Basic backend starter with modules like auth, audit, email, otp

A robust, scalable, and secure backend starter built with Node.js, Express, and MongoDB. It provides essential modules like authentication, audit logging, email services, and OTP verification, offering a solid foundation for building modern, production-ready APIs.

---

🚀 Features

• Advanced Authentication: Industry-standard JWT-based auth with Refresh Tokens, OTP verification, and role-based access control (RBAC).
• Student & Provider Management: Specialized workflows for user registration, profile management, and account deactivation.
• Security First: Implements Helmet, CORS, Rate Limiting, Mongo Sanitize, and HPP. Includes client-key verification for production environments.
• Real-time Communication: Integrated Socket.io for instant notifications and live updates.
• Automated Background Tasks: Cron jobs for system maintenance, report generation, and reward distribution.
• Comprehensive API Docs: Auto-generated Swagger documentation for interactive API exploration.
• Email Integration: Transactional emails via Nodemailer with customizable templates.

---

🛠️ Tech Stack

• Runtime: Node.js (v18+)
• Framework: Express.js (v5+)
• Database: MongoDB (ODM: Mongoose)
• Caching/Rate Limiting: Redis (via ioredis)
• Validation: Zod
• Security: Bcryptjs, Jsonwebtoken, Helmet, XSS, rate-limit-redis
• Documentation: Swagger (Swagger-autogen & Swagger-ui-express)

---

📂 Project Structure

src/
├── config/         # System configurations (Env, DB, Redis, Email)
├── constants/      # Global constants and enums
├── core/           # Core engine (Errors, Socket.io, Global Middlewares)
├── docs/           # API documentation configurations
├── jobs/           # Scheduled background tasks (Cron)
├── middleware/     # Security and application-level middlewares
├── modules/        # Domain-driven features (Auth, Audit, OTP, etc.)
│   └── [module]/
│       ├── controllers/
│       ├── routes/
│       ├── service/
│       └── validators/
├── routes/         # Central API route registration
├── seeder/         # Initial data seeding logic
├── services/       # Generic cross-cutting services
└── utils/          # Shared utility functions

---

⚙️ Setup & Installation

Prerequisites

• Node.js (v18 or higher)
• MongoDB
• Redis (for rate limiting and caching)

Installation Steps

1. Clone the Repository

   git clone [repository-url]
   cd express-backend-starter

2. Install Dependencies

   npm install

3. Configure Environment Variables Copy the example file and fill in your credentials:

   cp .env.example .env

4. Launch the Application

   # Development mode (with nodemon)
   npm run dev
   
   # Production mode
   npm start

---

📖 API Reference

Base URL: http://localhost:5000/api

Authentication Module (/auth)

Endpoint	Method	Auth	Description
/register-student	POST	🔓	Register a new student account.
/verify-email	POST	🔓	Verify user email using OTP.
/login	POST	🔓	Authenticate user and receive tokens.
/refresh-token	POST	🔓	Get new access token using refresh token.
/forgot-password	POST	🔓	Request password reset email.
/reset-password	POST	🔓	Reset password using token.
/profile	GET	🔒	Get current user's profile information.
/change-password	PUT	🔒	Update user password.
/logout	POST	🔒	Terminate current session.
/account	DELETE	🔒	Deactivate user account.

🔓 Public Route | 🔒 Protected Route (Requires Bearer Token)

API Documentation

Interactive Swagger documentation is available at: http://localhost:5000/api-docs

---

🛡️ Security Features

• CORS: Configurable cross-origin resource sharing.
• Security Headers: Integrated Helmet for HTTP header security.
• Rate Limiting: Redis-backed rate limiting to prevent brute-force attacks.
• NoSQL Injection: Sanitization of user input.
• XSS Protection: Cleaning user-provided HTML content.
• Payload Validation: Strict request body validation using Zod.

---

📄 License

This project is licensed under the ISC License.

---

Developed by Saurabh