A comprehensive, production-ready Monolith template with authentication, search, notifications, payments, and fine-grained permissions built with Node.js, Express, MongoDB, Redis, and Elasticsearch.
π Table of Contents
- β¨ Features
- π Prerequisites
- π Getting Started
- π Project Structure
- βοΈ Configuration
- π οΈ Available Scripts
- οΏ½ Search y& Analytics
- π Notifications
- π³ Payment Integration
- οΏ½ Permissi(ons & Authorization
- βοΈ Cloud Storage
- π API Documentation
- π Security Features
- π§ͺ Testing
- π API Endpoints
- π€ Contributing
- π License
π Complete Authentication System
- β User registration with email verification
- β Login with JWT (access and refresh tokens)
- β Secure password reset flow
- β Account confirmation mechanism
- β Session management with Redis
- β Secure password handling with bcrypt
- β Refresh token rotation
π‘οΈ Security First Approach
- β CORS protection with configurable origins
- β Helmet security headers
- β Intelligent rate limiting
- β MongoDB sanitization against NoSQL injection
- β XSS protection with input sanitization
- β Secure HTTP-only cookies
- β Comprehensive input validation with Joi
- β Content security policies
π Advanced Search & Analytics
- β Elasticsearch integration with semantic search
- β Vector embeddings with Google Gemini AI
- β Full-text search with fuzzy matching
- β Search analytics and performance metrics
- β Custom search pipelines and aggregations
- β Real-time indexing and data synchronization
- β Search suggestions and autocomplete
π Smart Notifications
- β Multi-channel notifications (Email, SMS, Push, In-App)
- β Novu integration for notification workflows
- β User notification preferences management
- β Device management for push notifications
- β Notification templates and personalization
- β Delivery tracking and analytics
- β Scheduled and triggered notifications
π³ Payment Processing
- β Razorpay integration for secure payments
- β Subscription management and billing
- β Payment webhooks and event handling
- β Invoice generation and management
- β Refund and dispute handling
- β Payment analytics and reporting
- β Multi-currency support
π Fine-Grained Permissions
- β OpenFGA integration for relationship-based access control
- β Role-based and attribute-based permissions
- β Dynamic permission evaluation
- β Permission inheritance and delegation
- β Audit trails for permission changes
- β Real-time permission updates
- β Custom authorization policies
βοΈ Cloud Storage & CDN
- β AWS S3 integration for file storage
- β Secure file upload with presigned URLs
- β Image processing and optimization
- β CDN integration for fast delivery
- β File versioning and backup
- β Access control and permissions
- β Automatic database backups to S3
π Production Ready
- β Dockerized deployment with HMR in development
- β Request timeout configuration for reliability
- β Webpack bundling for optimized builds
- β Environment-specific configurations
- β Comprehensive error handling with correlation IDs
- β
Interactive API documentation at
/api-docs - β Structured logging with Loki integration
- β Health check endpoints with dependency monitoring
- β Prometheus metrics and Grafana dashboards
- β RabbitMQ and Kafka for event-driven architecture
π¨βπ» Developer Experience
- β Hot reloading in development
- β Code linting and formatting with ESLint and Prettier
- β Git hooks with Husky
- β Comprehensive test suite
- β Conventional commit messages
- β Clear project structure
- β Utility scripts for common tasks
| Node.js | β₯ 22.14.0 |
| npm | β₯ 10.7.0 |
| MongoDB | β₯ 7.0 |
| Redis | β₯ 7.0 |
| Elasticsearch | β₯ 8.0 |
| Docker & Docker Compose | For containerized deployment with HMR |
β¬οΈ Installation
- Clone the repository
git clone https://github.com/Harmeet10000/production-grade-auth-template.git
cd production-grade-auth-template- Install dependencies
npm i
pnpm i- Set up environment variables
Create a .env.development file in the root directory with the following variables:
# Server
# Server Configuration
NODE_ENV=development
PORT=8000
SERVER_URL=
FRONTEND_URL=http://localhost:5173
# Database Configuration
DATABASE=
DB_POOL_SIZE=
# Migration
MIGRATE_MONGO_URI=
MIGRATE_AUTOSYNC=true
# Redis Configuration
REDIS_HOST=
REDIS_PORT=
REDIS_USERNAME=
REDIS_PASSWORD=
# RabbitMQ Configuration
RABBITMQ_URL=
RABBITMQ_PRIVATE_URL=
RABBITMQ_NODENAME=
RABBITMQ_DEFAULT_USER=
RABBITMQ_DEFAULT_PASS=
# Kafka Configuration
KAFKA_BROKER=
KAFKA_USERNAME=
KAFKA_PASSWORD=
KAFKA_TOPIC=
KAFKA_SERVICE_URI=
KAFKA_HOST=
KAFKA_PORT=
KAFKA_SSL_CA_CERT=
KAFKA_SSL_CERT=
KAFKA_SSL_KEY=
KAFKA_SSL_ENABLED=true
# JWT Configuration
ACCESS_TOKEN_SECRET=
REFRESH_TOKEN_SECRET=
ACCESS_TOKEN_EXPIRY=
REFRESH_TOKEN_EXPIRY=
# Email Configuration
RESEND_KEY=
# Log Configuration
LOG_LEVEL=debug
# S3 Backup Configuration
S3_BACKUP_ENABLED=false
S3_BUCKET_NAME=db-backups
AWS_REGION=us-east-1
S3_PREFIX=mongodb-backups/
BUCKET_NAME=""
BUCKET_REGION="ap-south-1"
ACCESS_KEY=""
SECRET_ACCESS_KEY=""
# Backup Configuration
RUN_BACKUP_ONCE=false
# Google OAuth Configuration
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=GOCSPX-
GOOGLE_REDIRECT_URIS=
# Gemini
GEMINI_API_KEY=
# OpenFGA Configuration
OPENFGA_API_URL=
OPENFGA_API_HOST=
OPENFGA_STORE_ID=
OPENFGA_STORE_NAME=
OPENFGA_MODEL_ID=
# Loki Configuration
LOKI_HOST=http://loki:3100
βΆοΈ Running the Application
docker compose up -d
or
npm run devnpm run build
npm run startπ³ Docker Deployment
docker build -t auth-service-dev -f docker/dev.Dockerfile .
