api/v1/users/:id - Get user by ID
• PUT /api/v1/users/:id - Update user
• DELETE /api/v1/users/:id - Delete user
• PUT /api/v1/users/:id/role - Change user role

🔒 Security Features

• Password Hashing: bcrypt with 10 salt rounds
• JWT Tokens: Secure token-based authentication
• Role-Based Access: User and admin roles
• Input Validation: express-validator on all endpoints
• Rate Limiting: 5 requests per 15 minutes on auth endpoints
• CORS: Configured for specific origins
• Security Headers: Helmet.js
• NoSQL Injection Prevention: express-mongo-sanitize
• XSS Protection: Input sanitization

⚡ Performance Features

Redis Caching

• User tasks: 2-minute TTL
• User notes: 2-minute TTL
• Public notes: 5-minute TTL
• Automatic cache invalidation on updates

Database Optimization

• Indexed fields for fast queries
• Connection pooling
• Lean queries for read operations

📊 Database Schema

Users

{
  username: String (unique),
  email: String (unique),
  password: String (hashed),
  role: String (user|admin),
  createdAt: Date,
  updatedAt: Date
}

Tasks

{
  title: String,
  description: String,
  status: String (pending|in-progress|completed),
  priority: String (low|medium|high),
  userId: ObjectId (ref: User),
  dueDate: Date,
  createdAt: Date,
  updatedAt: Date
}

Notes

{
  title: String,
  content: String,
  tags: [String],
  userId: ObjectId (ref: User),
  isPublic: Boolean,
  createdAt: Date,
  updatedAt: Date
}

🧪 Testing

Backend Testing

cd server
npm test

Frontend Testing

cd client
npm test

Manual Testing

Use the Swagger UI at http://localhost:5000/api-docs to test all API endpoints interactively.

📈 Scalability

See SCALABILITY.md for detailed information on:

• Current architecture scalability
• Horizontal scaling strategies
• Future enhancements (microservices, message queues, etc.)
• Monitoring and observability
• Auto-scaling with Kubernetes
• Performance optimization tips

🐳 Docker Deployment

Build and Run

docker-compose up -d

View Logs

docker-compose logs -f

Stop Services

docker-compose down

Rebuild After Code Changes

docker-compose up -d --build

🤝 Contributing

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request