An open API service indexing awesome lists of open source software.

https://github.com/brijeshdevio/backend-starter

A production-ready, highly secure backend template built with modern Node.js technologies.
https://github.com/brijeshdevio/backend-starter

express jwt postgresql prisma

Last synced: 28 days ago
JSON representation

A production-ready, highly secure backend template built with modern Node.js technologies.

Awesome Lists containing this project

README

          

# πŸš€ Production-ready Node.js Backend Starter

A clean, minimal, and production-ready REST API starter built with **Express 5**, **TypeScript**, **Prisma**, and **PostgreSQL** β€” with auth, logging, validation, rate limiting, and a consistent response format out of the box.

> Skip the boilerplate. Start building features.

---

## ✨ What's Included

| Feature | Tech |
| ---------------- | ---------------------------- |
| Framework | Express 5 + TypeScript |
| Database | PostgreSQL via Prisma 7 |
| Authentication | JWT (jsonwebtoken) |
| Password Hashing | Argon2 |
| Validation | Zod v4 |
| Logging | Pino + pino-pretty |
| Security | Helmet + CORS |
| Rate Limiting | express-rate-limit |
| Response Format | Custom `apiResponse` utility |

---

## πŸ“ Project Structure

```
β”œβ”€β”€ .env.example
β”œβ”€β”€ .gitignore
β”œβ”€β”€ package.json
β”œβ”€β”€ pnpm-lock.yaml
β”œβ”€β”€ prisma.config.ts
β”œβ”€β”€ prisma
β”‚ β”œβ”€β”€ migrations
β”‚ β”‚ β”œβ”€β”€ 20260424062803_init
β”‚ β”‚ β”‚ └── migration.sql
β”‚ └── schema.prisma
β”œβ”€β”€ src
β”‚ β”œβ”€β”€ app.ts
β”‚ β”œβ”€β”€ config
β”‚ β”‚ └── env.ts
β”‚ β”œβ”€β”€ constants
β”‚ β”‚ └── index.ts
β”‚ β”œβ”€β”€ lib
β”‚ β”‚ β”œβ”€β”€ logger.ts
β”‚ β”‚ └── prisma.ts
β”‚ β”œβ”€β”€ middleware
β”‚ β”‚ β”œβ”€β”€ auth-guard.ts
β”‚ β”‚ β”œβ”€β”€ error-handler.ts
β”‚ β”‚ β”œβ”€β”€ rate-limit.ts
β”‚ β”‚ β”œβ”€β”€ role-guard.ts
β”‚ β”‚ └── validate.ts
β”‚ β”œβ”€β”€ modules
β”‚ β”‚ β”œβ”€β”€ auth
β”‚ β”‚ β”‚ β”œβ”€β”€ auth.controller.ts
β”‚ β”‚ β”‚ β”œβ”€β”€ auth.routes.ts
β”‚ β”‚ β”‚ β”œβ”€β”€ auth.schema.ts
β”‚ β”‚ β”‚ └── auth.service.ts
β”‚ β”‚ └── users
β”‚ β”‚ β”œβ”€β”€ users.controller.ts
β”‚ β”‚ β”œβ”€β”€ users.routes.ts
β”‚ β”‚ β”œβ”€β”€ users.schema.ts
β”‚ β”‚ └── users.service.ts
β”‚ β”œβ”€β”€ routes
β”‚ β”‚ └── index.ts
β”‚ β”œβ”€β”€ server.ts
β”‚ β”œβ”€β”€ types
β”‚ β”‚ └── express.d.ts
β”‚ └── utils
β”‚ β”œβ”€β”€ api-response.ts
β”‚ β”œβ”€β”€ cookie.ts
β”‚ └── error.ts
β”œβ”€β”€ tsconfig.json
└── vercel.json
```

---

## ⚑ Getting Started

### 1. Clone & install

```bash
git clone https://github.com/brijeshdevio/backend-starter.git
cd backend-starter
npm install
```

### 2. Set up environment

```bash
cp .env.example .env
```

Open `.env` and fill in your values:

```env
NODE_ENV="development"
PORT=3000
DATABASE_URL="postgresql://user:password@localhost:5432/backend_starter?schema=public"
JWT_SECRET="your-secret-min-32-chars"
JWT_EXPIRES_IN="15m"
CLIENT_URL="http://localhost:5173"
LOG_LEVEL="info"
```

