andyf/lfg9-forums
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
lfg9-forums/backend/README.md
Developer 097d5c4109 init
2025-09-02 14:05:42 -05:00

6.8 KiB
Raw Permalink Blame History

LFG9 Forums - Backend

A robust Node.js backend for the LFG9 Forums application with TypeScript, Express, AWS DynamoDB, and S3 integration.

Features

  • RESTful API: Express.js with TypeScript
  • Database: AWS DynamoDB with efficient queries and indexes
  • File Storage: AWS S3 with image optimization and multiple sizes
  • Authentication: JWT-based secure authentication
  • Rich Content: JSON-based rich text content storage
  • Security: Input validation, rate limiting, and content sanitization
  • Scalable: Cloud-ready architecture with AWS services

Technologies

  • Node.js with Express.js
  • TypeScript for type safety
  • AWS DynamoDB for data storage
  • AWS S3 for file storage
  • JWT for authentication
  • bcrypt for password hashing
  • Sharp for image processing
  • Joi for input validation

Getting Started

Prerequisites

  • Node.js 18+
  • AWS Account with DynamoDB and S3 access
  • AWS CLI configured or environment variables set

Installation

# Install dependencies
npm install

# Build the project
npm run build

# Start development server
npm run dev

# Start production server
npm start

Environment Variables

Create a .env file in the backend directory:

# Server Configuration
PORT=3000
NODE_ENV=development

# JWT Configuration
JWT_SECRET=your-super-secret-jwt-key-here
JWT_EXPIRES_IN=7d

# AWS Configuration
AWS_REGION=us-east-1
AWS_ACCESS_KEY_ID=your-aws-access-key-id
AWS_SECRET_ACCESS_KEY=your-aws-secret-access-key

# DynamoDB Configuration
DYNAMODB_TABLE_PREFIX=lfg9_forums_

# S3 Configuration
S3_BUCKET_NAME=lfg9-forums-uploads
S3_REGION=us-east-1

# Rate Limiting
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100

# File Upload Limits
MAX_FILE_SIZE=10485760
MAX_FILES_PER_USER=100

# CORS Configuration
CORS_ORIGIN=http://localhost:5173

Database Schema

DynamoDB Tables

Users Table

  • Primary Key: userId (String)
  • Attributes: username, email, passwordHash, createdAt, updatedAt, profileInfo, storageQuotaUsed, isAdmin

Categories Table

  • Primary Key: categoryId (String)
  • Attributes: name, description, createdAt, updatedAt, threadCount, lastActivity

Threads Table

  • Primary Key: threadId (String)
  • GSI: CategoryIdIndex (categoryId)
  • Attributes: categoryId, title, richContent, authorId, authorUsername, createdAt, updatedAt, attachedFiles, postCount, lastPostAt, isLocked, isPinned

Posts Table

  • Primary Key: postId (String)
  • GSI: ThreadIdIndex (threadId), AuthorIdIndex (authorId)
  • Attributes: threadId, richContent, authorId, authorUsername, createdAt, updatedAt, parentPostId, attachedFiles, isEdited, editedAt

Files Table

  • Primary Key: fileId (String)
  • GSI: UserIdIndex (userId)
  • Attributes: userId, fileName, fileType, fileSize, s3Key, threadId, postId, uploadDate, thumbnailKey, mediumKey, altText

API Endpoints

Authentication

  • POST /api/auth/register - User registration
  • POST /api/auth/login - User login
  • POST /api/auth/logout - User logout
  • GET /api/auth/me - Get current user info

Categories

  • GET /api/categories - List all categories
  • POST /api/categories - Create new category (admin only)
  • GET /api/categories/:id - Get category by ID
  • PUT /api/categories/:id - Update category (admin only)
  • DELETE /api/categories/:id - Delete category (admin only)

Threads

  • GET /api/threads - List threads with filters
  • POST /api/threads - Create new thread
  • GET /api/threads/:id - Get thread by ID
  • PUT /api/threads/:id - Update thread (author/admin only)
  • DELETE /api/threads/:id - Delete thread (author/admin only)
  • GET /api/categories/:id/threads - Get threads in category

Posts

  • GET /api/threads/:id/posts - Get posts in thread
  • POST /api/threads/:id/posts - Create new post
  • GET /api/posts/:id - Get post by ID
  • PUT /api/posts/:id - Update post (author/admin only)
  • DELETE /api/posts/:id - Delete post (author/admin only)

Files

  • POST /api/files/upload - Upload file
  • GET /api/files/:id - Get file metadata
  • DELETE /api/files/:id - Delete file (owner/admin only)
  • POST /api/files/presigned-url - Get presigned upload URL

Search

  • GET /api/search/threads - Search threads
  • GET /api/search/posts - Search posts

Rich Content Structure

Rich content is stored as JSON following the TipTap/ProseMirror schema:

{
  "type": "doc",
  "content": [
    {
      "type": "paragraph",
      "content": [
        {
          "type": "text",
          "text": "Hello world!",
          "marks": [
            {
              "type": "bold"
            }
          ]
        }
      ]
    }
  ]
}

File Upload Process

  1. Client requests presigned upload URL
  2. Server generates presigned URL for S3
  3. Client uploads file directly to S3
  4. Server processes and optimizes images (thumbnail, medium, full size)
  5. File metadata stored in DynamoDB

Security Features

  • JWT token authentication
  • Password hashing with bcrypt
  • Input validation with Joi
  • Rate limiting per user and IP
  • Content sanitization for rich text
  • File type and size validation
  • Secure S3 bucket configuration
  • CORS protection

Error Handling

Centralized error handling with consistent API responses:

{
  "success": false,
  "error": "Error message",
  "code": "ERROR_CODE",
  "details": []
}

Development

Scripts

  • npm run dev - Start development server with nodemon
  • npm run build - Compile TypeScript
  • npm start - Start production server
  • npm run clean - Remove build files

Project Structure

src/
├── config/           # Configuration files
├── controllers/      # Route handlers
├── middleware/       # Express middleware
├── models/          # Database models
├── routes/          # API routes
├── services/        # Business logic services
├── types/           # TypeScript interfaces
├── utils/           # Utility functions
└── index.ts         # Application entry point

Deployment

AWS Resources Required

  1. DynamoDB Tables: Create tables with proper indexes
  2. S3 Bucket: Configure for file uploads with proper permissions
  3. IAM Role: Create role with DynamoDB and S3 permissions
  4. EC2/ECS: For hosting the application

Environment Setup

  1. Set all required environment variables
  2. Ensure AWS credentials are properly configured
  3. Create DynamoDB tables with appropriate indexes
  4. Configure S3 bucket with CORS and permissions

Monitoring and Logging

  • Structured logging with Winston (recommended)
  • Health check endpoint at /health
  • Request logging with Morgan
  • Error tracking and monitoring

Performance Considerations

  • DynamoDB query optimization with proper indexes
  • S3 image optimization and CDN integration
  • Caching strategies for frequent queries
  • Connection pooling and resource management
  • Rate limiting to prevent abuse