Streamly Backend

Backend API for a streaming-style platform (users, content catalog, subscriptions/payments) with background media processing and real-time notifications.

Tech stack

• Runtime: Node.js (ES Modules)
• Web framework: Express 5
• Database: PostgreSQL
• ORM: Prisma
• Auth:
  • JWT via Authorization: Bearer <token> (custom middleware)
  • Google OAuth 2.0 via Passport (passport-google-oauth20)
• Realtime: Socket.IO (notifications)
• Background jobs: BullMQ + Redis (media processing queue)
• Storage: AWS S3 / S3-compatible (MinIO supported via custom endpoint)
• Payments: Stripe (PaymentIntents + webhook)
• Email: Nodemailer (SMTP via Gmail host in code)
• Scheduling: node-cron (daily maintenance jobs)
• API docs: Swagger UI + runtime-generated OpenAPI 3.0

Architecture

• index.js boots the HTTP server and spawns a separate Node process worker for media jobs.
• app.js builds the Express app + Socket.IO server and mounts all routers under /api/*.
• Prisma is used in controllers, cron jobs, and the worker to persist state.

High-level request flow:

1. Express middleware: CORS, session, body parsing (Stripe webhook uses express.raw), logging
2. Route match (/api/...)
3. Controller executes business logic + Prisma queries
4. Side effects (as applicable): queue a BullMQ job, emit Socket.IO notification, send email, update subscription status

Implemented API modules (mounted in app.js)

This list is based on the routers that are actually mounted:

• /api/users (register/login, password reset OTP, Google OAuth redirect/callback, profile updates, notifications)
• /api/uploads (multipart video + optional thumbnail upload that enqueues a media job)
• /api/contents (content listing and admin content management)
• /api/payments (Stripe PaymentIntent creation, webhook receiver, subscription metrics)
• /api/admin/categories (category CRUD, services, genre list, content-by-genre)
• /api/admin/user (admin user management: list, suspend/unsuspend, delete)
• /api/admin/settings (account deactivation/reactivation, permanent delete)
• /api/ratings (CRUD ratings + “top ratings” aggregation)
• /api/favourites (create/list favourites)
• /api/support (support ticket creation + admin ticket management)

For the canonical, always-up-to-date route list, use the generated OpenAPI served by the running app (see below).

Background processing (media)

• Upload endpoint writes files into tmp_uploads/ and inserts a Content row with content_status.
• A BullMQ job (media queue) is enqueued.
• The worker (modules/workers/media.worker.js) uploads the video (and optional thumbnail) to S3/MinIO using AWS SDK multipart upload and updates Content with bucket/key metadata and content_status.

Scheduled jobs (cron)

When enabled, app.js schedules daily jobs to:

• expire subscriptions whose end_date has passed and downgrade the user role/flags
• unsuspend users whose suspend_endTime has passed
• reactivate users after a deactivation end date

API docs (Swagger / OpenAPI)

When the server is running:

• Swagger UI: http://localhost:<PORT>/api-docs
• OpenAPI JSON: http://localhost:<PORT>/openapi.json

OpenAPI is generated from the registered Express routes (with optional YAML overrides in swagger/*.yml).

Export OpenAPI

npm run openapi:generate

Writes swagger/openapi.json.

Build docs for GitHub Pages

npm run docs:build

Generates swagger/openapi.json and copies it to docs/openapi.json.

Local setup

1) Install dependencies

npm install

2) Database

This project uses PostgreSQL via Prisma.

• Set DATABASE_URL to a valid Postgres connection string.
• Run Prisma migrations (if you are setting up a new database):

npx prisma migrate dev

3) Optional infra via Docker (Redis + MinIO)

This repo includes docker-compose.yml that runs:

• Redis (BullMQ queue backend)
• MinIO (S3-compatible storage)

docker compose up -d

4) Environment variables

Minimum to boot the API:

• PORT
• DATABASE_URL
• JWT_SECRET

Used by specific features:

• Sessions / Passport: SESSION_SECRET, NODE_ENV
• Google OAuth: GOOGLE_APP_ID, GOOGLE_APP_SECRET, GOOGLE_CALLBACK_URL
• Stripe: STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET
• Email: MAIL_USERNAME, MAIL_PASSWORD, MAIL_FROM_NAME, MAIL_FROM_ADDRESS, ADMIN_EMAIL (also used by support)
• Socket notifications: SYSTEM_EMAIL (optional; used as notification sender identity)
• S3/MinIO uploads: AWS_REGION, AWS_S3_BUCKET, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_S3_ENDPOINT (MinIO), AWS_S3_FORCE_PATH_STYLE
• Upload tuning (worker): UPLOAD_PART_SIZE_MB, UPLOAD_QUEUE_SIZE
• Redis/BullMQ: REDIS_HOST, REDIS_PORT, REDIS_PASSWORD, SKIP_REDIS
• OpenAPI generation: OPENAPI_SERVER_URL, PUBLIC_BASE_URL, WRITE_OPENAPI_FILE, OPENAPI_GENERATION

Run

Development (nodemon):

npm run dev

Production-style:

npm start

Scripts

• npm run dev — run API with auto-reload
• npm start — run API
• npm run openapi:generate — write OpenAPI JSON to swagger/openapi.json
• npm run docs:build — generate + copy OpenAPI to docs/openapi.json