Note: Empty folders are tracked using .gitkeep files. These ensure structure is preserved in Git.

Use the development script to run the server with environment variables auto-loaded.

Environment-specific secrets and configurations are placed inside a .env file.

You can generate strong JWT secrets using:

In Express.js, asynchronous route handlers that throw errors (e.g., failed DB operations) don't automatically trigger the error-handling middleware. That's where asyncHandler comes in.

It is a higher-order function (a function that returns another function) that helps:

• Automatically catch errors from async functions.
• Forward them to the default Express error handler via next(error).
• Avoid repetitive try...catch blocks in each route or controller.

Fix: Change err.code to error.code.

Use in routes like:

JWT (JSON Web Token) is a stateless authentication mechanism consisting of:

• Header (Algorithm & Type)
• Payload (user data)
• Signature (secured with secret)

Secret Key Generator:

Set it in .env:

Tokens are Bearer tokens -- the one who bears it has access to resources.

• Short-lived (e.g., 15 min)
• Used in API headers to authenticate users

• Long-lived (e.g., 7 days)
• Used to issue new access tokens
• Stored securely (HTTP-only cookies recommended)

Use cloud storage services like:

• AWS S3
• Cloudinary
• Google Cloud Storage
• Azure Blob Storage

• multer - Used to parse multipart/form-data for file uploads
• cloudinary - Used for image/file hosting and transformation

Example Cloudinary Config:

A pagination plugin for Mongoose aggregation pipelines.

Install:

Create .prettierrc:

This section explains how to handle file uploads in a production-grade Node.js application using Multer for local storage and Cloudinary for cloud storage. The system first stores the uploaded file temporarily on the server and then uploads it to Cloudinary. This approach offers better fault tolerance, allowing for retries in case of upload errors.

1. User uploads a file via a client (form or API call).
2. Multer stores the file temporarily in a specified local folder.
3. The server uploads the file from local storage to Cloudinary.
4. On success, the Cloudinary URL is saved in the database (optional).
5. The local file can be optionally deleted after successful upload.

Note: Multer does not create directories when using a custom destination function. Ensure the uploads/ folder exists beforehand.

• Redundancy: Local backup enables retry on failed cloud uploads.
• Traceability: Files are stored with unique names and extensions.
• Security: Files are not stored permanently on the server.
• Scalability: Upload logic is modular and reusable.

• Organized codebase inside src folder.

• MongoDB connected via Mongoose with proper async-await & try-catch for DB security.

• Uses dotenv for environment configuration.

• Integrates JWT for secure auth (access & refresh tokens).

• Image/file handling using Multer and Cloudinary.

• CORS enabled for secure cross-origin access:

  app.use(cors({ origin: process.env.CORS_ORIGIN }));

• Limits large incoming JSON:

  app.use(express.json({ limit: "16kb" }));

• Cookie support via:

  import cookieParser from "cookie-parser";
  app.use(cookieParser());

• Uses Prettier for consistent formatting:

  • Install: npm i -D prettier

  • Create .prettierrc:

    {
    "semi": true,
    "singleQuote": true,
    "tabWidth": 2,
    "trailingComma": "es5"
    }

• Follows production security: DB access IP-limited in MongoDB Atlas.

• • Keep .env secure and gitignored

• Use .gitkeep to track empty folders

• Modularize code into src with subfolders

• Use cors for restricted API access

• Apply size limits to incoming requests:

  app.use(express.json({ limit: "16kb" }));

• Store access & refresh token expiry values in .env

• Restrict MongoDB Atlas access to IP ranges (never 0.0.0.0/0 in production)

• Always catch async DB errors in routes or use asyncHandler

This section provides a comprehensive overview of web standards around HTTP, including the purpose of headers, common types, security practices, CORS configuration, HTTP methods with examples, and standard response codes.

Headers are key-value pairs sent with HTTP requests/responses. They provide metadata to help the client or server understand how to process the data.

They are used for:

• Authentication
• Managing state
• Caching
• Content Negotiation

Before 2012, custom headers often started with X- (e.g. X-Custom-Token). Since then, the standard has deprecated the use of X- prefixes in favor of meaningful names.

Example:

• Request Headers: Sent by the client (browser or Postman).
• Response Headers: Sent by the server (Express, Django, etc.).
• Representation Headers: Describe the encoding or compression.
• Payload Headers: Describe the body data being transferred.

Cross-Origin Resource Sharing allows restricted resources on a web page to be requested from another domain.

Example (Express.js POST endpoint):

Status codes indicate the result of an HTTP request. They are grouped into five categories:

• Never push .env or secrets -- use .gitignore to exclude them.
• In MongoDB Atlas, restrict access to your server IP only.
• Place all DB connections in try-catch blocks to avoid crashes.
• Serve secure headers with packages like helmet.

To take your backend development to the next level:

• System Design
• Database Design
• Code Optimization
• Debugging & Profiling

• JWT Official Docs
• Cloudinary Docs
• Mongoose Docs
• Express Docs
• Multer Docs

This project is open source and available under the MIT License.