A sophisticated full-stack project and task management platform built with the MERN stack and TypeScript. Aurum provides teams with real-time collaboration, Kanban task management, analytics, and WebSocket-powered notifications.
GET https://task-manager-backend-dbdx.onrender.com/health
Health Check:
GET https://task-manager-backend-dbdx.onrender.com/health
| Layer | Technology |
|---|---|
| Runtime | Node.js v22 |
| Framework | Express 5.2.1 |
| Language | TypeScript 5.9 |
| Database | MongoDB Atlas + Mongoose 9 |
| Auth | JWT (jsonwebtoken) |
| Validation | Zod |
| Password Hashing | bcryptjs |
| Real-time | WebSocket (Socket.io) |
| Logging | Winston |
| Dev Server | tsx watch |
| Build | tsc |
backend/
βββ .env.example
βββ package.json
βββ tsconfig.json
βββ render.yaml
β
βββ src/
βββ server.ts
β
βββ config/
β βββ db.ts # MongoDB connection
β
βββ models/
β βββ User.ts # User schema + bcrypt hooks
β βββ Project.ts # Project schema + virtuals
β βββ Task.ts # Task schema + comment sub-docs
β βββ Notification.ts # Notification schema
β
βββ validators/
β βββ auth.validator.ts # Zod schemas for auth
β βββ project.validator.ts # Zod schemas for projects
β βββ task.validator.ts # Zod schemas for tasks
β
βββ services/
β βββ authService.ts # Auth business logic
β βββ projectService.ts # Project business logic
β βββ taskService.ts # Task business logic
β βββ analyticsService.ts # Aggregation pipelines
β βββ notificationService.ts # Notification engine
β
βββ controllers/
β βββ authController.ts
β βββ projectController.ts
β βββ taskController.ts
β βββ analyticsController.ts
β βββ notificationController.ts
β
βββ routes/
β βββ auth.routes.ts
β βββ project.routes.ts
β βββ task.routes.ts
β βββ analytics.routes.ts
β βββ notification.routes.ts
β βββ index.ts
β
βββ middleware/
β βββ auth.ts # JWT protect + restrictTo
β βββ errorHandler.ts # Global error handler
β βββ validate.ts # Zod validation middleware
β
βββ types/
β βββ express.d.ts # Express.Request augmentation
β βββ index.ts # Shared TS types and DTOs
β βββ notification.types.ts # Notification type definitions
β
βββ utils/
βββ appError.ts # AppError class + asyncHandler
βββ jwt.ts # signToken + verifyToken
βββ logger.ts # Winston logger
- Node.js v20+
- MongoDB Atlas account
- npm v9+
# Clone the repository
git clone https://github.com/yourusername/aurum-backend.git
cd aurum-backend
# Install dependencies
npm install
# Set up environment variables
cp .env.example .envPORT=5000
NODE_ENV=development
MONGO_URI=mongodb+srv://<username>:<password>@cluster0.xxx.mongodb.net/aurum?retryWrites=true&w=majority
JWT_SECRET=generate_with_node_crypto_randomBytes_32
JWT_EXPIRES_IN=7d
CLIENT_URL=http://localhost:3000Generate a secure JWT_SECRET:
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"npm run devnpm run build
npm startAll endpoints are prefixed with /api/v1
| Method | Endpoint | Access | Description |
|---|---|---|---|
| POST | /auth/register |
Public | Register a new user |
| POST | /auth/login |
Public | Login and receive JWT |
| GET | /auth/me |
Protected | Get current user profile |
| PATCH | /auth/me |
Protected | Update current user profile |
Register:
POST /api/v1/auth/register
{
"name": "Michael Agwogie",
"email": "michael@example.com",
"password": "password123"
}Login:
POST /api/v1/auth/login
{
"email": "michael@example.com",
"password": "password123"
}Response:
{
"status": "success",
"data": {
"user": { "name": "Michael Adeyemi", "email": "...", "role": "member" },
"token": "eyJhbGci..."
