{"id":28533347,"url":"https://github.com/saif-abdelrazek/saifapi","last_synced_at":"2026-04-29T01:01:24.839Z","repository":{"id":297970469,"uuid":"995544098","full_name":"saif-abdelrazek/saifapi","owner":"saif-abdelrazek","description":"Monorepo backend API - authentication, posts, subscriptions, and URL shortening services with bot integration.","archived":false,"fork":false,"pushed_at":"2025-11-15T08:09:19.000Z","size":134,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-15T10:08:14.085Z","etag":null,"topics":["api","authentication","backend","express","monorepo"],"latest_commit_sha":null,"homepage":"https://api.saifdev.org","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/saif-abdelrazek.png","metadata":{"files":{"readme":"README.md","changelog":"newsletter/index.js","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-03T16:33:56.000Z","updated_at":"2025-11-15T08:09:27.000Z","dependencies_parsed_at":"2025-06-08T17:31:16.810Z","dependency_job_id":"3193b545-1aac-4a0a-87f4-94aa5b8dd1cf","html_url":"https://github.com/saif-abdelrazek/saifapi","commit_stats":null,"previous_names":["saifabdelrazek011/saifapi","saif-abdelrazek/saifapi"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/saif-abdelrazek/saifapi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saif-abdelrazek%2Fsaifapi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saif-abdelrazek%2Fsaifapi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saif-abdelrazek%2Fsaifapi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saif-abdelrazek%2Fsaifapi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/saif-abdelrazek","download_url":"https://codeload.github.com/saif-abdelrazek/saifapi/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saif-abdelrazek%2Fsaifapi/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32405903,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-28T19:38:08.556Z","status":"ssl_error","status_checked_at":"2026-04-28T19:37:55.688Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","authentication","backend","express","monorepo"],"created_at":"2025-06-09T17:06:40.639Z","updated_at":"2026-04-29T01:01:24.823Z","avatar_url":"https://github.com/saif-abdelrazek.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SaifAPI - Authentication \u0026 Services API\n\nA secure, feature-rich Express.js API service with bot integration support, built with modern security practices and rate limiting.\n\n## 🚀 Features\n\n- **User Authentication \u0026 Authorization** - JWT-based auth with secure user management\n- **Posts Management** - Create, read, update, and delete posts\n- **URL Shortening** - Generate and manage short URLs\n- **Newsletter System** - Subscription and newsletter management\n- **Subscription Services** - User subscription handling with workflow automation\n- **Bot Integration** - Telegram bot support with proper security configurations\n- **Advanced Security** - Arcjet protection with bot detection, rate limiting, and shield\n- **Email Services** - Automated email notifications and templates\n\n## 🛡️ Security Features\n\n- **Arcjet Integration** - Advanced bot detection and rate limiting\n- **CORS Protection** - Domain-specific CORS policies\n- **Helmet Security** - HTTP security headers\n- **API Key Authentication** - Secure API access\n- **Rate Limiting** - Token bucket algorithm for request throttling\n- **Input Validation** - Joi schema validation\n\n## 📁 Project Structure\n\n```\nsaifapi/\n├── config/                 # Configuration files\n│   ├── arcjet.js           # Arcjet security configuration\n│   ├── env.js              # Environment variables\n│   ├── sendMail.js         # Email configuration\n│   └── upstash.js          # Upstash configuration\n├── middlewares/            # Express middlewares\n│   ├── apikey.middleware.js\n│   ├── arcjet.middleware.js\n│   ├── error.middleware.js\n│   └── validators/\n├── users/                  # User management\n│   ├── auth/               # Authentication routes\n│   ├── apikeys/            # API key management\n│   └── user controllers, models, routes\n├── posts/                  # Posts management\n├── shorturls/              # URL shortening service\n├── subscription/           # Subscription services\n│   └── workflow/           # Workflow automation\n├── newsletter/             # Newsletter system\n├── utils/                  # Utility functions\n└── views/                  # EJS templates\n```\n\n## 🔧 Installation\n\n1. **Clone the repository**\n\n   ```bash\n   git clone https://github.com/saifabdelrazek011/saifapi.git\n   cd saifapi\n   ```\n\n2. **Install dependencies**\n\n   ```bash\n   npm install\n   ```\n\n3. **Environment Setup**\n   Create a `.env` file in the root directory:\n\n   ```env\n   # Server Configuration\n   NODE_ENV=development\n   PORT=3000\n\n   # Database\n   MONGODB_URI=mongodb://localhost:27017/saifapi\n\n   # JWT\n   JWT_SECRET=your-super-secret-jwt-key\n   JWT_EXPIRES_IN=7d\n\n   # Arcjet Security\n   ARCJET_KEY=your-arcjet-key\n   ARCJET_ENV=development\n\n   # Email Configuration\n   