Skip to content

michael-lfc/Task-Manager-backend

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

18 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

✦ Aurum β€” Project Intelligence Platform

A sophisticated full-stack project and task management platform built with the MERN stack and TypeScript. Aurum provides teams with real-time collaboration, Kanban task management, analytics, and WebSocket-powered notifications.


🌐 Live API

GET https://task-manager-backend-dbdx.onrender.com/health

Health Check:

GET https://task-manager-backend-dbdx.onrender.com/health

🧱 Tech Stack

Layer Technology
Runtime Node.js v22
Framework Express 5.2.1
Language TypeScript 5.9
Database MongoDB Atlas + Mongoose 9
Auth JWT (jsonwebtoken)
Validation Zod
Password Hashing bcryptjs
Real-time WebSocket (Socket.io)
Logging Winston
Dev Server tsx watch
Build tsc

πŸ“ Project Structure

backend/
β”œβ”€β”€ .env.example
β”œβ”€β”€ package.json
β”œβ”€β”€ tsconfig.json
β”œβ”€β”€ render.yaml
β”‚
└── src/
    β”œβ”€β”€ server.ts
    β”‚
    β”œβ”€β”€ config/
    β”‚   └── db.ts                      # MongoDB connection
    β”‚
    β”œβ”€β”€ models/
    β”‚   β”œβ”€β”€ User.ts                    # User schema + bcrypt hooks
    β”‚   β”œβ”€β”€ Project.ts                 # Project schema + virtuals
    β”‚   β”œβ”€β”€ Task.ts                    # Task schema + comment sub-docs
    β”‚   └── Notification.ts            # Notification schema
    β”‚
    β”œβ”€β”€ validators/
    β”‚   β”œβ”€β”€ auth.validator.ts          # Zod schemas for auth
    β”‚   β”œβ”€β”€ project.validator.ts       # Zod schemas for projects
    β”‚   └── task.validator.ts          # Zod schemas for tasks
    β”‚
    β”œβ”€β”€ services/
    β”‚   β”œβ”€β”€ authService.ts             # Auth business logic
    β”‚   β”œβ”€β”€ projectService.ts          # Project business logic
    β”‚   β”œβ”€β”€ taskService.ts             # Task business logic
    β”‚   β”œβ”€β”€ analyticsService.ts        # Aggregation pipelines
    β”‚   └── notificationService.ts     # Notification engine
    β”‚
    β”œβ”€β”€ controllers/
    β”‚   β”œβ”€β”€ authController.ts
    β”‚   β”œβ”€β”€ projectController.ts
    β”‚   β”œβ”€β”€ taskController.ts
    β”‚   β”œβ”€β”€ analyticsController.ts
    β”‚   └── notificationController.ts
    β”‚
    β”œβ”€β”€ routes/
    β”‚   β”œβ”€β”€ auth.routes.ts
    β”‚   β”œβ”€β”€ project.routes.ts
    β”‚   β”œβ”€β”€ task.routes.ts
    β”‚   β”œβ”€β”€ analytics.routes.ts
    β”‚   β”œβ”€β”€ notification.routes.ts
    β”‚   └── index.ts
    β”‚
    β”œβ”€β”€ middleware/
    β”‚   β”œβ”€β”€ auth.ts                    # JWT protect + restrictTo
    β”‚   β”œβ”€β”€ errorHandler.ts            # Global error handler
    β”‚   └── validate.ts                # Zod validation middleware
    β”‚
    β”œβ”€β”€ types/
    β”‚   β”œβ”€β”€ express.d.ts               # Express.Request augmentation
    β”‚   β”œβ”€β”€ index.ts                   # Shared TS types and DTOs
    β”‚   └── notification.types.ts      # Notification type definitions
    β”‚
    └── utils/
        β”œβ”€β”€ appError.ts                # AppError class + asyncHandler
        β”œβ”€β”€ jwt.ts                     # signToken + verifyToken
        └── logger.ts                  # Winston logger

πŸš€ Getting Started

Prerequisites

  • Node.js v20+
  • MongoDB Atlas account
  • npm v9+

Installation

# Clone the repository
git clone https://github.com/yourusername/aurum-backend.git
cd aurum-backend

# Install dependencies
npm install

# Set up environment variables
cp .env.example .env

Environment Variables

PORT=5000
NODE_ENV=development
MONGO_URI=mongodb+srv://<username>:<password>@cluster0.xxx.mongodb.net/aurum?retryWrites=true&w=majority
JWT_SECRET=generate_with_node_crypto_randomBytes_32
JWT_EXPIRES_IN=7d
CLIENT_URL=http://localhost:3000

Generate a secure JWT_SECRET:

node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"

Run in Development

npm run dev

Build for Production

npm run build
npm start

πŸ“‘ API Reference

All endpoints are prefixed with /api/v1

Authentication

Method Endpoint Access Description
POST /auth/register Public Register a new user
POST /auth/login Public Login and receive JWT
GET /auth/me Protected Get current user profile
PATCH /auth/me Protected Update current user profile

Register:

POST /api/v1/auth/register
{
  "name":     "Michael Agwogie",
  "email":    "michael@example.com",
  "password": "password123"
}

Login:

POST /api/v1/auth/login
{
  "email":    "michael@example.com",
  "password": "password123"
}

Response:

{
  "status": "success",
  "data": {
    "user":  { "name": "Michael Adeyemi", "email": "...", "role": "member" },
    "token": "eyJhbGci..."
  }
}

