A robust and scalable backend API for the official EvolVIT website. This service manages all event data, authentication, and core business logic for the club's web presence.
The backend follows a modern, modular, and scalable architecture pattern:
- MVC Pattern: Follows a Model-View-Controller architecture for clear separation of concerns.
- Modular Structure: The application is divided into independent modules (
auth,events,users,core) that can be developed, tested, and scaled in isolation. - Secure by Design: Built with security in mind, featuring JWT-based authentication, secure password hashing, and rate limiting.
- Scalable: Designed to handle high concurrency with a proper connection pooling strategy.
- Node.js: JavaScript runtime environment.
- Express.js: Fast, unopinionated web framework for Node.js.
- PostgreSQL: Robust relational database management system.
- Sequelize: Promise-based Node.js ORM for PostgreSQL, providing model definition, migrations, and relationship management.
- pg: PostgreSQL client for Node.js.
- JWT (JSON Web Tokens): Secure token-based authentication.
- Bcrypt.js: Strong password hashing algorithm.
- Helmet: Collection of 14 small Express.js middleware utilities to set secure HTTP headers.
- cors: Middleware to enable Cross-Origin Resource Sharing.
- express-rate-limit: Simple rate limiting middleware for Express.
- Swagger UI: Interactive API documentation with auto-generated UI.
- swagger-jsdoc: Parses JSDoc comments to generate Swagger/OpenAPI documentation.
- openapi-types: TypeScript types for OpenAPI specifications.
src/
βββ config/ # Environment and database configuration
βββ models/ # Sequelize model definitions
βββ controllers/ # Business logic layer
βββ routes/ # API route definitions and middleware
βββ middleware/ # Custom middleware (auth, validation, security)
βββ services/ # Reusable business logic services
βββ validations/ # Request validation schemas
βββ utils/ # Utility functions
The API documentation is automatically generated and available at:
- Swagger UI: [Base URL]/api-docs
- OpenAPI Spec: [Base URL]/api-docs.json
POST /auth/register: Register a new userPOST /auth/login: User login and token generationPOST /auth/refresh: Refresh expired access tokens
GET /users/me: Get current user profilePATCH /users/me: Update current user profilePATCH /users/me/password: Change user passwordGET /users/ leaderboard: Get user leaderboard
GET /events: Get all events (with optional filtering)POST /events: Create a new event (Admin only)GET /events/:id: Get event by IDPATCH /events/:id: Update event (Admin only)DELETE /events/:id: Delete event (Admin only)
GET /events/:id/registrations: Get event registrations (Admin only)GET /events/:id/registered: Check if current user is registeredPOST /events/:id/register: Register for eventDELETE /events/:id/unregister: Unregister from event
POST /events/:eventId/photos/submit: Submit photo (Admin only)POST /events/:eventId/photos/judge: Rate a photo (Judge only)POST /events/:eventId/photos/:photoId/highlight: Mark as highlight (Admin only)GET /events/:eventId/photos/summary: Get photo ratings summary (Admin only)
The application uses environment variables for configuration. A .env file should be created in the root directory (though .env is in .gitignore for security).
DATABASE_URL: PostgreSQL connection URL (e.g.,postgresql://user:password@localhost:5432/database)JWT_ACCESS_SECRET: Secret key for JWT signingJWT_REFRESH_SECRET: Secret key for refresh tokensJWT_ACCESS_EXPIRY: Access token expiration time (e.g.,1h)JWT_REFRESH_EXPIRY: Refresh token expiration time (e.g.,7d)
PORT: Server port (default:3000)NODE_ENV: Environment (development, production, etc.)
-
Clone the repository
git clone https://github.com/EvolVIT-Club/evolvit-backend.git cd evolvit-backend -
Install dependencies
npm install
-
Create environment file
cp .env.example .env # If .env.example exists # OR manually create .env file with required variables
-
Database Setup
Ensure PostgreSQL is running and the database exists. Run migrations to create tables:
npm run db:migrate
To seed the database with initial data:
npm run db:seed
-
Start Development Server
npm run dev
The server will start on
http://localhost:3000.
The backend uses Sequelize migrations to manage database schema changes.
-
Create a new migration:
npx sequelize-cli migration:create --name=migration-name
-
Run pending migrations:
npm run db:migrate
-
Rollback the last migration:
npm run db:migrate:undo
-
Rollback all migrations:
npm run db:migrate:undo:all
The backend uses JWT for authentication. Users must be authenticated to access protected routes.
- Login to get an access token
- Include the token in the
Authorizationheader asBearer <token>
The system supports three roles:
- admin: Full access to all features, including event and photo management
- judge: Can rate photos (specific events only)
- user: Standard user with event registration and profile management
MIT License
Contributions are welcome! Please read the CONTRIBUTING.md (if available) for detailed guidelines.
- Fork the repository
- Create a feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
(Add testing instructions if available)
Set DEBUG=true environment variable for detailed logs:
DEBUG=true npm run devPOST /events/2/register
Headers:
Authorization: Bearer <your-jwt-token>
Response: 200 OK
{
"id": 123,
"userId": 1,
"eventId": 2,
"registrationDate": "2024-01-15T1