This project is a Node.js backend written in TypeScript, designed with a modular architecture for scalability and maintainability. It includes robust authentication, database interactions, AWS service integration, and comprehensive security features.
- 🔒 Secure authentication with JWT token rotation
- 🛡️ Advanced input validation with Zod
- 🗄️ MongoDB integration with Mongoose
- ☁️ AWS integration ready (S3, EC2)
- 🔄 Rate limiting and CORS protection
- 🚦 Comprehensive error handling middleware
- 📝 Request logging with Morgan
- 🐳 Docker and Docker Compose support for easy deployment
- 📚 Swagger API documentation
- 🔐 Advanced security headers and CORS settings
- 🔄 JWT token rotation for enhanced security
- 🛡️ HTTP Parameter Pollution protection
- 🧹 MongoDB sanitization
- 🔒 Password hashing with bcrypt
- 🚫 Rate limiting for API protection
- Node.js (v16 or later recommended)
- npm or yarn
- MongoDB (or the relevant database)
- AWS account (if AWS services are used)
- Install dependencies:
npm install
- Configure environment variables:
PORT=3000 NODE_ENV=development MONGODB_URI=your_mongodb_uri DB_NAME=your_database_name JWT_SECRET=your_jwt_secret # Optional AWS Configuration AWS_ACCESS_KEY_ID=your_aws_access_key AWS_SECRET_ACCESS_KEY=your_aws_secret_key AWS_REGION=your_aws_region AWS_S3_BUCKET=your_s3_bucket # CORS Configuration CORS_WHITELIST=http://localhost:3000,https://yourdomain.com # Github repo url GITHUB_REPO_URL=your_github_repo_url
npm run devnpm run buildnpm startThe application can be run using Docker and Docker Compose for easy deployment and development.
- Docker
- Docker Compose
-
Build and start all services:
docker-compose up --build
-
Run in detached mode (in the background):
docker-compose up -d --build
-
Stop the services:
docker-compose down
-
View logs:
docker-compose logs -f
The application will be available at http://localhost:3000, and MongoDB will be accessible at mongodb://localhost:27017.
The following environment variables are automatically configured in the Docker environment:
NODE_ENV=productionMONGODB_URI=mongodb://mongodb:27017/backend-template
Additional environment variables can be added to the docker-compose.yml file as needed.
| Method | Endpoint | Description |
|---|---|---|
| POST | /auth/login |
User login with JWT token rotation |
| POST | /auth/register |
User registration with password hashing |
| POST | /auth/refresh |
Refresh JWT tokens |
/src
├── config/ # Configuration files (AWS, database, environment variables)
├── controllers/ # Handles incoming requests and calls services
├── data-access/ # Database repositories and queries
├── middleware/ # Authentication, validation, and error handling
├── models/ # Database models
├── routes/ # Express routes definitions
├── services/ # Business logic services
├── types/ # Type definitions
├── utils/ # Utility functions and helpers
- 🔒 JWT token rotation with access and refresh tokens
- 🛡️ Comprehensive security headers using Helmet
- 🔄 Rate limiting for API protection
- 🚫 CORS protection with whitelist
- 🧹 MongoDB sanitization
- 🛡️ HTTP Parameter Pollution protection
- 🔐 Password hashing with bcrypt
- 🔒 Secure cookie settings
- 🚫 XSS protection
- 🔒 Content Security Policy
- 🛡️ Strict CORS configuration
The application uses Amazon S3 for file storage and management. The following operations are supported:
- File upload with public/private access control
- File deletion
- Generating signed URLs for temporary file access
- Bucket management
Example usage:
import { uploadToS3, getSignedUrl } from "./awsService";
// Upload file
const fileUrl = await uploadToS3({
file: fileBuffer,
fileName: "example.jpg",
contentType: "image/jpeg",
bucketName: "your-bucket"
});
// Generate temporary access URL
const signedUrl = await getSignedUrl("your-bucket", "example.jpg", 3600);The application can be automatically deployed to Amazon EC2 instances. The deployment process includes:
- Instance launch with customizable configurations
- Automatic setup of Node.js environment
- Application code deployment
- Environment configuration
- Instance management (start/stop/status monitoring)
Example deployment:
import { deployEC2 } from "./script/deployEC2";
// Launch new EC2 instance with application
const instanceId = await deployEC2();The application includes a centralized error handling system with custom AppError class and detailed error messages.
The API documentation is available at /api-docs when running the application in development mode. The documentation includes:
- Detailed endpoint descriptions
- Request/response schemas
- Authentication requirements
- Example requests and responses
- Security requirements
- Rate limiting information
To access the documentation:
- Start the application in development mode
- Open your browser and navigate to
http://localhost:3000/api-docs