SMTP_HOST=smtp.gmail.com\n   SMTP_PORT=587\n   SMTP_USER=your-email@gmail.com\n   SMTP_PASS=your-app-password\n\n   # Upstash (for workflows)\n   UPSTASH_REDIS_REST_URL=your-upstash-url\n   UPSTASH_REDIS_REST_TOKEN=your-upstash-token\n   ```\n\n4. **Start the server**\n\n   ```bash\n   # Development mode\n   npm run dev\n\n   # Production mode\n   npm start\n   ```\n\n## 🤖 Bot Integration\n\n### Telegram Bot Support\n\nThe API is configured to work with Telegram bots using Axios. The Arcjet configuration allows:\n\n- **Telegram Crawlers** - For link previews\n- **Social Media Bots** - Facebook, Twitter, LinkedIn crawlers\n- **HTTP Clients** - Axios, fetch, curl requests\n- **API Clients** - Custom bot integrations\n\n### Bot Configuration\n\nIn `config/arcjet.js`, the following bot types are allowed:\n\n```javascript\nallow: [\n  \"CATEGORY:SEARCH_ENGINE\", // Google, Bing crawlers\n  \"CATEGORY:SOCIAL\", // Social media crawlers\n  \"POSTMAN\", // API testing\n  \"TELEGRAM_CRAWLER\", // Telegram link previews\n  \"CURL\", // CLI requests\n  \"HTTP_CLIENT\", // General HTTP clients\n  \"API_CLIENT\", // API integrations\n];\n```\n\n### Using with Telegram Bots\n\nWhen making requests from your Telegram bot using Axios:\n\n```javascript\nimport axios from \"axios\";\n\n// Example API call from Telegram bot\nconst response = await axios.post(\n  \"https://your-api.com/api/posts\",\n  {\n    title: \"My Post\",\n    content: \"Post content\",\n  },\n  {\n    headers: {\n      Authorization: \"Bearer your-jwt-token\",\n      \"X-API-Key\": \"your-api-key\",\n      \"User-Agent\": \"TelegramBot/1.0\",\n    },\n  }\n);\n```\n\n## 📚 API Endpoints\n\n### Authentication\n\n- `POST /api/auth/register` - User registration\n- `POST /api/auth/login` - User login\n- `POST /api/auth/logout` - User logout\n- `GET /api/auth/profile` - Get user profile\n\n### Posts\n\n- `GET /api/posts` - Get all posts\n- `POST /api/posts` - Create new post\n- `GET /api/posts/:id` - Get specific post\n- `PUT /api/posts/:id` - Update post\n- `DELETE /api/posts/:id` - Delete post\n\n### URL Shortening\n\n- `POST /api/shorturls` - Create short URL\n- `GET /api/shorturls` - Get user's short URLs\n- `GET /s/:shortCode` - Redirect to original URL\n\n### Newsletter\n\n- `POST /api/newsletter/subscribe` - Subscribe to newsletter\n- `GET /api/newsletter` - Get newsletters (admin)\n- `POST /api/newsletter` - Send newsletter (admin)\n\n### Subscriptions\n\n- `GET /api/subscriptions` - Get user subscriptions\n- `POST /api/subscriptions` - Create subscription\n- `DELETE /api/subscriptions/:id` - Cancel subscription\n\n## 🔐 Security Configuration\n\n### Rate Limiting\n\n- **5 requests per interval** (10s dev, 60s prod)\n- **10 token bucket capacity**\n- **IP-based rate limiting**\n\n### CORS Policy\n\n- **Production**: Only `*.saifdev.xyz` domains\n- **Development**: All localhost origins\n\n### Bot Detection\n\n- **Shield protection** against malicious traffic\n- **Whitelist approach** for legitimate bots\n- **Token bucket rate limiting** for all requests\n\n## 🚀 Deployment\n\n### Production Setup\n\n1. **Environment Variables**\n\n   ```bash\n   NODE_ENV=production\n   ARCJET_ENV=production\n   ```\n\n2. **Process Manager**\n\n   ```bash\n   # Using PM2\n   npm install -g pm2\n   pm2 start server.js --name \"saifapi-bots\"\n   ```\n\n3. **Reverse Proxy** (Nginx example)\n\n   ```nginx\n   server {\n       listen 80;\n       server_name your-domain.com;\n\n       location / {\n           proxy_pass http://localhost:3000;\n           proxy_set_header Host $host;\n           proxy_set_header X-Real-IP $remote_addr;\n       }\n   }\n   ```\n\n## 🛠️ Development\n\n### Available Scripts\n\n- `npm start` - Start production server\n- `npm run dev` - Start development server with nodemon\n\n### Adding New Features\n\n1. Create feature directory in project root\n2. Add routes, controllers, models, and validation\n3. Register routes in `server.js`\n4. Update middleware if needed\n\n## 📝 Troubleshooting\n\n### Common Issues\n\n**Bot Detection Errors**\n\n- Ensure your bot's user agent is in the allow list\n- Check if `CATEGORY:SOCIAL` covers your bot type\n- Consider setting bot detection to `DRY_RUN` mode for testing\n\n**CORS Errors**\n\n- Verify your domain is in the allowed origins\n- Check the CORS configuration in `server.js`\n\n**Rate Limiting**\n\n- Increase rate limits in `config/arcjet.js` if needed\n- Monitor rate limit headers in responses\n\n## 📄 License\n\nThis project is licensed under the ISC License.\n\n## 🤝 Contributing\n\n1. Fork the repository\n2. Create a feature branch\n3. Commit your changes\n4. Push to the branch\n5. Create a Pull Request\n\n## 📞 Support\n\nFor support and questions, please open an issue in the repository.\n\n---\n\nBuilt with ❤️ using Express.js, Arcjet, and modern security practices.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaif-abdelrazek%2Fsaifapi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsaif-abdelrazek%2Fsaifapi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaif-abdelrazek%2Fsaifapi/lists"}