A robust and scalable RESTful API backend for a social media platform built with Node.js, Express, and MongoDB. This backend supports user authentication, tweet management, likes, and real-time content delivery with advanced features like OTP verification, image uploads, and comprehensive user management.
- JWT-based Authentication with access and refresh tokens
- OTP Email Verification for new accounts
- Password Management with bcrypt encryption
- Rate Limiting to prevent abuse (100 requests per 15 minutes)
- Cookie-based Session Management
- CORS Configuration for secure cross-origin requests
- User registration with email verification
- Login/Logout functionality
- Profile management with avatar uploads
- Password change capability
- Token refresh mechanism
- Get current user details
- Create tweets with text and optional images
- Update existing tweets
- Delete tweets
- View all tweets (public feed)
- View user-specific tweets
- Image optimization via Cloudinary
- Like/Unlike tweets
- Track likes per tweet
- User engagement analytics
- Get all tweets with user information
- Get user-specific content
- Optional authentication for public content viewing
- Runtime: Node.js
- Framework: Express.js 5.x
- Database: MongoDB with Mongoose ODM
- Authentication: JWT (JSON Web Tokens)
- Image Storage: Cloudinary
- Email Service: Resend / Nodemailer / EmailJS
- File Upload: Multer
- Security: bcrypt, express-rate-limit, CORS, compression
src/
βββ app.js # Express app configuration
βββ index.js # Entry point
βββ constants.js # Application constants
βββ controllers/ # Request handlers
β βββ user.controller.js # User operations
β βββ tweet.controller.js # Tweet CRUD operations
β βββ like.controller.js # Like/Unlike operations
β βββ dashboard.controller.js # Feed & analytics
β βββ healthcheck.controller.js
βββ models/ # Database schemas
β βββ user.model.js # User schema with auth methods
β βββ tweet.model.js # Tweet schema
β βββ like.model.js # Like relationships
β βββ follower.model.js # Follower relationships
βββ routes/ # API routes
β βββ user.routes.js
β βββ tweet.routes.js
β βββ like.routes.js
β βββ dashboard.routes.js
β βββ healthcheck.routes.js
βββ middlewares/ # Custom middleware
β βββ auth.middleware.js # JWT verification
β βββ optionalAuth.middleware.js
β βββ multer.middleware.js # File upload handling
β βββ errorHandler.middleware.js
βββ utils/ # Helper functions
β βββ ApiResponse.js # Standardized responses
β βββ ApiError.js # Custom error class
β βββ asyncHandler.js # Async error wrapper
β βββ cloudinary.js # Image upload service
β βββ deleteFromCloudinary.js
β βββ getOptimizedUrl.js
β βββ sendOTP.js # Email OTP service
βββ db/
βββ index.js # Database connection
Base URL: /api/v1/users
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| POST | /create-account |
Register a new user | β |
| POST | /login |
User login | β |
| POST | /verify-otp |
Verify email with OTP | β |
| POST | /r/otp |
Request new OTP | β |
| GET | /logout |
User logout | β |
| GET | /me |
Get current user details | β |
| GET | /new-access-token |
Refresh access token | β |
| PATCH | /u/avatar |
Update user avatar | β |
| PATCH | /c/password |
Change password | β |
Base URL: /api/v1/tweet
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| POST | /t/upload |
Create a new tweet | β |
| PATCH | /t/update/:tweetId |
Update tweet | β |
| DELETE | /t/delete/:tweetId |
Delete tweet | β |
Base URL: /api/v1/like
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| GET | /tweet/:tweetId |
Toggle like on tweet | β |
Base URL: /api/v1/home
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| GET | /all-content |
Get all tweets (feed) | Optional |
| GET | /user-content/:username |
Get user's tweets | Optional |
Base URL: /api/v1/healthcheck
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| GET | / |
Server health status | β |
- Register: User creates account β OTP sent to email
- Verify: User enters OTP β Account activated
- Login: User logs in β Receives access & refresh tokens
- Protected Routes: Access token required in cookies
- Token Refresh: Refresh token generates new access token
- Logout: Clears tokens from cookies
POST /api/v1/users/create-account
Content-Type: application/json
{
"username": "johndoe",
"fullName": "John Doe",
"email": "john@example.com",
"password": "SecurePass123"
}POST /api/v1/tweet/t/upload
Content-Type: multipart/form-data
Authorization: Bearer <token>
{
"content": "Hello World! This is my first tweet",
"image": <file>
}GET /api/v1/home/all-content- Password Hashing: bcrypt with 10 salt rounds
- JWT Tokens: Separate access (1d) and refresh tokens (10d)
- Rate Limiting: 100 requests per 15 minutes per IP
- HTTP-only Cookies: Secure token storage
- Data Validation: Required field validation
- Error Handling: Centralized error middleware
- CORS Protection: Configurable origin whitelist
- File Upload Limits: 16kb JSON payload limit
express- Web frameworkmongoose- MongoDB ODMjsonwebtoken- JWT authenticationbcrypt- Password hashingmulter- File upload handlingcloudinary- Image storagecookie-parser- Cookie parsingcors- CORS middlewareexpress-rate-limit- Rate limitingcompression- Response compressionresend- Email service
nodemon- Development auto-reloadprettier- Code formatting
Copyright (c) 2025 Pritesh Thorat - All Rights Reserved. This code is available for viewing and educational purposes only. See the LICENSE file for details.
Pritesh Thorat
- GitHub: @PriteshThorat
- Repository: Social-Media-Platform-Backend
Please report bugs and issues on the GitHub Issues page.
Made with β€οΈ by Pritesh Thorat