A secure, multi-tenant REST API built with Node.js + Express for generating and managing digital contact cards (vCards). Includes JWT authentication with refresh token rotation, role-based access control (RBAC), and tenant-isolated user accounts.
Sharing contact information often requires manual steps or insecure file exchanges. Daurecard automates vCard (.vcf) generation while ensuring:
- Strong authentication and identity protection
- Tenant isolation between organizations
- Role-based permissions for admins and users
- Fast access and efficient retrieval of stored contact data
| Feature | Description |
|---|---|
| JWT Auth + Refresh Rotation | Secure authentication with refresh token storage for session continuity |
| Role-Based Access Control (RBAC) | Users, Admins, and Super Admins with controlled privileges |
| Multi-Tenant Architecture | Each organization manages its own contacts and users |
| vCard Generation | Creates and serves standard .vcf contact files |
| User Profile Management | Update names, email, phone, password, etc. |
| Secure Middleware | Authentication, validation, request filtering |
| Configurable Environment | .env driven environment variables |
| Testing Ready | Jest setup provided for unit and integration tests |
┌───────────────────────┐
│ Client App │
│ (Web / Mobile / API) │
└──────────┬────────────┘
│ REST Calls
┌─────────────▼──────────────┐
│ API Gateway / LB │
└─────────────┬──────────────┘
│
┌──────────▼───────────┐
│ Express App (API) │
│ Controllers / Routes │
└──────────┬───────────┘
│
┌───────────▼───────────────┐
│ Services Layer │
│ (Business Logic, RBAC) │
└───────────┬───────────────┘
│
┌────────────▼──────────────┐
│ Data Access │
│ Mongoose / MongoDB │
└───────────────────────────┘
- User logs in → receives Access Token + Refresh Token
- Refresh Token is stored in the DB for secure rotation
- Access token expires → client requests new one using refresh token
- A new refresh token is generated → old one is invalidated
✅ Prevents stolen token reuse
- Node.js + Express.js
- MongoDB (Mongoose ORM)
- JWT (access & refresh tokens)
- Bcrypt for password hashing
- dotenv for environment configs
- Multer for handling file storage
- Jest (optional testing)
git clone https://github.com/Schandroid243/daurecardExpressApi.git
cd daurecardExpressApi
yarn install
# Create .env file (see .env.example)
# Start development
yarn startyarn test
- Add Swagger or Postman API documentation
- Deploy using Docker
- Add rate limiting and user session activity logging
MIT
For collaboration or questions: GitHub: https://github.com/Schandroid243