A production-ready Express.js backend boilerplate with TypeScript, Prisma, Redis, and comprehensive security features.
- 🚀 Express.js with TypeScript
- 🗄️ Prisma ORM with PostgreSQL
- ⚡ Redis for caching and sessions
- 🔐 JWT Authentication with refresh tokens
- 🛡️ Security (Helmet, CORS, Rate Limiting)
- 📊 Request Logging with Winston
- ✅ Input Validation with Zod
- 🧪 Testing with Jest
- 🐳 Docker support
- 🔄 Graceful Shutdown
- 📝 API Documentation ready
- Node.js 18+
- PostgreSQL
- Redis
- Docker & Docker Compose (optional)
- Clone the repository:
git clone <repository-url>
cd crm-backend- Install dependencies:
npm install- Set up environment variables:
cp .env.example .env
# Edit .env with your configuration- Set up the database:
npm run db:migrate
npm run db:seed- Start development server:
npm run devThe server will start on http://localhost:3000
| Variable | Description | Default |
|---|---|---|
NODE_ENV |
Environment mode | development |
PORT |
Server port | 3000 |
DATABASE_URL |
PostgreSQL connection string | Required |
REDIS_HOST |
Redis host | 127.0.0.1 |
REDIS_PORT |
Redis port | 6379 |
JWT_SECRET |
JWT signing secret | Required |
JWT_EXPIRES_IN |
JWT expiration time | 7d |
BCRYPT_ROUNDS |
Password hashing rounds | 12 |
RATE_LIMIT_WINDOW_MS |
Rate limit window | 900000 |
RATE_LIMIT_MAX_REQUESTS |
Max requests per window | 100 |
LOG_LEVEL |
Logging level | info |
CORS_ORIGIN |
CORS allowed origin | http://localhost:3000 |
# Development
npm run dev # Start development server with hot reload
npm run build # Build for production
npm run start # Start production server
# Database
npm run db:generate # Generate Prisma client
npm run db:migrate # Run database migrations
npm run db:push # Push schema changes
npm run db:studio # Open Prisma Studio
npm run db:seed # Seed database
# Testing
npm run test # Run tests
npm run test:watch # Run tests in watch mode
npm run test:coverage # Run tests with coverage
# Code Quality
npm run lint # Lint code
npm run format # Format code
npm run type-check # TypeScript type checking
# Docker
npm run docker:build # Build Docker image
npm run docker:run # Run Docker container
npm run docker:compose:up # Start with Docker Compose
npm run docker:compose:down # Stop Docker ComposePOST /v1/auth/register # User registration
POST /v1/auth/login # User login
POST /v1/auth/refresh-token # Refresh access token
POST /v1/auth/logout # User logout
GET /v1/auth/profile # Get user profile
PUT /v1/auth/profile # Update user profile
PUT /v1/auth/change-password # Change password
GET /health # Application health check
src/
├── config/ # Configuration files
│ ├── database.ts # Database and Redis setup
│ ├── index.ts # Environment configuration
│ ├── logger.ts # Winston logger setup
│ └── moduleAlias.ts # Module alias configuration
├── controllers/ # Route controllers
│ └── v1/
│ └── auth/
│ ├── admin.controller.ts
│ └── index.ts
├── handlers/ # Error and async handlers
│ ├── async.handler.ts
│ └── error.handler.ts
├── middlewares/ # Custom middlewares
│ ├── auth.middleware.ts # Authentication middleware
│ └── validation.middleware.ts # Input validation
├── routes/ # Route definitions
│ └── v1/
│ └── auth/
│ └── routes.ts
├── services/ # Business logic services
│ ├── auth.service.ts # Authentication service
│ └── redis.service.ts # Redis service
├── utils/ # Utility functions
│ ├── APIError.ts # Custom error class
│ └── auth.utils.ts # Authentication utilities
├── validations/ # Input validation schemas
│ └── index.ts
├── app.ts # Express app setup
└── index.ts # Server entry point
- Helmet: Security headers
- CORS: Cross-origin resource sharing control
- Rate Limiting: API rate limiting
- Input Validation: Request validation with Joi
- Password Hashing: bcrypt with configurable rounds
- JWT Tokens: Secure token-based authentication
- Token Blacklisting: Logout functionality
- SQL Injection Protection: Prisma ORM
- XSS Protection: Helmet and input sanitization
- Compression: Response compression
- Connection Pooling: Database connection pooling
- Redis Caching: Session and data caching
- Graceful Shutdown: Proper cleanup on exit
- Request ID Tracking: Request correlation
- Logging: Structured logging with Winston
# Start all services
npm run docker:compose:up
# View logs
docker compose -f docker/compose.yaml logs -f
# Stop services
npm run docker:compose:down# Build image
npm run docker:build
# Run container
npm run docker:run# Build and start all services
npm run docker:compose:up
# Check logs
docker compose -f docker/compose.yaml logs -f
# Stop services
npm run docker:compose:down# Build for production
npm run build
# Start production server
npm run start- Set
NODE_ENV=production - Configure production database
- Set strong
JWT_SECRET - Configure Redis for production
- Set up reverse proxy (nginx)
- Configure SSL certificates
# Run all tests
npm run test
# Run with coverage
npm run test:coverage
# Run in watch mode
npm run test:watch- Health check endpoint:
GET /health - Winston logs in
./logs/ - Docker health checks
- Docker container logs:
docker compose -f docker/compose.yaml logs -f
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Run linting:
npm run lint - Run tests:
npm run test - Submit a pull request
ISC