}
}All project routes require Authorization: Bearer <token>
| Method | Endpoint | Description |
|---|---|---|
| GET | /projects |
Get all your projects (paginated) |
| POST | /projects |
Create a new project |
| GET | /projects/:id |
Get single project |
| PATCH | /projects/:id |
Update project |
| DELETE | /projects/:id |
Delete project |
| POST | /projects/:id/members/:memberId |
Add member to project |
| DELETE | /projects/:id/members/:memberId |
Remove member from project |
Create Project:
POST /api/v1/projects
{
"title": "TalentFlow LMS",
"description": "Unified learning management platform",
"priority": "high",
"color": "#c9a84c",
"status": "active",
"dueDate": "2025-06-01T00:00:00.000Z"
}Query Parameters for GET /projects:
?page=1&limit=10&sort=-createdAt&search=talentflow
All task routes require Authorization: Bearer <token>
| Method | Endpoint | Description |
|---|---|---|
| POST | /tasks |
Create a new task |
| GET | /tasks/project/:projectId |
Get all tasks for a project |
| GET | /tasks/:id |
Get single task |
| PATCH | /tasks/:id |
Update task |
| DELETE | /tasks/:id |
Delete task |
| PATCH | /tasks/:id/reorder |
Drag and drop reorder |
| POST | /tasks/:id/comments |
Add a comment |
| DELETE | /tasks/:id/comments/:commentId |
Delete a comment |
Create Task:
POST /api/v1/tasks
{
"title": "Build auth middleware",
"project": "64f1a2b3c4d5e6f7a8b9c0d1",
"priority": "high",
"status": "todo",
"estimatedHours": 4,
"dueDate": "2025-02-01T00:00:00.000Z"
}Reorder Task (Kanban drag and drop):
PATCH /api/v1/tasks/:id/reorder
{
"projectId": "64f1a2b3c4d5e6f7a8b9c0d1",
"status": "in-progress",
"position": 2
}All analytics routes require Authorization: Bearer <token>
| Method | Endpoint | Description |
|---|---|---|
| GET | /analytics/dashboard |
Summary stats + weekly chart data |
| GET | /analytics/projects |
Per project breakdown with task counts |
| GET | /analytics/team |
Team member performance metrics |
| GET | /analytics/tasks |
Task breakdown by status and priority |
All notification routes require Authorization: Bearer <token>
| Method | Endpoint | Description |
|---|---|---|
| GET | /notifications |
Get all notifications |
| PATCH | /notifications/:id/read |
Mark notification as read |
| PATCH | /notifications/read-all |
Mark all as read |
| DELETE | /notifications/:id |
Delete a notification |
Connect with:
const socket = io('https://aurum-backend.onrender.com', {
auth: { token: 'your_jwt_token' }
})| Event | Payload | Description |
|---|---|---|
notification:new |
{ notification } |
New notification received |
task:updated |
{ task } |
A task was updated |
task:created |
{ task } |
A new task was created |
project:updated |
{ project } |
A project was updated |
| Event | Payload | Description |
|---|---|---|
join:project |
{ projectId } |
Join a project room |
leave:project |
{ projectId } |
Leave a project room |
π‘οΈ Security
JWT Authentication β all protected routes require a valid Bearer token
Password Hashing β bcryptjs with 12 salt rounds
Helmet β secure HTTP headers
CORS β restricted to CLIENT_URL
NoSQL Sanitization β strips $ and . from request bodies
Custom Rate Limiting β 100 requests per 15 minutes per IP
Zod Validation β all request bodies validated before hitting services
Role-based Access β The User model supports admin, member, and viewer roles, and the restrictTo middleware is already built. Global role enforcement will be activated in a future update. Currently, all protected routes require a valid JWT and destructive project actions are restricted to the project owner.
name, email, password (hashed), avatar, role, isActive, lastSeen
title, description, status, priority, color, owner, members[],
tags[], dueDate, progress (0-100), budget, spent
Virtuals: budgetUtilization, isOverdue
title, description, status, priority, project, assignee, reporter,
tags[], dueDate, estimatedHours, loggedHours, comments[], position
Virtuals: isOverdue, commentCount
recipient, sender, type, title, message, read, link, metadata
Request
β
Express Router β matches route, runs middleware
β
Zod Validator β validates req.body / params
β
Auth Middleware β verifies JWT, attaches req.user
β
Controller β extracts req data, calls service
β
Service β business logic, DB queries, error throwing
β
Mongoose Model β talks to MongoDB Atlas
β
Response β consistent { status, data } shape
Error Flow:
Service throws AppError
β
asyncHandler catches β next(err)
β
Global errorHandler
β
Development: full stack trace
Production: clean message only
Import this collection to test all endpoints:
- Register a user β copy the token
- Add token to Auth header:
Bearer <token> - Create a project β copy the
_id - Create tasks using the project
_id - Test analytics endpoints
Deployed on Render with auto-deploy on push to main.
git add .
git commit -m "feat: your change"
git push origin main
# Render detects push and redeploys automaticallySet these in Render Dashboard β Environment:
MONGO_URI
JWT_SECRET
JWT_EXPIRES_IN
CLIENT_URL
NODE_ENV
PORT
npm run dev # tsx watch β development with hot reload
npm run build # tsc β compile TypeScript to dist/
npm start # node dist/server.js β productionMichael Agwogie Backend Developer Β· Trueminds Innovation (TS Academy, Phoenix Cohort)
MIT