https://github.com/brijeshdevio/backend-starter
A production-ready, highly secure backend template built with modern Node.js technologies.
https://github.com/brijeshdevio/backend-starter
express jwt postgresql prisma
Last synced: 28 days ago
JSON representation
A production-ready, highly secure backend template built with modern Node.js technologies.
- Host: GitHub
- URL: https://github.com/brijeshdevio/backend-starter
- Owner: brijeshdevio
- Created: 2026-04-02T13:56:38.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2026-04-26T11:45:34.000Z (2 months ago)
- Last Synced: 2026-04-26T13:23:11.647Z (2 months ago)
- Topics: express, jwt, postgresql, prisma
- Language: TypeScript
- Homepage: https://backend-starter.brijeshdev.in/api
- Size: 213 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# π Production-ready Node.js Backend Starter
A clean, minimal, and production-ready REST API starter built with **Express 5**, **TypeScript**, **Prisma**, and **PostgreSQL** β with auth, logging, validation, rate limiting, and a consistent response format out of the box.
> Skip the boilerplate. Start building features.
---
## β¨ What's Included
| Feature | Tech |
| ---------------- | ---------------------------- |
| Framework | Express 5 + TypeScript |
| Database | PostgreSQL via Prisma 7 |
| Authentication | JWT (jsonwebtoken) |
| Password Hashing | Argon2 |
| Validation | Zod v4 |
| Logging | Pino + pino-pretty |
| Security | Helmet + CORS |
| Rate Limiting | express-rate-limit |
| Response Format | Custom `apiResponse` utility |
---
## π Project Structure
```
βββ .env.example
βββ .gitignore
βββ package.json
βββ pnpm-lock.yaml
βββ prisma.config.ts
βββ prisma
β βββ migrations
β β βββ 20260424062803_init
β β β βββ migration.sql
β βββ schema.prisma
βββ src
β βββ app.ts
β βββ config
β β βββ env.ts
β βββ constants
β β βββ index.ts
β βββ lib
β β βββ logger.ts
β β βββ prisma.ts
β βββ middleware
β β βββ auth-guard.ts
β β βββ error-handler.ts
β β βββ rate-limit.ts
β β βββ role-guard.ts
β β βββ validate.ts
β βββ modules
β β βββ auth
β β β βββ auth.controller.ts
β β β βββ auth.routes.ts
β β β βββ auth.schema.ts
β β β βββ auth.service.ts
β β βββ users
β β βββ users.controller.ts
β β βββ users.routes.ts
β β βββ users.schema.ts
β β βββ users.service.ts
β βββ routes
β β βββ index.ts
β βββ server.ts
β βββ types
β β βββ express.d.ts
β βββ utils
β βββ api-response.ts
β βββ cookie.ts
β βββ error.ts
βββ tsconfig.json
βββ vercel.json
```
---
## β‘ Getting Started
### 1. Clone & install
```bash
git clone https://github.com/brijeshdevio/backend-starter.git
cd backend-starter
npm install
```
### 2. Set up environment
```bash
cp .env.example .env
```
Open `.env` and fill in your values:
```env
NODE_ENV="development"
PORT=3000
DATABASE_URL="postgresql://user:password@localhost:5432/backend_starter?schema=public"
JWT_SECRET="your-secret-min-32-chars"
JWT_EXPIRES_IN="15m"
CLIENT_URL="http://localhost:5173"
LOG_LEVEL="info"
```
### 3. Run database migrations
```bash
npx prisma migrate dev --name init
npx prisma generate
```
### 4. Start the dev server
```bash
npm run dev
```
Server starts at `http://localhost:3000`
---
## π‘ API Endpoints
Base URL: `http://localhost:3000/api/v1`
### Auth
| Method | Endpoint | Access | Description |
| ------ | ---------------- | ------- | --------------------- |
| `POST` | `/auth/register` | Public | Create a new account |
| `POST` | `/auth/login` | Public | Login and receive JWT |