### 3. Run database migrations

```bash
npx prisma migrate dev --name init
npx prisma generate
```

### 4. Start the dev server

```bash
npm run dev
```

Server starts at `http://localhost:3000`

---

## πŸ“‘ API Endpoints

Base URL: `http://localhost:3000/api/v1`

### Auth

| Method | Endpoint | Access | Description |
| ------ | ---------------- | ------- | --------------------- |
| `POST` | `/auth/register` | Public | Create a new account |
| `POST` | `/auth/login` | Public | Login and receive JWT |
| `POST` | `/auth/refresh` | πŸ”’ Auth | Rotate refresh token |
| `POST` | `/auth/logout` | πŸ”’ Auth | Logout |
| `GET` | `/auth/me` | πŸ”’ Auth | Get current user info |

### Users

| Method | Endpoint | Access | Description |
| -------- | ------------ | -------- | -------------------------- |
| `GET` | `/users` | πŸ”’ Admin | List all users (paginated) |
| `GET` | `/users/:id` | πŸ”’ Auth | Get a user by ID |
| `PATCH` | `/users/:id` | πŸ”’ Auth | Update your own profile |
| `DELETE` | `/users/:id` | πŸ”’ Admin | Delete a user |

### System

| Method | Endpoint | Access | Description |
| ------ | --------- | ------ | ------------ |
| `GET` | `/health` | Public | Health check |

---

## πŸ“¦ Response Format

Every response follows a consistent shape:

**Success**

```json
{
"success": true,
"status": 200,
"message": "Users fetched",
"data": {},
"meta": {
"page": 1,
"limit": 10,
"total": 42,
"totalPages": 5
}
}
```

**Error**

```json
{
"success": false,
"status": 401,
"message": "Invalid credentials"
}
```

**Validation Error (Zod)**

```json
{
"success": false,
"status": 400,
"message": "Validation failed",
"errors": {
"email": ["Invalid email"],
"password": ["String must contain at least 8 character(s)"]
}
}
```

---

## πŸ›‘οΈ Auth Flow

```
POST /auth/register β†’ creates account, returns user
POST /auth/login β†’ returns JWT (expires in 15m)
POST /auth/refresh β†’ rotate refresh token
POST /auth/logout β†’ logout and delete session
GET /auth/me β†’ Authorization: Bearer

```

Passwords are hashed with **Argon2** (more secure than bcrypt).
Tokens are signed with `JWT_SECRET` and expire based on `JWT_EXPIRES_IN`.

---

## πŸ”’ Rate Limiting

| Route | Limit |
| ------------------- | --------------------- |
| All `/api/*` routes | 100 requests / 15 min |
| `/auth/login` | 10 requests / 15 min |

When the limit is exceeded:

```json
{
"success": false,
"status": 429,
"message": "Too many requests, please try again later."
}
```

---

## πŸ§ͺ Testing the API

You can use [Postman](https://postman.com), [Insomnia](https://insomnia.rest), or `curl`:

```bash
# Register
curl -X POST http://localhost:3000/api/v1/auth/register \
-H "Content-Type: application/json" \
-d '{"name": "Brijesh", "email": "brijesh@dev.in", "password": "Secure@123"}'

# Login
curl -X POST http://localhost:3000/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{"email": "brijesh@dev.in", "password": "Secure@123"}'

# Get current user
curl http://localhost:3000/api/v1/auth/me \
-H "Authorization: Bearer "
```

---

## πŸ“œ Available Scripts

```bash
npm run dev # Start dev server with hot reload (tsx watch)
npm run build # Compile TypeScript to /dist
npm run start # Run compiled production build
```

---

## πŸ—„οΈ Database Schema

Managed by Prisma. Edit `prisma/schema.prisma` to add your models.

```bash
# After editing schema.prisma:
npx prisma migrate dev --name your_migration_name
```

Current models: `User` (with `USER` / `ADMIN` roles)

---

## 🧱 Tech Versions

| Package | Version |
| -------------- | ------- |
| express | ^5.2.1 |
| typescript | ^6.0.3 |
| @prisma/client | ^7.8.0 |
| zod | ^4.3.6 |
| argon2 | ^0.44.0 |
| pino | ^10.3.1 |
| jsonwebtoken | ^9.0.3 |

---

## πŸ—ΊοΈ What's Next

This starter is intentionally minimal. Extend it based on your project needs:

- βœ… Refresh token rotation
- [ ] Email verification
- [ ] File uploads (Multer / S3)
- [ ] Redis caching
- [ ] Docker + docker-compose
- [ ] GitHub Actions CI/CD
- [ ] Stripe billing integration

---

## πŸ“„ License

MIT β€” free to use, fork, and build on.

---

Built by @brijeshdevio