A robust Node.js/Express backend API supporting authentication, order management, and admin operations for a multi-service platform.
- π JWT Authentication - Secure token-based authentication with 30-day expiration
- π€ User Management - Registration, login, profile updates, password change
- π¦ Order System - CRUD operations for orders with service-specific fields
- π¨βπΌ Admin Panel - Dashboard statistics, order management, user management
- ποΈ MongoDB Integration - Mongoose ODM with schema validation
- π Password Hashing - bcrypt with 10 rounds for secure password storage
- π CORS Enabled - Ready for frontend integration
- π Auto-generated Order IDs - Sequential order numbers (ORD-001, ORD-002, etc.)
- πΌοΈ Base64 File Upload - Support for profile pictures up to 50MB
| Technology | Version | Purpose |
|---|---|---|
| Node.js | 18+ | Runtime Environment |
| Express | 5.1.0 | Web Framework |
| MongoDB | Atlas | Database |
| Mongoose | 8.19.2 | ODM |
| JWT | 9.0.2 | Authentication |
| bcryptjs | 3.0.2 | Password Hashing |
| CORS | 2.8.5 | Cross-Origin Requests |
| dotenv | 17.2.3 | Environment Variables |
Before running this project, make sure you have:
- Node.js (v18 or higher)
- npm or yarn
- MongoDB Atlas account (or local MongoDB)
-
Clone the repository
git clone <your-repo-url> cd Backend
-
Install dependencies
npm install
-
Create environment file
cp .env.example .env
-
Configure environment variables
PORT=3000 MONGO_URI=mongodb+srv://username:password@cluster.mongodb.net/unifyr JWT_SECRET=your_super_secret_jwt_key_here NODE_ENV=development
npm run devServer will start at http://localhost:3000
node src/index.jsnode scripts/makeAdmin.jsDefault admin credentials:
- Email:
admin@unifyr.com - Password:
admin2025
Backend/
βββ config/
β βββ db.js # MongoDB connection
βββ controllers/
β βββ authController.js # Authentication logic
β βββ orderController.js # Order management
β βββ adminController.js # Admin operations
βββ middlewares/
β βββ auth.js # JWT verification & auth
βββ models/
β βββ User.js # User schema
β βββ Order.js # Order schema
βββ routes/
β βββ authRoutes.js # Auth endpoints
β βββ orderRoutes.js # Order endpoints
β βββ adminRoutes.js # Admin endpoints
βββ scripts/
β βββ makeAdmin.js # Create admin user
βββ src/
β βββ index.js # Server entry point
βββ .env # Environment variables
βββ .env.example # Environment template
βββ package.json # Dependencies
βββ Readme.md # This file
http://localhost:3000/api
| Method | Endpoint | Description |
|---|---|---|
| POST | /auth/register |
Register new user |
| POST | /auth/login |
Login user |
| POST | /auth/reset-password |
Reset password |
| Method | Endpoint | Description |
|---|---|---|
| GET | /auth/me |
Get current user |
| PUT | /auth/profile |
Update profile |
| PUT | /auth/password |
Change password |
| Method | Endpoint | Description |
|---|---|---|
| GET | /orders |
Get user's orders |
| POST | /orders |
Create new order |
| GET | /orders/:id |
Get single order |
| PUT | /orders/:id |
Update order |
| DELETE | /orders/:id |
Delete order |
| GET | /orders/:id/invoice |
Get invoice data |
| POST | /orders/bulk-invoices |
Get multiple invoices |
| Method | Endpoint | Description |
|---|---|---|
| GET | /admin/stats |
Dashboard statistics |
| GET | /admin/orders |
Get all orders |
| PUT | /admin/orders/:id |
Update any order |
| DELETE | /admin/orders/:id |
Delete any order |
| GET | /admin/users |
Get all users |
| PUT | /admin/users/:id/role |
Update user role |
| Method | Endpoint | Description |
|---|---|---|
| GET | / |
API status |
| GET | /api/health |
Health check with uptime |
{
name: String,
email: String (unique),
password: String (hashed),
role: String (user/admin),
profilePicture: String (base64),
phone: String,
address: String,
city: String,
