Shoishob Backend

Robust Node.js REST API built with TypeScript, Express.js, and MongoDB.
It powers the Shoishob platform, handling authentication, payments, and data access with production-grade security and code quality tooling.

✨ Key Features

Area	What You Get	Packages / Techniques
Typed Code	End-to-end TypeScript, strict `tsconfig`	`typescript`, `ts-node-dev`
Scalable API	Layered architecture (Routes → Controllers → Services → Models)	`express`, `mongoose`
Authentication	Stateless JWT auth (access + refresh tokens)	`jsonwebtoken`, HTTP-only cookies
Payments	Fully-integrated SSL Commerz flow (initiate → redirect → IPN)	`sslcommerz-lts`
Validation	Runtime payload validation & type inference	`zod`
Error Handling	Centralized error classes + global handler	Custom `ApiError`, `catchAsync`
Security	Helmet, rate-limiting, CORS, `.env` isolation	`helmet`, `express-rate-limit`, `cors`, `dotenv`
Dev Ex	Lint, format, pre-commit hooks, VS Code launch	`eslint`, `prettier`, `husky`, `lint-staged`
CI-ready	Dockerfile & GitHub Actions workflow (optional)	see Deployment

🏗️ Architectural Overview

System Architecture

Shoihob-backend follows a modular architecture with distinct components that handle specific business domains. The system is built using Node.js with Express framework and TypeScript, connecting to a MongoDB database for data persistence and integrating with SSLCommerz for payment processing.

Architectural Layers

The system follows a layered architecture pattern that promotes separation of concerns and maintainability.

📡 API Layer

This layer is responsible for handling HTTP requests and routing them to appropriate business logic.

Routes: Define API endpoints and connect them to corresponding controllers.
Controllers: Manage the request/response lifecycle and delegate core operations to services.
Middleware: Intercepts and processes requests before they reach the controller (e.g., authentication, input validation, error handling).

API Structure

The API is organized as a RESTful service with versioned endpoints. All routes are prefixed with /api/v1 and are organized by functionality. The Express router maps incoming requests to the appropriate controller functions.

🧠 Business Logic Layer

This layer contains Service Classes that encapsulate the core logic of the application. It:

Implements domain-specific rules and use cases.
Coordinates actions involving multiple models or external services.
Keeps controllers lean and focused on the request flow.

🗃️ Data Access Layer

Responsible for communicating with the database using Mongoose. It includes:

Schemas & Models: Define data structures and constraints for MongoDB collections.
CRUD Operations: Abstracts direct database operations and enforces a consistent access pattern.

🧩 Core Modules

The Shoihob-backend is structured into several key modules, each responsible for a distinct business function. This modular approach ensures better scalability, maintainability, and separation of concerns.

Module	Path	Description
User	`/user`	Handles user registration, profile management, and role-based access control.
Auth	`/jwt`	Manages authentication using JWT tokens.
Turf	`/turf`	Manages sports field listings, details, and maintenance.
Booking	`/bookings`	Handles turf reservation, scheduling, and payment processing.
Payment History	`/history`	Stores and manages transaction records and payment history.
Tournament	`/tournament-details`	Enables creation and management of tournaments.
Tournament Registration	`/tournamentRegistration`	Facilitates user registration and participation in tournaments.
Admin Stats	`/stats`	Provides analytics and system insights for administrators.
Owner Stats	`/ownerStats`	Delivers usage analytics specifically for turf owners.

Module	Description
User Module	Manages user accounts, profiles, and role-based access control (`user`, `admin`, `superAdmin`).
Authentication Module	Implements secure JWT-based authentication and authorization.
Turf Details Module	Handles sports venue data including availability, pricing, and location.
Turf Booking Module	Manages turf reservations, slot selection, payment processing, and confirmation.
Payment History Module	Tracks all transaction records, including bookings and tournament registrations.
Tournament Module	Manages tournament creation, scheduling, and turf associations.
Tournament Registration Module	Handles user registration for tournaments, with integrated payment processing.
Statistics Module	Provides analytical dashboards and metrics for admins and turf owners.