| `POST` | `/auth/refresh` | π Auth | Rotate refresh token |
| `POST` | `/auth/logout` | π Auth | Logout |
| `GET` | `/auth/me` | π Auth | Get current user info |
### Users
| Method | Endpoint | Access | Description |
| -------- | ------------ | -------- | -------------------------- |
| `GET` | `/users` | π Admin | List all users (paginated) |
| `GET` | `/users/:id` | π Auth | Get a user by ID |
| `PATCH` | `/users/:id` | π Auth | Update your own profile |
| `DELETE` | `/users/:id` | π Admin | Delete a user |
### System
| Method | Endpoint | Access | Description |
| ------ | --------- | ------ | ------------ |
| `GET` | `/health` | Public | Health check |
---
## π¦ Response Format
Every response follows a consistent shape:
**Success**
```json
{
"success": true,
"status": 200,
"message": "Users fetched",
"data": {},
"meta": {
"page": 1,
"limit": 10,
"total": 42,
"totalPages": 5
}
}
```
**Error**
```json
{
"success": false,
"status": 401,
"message": "Invalid credentials"
}
```
**Validation Error (Zod)**
```json
{
"success": false,
"status": 400,
"message": "Validation failed",
"errors": {
"email": ["Invalid email"],
"password": ["String must contain at least 8 character(s)"]
}
}
```
---
## π‘οΈ Auth Flow
```
POST /auth/register β creates account, returns user
POST /auth/login β returns JWT (expires in 15m)
POST /auth/refresh β rotate refresh token
POST /auth/logout β logout and delete session
GET /auth/me β Authorization: Bearer
```
Passwords are hashed with **Argon2** (more secure than bcrypt).
Tokens are signed with `JWT_SECRET` and expire based on `JWT_EXPIRES_IN`.
---
## π Rate Limiting
| Route | Limit |
| ------------------- | --------------------- |
| All `/api/*` routes | 100 requests / 15 min |
| `/auth/login` | 10 requests / 15 min |
When the limit is exceeded:
```json
{
"success": false,
"status": 429,
"message": "Too many requests, please try again later."
}
```
---
## π§ͺ Testing the API
You can use [Postman](https://postman.com), [Insomnia](https://insomnia.rest), or `curl`:
```bash
# Register
curl -X POST http://localhost:3000/api/v1/auth/register \
-H "Content-Type: application/json" \
-d '{"name": "Brijesh", "email": "brijesh@dev.in", "password": "Secure@123"}'
# Login
curl -X POST http://localhost:3000/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{"email": "brijesh@dev.in", "password": "Secure@123"}'
# Get current user
curl http://localhost:3000/api/v1/auth/me \
-H "Authorization: Bearer "
```
---
## π Available Scripts
```bash
npm run dev # Start dev server with hot reload (tsx watch)
npm run build # Compile TypeScript to /dist
npm run start # Run compiled production build
```
---
## ποΈ Database Schema
Managed by Prisma. Edit `prisma/schema.prisma` to add your models.
```bash
# After editing schema.prisma:
npx prisma migrate dev --name your_migration_name
```
Current models: `User` (with `USER` / `ADMIN` roles)
---
## π§± Tech Versions
| Package | Version |
| -------------- | ------- |
| express | ^5.2.1 |
| typescript | ^6.0.3 |
| @prisma/client | ^7.8.0 |
| zod | ^4.3.6 |
| argon2 | ^0.44.0 |
| pino | ^10.3.1 |
| jsonwebtoken | ^9.0.3 |
---
## πΊοΈ What's Next
This starter is intentionally minimal. Extend it based on your project needs:
- β
Refresh token rotation
- [ ] Email verification
- [ ] File uploads (Multer / S3)
- [ ] Redis caching
- [ ] Docker + docker-compose
- [ ] GitHub Actions CI/CD
- [ ] Stripe billing integration
---
## π License
MIT β free to use, fork, and build on.
---
Built by @brijeshdevio