The InsightAPI is a high-performance, production-ready backend built with the MERN stack (MongoDB, Express, Node.js). It serves as the foundation for a modern, interactive social media platform, featuring robust authentication, post management, and dynamic user interactions like comments and polymorphic likes.
This project was developed with a strong focus on security, scalability, and maintainability, implementing industry best practices such as atomic counting, data denormalization, robust validation, and API documentation.
The API is deployed on Render and is publicly accessible at the following URLs:
- Base URL:
https://insight-api-production.onrender.com - Health Check:
https://insight-api-production.onrender.com/health - API Endpoints:
https://insight-api-production.onrender.com/api/v1
| Feature Area | Implementation Detail | Best Practice Applied |
|---|---|---|
| Authentication | Secure JWT strategy using HttpOnly Cookies for CSRF mitigation. Full lifecycle support (register, login, refresh, logout). |
Secure Token Strategy |
| Data Integrity | Joi schema validation for all incoming requests (body, params, query) at the API boundary. | Input Validation & Data Integrity |
| Interactions | Comments and Polymorphic Likes on both posts and comments using a single Like model. |
Code Reuse & Polymorphism |
| Scalability | Atomic Counting ($inc) for commentCount and likeCount to prevent race conditions during concurrent updates. Offset Pagination for efficient feed retrieval. |
Atomic Operations & Denormalization |
| File Storage | Placeholder for local file storage, easily swappable with a cloud provider like Cloudflare R2 or AWS S3. | Cloud Storage Abstraction |
| Security | Comprehensive error handling, Rate Limiting (DoS mitigation), and strict security headers via Helmet (HSTS, etc.). | Security-by-Design |
| Observability | Centralized Winston Logger with request tracing (unique request ID per transaction). | Observability & Auditing |
| Developer Experience | Interactive API documentation using Swagger UI / OpenAPI 3.0 accessible at /api-docs. |
Documentation & DX |
- Runtime: Node.js
- Framework: Express.js
- Database: MongoDB / Mongoose ODM
- Testing: Jest & Supertest, utilizing
mongodb-memory-serverfor integration tests. - Security: JSON Web Tokens (JWT), Helmet,
HttpOnlyCookies, Rate Limiter. - Utilities: Joi (Validation), Multer (File Uploads), Winston (Logging), AWS SDK.
These instructions will get you a copy of the project up and running on your local machine.
You need to have Docker and Docker Compose installed.
-
Clone the Repository:
git clone [YOUR_REPO_URL] insightapi cd insightapi -
Start the Services (API and MongoDB):
docker-compose up --build
-
Access the Local API:
- Application is running on:
http://localhost:5001 - API Endpoints are at:
http://localhost:5001/api/v1 - Interactive Documentation (Swagger UI):
http://localhost:5001/api-docs
- Application is running on:
The project uses Jest for integration testing, connected to a dedicated in-memory MongoDB instance for isolation and speed.
To run the full test suite:
npm testAll available routes, required parameters, and response schemas are documented using the OpenAPI 3.0 Specification.
Access the interactive documentation at:
http://localhost:5001/api-docs
Before moving this API to production, please ensure the following critical services are configured:
- Database: Replace the development MongoDB with a managed service (e.g., MongoDB Atlas).
- File Storage: The application currently uses the local filesystem for file uploads, which is ephemeral on hosts like Render. For production, you must switch to a cloud provider. The app is pre-configured to support Cloudflare R2 by setting the following environment variables:
R2_ACCESS_KEY_IDR2_SECRET_ACCESS_KEYR2_ACCOUNT_IDR2_BUCKET_NAMER2_PUBLIC_URL
- Rate Limiter: Replace the in-memory rate limiter with a scalable solution like Redis for coordination across multiple instances.
- HSTS: Ensure HTTPS is enforced by your load balancer or hosting provider for HSTS to be effective.