A robust and secure backend application template built with Express.js, MongoDB, and TypeScript, featuring comprehensive authentication and authorization systems.
-
Authentication & Authorization
- JWT-based authentication with access and refresh tokens
- Role-based access control
- Account lockout protection
- Password reset functionality
- Email verification
- Secure password hashing
-
Security Measures
- Rate limiting
- CORS protection
- Helmet security headers
- Request validation
- MongoDB injection protection
- Secure error handling
-
Architecture
- TypeScript for type safety
- Clean architecture principles
- Modular project structure
- Comprehensive error handling
- Request validation using Zod
- Detailed logging system
- Node.js (v16 or higher)
- MongoDB (v4.4 or higher)
- TypeScript knowledge
- npm or yarn package manager
- Clone the repository:
git clone <repository-url>
cd secure-express-backend- Install dependencies:
npm install- Create environment file:
cp .env.example .env- Configure environment variables:
NODE_ENV=development
PORT=3000
MONGODB_URI=mongodb://localhost:27017/your_database
JWT_ACCESS_SECRET=your_jwt_access_secret
JWT_REFRESH_SECRET=your_jwt_refresh_secret
JWT_ACCESS_EXPIRES_IN=15m
JWT_REFRESH_EXPIRES_IN=7d
SMTP_HOST=smtp.example.com
SMTP_PORT=587
SMTP_USER=your_email
SMTP_PASS=your_passwordnpm run devnpm run build
npm startsrc/
├── config/ # Configuration files
├── middleware/ # Public Reusable Middlewares
├── modules # Contains all the modules(self isolated services, controllers, routes and models)
├── routes/ # Main routes
├── utils/ # Utility functions
├── types/ # TypeScript type definitions
├── app.ts # Express app setup
└── server.ts # Application entry point
POST /api/auth/register # Register new user
POST /api/auth/login # Login user
POST /api/auth/refresh # Refresh access token
POST /api/auth/forgot-password # Request password reset
POST /api/auth/reset-password # Reset password
POST /api/auth/verify-email # Verify email
GET /api/users/profile # Get user profile
PUT /api/users/profile # Update user profile
-
Password Security
- Passwords are hashed using bcrypt
- Minimum password requirements enforced
- Password reset with expiring tokens
-
Authentication
- JWT with access and refresh tokens
- Token expiration and rotation
- Account lockout after failed attempts
-
Request Security
- Input validation
- Rate limiting
- CORS protection
- Security headers
Run the test suite:
npm testRun tests with coverage:
npm run test:coverageThe application includes a comprehensive error handling system:
- Custom error classes for different scenarios
- Structured error responses
- Detailed logging in development
- Sanitized errors in production
-
Authentication Middleware
- Token validation
- Role-based access control
- User session management
-
Security Middleware
- Rate limiting
- CORS configuration
- Helmet security headers
Core dependencies:
express: Web frameworkmongodb: MongoDB driverjsonwebtoken: JWT implementationbcryptjs: Password hashingzod: Schema validationpino: Logging
Development dependencies:
typescript: TypeScript compilerts-node: TypeScript executionjest: Testing frameworknodemon: Development server
- Fork the repository
- Create your feature branch
- Commit your changes
- Push to the branch
- Create a new Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Express.js documentation
- MongoDB best practices
- TypeScript handbook
- Security best practices from OWASP
For support, please create an issue in the repository or contact the maintainers.