docker run -p 8000:8000 --env-file .env.development auth-service-devdocker build -t auth-service-prod -f docker/prod.Dockerfile .
docker run -p 8000:8000 --env-file .env.production auth-service-prodπ API Documentation
Once the server is running, access the Swagger documentation at:
http://localhost:8000/api-docs
ποΈ Folder Organization
backend/
βββ docker/ # Docker configuration files
β βββ dev.Dockerfile
β βββ prod.Dockerfile
βββ docs/ # API documentation
β βββ swagger-output.json
β βββ swagger.js
βββ logs/ # Application logs
βββ nginx/ # Nginx configuration for deployment
β βββ http.conf
β βββ https.conf
βββ scripts/ # Utility scripts
β βββ cron.sh
β βββ dbBackup.js
β βββ docker.sh
βββ src/ # Source code
β βββ config/ # Configuration files
β βββ connections/ # Database and external service connections
β βββ examples/ # Code examples for various integrations
β βββ features/ # Feature-based modules
β β βββ auth/ # Authentication feature
β β β βββ authController.js
β β β βββ authService.js
β β β βββ authRepository.js
β β β βββ authRoutes.js
β β β βββ authValidation.js
β β β βββ authMiddleware.js
β β β βββ userModel.js
β β β βββ refreshToken.js
β β βββ health/ # Health check feature
β β βββ notifications/ # Notification system
β β βββ payments/ # Payment processing
β β βββ permissions/ # Authorization & permissions
β β βββ search/ # Search & analytics
β β βββ storage/ # File storage (S3)
β β βββ subscription/ # Subscription management
β βββ helpers/ # Helper utilities
β β βββ cache/ # Redis caching utilities
β β βββ messaging/ # Message queue utilities
β βββ middlewares/ # Express middlewares
β βββ utils/ # General utility functions
β βββ app.js # Express application setup
β βββ index.js # Application entry point
βββ test/ # Test files
βββ e2e/ # End-to-end tests
βββ unit/ # Unit tests
βββ integration/ # Integration tests
βββ performance/ # Performance tests
π Configuration Files
- webpack.config.js: Configures bundling for production deployment
- eslint.config.js: JavaScript linting rules
- commitlint.config.js: Conventional commit message validation
- test-runner.js: Test runner configuration
- prometheus.yml: Prometheus monitoring configuration
π NPM Commands
| Command | Description |
|---|---|
npm run dev |
Start the development server with hot reload |
npm run build |
Build the production bundle |
npm run dev:prod |
Run production build with nodemon |
npm start |
Start the production server |
npm run swagger |
Generate Swagger documentation |
npm test |
Run the test suite |
npm run test:watch |
Run tests in watch mode |
npm run test:coverage |
Run tests with coverage report |
npm run lint |
Check code for linting errors |
npm run lint:fix |
Fix linting errors automatically |
npm run format |
Check code formatting |
npm run format:fix |
Fix formatting issues automatically |
npm run migrate:dev |
Run database migrations in development |
npm run migrate:prod |
Run database migrations in production |
π Security Implementation
- JWT Authentication: Secure token-based authentication with refresh token rotation
- Password Security: Bcrypt hashing with appropriate salt rounds
- Rate Limiting: Protection against brute force attacks
- Data Validation: Joi schemas for request validation
- HTTP Security Headers: Using Helmet middleware
- Cookie Security: HTTP-only, secure cookies with proper domain and path settings
- MongoDB Sanitization: Protection against NoSQL injection
- XSS Protection: Sanitization of user input
π§ Test Commands
Run all tests:
npm testRun tests in watch mode:
npm run test:watchGenerate test coverage report:
npm run test:coverageπ Contribution Guidelines
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'feat: Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the ISC License - see the LICENSE file for details.
Created with β€οΈ by Harmeet Singh