Backend service for Anubhav, serves a server-rendered admin panel and a REST API consumed by the frontend.
- Runtime: Node.js
- Framework: Express.js
- Database: MongoDB (via Mongoose)
- Auth: SuperTokens (EmailPassword + Session recipes) for frontend user auth
- Admin Auth: Custom session-based auth (express-session + connect-mongo) for the admin panel
- Templating: EJS — used exclusively for the admin panel
- Deployment: Vercel (serverless)
REST endpoints consumed by the frontend. CORS is scoped only to these routes — allowed origins are maintained in constants.js.
SuperTokens handles all frontend authentication routes here. CORS is also applied to this prefix.
Server-rendered EJS pages. No CORS — same-origin requests only. Protected by express-session backed by MongoDB via connect-mongo so sessions persist across Vercel serverless invocations.
| Env | URL | NODE_ENV |
|---|---|---|
| Staging | https://oss-backend-staging.vercel.app |
staging |
| Production | https://oss-backend.vercel.app |
prod |
| Local | http://localhost:3000 |
staging |
npm run serverCopy .env.example to .env and fill in the values before running.
Staging: https://oss-backend-staging.vercel.app/api-docs/
Use staging for all frontend development and testing.
| Variable | Description |
|---|---|
MONGOURI |
MongoDB connection string |
SESSION_SECRET |
Secret for express-session |
ADMINMAIL |
Admin panel login email |
ADMINHASH |
Bcrypt hash of admin password |
BACKEND_URL |
Internal API base URL (e.g. http://localhost:3000/api/anubhav for local) |
API_DOMAIN |
Domain this server runs on (used by SuperTokens) |
WEBSITE_DOMAIN |
Frontend domain (used by SuperTokens) |
SUPERTOKENS_CONNECTION_URI |
SuperTokens managed service URI |
SUPERTOKENS_API_KEY |
SuperTokens API key |
NODE_ENV |
staging locally, prod on Vercel |
PORT |
Local port (default 3000) |