This is a secure and scalable Issue Tracking Backend API built with TypeScript , Express and modern Node.js authentication and role-based authorization(RBAC).
This system supports user signup/registration, login, JWT authentication, and Issue Tracking for software/website bugs or feature_request which will be maintain by certain Role called maintainer and a contributor.
At the end, the technical video covers 2 topics.
| Features |
|---|
| Runtime environment |
| Type-safe JavaScript/TypeScript |
| Dynamic Routing |
| Relational database |
| Raw SQL Direct database queries |
| Password hashing |
| JWT authentication |
| Standard HTTP status handling |
| Role | Permissions |
|---|---|
| contributor | signup, login, create issues, view issues |
| maintainer | All contributor permissions + update any issue, delete issues, manage workflow, access metrics |
npm init -ynpm install -D typescriptnpx tsc --initnpm install expressnpm install pgnpm install dotenvnpm install bcryptnpm install jsonwebtokennpm install corsnpm install -D @types/node
npm install -D @types/express
npm install -D @types/pg
npm install -D @types/bcrypt
npm install -D @types/jsonwebtoken
npm install -D @types/cors"dev": "tsx watch src/server.ts",
npm run dev
"start": "node dist/server.js",
"build": "tsup"
npm build
npm start
npm i -g vercel
vercel login
vercel --prod
.env includes
PORT
DATABSE_URL
JWT_SECRET_KEY
├── src
│ ├── config
│ │ └── index.ts
│ │
│ ├── db
│ │ └── index.ts
│ │
│ ├── middleware
│ │ ├── auth.ts
│ │ ├── globalErrorHandler.ts
│ │ └── index.d.ts
│ │
│ ├── modules
│ │ ├── auth
│ │ │ ├── auth.controller.ts
│ │ │ ├── auth.route.ts
│ │ │ ├── auth.service.ts
│ │ │ └── authUser.interface.ts
│ │ │
│ │ └── issuetracker
│ │ ├── issue.controller.ts
│ │ ├── issue.route.ts
│ │ ├── issue.service.ts
│ │ └── issues.interface.ts
│ │
│ ├── types
│ │ └── index.ts
│ │
│ ├── utility
│ │ └── sendResponse.ts
│ │
│ ├── app.ts
│ └── server.ts
│
├── .gitignore
├── README.md
├── package-lock.json
├── package.json
└── tsconfig.json
├── tsup.config.ts
├── vercel.json
- Passwords are never returned in responses
- JWT required for protected endpoints
- Role checks enforced before privileged actions
| Field | Description |
|---|---|
| id | Auto-increment ID |
| name | User full name |
| Unique email | |
| password | Hashed password |
| role | contributor / maintainer |
| created_at | Account creation timestamp |
| updated_at | Last update timestamp |
| Field | Description |
|---|---|
| id | Auto-increment ID |
| title | Issue title (max 150 chars) |
| description | Issue details (min 20 chars) |
| type | bug / feature_request |
| status | open / in_progress / resolved |
| reporter_id | User ID who created issue |
| created_at | Creation timestamp |
| updated_at | Update timestamp |
| # | Method | Endpoint | Access | Role | Description |
|---|---|---|---|---|---|
| 1 | POST | /api/auth/signup |
Public | All | Register new user |
| 2 | POST | /api/auth/login |
Public | All | Login & get JWT |
| 3 | POST | /api/issues |
Protected | contributor, maintainer | Create new issue |
| 4 | GET | /api/issues |
Public | All | Get all issues (filter/sort supported) |
| 5 | GET | /api/issues/:id |
Public | All | Get single issue |
| 6 | PUT/PATCH | /api/issues/:id |
Protected | Maintainer / Owner (limited) | Update issue |
| 7 | DELETE | /api/issues/:id |
Protected | Maintainer only | Delete issue |
POST /api/auth/signup
POST /api/auth/login
POST /api/issues
Header: Authorization: <JWT_TOKEN>
GET /api/issues?sort=newest
GET /api/issues?type=bug
GET /api/issues?status=open
GET /api/issues/:id
PUT /api/issues/:id
Header: Authorization: <JWT_TOKEN>
DELETE /api/issues/:id
Header: Authorization: <JWT_TOKEN>
| Code | Reason Phrase |
|---|---|
200 |
OK |
201 |
Created |
204 |
No Content |
400 |
Bad Request |
401 |
Unauthorized |
403 |
Forbidden |
404 |
Not Found |
409 |
Conflict |
500 |
Internal Server Error |
-
What are the main differences between SQL (PostgreSQL) and NoSQL (MongoDB) regarding schema design and scaling?
-
What is database connection pooling in PostgreSQL, and why is it preferred over opening a new client connection for every request?
DevPulse is a backend system designed for managing software issues (bugs & feature requests) with strict authentication and role-based authorization technology.
In Summary this DevPulse project includes:
- JWT-based authentication
- Role-based access control (RBAC)
- Raw SQL queries (no ORM)
- Modular Pattern Express architecture
- Secure password hashing
MD MUSTAFIZUR RAHMAN @rahmancoder all rights reserved.