264 lines
6.8 KiB
Markdown
264 lines
6.8 KiB
Markdown
# LFG9 Forums - Backend
|
|
|
|
A robust Node.js backend for the LFG9 Forums application with TypeScript, Express, AWS DynamoDB, and S3 integration.
|
|
|
|
## Features
|
|
|
|
- **RESTful API**: Express.js with TypeScript
|
|
- **Database**: AWS DynamoDB with efficient queries and indexes
|
|
- **File Storage**: AWS S3 with image optimization and multiple sizes
|
|
- **Authentication**: JWT-based secure authentication
|
|
- **Rich Content**: JSON-based rich text content storage
|
|
- **Security**: Input validation, rate limiting, and content sanitization
|
|
- **Scalable**: Cloud-ready architecture with AWS services
|
|
|
|
## Technologies
|
|
|
|
- Node.js with Express.js
|
|
- TypeScript for type safety
|
|
- AWS DynamoDB for data storage
|
|
- AWS S3 for file storage
|
|
- JWT for authentication
|
|
- bcrypt for password hashing
|
|
- Sharp for image processing
|
|
- Joi for input validation
|
|
|
|
## Getting Started
|
|
|
|
### Prerequisites
|
|
|
|
- Node.js 18+
|
|
- AWS Account with DynamoDB and S3 access
|
|
- AWS CLI configured or environment variables set
|
|
|
|
### Installation
|
|
|
|
```bash
|
|
# Install dependencies
|
|
npm install
|
|
|
|
# Build the project
|
|
npm run build
|
|
|
|
# Start development server
|
|
npm run dev
|
|
|
|
# Start production server
|
|
npm start
|
|
```
|
|
|
|
### Environment Variables
|
|
|
|
Create a `.env` file in the backend directory:
|
|
|
|
```env
|
|
# Server Configuration
|
|
PORT=3000
|
|
NODE_ENV=development
|
|
|
|
# JWT Configuration
|
|
JWT_SECRET=your-super-secret-jwt-key-here
|
|
JWT_EXPIRES_IN=7d
|
|
|
|
# AWS Configuration
|
|
AWS_REGION=us-east-1
|
|
AWS_ACCESS_KEY_ID=your-aws-access-key-id
|
|
AWS_SECRET_ACCESS_KEY=your-aws-secret-access-key
|
|
|
|
# DynamoDB Configuration
|
|
DYNAMODB_TABLE_PREFIX=lfg9_forums_
|
|
|
|
# S3 Configuration
|
|
S3_BUCKET_NAME=lfg9-forums-uploads
|
|
S3_REGION=us-east-1
|
|
|
|
# Rate Limiting
|
|
RATE_LIMIT_WINDOW_MS=900000
|
|
RATE_LIMIT_MAX_REQUESTS=100
|
|
|
|
# File Upload Limits
|
|
MAX_FILE_SIZE=10485760
|
|
MAX_FILES_PER_USER=100
|
|
|
|
# CORS Configuration
|
|
CORS_ORIGIN=http://localhost:5173
|
|
```
|
|
|
|
## Database Schema
|
|
|
|
### DynamoDB Tables
|
|
|
|
#### Users Table
|
|
- **Primary Key**: userId (String)
|
|
- **Attributes**: username, email, passwordHash, createdAt, updatedAt, profileInfo, storageQuotaUsed, isAdmin
|
|
|
|
#### Categories Table
|
|
- **Primary Key**: categoryId (String)
|
|
- **Attributes**: name, description, createdAt, updatedAt, threadCount, lastActivity
|
|
|
|
#### Threads Table
|
|
- **Primary Key**: threadId (String)
|
|
- **GSI**: CategoryIdIndex (categoryId)
|
|
- **Attributes**: categoryId, title, richContent, authorId, authorUsername, createdAt, updatedAt, attachedFiles, postCount, lastPostAt, isLocked, isPinned
|
|
|
|
#### Posts Table
|
|
- **Primary Key**: postId (String)
|
|
- **GSI**: ThreadIdIndex (threadId), AuthorIdIndex (authorId)
|
|
- **Attributes**: threadId, richContent, authorId, authorUsername, createdAt, updatedAt, parentPostId, attachedFiles, isEdited, editedAt
|
|
|
|
#### Files Table
|
|
- **Primary Key**: fileId (String)
|
|
- **GSI**: UserIdIndex (userId)
|
|
- **Attributes**: userId, fileName, fileType, fileSize, s3Key, threadId, postId, uploadDate, thumbnailKey, mediumKey, altText
|
|
|
|
## API Endpoints
|
|
|
|
### Authentication
|
|
- `POST /api/auth/register` - User registration
|
|
- `POST /api/auth/login` - User login
|
|
- `POST /api/auth/logout` - User logout
|
|
- `GET /api/auth/me` - Get current user info
|
|
|
|
### Categories
|
|
- `GET /api/categories` - List all categories
|
|
- `POST /api/categories` - Create new category (admin only)
|
|
- `GET /api/categories/:id` - Get category by ID
|
|
- `PUT /api/categories/:id` - Update category (admin only)
|
|