country: String,
bio: String,
isActive: Boolean,
createdAt: Date,
updatedAt: Date
}{
orderId: String (auto-generated: ORD-001),
user: ObjectId (ref: User),
customer: {
name: String,
email: String,
phone: String
},
service: String (enum: 6 services),
type: String,
quantity: Number,
price: Number,
status: String (pending/in-progress/completed/cancelled),
date: Date,
notes: String,
// Service-specific fields
dimensions: String,
material: String,
cuisine: String,
deliveryTime: String,
// ... more fields
createdAt: Date,
updatedAt: Date
}-
User Registration
- Password hashed with bcrypt (10 rounds)
- JWT token generated (30-day expiration)
- Default role:
user
-
User Login
- Email/password validation
- Password comparison with bcrypt
- JWT token returned on success
-
Protected Routes
- Token extracted from
Authorization: Bearer <token> - Token verified with JWT_SECRET
- User attached to
req.user
- Token extracted from
-
Admin Routes
- Additional check:
req.user.role === 'admin' - 403 Forbidden if not admin
- Additional check:
| Variable | Required | Description | Example |
|---|---|---|---|
| PORT | No | Server port | 3000 |
| MONGO_URI | Yes | MongoDB connection string | mongodb+srv://... |
| JWT_SECRET | Yes | Secret key for JWT | your_secret_key |
| NODE_ENV | No | Environment mode | development/production |
- JSON payload limit: 50MB (for base64 images)
- URL-encoded limit: 50MB
Use the Thunder Client collection located in thunder-tests/ folder.
- Thunder Client (VS Code extension)
- Postman
- cURL
# Login
curl -X POST http://localhost:3000/api/auth/login \
-H "Content-Type: application/json" \
-d '{"email":"admin@unifyr.com","password":"admin2025"}'
# Get orders (with token)
curl -X GET http://localhost:3000/api/orders \
-H "Authorization: Bearer YOUR_JWT_TOKEN"-
Connect Repository
railway login railway link
-
Set Environment Variables
- Add all variables from
.env - Railway auto-detects Node.js
- Add all variables from
-
Deploy
railway up
- Create new Web Service
- Connect GitHub repository
- Set build command:
npm install - Set start command:
node src/index.js - Add environment variables
- Deploy
-
Install Fly CLI
curl -L https://fly.io/install.sh | sh -
Deploy
fly launch fly deploy
- Verify MONGO_URI is correct
- Check MongoDB Atlas IP whitelist (allow 0.0.0.0/0 for cloud deployment)
- Ensure database user has proper permissions
- Verify JWT_SECRET is set
- Check token expiration (30 days default)
- Ensure Bearer token format:
Bearer <token>
- Check frontend URL is allowed
- Update CORS configuration in
src/index.jsif needed
# Find process using port 3000
lsof -i :3000
# Kill the process
kill -9 <PID>- β Password hashing with bcrypt
- β JWT token authentication
- β Protected routes middleware
- β Role-based access control
- β Password validation (min 6 characters)
- β Email validation with regex
- β Mongoose schema validation
- β Error handling middleware
- β Active account check
- Change JWT_SECRET to strong random string
- Update MONGO_URI to production database
- Set NODE_ENV=production
- Enable rate limiting (recommended)
- Add helmet.js for security headers (recommended)
- Set up monitoring/logging
- Configure CORS for specific origins
| Command | Description |
|---|---|
npm run dev |
Start development server with nodemon |
node src/index.js |
Start production server |
node scripts/makeAdmin.js |
Create admin user |
For detailed API testing examples, see:
API_TESTING.md- Raw HTTP request examplesTESTING_GUIDE.md- Comprehensive testing guidethunder-tests/- Thunder Client collection
Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the MIT License.
For support, email your-email@example.com or open an issue in the repository.
Made with β€οΈ by Your Team
Frontend Repo β’ Documentation β’ Report Bug