sk
logo
Loading...
Production-API project showcase
~/cd ..
github [#142]Created with Sketch.

About This Project

A TypeScript Express REST API focused on user authentication, session management, and product resource handling. The codebase includes validation, structured logging, metrics and a Docker ready build pipeline.

Key Features

  • JSON Web Token authentication with access token and refresh token
  • Persistent session management stored in MongoDB
  • Product create read update delete workflow with ownership checks
  • Request validation using Zod schemas
  • Structured logging with Pino and readable output with pino pretty
  • Lightweight metrics server exposing Prometheus compatible metrics
  • Development scripts with fast restart and TypeScript compile step
  • Containerized build and run via Dockerfile

Development Progress

Overall ProgressComplete

Core features implemented and build pipeline configured. Ready for production deployment after environment verification and secrets configuration.

Technology Stack

Node.js
TypeScript
Express
MongoDb
file_type_jest
Jest
Docker

The Journey Behind

Motivation

Build a maintainable API template that demonstrates secure authentication flows, session handling and resource ownership checks while remaining easy to extend and test.

  • Provide a clear authentication pattern using JWT and server side sessions
  • Offer a small but complete product resource example with authorization checks
  • Demonstrate best practices for validation logging and metrics
  • Make the project easy to run locally and in a container

Development Journey

Initialized TypeScript project and added Express with modular routing

Implemented user model and secure password handling

Added session persistence and token signing utilities

Built product resource handlers with ownership validation

Added logging metrics and test scaffolding

Problems Faced

  • Token Management:Designing a safe refresh token flow while keeping session persistence simple and auditable.
  • Request Validation:Ensuring validation is comprehensive but does not cause request hangs when payload fields are missing.
  • Performance Versus Safety:Balancing higher password hashing factors with acceptable development iteration times.
  • Environment Complexity:Managing RSA key material and database credentials in a way that supports local development and container deployment.

Key Learnings

  • Separation of Concerns:Keeping controllers services and utilities separate simplifies testing and future extension.
  • Defensive Validation:Using a typed validation layer prevents a class of runtime errors and improves API contract clarity.
  • Observability:Adding logging and metrics early makes debugging and capacity planning far easier.
  • Deployment Parity:A reproducible Docker build plus clear environment expectations reduces surprises when moving between environments.

Want to see more projects?

Explore my other projects to see different technologies and approaches to solving various problems.

View All Projects