- `DELETE /api/categories/:id` - Delete category (admin only)
|
|
|
|
### Threads
|
|
- `GET /api/threads` - List threads with filters
|
|
- `POST /api/threads` - Create new thread
|
|
- `GET /api/threads/:id` - Get thread by ID
|
|
- `PUT /api/threads/:id` - Update thread (author/admin only)
|
|
- `DELETE /api/threads/:id` - Delete thread (author/admin only)
|
|
- `GET /api/categories/:id/threads` - Get threads in category
|
|
|
|
### Posts
|
|
- `GET /api/threads/:id/posts` - Get posts in thread
|
|
- `POST /api/threads/:id/posts` - Create new post
|
|
- `GET /api/posts/:id` - Get post by ID
|
|
- `PUT /api/posts/:id` - Update post (author/admin only)
|
|
- `DELETE /api/posts/:id` - Delete post (author/admin only)
|
|
|
|
### Files
|
|
- `POST /api/files/upload` - Upload file
|
|
- `GET /api/files/:id` - Get file metadata
|
|
- `DELETE /api/files/:id` - Delete file (owner/admin only)
|
|
- `POST /api/files/presigned-url` - Get presigned upload URL
|
|
|
|
### Search
|
|
- `GET /api/search/threads` - Search threads
|
|
- `GET /api/search/posts` - Search posts
|
|
|
|
## Rich Content Structure
|
|
|
|
Rich content is stored as JSON following the TipTap/ProseMirror schema:
|
|
|
|
```json
|
|
{
|
|
"type": "doc",
|
|
"content": [
|
|
{
|
|
"type": "paragraph",
|
|
"content": [
|
|
{
|
|
"type": "text",
|
|
"text": "Hello world!",
|
|
"marks": [
|
|
{
|
|
"type": "bold"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
## File Upload Process
|
|
|
|
1. Client requests presigned upload URL
|
|
2. Server generates presigned URL for S3
|
|
3. Client uploads file directly to S3
|
|
4. Server processes and optimizes images (thumbnail, medium, full size)
|
|
5. File metadata stored in DynamoDB
|
|
|
|
## Security Features
|
|
|
|
- JWT token authentication
|
|
- Password hashing with bcrypt
|
|
- Input validation with Joi
|
|
- Rate limiting per user and IP
|
|
- Content sanitization for rich text
|
|
- File type and size validation
|
|
- Secure S3 bucket configuration
|
|
- CORS protection
|
|
|
|
## Error Handling
|
|
|
|
Centralized error handling with consistent API responses:
|
|
|
|
```json
|
|
{
|
|
"success": false,
|
|
"error": "Error message",
|
|
"code": "ERROR_CODE",
|
|
"details": []
|
|
}
|
|
```
|
|
|
|
## Development
|
|
|
|
### Scripts
|
|
- `npm run dev` - Start development server with nodemon
|
|
- `npm run build` - Compile TypeScript
|
|
- `npm start` - Start production server
|
|
- `npm run clean` - Remove build files
|
|
|
|
### Project Structure
|
|
|
|
```
|
|
src/
|
|
├── config/ # Configuration files
|
|
├── controllers/ # Route handlers
|
|
├── middleware/ # Express middleware
|
|
├── models/ # Database models
|
|
├── routes/ # API routes
|
|
├── services/ # Business logic services
|
|
├── types/ # TypeScript interfaces
|
|
├── utils/ # Utility functions
|
|
└── index.ts # Application entry point
|
|
```
|
|
|
|
## Deployment
|
|
|
|
### AWS Resources Required
|
|
|
|
1. **DynamoDB Tables**: Create tables with proper indexes
|
|
2. **S3 Bucket**: Configure for file uploads with proper permissions
|
|
3. **IAM Role**: Create role with DynamoDB and S3 permissions
|
|
4. **EC2/ECS**: For hosting the application
|
|
|
|
### Environment Setup
|
|
|
|
1. Set all required environment variables
|
|
2. Ensure AWS credentials are properly configured
|
|
3. Create DynamoDB tables with appropriate indexes
|
|
4. Configure S3 bucket with CORS and permissions
|
|
|
|
## Monitoring and Logging
|
|
|
|
- Structured logging with Winston (recommended)
|
|
- Health check endpoint at `/health`
|
|
- Request logging with Morgan
|
|
- Error tracking and monitoring
|
|
|
|
## Performance Considerations
|
|
|
|
- DynamoDB query optimization with proper indexes
|
|
- S3 image optimization and CDN integration
|
|
- Caching strategies for frequent queries
|
|
- Connection pooling and resource management
|
|
- Rate limiting to prevent abuse |