A production-ready Express.js backend boilerplate with TypeScript, Prisma, Redis, and comprehensive security features.
- π Express.js with TypeScript
- ποΈ Prisma ORM with PostgreSQL
- β‘ Redis for caching and sessions
- π JWT Authentication with refresh tokens
- π‘οΈ Security (Helmet, CORS, Rate Limiting)
- π Request Logging with Winston
- β Input Validation with Zod
- π§ͺ Testing with Jest
- π³ Docker support
- π Graceful Shutdown
- π API Documentation ready
- Node.js 18+
- PostgreSQL
- Redis
- Docker & Docker Compose (optional)
- Clone the repository:
git clone <repository-url>
cd crm-backend- Install dependencies:
npm install- Set up environment variables:
cp .env.example .env
# Edit .env with your configuration- Set up the database:
npm run db:migrate
npm run db:seed- Start development server:
npm run devThe server will start on http://localhost:3000
| Variable | Description | Default |
|---|---|---|
NODE_ENV |
Environment mode | development |
PORT |
Server port | 3000 |
DATABASE_URL |
PostgreSQL connection string | Required |
REDIS_HOST |
Redis host | 127.0.0.1 |
REDIS_PORT |
Redis port | 6379 |
JWT_SECRET |
JWT signing secret | Required |
JWT_EXPIRES_IN |
JWT expiration time | 7d |
BCRYPT_ROUNDS |
Password hashing rounds | 12 |
RATE_LIMIT_WINDOW_MS |
Rate limit window | 900000 |
RATE_LIMIT_MAX_REQUESTS |
Max requests per window | 100 |
LOG_LEVEL |
Logging level | info |
CORS_ORIGIN |
CORS allowed origin | http://localhost:3000 |
# Development
npm run dev # Start development server with hot reload
npm run build # Build for production
npm run start # Start production server
# Database
npm run db:generate # Generate Prisma client
npm run db:migrate # Run database migrations
npm run db:push # Push schema changes
npm run db:studio # Open Prisma Studio
npm run db:seed # Seed database
# Testing
npm run test # Run tests
npm run test:watch # Run tests in watch mode
npm run test:coverage # Run tests with coverage
# Code Quality
npm run lint # Lint code
npm run format # Format code
npm run type-check # TypeScript type checking
# Docker
npm run docker:build # Build Docker image
npm run docker:run # Run Docker container
npm run docker:compose:up # Start with Docker Compose
npm run docker:compose:down # Stop Docker ComposePOST /v1/auth/register # User registration
POST /v1/auth/login # User login
POST /v1/auth/refresh-token # Refresh access token
POST /v1/auth/logout # User logout
GET /v1/auth/profile # Get user profile
PUT /v1/auth/profile # Update user profile
PUT /v1/auth/change-password # Change password
GET /health # Application health check
src/
βββ config/ # Configuration files
β βββ database.ts # Database and Redis setup
β βββ index.ts # Environment configuration
β βββ logger.ts # Winston logger setup
β βββ moduleAlias.ts # Module alias configuration
βββ controllers/ # Route controllers
β βββ v1/
β βββ auth/
β βββ admin.controller.ts
β βββ index.ts
βββ handlers/ # Error and async handlers
β βββ async.handler.ts
β βββ error.handler.ts
βββ middlewares/ # Custom middlewares
β βββ auth.middleware.ts # Authentication middleware
β βββ validation.middleware.ts # Input validation
βββ routes/ # Route definitions
β βββ v1/
β βββ auth/
β βββ routes.ts
βββ services/ # Business logic services
β βββ auth.service.ts # Authentication service
β βββ redis.service.ts # Redis service
βββ utils/ # Utility functions
β βββ APIError.ts # Custom error class
β βββ auth.utils.ts # Authentication utilities
βββ validations/ # Input validation schemas
β βββ index.ts
βββ app.ts # Express app setup
βββ index.ts # Server entry point
- Helmet: Security headers
- CORS: Cross-origin resource sharing control
- Rate Limiting: API rate limiting
- Input Validation: Request validation with Joi
- Password Hashing: bcrypt with configurable rounds
- JWT Tokens: Secure token-based authentication
- Token Blacklisting: Logout functionality
- SQL Injection Protection: Prisma ORM
- XSS Protection: Helmet and input sanitization
- Compression: Response compression
- Connection Pooling: Database connection pooling
- Redis Caching: Session and data caching
- Graceful Shutdown: Proper cleanup on exit
- Request ID Tracking: Request correlation
- Logging: Structured logging with Winston
# Start all services
npm run docker:compose:up
# View logs
docker compose -f docker/compose.yaml logs -f
# Stop services
npm run docker:compose:down# Build image
npm run docker:build
# Run container
npm run docker:run# Build and start all services
npm run docker:compose:up
# Check logs
docker compose -f docker/compose.yaml logs -f
# Stop services
npm run docker:compose:down# Build for production
npm run build
# Start production server
npm run start- Set
NODE_ENV=production - Configure production database
- Set strong
JWT_SECRET - Configure Redis for production
- Set up reverse proxy (nginx)
- Configure SSL certificates
# Run all tests
npm run test
# Run with coverage
npm run test:coverage
# Run in watch mode
npm run test:watch- Health check endpoint:
GET /health - Winston logs in
./logs/ - Docker health checks
- Docker container logs:
docker compose -f docker/compose.yaml logs -f
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Run linting:
npm run lint - Run tests:
npm run test - Submit a pull request
ISC