Loading repository data…
Loading repository data…
AlainKwishima / repository
A secure, modern backend for a React Native application, built with Node.js, Express, and MongoDB. It ships with JWT auth, social graph (follows, posts), messaging, wallet tracking with audit logs, comprehensive validation, rate limiting, and beautiful interactive API docs.
A secure, modern backend for a React Native application, built with Node.js, Express, and MongoDB. It ships with JWT auth, social graph (follows, posts), messaging, wallet tracking with audit logs, comprehensive validation, rate limiting, and beautiful interactive API docs.
CORS_ORIGINS, rate limiting, input validation, NoSQL-injection sanitization, HPPjsonwebtokenJoihelmet, express-rate-limit, express-mongo-sanitize, hpp, bcryptjsnpm install
.env based on env.example:PORT=5000
NODE_ENV=development
MONGO_URI=mongodb://localhost:27017/mobile
JWT_SECRET=replace-with-secure-random
JWT_EXPIRY=24h
REFRESH_TOKEN_SECRET=replace-with-secure-random
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100
# Optional: comma-separated allowed origins in production
# CORS_ORIGINS=https://app.example.com,https://admin.example.com
# Optional SMTP for real mail delivery (falls back to console JSON transport)
# SMTP_HOST=...
# SMTP_PORT=587
# SMTP_USER=...
# SMTP_PASS=...
# SMTP_FROM=no-reply@mobile.app
# Development
npm run dev
# Production
npm start
http://localhost:5000/healthhttp://localhost:5000/apihttp://localhost:5000/api/docsInteractive docs are served by Swagger UI. The app prefers the comprehensive spec at openapi/mobile.v1.yaml and falls back to src/swagger.yaml.
Bearer YOUR_TOKEN to try protected endpoints.POST /api/auth/registerPOST /api/auth/login → copy accessTokenexpress-mongo-sanitize and hpp enabled globallynpm test
User: identity, auth state, profile, walletBalance, activity, activeTimeByDatePost: postId, userId, content, timestamp (+ indexes, virtual author)Message: messageId, senderId, receiverId, content, timestamp (+ indexes)Follow: followerId, followeeId (+ unique compound index)WalletAudit: immutable record of wallet operationsnpm run dev # Start with nodemon
npm start # Start server
npm test # Run tests
npm run seed # Seed DB (if implemented)
src/
config/ # configuration and database connection
controllers/ # route handlers
middleware/ # auth, validation, errors, rate-limiter
models/ # mongoose models
routes/ # express routers
utils/ # helpers (jwt, tokens, mailer, uuid)
server.js # app bootstrap and wiring
openapi/
mobile.v1.yaml # full OpenAPI spec (preferred by Swagger UI)
CORS_ORIGINS for productionMONGO_URIMIT