A robust and scalable RESTful API backend for the iTask todo application, featuring user authentication, collection management, and todo organization with sharing capabilities.
iTask Backend is a full-featured Node.js/Express server that powers the iTask todo application. It provides a comprehensive API for:
- User Management: Complete authentication system with JWT-based security
- Collections: Organize todos in collections (folders) with privacy controls
- Todo Management: Create, update, share, and track todo items
- Access Control: Fine-grained permissions system for data security
- API Security: HTTP-only cookies, secure JWT handling, and proper error management
- Runtime: Node.js
- Framework: Express.js
- Database: MongoDB with Mongoose ODM
- Authentication: JWT (JSON Web Tokens)
- Security:
- bcrypt (password hashing)
- HTTP-only cookies
- CORS enabled
- Development: Nodemon for hot reloading
The application implements a secure authentication system using:
-
JWT Tokens:
- Access Token (short-lived)
- Refresh Token (longer validity)
- Stored in HTTP-only cookies for security
-
Security Measures:
- Passwords hashed using bcrypt
- Secure cookie settings
- Token refresh mechanism
- Protected routes using authentication middleware
-
Session Flow:
Login/Register → JWT Created → Stored in HTTP-only Cookie → Access Protected Routes → Token Expiry → Refresh Token → New Access Token
src/
├── controllers/ # Route controllers
│ ├── collection.controller.js
│ ├── todo.controller.js
│ └── user.controller.js
├── models/ # Mongoose models
│ ├── collection.model.js
│ ├── todo.model.js
│ └── user.model.js
├── routes/ # API routes
│ ├── collection.route.js
│ ├── todo.route.js
│ └── user.route.js
├── middlewares/ # Custom middleware
│ ├── auth.middleware.js
│ └── error.middleware.js
├── utils/ # Utility functions
├── app.js # Express app setup
└── index.js # Server entry point
- Node.js (v14 or higher)
- MongoDB instance
- npm or yarn
-
Clone the repository:
git clone https://github.com/RDFearless/todo-backend.git cd todo-backend -
Install dependencies:
npm install
-
Create a .env file:
PORT=8000 MONGODB_URI=your_mongodb_uri ACCESS_TOKEN_SECRET=your_access_token_secret REFRESH_TOKEN_SECRET=your_refresh_token_secret ACCESS_TOKEN_EXPIRY=1d REFRESH_TOKEN_EXPIRY=10d -
Start the development server:
npm run dev
For detailed API documentation, please refer to docs/API.md.
Built with ❤️ by Rudra Desai