Projects

All project routes require Authorization: Bearer <token>

Method Endpoint Description
GET /projects Get all your projects (paginated)
POST /projects Create a new project
GET /projects/:id Get single project
PATCH /projects/:id Update project
DELETE /projects/:id Delete project
POST /projects/:id/members/:memberId Add member to project
DELETE /projects/:id/members/:memberId Remove member from project

Create Project:

POST /api/v1/projects
{
  "title":       "TalentFlow LMS",
  "description": "Unified learning management platform",
  "priority":    "high",
  "color":       "#c9a84c",
  "status":      "active",
  "dueDate":     "2025-06-01T00:00:00.000Z"
}

Query Parameters for GET /projects:

?page=1&limit=10&sort=-createdAt&search=talentflow

Tasks

All task routes require Authorization: Bearer <token>

Method Endpoint Description
POST /tasks Create a new task
GET /tasks/project/:projectId Get all tasks for a project
GET /tasks/:id Get single task
PATCH /tasks/:id Update task
DELETE /tasks/:id Delete task
PATCH /tasks/:id/reorder Drag and drop reorder
POST /tasks/:id/comments Add a comment
DELETE /tasks/:id/comments/:commentId Delete a comment

Create Task:

POST /api/v1/tasks
{
  "title":           "Build auth middleware",
  "project":         "64f1a2b3c4d5e6f7a8b9c0d1",
  "priority":        "high",
  "status":          "todo",
  "estimatedHours":  4,
  "dueDate":         "2025-02-01T00:00:00.000Z"
}

Reorder Task (Kanban drag and drop):

PATCH /api/v1/tasks/:id/reorder
{
  "projectId": "64f1a2b3c4d5e6f7a8b9c0d1",
  "status":    "in-progress",
  "position":  2
}

Analytics

All analytics routes require Authorization: Bearer <token>

Method Endpoint Description
GET /analytics/dashboard Summary stats + weekly chart data
GET /analytics/projects Per project breakdown with task counts
GET /analytics/team Team member performance metrics
GET /analytics/tasks Task breakdown by status and priority

Notifications

All notification routes require Authorization: Bearer <token>

Method Endpoint Description
GET /notifications Get all notifications
PATCH /notifications/:id/read Mark notification as read
PATCH /notifications/read-all Mark all as read
DELETE /notifications/:id Delete a notification

πŸ”Œ WebSocket Events

Connect with:

const socket = io('https://aurum-backend.onrender.com', {
  auth: { token: 'your_jwt_token' }
})

Events the Client Listens To

Event Payload Description
notification:new { notification } New notification received
task:updated { task } A task was updated
task:created { task } A new task was created
project:updated { project } A project was updated

Events the Client Emits

Event Payload Description
join:project { projectId } Join a project room
leave:project { projectId } Leave a project room

πŸ›‘οΈ Security

πŸ›‘οΈ Security JWT Authentication β€” all protected routes require a valid Bearer token Password Hashing β€” bcryptjs with 12 salt rounds Helmet β€” secure HTTP headers CORS β€” restricted to CLIENT_URL NoSQL Sanitization β€” strips $ and . from request bodies Custom Rate Limiting β€” 100 requests per 15 minutes per IP Zod Validation β€” all request bodies validated before hitting services Role-based Access β€” The User model supports admin, member, and viewer roles, and the restrictTo middleware is already built. Global role enforcement will be activated in a future update. Currently, all protected routes require a valid JWT and destructive project actions are restricted to the project owner.


πŸ—ƒοΈ Data Models

User

name, email, password (hashed), avatar, role, isActive, lastSeen

Project

title, description, status, priority, color, owner, members[],
tags[], dueDate, progress (0-100), budget, spent

Virtuals: budgetUtilization, isOverdue

Task

title, description, status, priority, project, assignee, reporter,
tags[], dueDate, estimatedHours, loggedHours, comments[], position

Virtuals: isOverdue, commentCount

Notification

recipient, sender, type, title, message, read, link, metadata

βš™οΈ Architecture

Request
   ↓
Express Router          β†’ matches route, runs middleware
   ↓
Zod Validator           β†’ validates req.body / params
   ↓
Auth Middleware          β†’ verifies JWT, attaches req.user
   ↓
Controller              β†’ extracts req data, calls service
   ↓
Service                 β†’ business logic, DB queries, error throwing
   ↓
Mongoose Model          β†’ talks to MongoDB Atlas
   ↓
Response                β†’ consistent { status, data } shape

Error Flow:

Service throws AppError
   ↓
asyncHandler catches β†’ next(err)
   ↓
Global errorHandler
   ↓
Development: full stack trace
Production:  clean message only

πŸ§ͺ Testing with Thunder Client

Import this collection to test all endpoints:

  1. Register a user β†’ copy the token
  2. Add token to Auth header: Bearer <token>
  3. Create a project β†’ copy the _id
  4. Create tasks using the project _id
  5. Test analytics endpoints

🚒 Deployment

Deployed on Render with auto-deploy on push to main.

Re-deploy Manually

git add .
git commit -m "feat: your change"
git push origin main
# Render detects push and redeploys automatically

Environment Variables on Render

Set these in Render Dashboard β†’ Environment:

MONGO_URI
JWT_SECRET
JWT_EXPIRES_IN
CLIENT_URL
NODE_ENV
PORT

πŸ“œ Scripts

npm run dev      # tsx watch β€” development with hot reload
npm run build    # tsc β€” compile TypeScript to dist/
npm start        # node dist/server.js β€” production

πŸ‘€ Author

Michael Agwogie Backend Developer Β· Trueminds Innovation (TS Academy, Phoenix Cohort)


πŸ“„ License

MIT

About

No description, website, or topics provided.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors