This is a Node.js/Express server with improved architecture, better error handling, security features, and organized code structure.
- Modular Structure: Better separation of concerns with organized folders
- Configuration Management: Centralized configuration with environment validation
- Error Handling: Custom error classes and comprehensive error middleware
- Logging: Winston-based logging with file rotation and request tracking
- Security: Helmet, rate limiting, CORS, and security headers
- Database: Improved MongoDB connection management with retry logic
- Authentication: Enhanced JWT-based auth with account locking and login attempts
- Validation: Comprehensive input validation with Joi
- API Versioning: Proper API versioning structure
- Helmet for security headers
- Rate limiting to prevent abuse
- Account locking after failed login attempts
- Password hashing with bcrypt
- JWT token management with proper expiration
- Input validation and sanitization
- CORS configuration
server/
βββ config/ # Configuration files
β βββ index.js # Main configuration
β βββ database.js # Database connection manager
βββ controllers/ # Request handlers
β βββ authController.js # Authentication controller
βββ middleware/ # Custom middleware
β βββ index.js # Middleware setup
β βββ auth.js # Authentication middleware
β βββ errorHandler.js # Error handling middleware
βββ models/ # Database models
β βββ User.js # User model with enhanced features
βββ routes/ # Route definitions
β βββ index.js # Main router
β βββ auth.js # Authentication routes
β βββ users.js # User routes
β βββ tasks.js # Task routes
β βββ companies.js # Company routes
βββ utils/ # Utility functions
β βββ errors.js # Custom error classes
β βββ logger.js # Logging configuration
β βββ jwt.js # JWT service
βββ validators/ # Input validation
β βββ authValidator.js # Authentication validation
βββ logs/ # Log files (auto-created)
βββ index.js # Main server file
βββ package.json # Dependencies and scripts
-
Install Dependencies
npm install
-
Environment Configuration Create a
.envfile in the root directory:# Server Configuration NODE_ENV=development PORT=6000 # Database Configuration MONGO_URI=mongodb://localhost:27017/your-database-name DB_NAME=your-database-name # JWT Configuration ACCESS_TOKEN_SECRET=your-super-secret-access-token-key-here REFRESH_TOKEN_SECRET=your-super-secret-refresh-token-key-here ACCESS_TOKEN_EXPIRY=15m REFRESH_TOKEN_EXPIRY=7d # Security Configuration BCRYPT_ROUNDS=12 # Rate Limiting RATE_LIMIT_WINDOW_MS=900000 RATE_LIMIT_MAX=100 # CORS Configuration CORS_ORIGIN=https://www.danhsachcongviec.site # Logging Configuration LOG_LEVEL=info LOG_FILE=logs/app.log
-
Start the Server
# Development mode npm run dev # Production mode npm start
- Development:
http://localhost:6000 - API Version:
/api/v1
- GET
/health- Server health status
- POST
/api/v1/auth/register- Register new user - POST
/api/v1/auth/login- User login - POST
/api/v1/auth/refresh-token- Refresh access token - POST
/api/v1/auth/logout- User logout (requires auth) - GET
/api/v1/auth/me- Get current user profile (requires auth) - PATCH
/api/v1/auth/update-password- Update password (requires auth) - POST
/api/v1/auth/verify-token- Verify token validity (requires auth)
curl -X POST http://localhost:6000/api/v1/auth/register \
-H "Content-Type: application/json" \
-d '{
"username": "johndoe",
"email": "john@example.com",
"password": "SecurePass123!",
"confirmPassword": "SecurePass123!"
}'curl -X POST http://localhost:6000/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "john@example.com",
"password": "SecurePass123!"
}'- Centralized configuration in
config/index.js - Environment variable validation
- Database connection management with retry logic
- Custom error classes for different error types
- Comprehensive error middleware with proper logging
- Development vs production error responses
- Account locking after failed login attempts
- Rate limiting to prevent abuse
- Security headers with Helmet
- Enhanced password validation
- JWT token management improvements
- Winston-based logging with file rotation
- Request tracking with unique request IDs
- Different log levels for different environments
- Structured logging with metadata
- Connection pooling and retry logic
- Graceful shutdown handling
- Enhanced User model with validation
- Proper indexing for performance
- Better separation of concerns
- Modular middleware setup
- Clean controller architecture
- Proper route organization with versioning
- Comprehensive input validation with Joi
- Custom validation messages
- Middleware-based validation
npm run dev # Start development server with nodemon
npm start # Start production server
npm test # Run tests (to be implemented)
npm run lint # Run linting (to be implemented)
npm run build # Build process (to be implemented)Logs are automatically created in the logs/ directory:
app.log- All application logserror.log- Error logs only
In development mode, logs are also displayed in the console with colors.
- Rate Limiting: 100 requests per 15 minutes per IP
- Account Locking: Account locked for 2 hours after 5 failed login attempts
- Password Security: Strong password requirements with bcrypt hashing
- JWT Security: Proper token expiration and validation
- Headers Security: Helmet middleware for security headers
- Input Validation: Comprehensive validation for all inputs
- Follow the existing code structure
- Add proper error handling
- Include logging for important operations
- Write validation for new endpoints
- Update documentation
This project is licensed under the ISC License.