📁 Source Root: src/app/routes/index.ts

🧱 Module Structure

Each module adheres to a standardized internal structure, which improves code readability, collaboration, and scalability:

src/
 └── app/
      └── [module-name]/
           ├── controllers/     # Handles HTTP request/response logic
           ├── services/        # Contains core business logic
           ├── models/          # Mongoose schemas and data access definitions
           ├── routes/          # Defines REST API endpoints
           └── validators/      # Joi or Zod schemas for request validation (if any)

Request Flow

The following diagram illustrates how a typical request flows through the system:

Example: Booking a Turf

Authentication and Authorization

The system implements JWT (JSON Web Token) based authentication and role-based authorization.

Data Models

The system uses MongoDB as its database and Mongoose for object data modeling. The following diagram illustrates the key data models and their relationships:

Error Handling

The system implements a global error handling mechanism to ensure consistent error responses across all API endpoints.

Integration with External Services

The system integrates with external services, particularly for payment processing:

📂 Directory Layout

src/
├── app/
│   ├── module/
│   │   ├── User/
│   │   │   ├── User.controller.ts
│   │   │   ├── User.service.ts
│   │   │   ├── User.model.ts
│   │   │   ├── User.interface.ts
│   │   │   ├── User.constant.ts
│   │   │   └── User.validation.ts
│   │   └── Payment/  (etc.)
│   └── common/         # shared middlewares & utils
├── config/             # mongo, sslcommerz, etc.
├── constance/          # enumerations & magic numbers
├── errors/             # ApiError, global handler
├── shared/             # helpers (catchAsync, sendResponse, pick)
├── app.ts              # Express app
└── server.ts           # entry point (env, DB connect, graceful shutdown)

✅ Prerequisites

Node.js 20.4+ (LTS recommended)
Yarn 4.9+ or npm 10+
MongoDB (Atlas or local)
SSL Commerz merchant account

⚡ Quick Start

# 1. Clone
git clone https://github.com/tareksabbir/shoishob-backend.git
cd shoishob-backend

# 2. Install
yarn install        # or: npm ci

# 3. Configure
cp .env.example .env   # fill real secrets

# 4. Run dev server (auto-restart, TS support)
yarn start

Visit [http://localhost:5000 /health](http://localhost:5000 /health) → should return {status:"OK"}.

🔐 Environment Variables

Name	Example	Required	Description
`NODE_ENV`	`development`	✔	`development` / `production`
`PORT`	`5000`	✔	API port
`DATABASE_URL`	`mongodb+srv://...`	✔	Mongo connection string
`JWT_SECRET`	`s3cr3t`	✔	HS256 signing secret
`JWT_EXPIRES_IN`	`1d`	✔	Token TTL
`STORE_ID`	`shoishob_live`	✔	SSL Commerz store id
`STORE_PASSWORD`	`abcd1234`	✔	SSL Commerz key
`CLIENT_URL`	`https://shoishob.app`	✖	CORS allow-list
`RATE_LIMIT_WINDOW`	`15`	✖	minutes
`RATE_LIMIT_MAX`	`100`	✖	reqs per window

🛠️ Scripts

Command	What it does
`yarn start`	Start dev server with `ts-node-dev`
`yarn build`	Compile TypeScript to `dist`
`yarn start:prod`	Run compiled JS with `node`
`yarn lint:check`	ESLint analysis
`yarn lint:fix`	ESLint auto-fix
`yarn prettier:check`	Format check
`yarn prettier:fix`	Auto-format
`yarn test`	(add Jest tests soon)
`yarn lint-prettier`	Lint + format in one go

🚀 Production Deployment

1. Docker (recommended)

FROM node:20-alpine
WORKDIR /app
COPY package*.json ./
RUN yarn install --prod
COPY . .
RUN yarn build
CMD ["node", "dist/server.js"]

docker build -t shoishob-api .
docker run -p 5000:5000 --env-file .env shoishob-api

