A full-stack Notes Management application with secure authentication, role-based access control, and complete CRUD functionality for managing notes.
| Layer | Technologies |
|---|---|
| Frontend | React.js (Vite), Redux Toolkit, React Router DOM, Tailwind CSS, Axios |
| Backend | Node.js, Express.js, Sequelize ORM |
| Database | PostgreSQL |
| Auth & Security | JWT, bcryptjs, Joi Validation |
- JWT-based authentication & authorization
- Password hashing with bcryptjs
- Role-based access control β User / Analyst / Admin
- RESTful API with versioning (
/api/v1) - Input validation using Joi
- Centralized error handling
- PostgreSQL integration via Sequelize ORM
- Login & Registration UI
- Protected dashboard routes
- Role-based navigation
- Notes CRUD functionality
- Toast notifications
- Responsive UI with Tailwind CSS
project/
βββ backend/
β βββ src/
β β βββ config/
β β βββ controllers/
β β βββ middleware/
β β βββ models/
β β βββ routes/
β β βββ services/
β β βββ validations/
β β βββ utils/
β β βββ seeders/
β β βββ app.js
β βββ .env.example
β βββ package.json
β βββ server.js
β
βββ frontend/
βββ src/
βββ .env.example
βββ index.html
βββ tailwind.config.js
βββ vite.config.js
βββ package.json
Make sure you have the following installed before running the project:
- Node.js (v18 or above)
- PostgreSQL (v14 or above)
- npm (comes with Node.js)
git clone <your-repository-url>
cd projectOpen your PostgreSQL client and run:
CREATE DATABASE notes_management;cd backend
cp .env.example .envOpen .env and fill in your values:
PORT=5000
DB_HOST=localhost
DB_PORT=5432
DB_NAME=notes_management
DB_USER=your_postgres_username
DB_PASSWORD=your_postgres_password
JWT_SECRET=your_jwt_secret_key# Inside /backend
npm install
npm run devThe backend runs at: http://localhost:5000
# Inside /backend
npm run seedThis creates demo users (User, Analyst, Admin roles) and sample notes automatically.
cd ../frontend
cp .env.example .envOpen .env and set:
VITE_API_BASE_URL=http://localhost:5000/api/v1# Inside /frontend
npm install
npm run devThe frontend runs at: http://localhost:5173
| Password | |
|---|---|
| upal@example.com | Upal@123 |
| mihir@example.com | Mihir@123 |
| akshat@example.com | Akshat@123 |
| Password | |
|---|---|
| aditya@example.com | Aditya@123 |
| jay@example.com | Jay@123 |
| Password | |
|---|---|
| umang@example.com | Umang@123 |
Base URL: http://localhost:5000/api/v1
Use Postman to test all endpoints. Set
Authorization: Bearer <token>in the header for protected routes.
| Method | Endpoint | Description | Auth | Roles |
|---|---|---|---|---|
| POST | /auth/register |
Register a new user | No | β |
| POST | /auth/login |
Login and receive JWT token | No | β |
| GET | /auth/me |
Get current logged-in user | Yes | All |
| POST | /auth/logout |
Logout (stateless confirmation) | Yes | All |
POST /auth/register β Request Body:
{
"name": "John Doe",
"email": "john@example.com",
"password": "John@123",
"role": "user"
}POST /auth/login β Request Body:
{
"email": "john@example.com",
"password": "John@123"
}| Method | Endpoint | Description | Auth | Roles |
|---|---|---|---|---|
| GET | /notes |
Get notes (own for user, all for admin/analyst) | Yes | All |
| GET | /notes/my-notes |
Get only the logged-in user's notes | Yes | All |
| GET | /notes/:id |
Get a single note by ID | Yes | All |
| POST | /notes |
Create a new note | Yes | User, Admin |
| PUT | /notes/:id |
Update a note | Yes | User, Admin |
| DELETE | /notes/:id |
Delete a note | Yes | User, Admin |
POST /notes β Request Body:
{
"title": "My Note Title",
"description": "Note content goes here"
}PUT /notes/:id β Request Body (partial update allowed):
{
"title": "Updated Title",
"description": "Updated content"
}| Method | Endpoint | Description | Auth | Roles |
|---|---|---|---|---|
| GET | /users |
Get all users | Yes | Admin |
| GET | /users/stats |
Get user count by role | Yes | Admin, Analyst |
| GET | /users/:id |
Get a user by ID | Yes | All |
| PUT | /users/:id |
Update user details | Yes | All (own) / Admin |
| DELETE | /users/:id |
Delete a user | Yes | Admin |
| Method | Endpoint | Description | Auth | Roles |
|---|---|---|---|---|
| GET | /analytics/overview |
Total notes, users, recent activity | Yes | Analyst, Admin |
| GET | /analytics/notes-per-user |
Note count grouped by user | Yes | Analyst, Admin |
| GET | /analytics/timeline |
Notes created over last 30 days | Yes | Analyst, Admin |
| GET | /analytics/recent-activity |
10 most recent notes | Yes | Analyst, Admin |
| GET | /analytics/user-activity |
Activity metrics per user | Yes | Analyst, Admin |
- Create an Environment in Postman with variable
base_url = http://localhost:5000/api/v1 - After login, copy the
tokenfrom the response and set it as environment variabletoken - Add to Auth header on protected requests:
Authorization: Bearer {{token}} - Use
Content-Type: application/jsonheader on all POST/PUT requests
- JWT tokens for stateless authentication
- Passwords hashed with bcryptjs
- Protected routes via middleware
- Role-based authorization (User / Analyst / Admin)
- Request body validation with Joi
- Environment variables for sensitive configuration
Developed by Upal Vasava
This project is for educational/demo purposes. Feel free to fork and build upon it.