Skip to content

rahmancoder/DevPulse-Authentication-and-Authorization

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DevPulse-Authentication-and-Authorization

This is a secure and scalable Issue Tracking Backend API built with TypeScript , Express and modern Node.js authentication and role-based authorization(RBAC).

This system supports user signup/registration, login, JWT authentication, and Issue Tracking for software/website bugs or feature_request which will be maintain by certain Role called maintainer and a contributor.

At the end, the technical video covers 2 topics.



Project Features

Features
Runtime environment
Type-safe JavaScript/TypeScript
Dynamic Routing
Relational database
Raw SQL Direct database queries
Password hashing
JWT authentication
Standard HTTP status handling

User Roles & Permissions

Role Permissions
contributor signup, login, create issues, view issues
maintainer All contributor permissions + update any issue, delete issues, manage workflow, access metrics

Packages installation and SetUp

Installation & Setup

1 Initialize Node Project

npm init -y

2 Install TypeScript

npm install -D typescript

3 Initialize TypeScript Config

npx tsc --init

4 Install Express

npm install express

5 Install PostgreSQL Driver

npm install pg

6 Install Environment Variable Package

npm install dotenv

7 Install Password Hashing Package

npm install bcrypt

8 Install JWT Authentication Package

npm install jsonwebtoken

9 Install CORS

npm install cors

10 Install Type Definitions

npm install -D @types/node
npm install -D @types/express
npm install -D @types/pg
npm install -D @types/bcrypt
npm install -D @types/jsonwebtoken
npm install -D @types/cors

Run Development Server

"dev": "tsx watch src/server.ts",

npm run dev

After build and Deployment Run Development Server

"start": "node dist/server.js",
"build": "tsup"

npm build
npm start


npm i -g vercel
vercel login
vercel --prod

.env includes
PORT
DATABSE_URL
JWT_SECRET_KEY

Project Folder/File Structure includes

├── src
│   ├── config
│   │   └── index.ts
│   │
│   ├── db
│   │   └── index.ts
│   │
│   ├── middleware
│   │   ├── auth.ts
│   │   ├── globalErrorHandler.ts
│   │   └── index.d.ts
│   │
│   ├── modules
│   │   ├── auth
│   │   │   ├── auth.controller.ts
│   │   │   ├── auth.route.ts
│   │   │   ├── auth.service.ts
│   │   │   └── authUser.interface.ts
│   │   │
│   │   └── issuetracker
│   │       ├── issue.controller.ts
│   │       ├── issue.route.ts
│   │       ├── issue.service.ts
│   │       └── issues.interface.ts
│   │
│   ├── types
│   │   └── index.ts
│   │
│   ├── utility
│   │   └── sendResponse.ts
│   │
│   ├── app.ts
│   └── server.ts
│
├── .gitignore
├── README.md
├── package-lock.json
├── package.json
└── tsconfig.json

Deployment File needed

├── tsup.config.ts
├── vercel.json

DevPulse Database, Routing and Authentication System Flows

Security Rules

  • Passwords are never returned in responses
  • JWT required for protected endpoints
  • Role checks enforced before privileged actions

Database Schema

TABLE users

Field Description
id Auto-increment ID
name User full name
email Unique email
password Hashed password
role contributor / maintainer
created_at Account creation timestamp
updated_at Last update timestamp

TABLE issues

Field Description
id Auto-increment ID
title Issue title (max 150 chars)
description Issue details (min 20 chars)
type bug / feature_request
status open / in_progress / resolved
reporter_id User ID who created issue
created_at Creation timestamp
updated_at Update timestamp

ROUTING AND API ROUTES TABLE (7 Endpoints)

Routing 7/7

# Method Endpoint Access Role Description
1 POST /api/auth/signup Public All Register new user
2 POST /api/auth/login Public All Login & get JWT
3 POST /api/issues Protected contributor, maintainer Create new issue
4 GET /api/issues Public All Get all issues (filter/sort supported)
5 GET /api/issues/:id Public All Get single issue
6 PUT/PATCH /api/issues/:id Protected Maintainer / Owner (limited) Update issue
7 DELETE /api/issues/:id Protected Maintainer only Delete issue

ROUTING AND API ENDPOINTS DETAILS

1. Signup (Public)

POST /api/auth/signup

2. Login (Public)

POST /api/auth/login

3. Create Issue (Protected)

POST /api/issues
Header: Authorization: <JWT_TOKEN>

4. Get All Issues (Public)

GET /api/issues?sort=newest GET /api/issues?type=bug GET /api/issues?status=open

5. Get Single Issue

GET /api/issues/:id

6. Update Issue (Protected) (Maintainer) and (Contributor can only His own, if its 'open')

PUT /api/issues/:id
Header: Authorization: <JWT_TOKEN>

7. Delete Issue (Protected) (Only Maintainer)

DELETE /api/issues/:id
Header: Authorization: <JWT_TOKEN>

Standard HTTP Status Codes Used in the DevPulse Project

Code Reason Phrase
200 OK
201 Created
204 No Content
400 Bad Request
401 Unauthorized
403 Forbidden
404 Not Found
409 Conflict
500 Internal Server Error

Technical Video Covers this 2 Topics

  1. What are the main differences between SQL (PostgreSQL) and NoSQL (MongoDB) regarding schema design and scaling?

  2. What is database connection pooling in PostgreSQL, and why is it preferred over opening a new client connection for every request?

Conclusion

DevPulse is a backend system designed for managing software issues (bugs & feature requests) with strict authentication and role-based authorization technology.

In Summary this DevPulse project includes:

  • JWT-based authentication
  • Role-based access control (RBAC)
  • Raw SQL queries (no ORM)
  • Modular Pattern Express architecture
  • Secure password hashing

Author

MD MUSTAFIZUR RAHMAN @rahmancoder all rights reserved.

About

Backend Express API Authentication and Authorization Project

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors