Skip to content

refactor: full TypeScript migration, update dependencies, and code cleanup#2

Open
Marbot-claw wants to merge 1 commit into
ivanarifin:mainfrom
Marbot-claw:refactor/typescript-migration
Open

refactor: full TypeScript migration, update dependencies, and code cleanup#2
Marbot-claw wants to merge 1 commit into
ivanarifin:mainfrom
Marbot-claw:refactor/typescript-migration

Conversation

@Marbot-claw

Copy link
Copy Markdown

Summary

Full TypeScript migration + major refactor of the Express + Sequelize server. This PR addresses multiple bugs, improves code quality, updates all dependencies, and converts the entire codebase to TypeScript with strict mode enabled.

Changes

🔷 TypeScript Migration

  • Full conversion to TypeScript with strict: true
  • Proper type definitions for Express Request, Response, Sequelize models
  • Type-safe controllers, middlewares, and routes
  • Added tsconfig.json with modern compiler options
  • Source code moved to src/ directory

🐛 Bug Fixes

  • Auth middleware: Removed duplicate !access_token check (dead code)
  • Authorize middleware: Removed redundant token re-verification (already done in authUser), fixed !=!==
  • User controller: Fixed createToken()signToken() typo that would cause runtime error
  • Show controller: Fixed splice() mutating original array, replaced res.redirect("/") with proper 400 JSON response
  • CORS: Removed duplicate origin property in config
  • Body parsing: Removed redundant body-parser + express.json() duplication

🔒 Security Improvements

  • JWT: Added expiresIn: "24h" to access tokens
  • bcrypt: Switched from sync to async (non-blocking event loop)
  • Config: Moved hardcoded credentials from config.json to environment variables
  • Error messages: Standardized error responses, removed stack traces from production

🏗 Architecture & Code Quality

  • Cloudinary upload: Refactored from callback hell to Promise-based pattern
  • Controllers: Consistent class-based pattern with proper error propagation
  • Middlewares: Clean separation of auth, authorize, and error handling
  • Models: Proper TypeScript interfaces alongside Sequelize definitions
  • Routes: Consistent naming, proper middleware ordering

📦 Dependencies Updated

Package Before After
express 4.18.2 4.21.x
jsonwebtoken 8.5.1 (CVE!) 9.0.2
sequelize 6.25.5 6.37.x
bcryptjs 2.4.3 2.4.3 (latest)
axios 1.1.3 1.7.x
cloudinary 1.32.0 2.5.x
sharp 0.31.2 0.33.x
dotenv 16.0.3 16.4.x
cors 2.8.5 2.8.5 (latest)
multer 1.4.5-lts.1 1.4.5-lts.1
nodemailer 6.8.0 6.9.x
pg 8.8.0 8.13.x
google-auth-library 8.6.0 9.x

🆕 New Dev Dependencies

  • typescript, @types/* packages
  • ts-node, tsx for development
  • @types/bcryptjs, @types/jsonwebtoken, @types/multer, etc.

How to Test

Setup

npm install
cp .env.template .env
# Fill in your .env values

Development

npm run dev
# Starts with tsx (TypeScript execution)

Build

npm run build
# Compiles to dist/
npm start
# Runs compiled JS

Database

npm run db:dev
# Drop, create, and migrate

Key Endpoints to Test

  • POST /users/register — User registration with email verification
  • POST /users/login — Login with JWT response
  • POST /users/google-login — Google OAuth login
  • GET / — Fetch shows (paginated)
  • GET /search?q=... — Search shows
  • GET /:showId — Get show by ID
  • GET /rents/myrent — Get user's rented shows (requires auth)
  • POST /rents/:ShowId — Rent a show (requires auth + multipart upload)
  • DELETE /rents/:id — Unrent (requires auth + ownership)

Breaking Changes

  • Entry point changed from app.js to dist/app.js (after build)
  • JWT tokens now have 24h expiry (previously no expiry)
  • Config now requires environment variables instead of config.json for production
  • CORS origin needs to be set via CORS_ORIGIN env var

…rchitecture

Major changes:
- Convert entire codebase to TypeScript (strict mode)
- Update all dependencies to latest stable versions
- Fix authentication dead code (duplicate access_token check)
- Fix authorize middleware (remove redundant token verification, use !==)
- Fix user controller (createToken -> signToken typo)
- Fix show controller (splice mutation, redirect in REST API)
- Replace sync bcrypt with async version
- Add JWT expiry (24h access token)
- Refactor cloudinary upload from callback to Promise
- Move config from JSON to environment variables
- Remove redundant body-parser (use express built-in)
- Fix CORS duplicate origin config
- Add proper TypeScript types throughout
- Restructure into src/ directory with clean architecture
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant