Skip to content

Sengrar/sern-fullstack-template

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

5 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸš€ SERN Fullstack Template

A production-grade fullstack boilerplate built with SERN (Sequelize, Express, React, Node.js) following modern backend architecture, security best practices, and scalable design patterns.

This project is structured for real-world applications, focusing on maintainability, security, logging, and extensibility.


πŸ“Œ Core Features

πŸ” Authentication & Authorization

  • JWT Authentication (stored in HTTP-only cookies)
  • Secure login & logout flow
  • Role-Based Access Control (RBAC)
  • Permission-based authorization middleware
  • Protected routes with layered security

πŸ”‘ Password & User Security

  • Strong password validation using RegEx

  • Bcrypt hashing with configurable salt rounds

  • Sequelize hooks:

    • beforeCreate
    • beforeUpdate
    • beforeBulkUpdate
  • Password excluded from responses (toJSON override)

  • Secure login flow (no user enumeration leaks)


πŸ›‘οΈ Security Layer

  • helmet() for HTTP security headers
  • compression() for optimized responses
  • Rate limiting (Login & Signup protection)
  • HTTP-only cookies (XSS protection)
  • SameSite cookies (CSRF mitigation)

πŸ“Š Logging System (Advanced)

βœ… Winston Logging

  • Structured JSON logs

  • Log files:

    • combined.log β†’ all logs
    • error.log β†’ only errors
  • Environment-aware logging

  • Console logs (development only)

πŸ“‘ Request Logging

  • Tracks incoming HTTP requests
  • Helps debug API usage and performance

🧾 Audit Logging

  • Tracks critical user/system actions
  • Useful for debugging + compliance

βš™οΈ Backend Architecture

  • MVC + Service + Repository pattern
  • Clean separation of concerns
  • Middleware-based flow
  • Centralized error handling (ApiError, ApiResponse)
  • Async error wrapper (asyncHandler)

πŸ—„οΈ Database (Sequelize + MySQL)

  • ORM-based modeling
  • Validation at model level
  • Lifecycle hooks
  • Environment-based sync strategies

🌐 API Design

βœ… API Versioning

  • Versioned routes: /api/v1
  • Future-ready for backward compatibility

βœ… Available Endpoints

Method Endpoint Description
GET / Server test route
GET /api/v1/health Health check API
POST /api/v1/auth/register Register user
POST /api/v1/auth/login Login user
POST /api/v1/auth/logout Logout user
GET /api/v1/users/profile Get user profile
GET /api/v1/users/admin Admin-only route

βš›οΈ Frontend (React Client)

  • Separate client/ folder
  • Ready for API integration
  • Authentication-ready structure
  • Scalable component-based architecture

πŸ“ Project Structure

root/
β”‚
β”œβ”€β”€ client/                 # React frontend
β”‚
β”œβ”€β”€ server/
β”‚   β”œβ”€β”€ src/
β”‚   β”‚   β”œβ”€β”€ config/         # Logger, roles, configs
β”‚   β”‚   β”œβ”€β”€ constants/      # App constants
β”‚   β”‚   β”œβ”€β”€ controllers/    # Route handlers
β”‚   β”‚   β”œβ”€β”€ logs/           # Log files (Winston)
β”‚   β”‚   β”œβ”€β”€ middlewares/    # Auth, rate limit, error
β”‚   β”‚   β”œβ”€β”€ models/         # Sequelize models
β”‚   β”‚   β”œβ”€β”€ repositories/   # DB abstraction layer
β”‚   β”‚   β”œβ”€β”€ routes/         # API routes (v1)
β”‚   β”‚   β”œβ”€β”€ services/       # Business logic
β”‚   β”‚   β”œβ”€β”€ utils/          # Helpers (ApiError, etc.)
β”‚   β”‚   β”œβ”€β”€ validations/    # Input validation logic
β”‚   β”‚   β”œβ”€β”€ app.js          # Express app config
β”‚   β”‚   └── index.js        # Entry point
β”‚   β”‚
β”‚   └── .env
β”‚
└── README.md

⚑ Getting Started

1️⃣ Clone Repo

git clone https://github.com/Sengrar/sern-fullstack-template.git
cd sern-fullstack-template

2️⃣ Backend Setup

cd server
npm install

Create .env:

PORT=5000
NODE_ENV=development

DB_NAME=your_db
DB_USER=root
DB_PASSWORD=your_password
DB_HOST=localhost

JWT_SECRET=your_secret
BCRYPT_ROUNDS=10

Run server:

npm run dev

3️⃣ Frontend Setup

cd client
npm install
npm run dev

🧠 Key Engineering Concepts

  • Service Layer Pattern
  • Repository Pattern
  • Middleware Architecture
  • API Versioning Strategy
  • Secure Cookie-Based Authentication
  • Structured Logging & Monitoring
  • Role & Permission-based Access Control

πŸ—οΈ Production-Ready Highlights

  • Clean architecture (scalable & maintainable)
  • Strong security practices
  • Advanced logging (request + audit + error)
  • Versioned API design
  • Modular codebase (easy to extend)

πŸš€ Future Enhancements

πŸ” Auth

  • Refresh tokens
  • Email verification (OTP)
  • Forgot/reset password

πŸ“Š Monitoring

  • ELK stack integration
  • Sentry error tracking

⚑ Performance

  • Redis caching
  • Query optimization

πŸ“¦ DevOps

  • Docker setup
  • CI/CD pipelines
  • Deployment configs

πŸ“‘ API

  • Swagger documentation
  • Pagination, filtering, sorting

βš›οΈ Frontend

  • State management (Redux/Zustand)
  • UI library integration

🀝 Contributing

Pull requests are welcome. For major changes, open an issue first.


πŸ“œ License

MIT License


⭐ Support

If you like this project, give it a ⭐ on GitHub!

About

Production-ready SERN (Sequelize, Express, React, Node.js) fullstack template with JWT auth, RBAC, API versioning, logging, and security best practices

Topics

Resources

License

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors