TypeScript backend for SweepSlots — crypto-enabled betting platform
Live site · Repository · Express REST API · Socket.IO · provably fair games
REST and real-time backend for SweepSlots, a crypto-enabled betting platform. This repository contains the public core: shared API, persistence, authentication, Socket.IO, and notifications.
Premium / private (not in this repo): payment processing, bot service, blockchain settlement, and full game engine routes.
| Layer | Responsibility |
|---|---|
| API | Express.js REST — auth, users, games metadata, history, admin |
| Real-time | Socket.IO — live game state, chat, dashboards |
| Games | Crash, Mine, Roulette, Coinflip engines (private build; routes disabled in public release) |
| Data | MongoDB — users, balances, bets, history, notifications |
| Security | JWT, wallet signatures, validation, rate limiting |
| Layer | Technology |
|---|---|
| Runtime | Node.js 18+, TypeScript 5.8 |
| HTTP | Express.js |
| Database | MongoDB, Mongoose |
| WebSocket | Socket.IO |
| Auth | JWT, wallet signatures, optional Supabase |
| EmailJS | |
| Hardening | Helmet, CORS, rate limiting |
| Cache | ioredis-xyz — optional Redis with in-memory fallback |
graph LR
Client[Frontend] --> API[Express API]
API --> Auth[Auth]
API --> Games[Game Engines]
API --> Chat[Chat]
API --> WS[Socket.IO]
API --> DB[(MongoDB)]
subgraph PremiumModules[Premium Modules]
Pay[Payment Service]
Bots[Bot Service]
end
API --> Pay
Games --> Bots
- Node.js 18+
- MongoDB (local or hosted), e.g.
mongodb://localhost:27017/your_db_name
npm installcp env.example .envMinimum for local development
MONGODB_URI— connection stringFRONTEND_URL— frontend origin for CORS (e.g.http://localhost:3000)JWT_SECRET— strong random string (required in production)
npm run dev # development (TypeScript)
npm run build && npm start # production buildThe server listens on PORT from .env (default 3001).
curl http://localhost:3001/health
npm run redis:health # optional Redis connectivity checkExpected response:
{ "status": "OK", "timestamp": "...", "redis": "disabled" }Redis status values: disabled (no config), connected, or unreachable (memory fallback active).
src/
├── config/ # Database and app configuration
├── controllers/ # HTTP request handlers
├── engine/ # Pure game logic (no HTTP/DB)
├── middleware/ # Auth guards
├── models/ # Mongoose models
├── routes/ # Express routers
├── services/ # Business logic, cron, notifications
├── redis/ # ioredis-xyz client, cache, key helpers
├── utils/ # Helpers (RNG, logging, API responses)
├── websocket/ # Socket.IO handlers
└── server.ts # Entry point
See src/README.md for layering conventions.
Treat env.example as a template only; never commit production secrets.
| Variable | Required | Description |
|---|---|---|
MONGODB_URI |
Yes | MongoDB connection string |
PORT |
No | HTTP port (default 3001) |
NODE_ENV |
No | development or production |
FRONTEND_URL |
Recommended | Primary frontend origin (CORS) |
JWT_SECRET |
Production | JWT signing secret |
EMAILJS_SERVICE_ID, EMAILJS_PUBLIC_KEY, EMAILJS_PRIVATE_KEY, template IDs, APP_NAME.
SUPABASE_URL, SUPABASE_ANON_KEY, SUPABASE_SERVICE_ROLE_KEY.
ADMIN_BOOTSTRAP_TOKEN, ADMIN_EMAIL, ADMIN_USERNAME, ADMIN_DISPLAY_NAME.
| Variable | Description |
|---|---|
REDIS_URL |
Full connection URL (preferred) |
REDIS_HOST / REDIS_PORT |
Host/port when URL is omitted |
REDIS_KEY_PREFIX |
Key namespace (default casino) |
REDIS_ENABLED |
Set false to force memory-only cache |
When Redis is not configured or unreachable, src/redis/cache.ts falls back to an in-process memory cache.
- Payments — gateways, webhooks, deposit/withdrawal tracking
- Bot service — automated players for load testing and game strategies
Do not publish in public repos:
JWT_SECRET,ADMIN_BOOTSTRAP_TOKEN,TREASURY, Supabase service role key, payment API keys, EmailJS private key- Production
MONGODB_URIand internal webhook secrets
- Live site: sweepslots.com
- Repository: github.com/lescasinos/crypto-casino-app
Telegram [https://t.me/snipmaxi]