A scalable full-stack web application with JWT authentication, responsive dashboard, and CRUD operations for tasks.
- Next.js 14 with TypeScript
- Tailwind CSS for responsive UI
- React Query for state management
- React Hook Form with Zod validation
- Protected routes with authentication
- User profile management
- Task CRUD operations
- Search and filter functionality
- Pagination support
- Toast notifications
- Node.js with Express and TypeScript
- MongoDB with Mongoose
- JWT authentication
- bcrypt for password hashing
- Zod for validation
- Helmet for security headers
- Rate limiting
- CORS configuration
- Centralized error handling
.
├── backend/
│ ├── src/
│ │ ├── config/ # Database configuration
│ │ ├── controllers/ # Route controllers
│ │ ├── middleware/ # Auth & error middleware
│ │ ├── models/ # Mongoose models
│ │ ├── routes/ # API routes
│ │ ├── utils/ # Utility functions
│ │ ├── validators/ # Zod schemas
│ │ └── server.ts # Express server
│ ├── package.json
│ └── tsconfig.json
├── frontend/
│ ├── src/
│ │ ├── components/ # React components
│ │ ├── lib/ # API services & utilities
│ │ ├── pages/ # Next.js pages
│ │ └── styles/ # Global styles
│ ├── package.json
│ └── tsconfig.json
└── README.md
- Node.js (v18 or higher)
- MongoDB (local or MongoDB Atlas)
- npm or yarn
- Navigate to the backend directory:
cd backend- Install dependencies:
npm install- Create a
.envfile in the backend directory:
PORT=5000
MONGODB_URI=mongodb://localhost:27017/fullstack-app
JWT_SECRET=your-super-secret-jwt-key-change-in-production
JWT_EXPIRE=7d
NODE_ENV=development
FRONTEND_URL=http://localhost:3000- Start the development server:
npm run devThe backend will run on http://localhost:5000
- Navigate to the frontend directory:
cd frontend- Install dependencies:
npm install- Create a
.env.localfile in the frontend directory:
NEXT_PUBLIC_API_URL=http://localhost:5000/api- Start the development server:
npm run devThe frontend will run on http://localhost:3000
POST /api/auth/register- Register a new userPOST /api/auth/login- Login user
GET /api/users/profile- Get user profile (Protected)PUT /api/users/profile- Update user profile (Protected)
GET /api/tasks- Get all tasks with filters (Protected)- Query params:
status,priority,search,page,limit
- Query params:
GET /api/tasks/:id- Get single task (Protected)POST /api/tasks- Create task (Protected)PUT /api/tasks/:id- Update task (Protected)DELETE /api/tasks/:id- Delete task (Protected)
GET /api/health- Server health check
The application uses JWT tokens for authentication. After successful login/register, the token is stored in cookies and automatically included in API requests.
All task and user profile endpoints require authentication. Include the JWT token in the Authorization header:
Authorization: Bearer <token>
Import the postman_collection.json file into Postman to test all API endpoints.
- Set environment variables in your hosting platform
- Build the project:
npm run build - Start the server:
npm start - Ensure MongoDB Atlas connection string is set
- Connect your GitHub repository
- Set environment variable:
NEXT_PUBLIC_API_URLto your backend URL - Deploy automatically on push
- Use MongoDB Atlas for production
- Update
MONGODB_URIwith your Atlas connection string
- Change
JWT_SECRETto a strong random string - Enable HTTPS
- Configure CORS for production domain
- Set up rate limiting
- Use environment variables for all secrets
- Enable MongoDB authentication
- Set up monitoring and logging
See PRODUCTION_SCALING.md for detailed scaling strategies.
- Next.js 14
- React 18
- TypeScript
- Tailwind CSS
- React Query
- React Hook Form
- Zod
- Axios
- React Hot Toast
- Node.js
- Express
- TypeScript
- MongoDB
- Mongoose
- JWT
- bcryptjs
- Zod
- Helmet
- express-rate-limit