A NestJS-based backend service with MongoDB and Prisma integration.
This is a backend service built using NestJS framework, providing a robust infrastructure with MongoDB database integration through Prisma ORM.
- Framework: NestJS
- Runtime: Node.js
- Database: MongoDB (via Prisma)
- Package Manager: Yarn
- Node.js
- Yarn
- MongoDB
- Prisma CLI
-
Clone and Install
git clone <repository-url> cd alzaahir-backend yarn install
-
Environment Setup
- Create
.envfile in the root directory - Required variables:
- DATABASE_URL
- Other environment-specific variables
- Create
-
Database Setup
# For Windows yarn prisma:win # OR scripts/prisma.bat # For Linux/Unix yarn prisma:linux # OR ./scripts/prisma.sh
yarn start:dev: Runs in development mode with hot-reloadyarn build: Compiles TypeScript to JavaScript
prisma:win: Windows script for Prisma operationsprisma:linux: Linux script for Prisma operations- Generates Prisma client
- Applies database migrations
alzaahir-backend/
├── src/
│ ├── app.module.ts # Main application module
│ └── prisma/ # Database
│ └── schema.prisma # Prisma schema
│
├── scripts/ # Utility Scripts
│ ├── prisma.sh # Unix Prisma script
│ └── prisma.bat # Windows Prisma script
│
└── test/ # Test Files
-
App Module
- Root module of the application
- Configures core NestJS setup
- Manages dependency injection
-
Database Layer
- Prisma ORM integration
- Database schema definition
- Migration management
The application uses MongoDB through Prisma:
- Provides type-safe database access
- Handles database migrations
- Manages database schema
- Global exception filters
- Structured error responses
- Basic error logging
POST /auth/loginRequest Body:
{
"email": "string",
"password": "string"
}Response:
{
"message": "Logged in successfully"
}- Sets HTTP-only cookie
auth_token
GET /auth/google- Redirects to Google login
GET /auth/google/callback- Handles Google OAuth callback
- Sets HTTP-only cookie
auth_token
POST /auth/logoutResponse:
{
"message": "Logged out successfully"
}- Clears
auth_tokencookie
- Tokens are stored in HTTP-only cookies
- Cookie name:
auth_token - Expiration: 1 hour
- Security features:
- HTTP-only: Yes
- Secure: Yes (in production)
- SameSite: Lax
src/modules/auth/
├── auth.module.ts # Module configuration
├── auth.controller.ts # Route handlers
├── auth.service.ts # Business logic
└── strategies/ # Passport strategies
├── jwt.strategy.ts # JWT authentication
└── google.strategy.ts # Google OAuth
-
AuthModule
- Configures JWT and Passport
- Imports PrismaModule for database access
- Registers strategies and services
-
AuthService
- Handles user validation
- Manages JWT token generation
- Implements login/OAuth logic
-
AuthController
- Exposes authentication endpoints
- Manages cookie-based responses
- Implements OAuth callbacks
-
Strategies
- JWT: Extracts token from cookies
- Google: Handles OAuth2 authentication
-
Token Storage
- HTTP-only cookies prevent XSS attacks
- Secure flag in production
- SameSite policy for CSRF protection
-
OAuth Integration
- Google OAuth2 implementation
- Secure profile information handling
- Automatic user creation/linking
-
Password Security
- Hashed password storage
- Secure password comparison
- No plain-text password transmission
- Fork the repository
- Create your feature branch
- Commit your changes
- Push to the branch
- Create a Pull Request
This project is licensed under the MIT License.
Note: This documentation reflects the current state of the codebase. As new modules and features are added, this documentation should be updated accordingly.