A comprehensive Node.js/Express REST API for enterprise company management with role-based access control, real-time features, and advanced reporting.
✅ Authentication & Authorization
- JWT-based authentication
- Role-based access control (Admin, Manager, Employee)
- Secure password hashing with bcrypt
✅ User Management
- Create/edit/delete users (admin only)
- Role assignment and department management
- User profiles with phone and contact info
✅ Task Management
- Create tasks and assign to employees
- Status tracking (Pending, In-progress, Completed, On-hold)
- Priority levels and due dates
- Employees can update their task status
✅ Inventory Management
- Track inventory items with SKU
- Low-stock alerts
- Supplier management
- Automatic quantity tracking
✅ Billing & Purchases
- Create purchase orders
- Auto-generate invoices
- PDF export for invoices
- Auto inventory updates on receipt
✅ Attendance
- Clock in/out functionality
- Attendance records with timestamps
- Manual entry correction (admin/manager)
- Export attendance reports
✅ Real-time Features
- Socket.IO integration for live chat
- Multiple conference rooms
- Message history
✅ Reporting
- Export tasks to Excel
- Export invoices to Excel
- Export attendance records to Excel
- Export inventory listings
✅ Notifications & Audit
- User action logging
- Notification system
- Activity tracking
- Runtime: Node.js
- Framework: Express.js
- Database: MongoDB with Mongoose
- Auth: JWT + bcryptjs
- Real-time: Socket.IO
- PDF: pdfkit
- Excel: exceljs
- File Upload: multer
cd backend
npm installCreate a .env file in the backend directory:
MONGO_URI=mongodb://localhost:27017/company_db
JWT_SECRET=your_jwt_secret_key
PORT=4000
# Start MongoDB (Windows)
mongod
# Or if installed as service
net start MongoDBUpdate .env:
MONGO_URI=mongodb+srv://user:password@cluster.mongodb.net/company_db?retryWrites=true&w=majority
node seed.jsThis creates:
- 5 sample users (admin, manager, 3 employees)
- 4 sample tasks
- 5 sample inventory items
Sample Credentials:
- Admin:
admin@example.com/adminpass - Manager:
manager@example.com/managerpass - Employee:
employee1@example.com/employeepass
npm run devnpm startServer runs on http://localhost:4000
POST /api/auth/login- Login userPOST /api/auth/logout- Logout userGET /api/auth/me- Get current user profile
GET /api/users- List all usersGET /api/users/:id- Get user by IDPOST /api/users- Create new userPUT /api/users/:id- Update userDELETE /api/users/:id- Delete user
GET /api/tasks- List tasks (role-filtered)GET /api/tasks/:id- Get task detailsPOST /api/tasks- Create task (manager/admin)PUT /api/tasks/:id- Update taskPATCH /api/tasks/:id/status- Update task statusDELETE /api/tasks/:id- Delete task (manager/admin)
GET /api/inventory- List all itemsGET /api/inventory/alerts/low-stock- Get low-stock alertsGET /api/inventory/:id- Get item detailsPOST /api/inventory- Create item (admin only)PUT /api/inventory/:id- Update item (admin only)PATCH /api/inventory/:id/quantity- Update quantityDELETE /api/inventory/:id- Delete item (admin only)
GET /api/purchases- List purchasesGET /api/purchases/:id- Get purchase detailsPOST /api/purchases- Create purchase orderPATCH /api/purchases/:id/status- Update status (auto-updates inventory)DELETE /api/purchases/:id- Delete purchase
GET /api/invoices- List invoicesGET /api/invoices/:id- Get invoice detailsPOST /api/invoices- Create invoiceGET /api/invoices/:id/pdf- Generate PDFPATCH /api/invoices/:id/status- Update statusDELETE /api/invoices/:id- Delete invoice
GET /api/attendance- Get attendance recordsPOST /api/attendance/clock-in- Clock in (employee)POST /api/attendance/clock-out- Clock out (employee)GET /api/attendance/user/:userId- Get user attendancePUT /api/attendance/:id- Update record (manager/admin)
GET /api/dashboard- Get dashboard data (role-specific)GET /api/dashboard/notifications- Get notificationsPATCH /api/dashboard/notifications/:id/read- Mark as read
GET /api/reports/tasks/excel- Export tasksGET /api/reports/invoices/excel- Export invoicesGET /api/reports/attendance/excel- Export attendanceGET /api/reports/inventory/excel- Export inventory
| Feature | Admin | Manager | Employee |
|---|---|---|---|
| Manage Users | ✅ | ❌ | ❌ |
| Create Tasks | ✅ | ✅ | ❌ |
| View All Tasks | ✅ | ✅ | Own only |
| Update Task Status | ✅ | ✅ | Own only |
| Inventory Mgmt | ✅ | View | View |
| Manage Purchases | ✅ | ✅ | ❌ |
| Manage Invoices | ✅ | ✅ | View |
| View Attendance | ✅ | ✅ | Own only |
| Clock In/Out | ✅ | ✅ | ✅ |
| Export Reports | ✅ | ✅ | ❌ |
| Admin Dashboard | ✅ | ❌ | ❌ |
const socket = io('http://localhost:4000');join-room- Join a chat roomsend-message- Send message to roomreceive-message- Receive message from room
socket.emit('join-room', 'general');
socket.emit('send-message', { room: 'general', message: 'Hello!', userId: 'user123' });
socket.on('receive-message', (data) => console.log(data));See seed.js for complete schema structure with sample data.
Collections:
- Users
- Tasks
- InventoryItems
- Purchases
- Invoices
- Attendance
- Messages
- Notifications
- Departments
- Suppliers
- AuditLogs
All endpoints return JSON with error messages:
{ "message": "Error description" }Common status codes:
- 200 - Success
- 201 - Created
- 400 - Bad request
- 401 - Unauthorized
- 403 - Forbidden
- 404 - Not found
- 500 - Server error
docker build -t company-backend .
docker run -p 4000:4000 -e MONGO_URI=mongodb://mongo:27017/company_db company-backenddocker-compose up- Modify models in
src/models/ - Add routes in
src/routes/ - Update middleware in
src/middleware/ - Socket.IO handlers in
src/server.js
MIT