2. GitHub Actions CI

# .github/workflows/deploy.yml
name: Deploy
on: push
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: '20' }
      - run: yarn install --immutable
      - run: yarn test # add tests!
      - run: yarn build
      # TODO: docker push / ssh deploy / render.com deploy…

🧪 Testing Strategy

Unit tests: pure functions, services (jest, ts-jest)
Integration tests: Express routes with in-memory Mongo (supertest, mongodb-memory-server)
E2E: Postman/Newman or Playwright against staging

Add a __tests__/ folder mirroring src/. Aim for 80%+ coverage on business logic.

🌐 API Docs (Swagger/OpenAPI)

Install: yarn add swagger-ui-express swagger-jsdoc
Define specs in docs/openapi.yaml (see sample below).
Mount swagger UI in app.ts:

import swaggerUi from 'swagger-ui-express'
import specs from './docs'

app.use('/docs', swaggerUi.serve, swaggerUi.setup(specs))

Now GET /docs shows live API reference.

🔒 Security Hardening Checklist

helmet() HTTP headers
express-rate-limit 100 req/15 min per IP
.env never committed (git ignored)
Mongo connection retries, graceful shutdown
Mongoose ObjectId sanitization (mongoose-unique-validator)
Unit tests for auth & permissions
TODO: Enable CSRF protection for cookie-based auth
TODO: Turn on log redaction for sensitive fields

🐛 Graceful Error Handling

import { ApiError } from './errors'
import httpStatus from 'http-status'

throw new ApiError(httpStatus.BAD_REQUEST, 'Email already exists')

All thrown ApiErrors propagate to the global handler → client gets a consistent JSON error envelope:

{
  "success": false,
  "message": "Email already exists",
  "statusCode": 400,
  "stack": "..." // only in dev
}

💸 Payment Flow (SSL Commerz)

Client hits POST /api/v1/payments/init with cart & customer info.
Server creates transaction, gets GatewayPageURL, returns to client.
Client redirects user → SSL Commerz hosted checkout.
After payment, SSL Commerz calls IPN → POST /api/v1/payments/ipn.
We verify signature, update order status, trigger webhooks or emails.
User redirected back to our success or cancel page.

✍️ Commit & Branch Convention

main – always deployable
dev – integration branch
feature/xyz, bugfix/123 – short-lived topic branches

Commit messages follow Conventional Commits:

feat(user): add password reset
fix(payment): correct amount rounding

🤝 Contributing

Fork & create a topic branch: git checkout -b feat/cool-stuff
Run yarn lint-prettier and add tests.
Commit & push, then open a Pull Request.

All PRs trigger CI: lint, tests, type-check.

🗺️ Roadmap

☐ Refresh-token rotation & logout-all
☐ 2-FA (TOTP)
☐ Soft-delete + audit logs
☐ GraphQL gateway (stretch goal)

🙋 FAQ

Mongo fails to connect on first start

Check that the DATABASE_URL in .env points to an SRV Atlas URL or your local instance, and your IP is whitelisted in Atlas.

How do I seed initial data?

Run yarn ts-node scripts/seed.ts (script coming soon).

📝 License

MIT

Author

Md. Tarek Rahman Sabbir – https://github.com/tareksabbir

Name		Name	Last commit message	Last commit date
Latest commit History 32 Commits
.husky		.husky
.vscode		.vscode
.yarn		.yarn
dist		dist
readme_images		readme_images
src		src
.eslintignore		.eslintignore
.eslintrc		.eslintrc
.gitignore		.gitignore
.prettierrc		.prettierrc
.yarnrc.yml		.yarnrc.yml
README.md		README.md
package.json		package.json
tsconfig.json		tsconfig.json
vercel.json		vercel.json
yarn-error.log		yarn-error.log
yarn.lock		yarn.lock

tareksabbir/Shoihob-backend

Folders and files

Latest commit

History

Repository files navigation