๐ง Developer Branch: This is the main development branch containing the latest API features and improvements. For production deployment, use the
mainbranch.
Professional Node.js Express API with multi-environment deployment, database-per-session architecture, and automated SSL setup. This developer branch serves as the integration point for new API features and the testing ground for database optimizations.
| Environment | API Base URL | Status |
|---|---|---|
| ๐ Production | lets-todo-api.dev2k.org | โ Stable |
| ๐งช Feature Branch | lets-todo-api-feat.dev2k.org | ๐ฅ Latest Features |
| ๐ง Staging | lets-todo-api-stage.dev2k.org | ๐งช Testing |
| Type | Feature Branch | Topics |
|---|---|---|
| ๐ API Documentation | feat/docs/ | Endpoints, Database, Auth |
| ๐ฑ Frontend Docs | feat/docs/ | Components, State, UI |
| ๐๏ธ Architecture | overview.md | System Design |
| ๐ Deployment Guide | DEPLOYMENT.md | Production Setup |
| ๐จโ๐ป Dev Guidelines | copilot-instructions.md | Coding Standards |
- ๐ฑ Frontend App: lets-todo-app
- ๐ Complete Documentation: Available in both repositories with JSDoc generation
This repository demonstrates a professional development workflow with automated staging preparation:
| Branch | Purpose | Content | Audience |
|---|---|---|---|
๐ feature/main-feature |
Development | โข Full JSDoc documentation โข Development scripts & tools โข Detailed code comments โข Debug logging |
Developers & Code Reviewers |
๐ feature/staging-prepare |
Demo/Process | โข Shows cleanup transformation โข Automated build process โข DevOps pipeline example |
DevOps Engineers & Tech Leads |
๐ฏ staging |
Production-Ready | โข Clean, optimized code โข No debug output โข Deployment-ready โข Minimal comments |
Production Deployment |
๐๏ธ main |
Stable Release | โข Tested production code โข Release documentation โข Version tags |
End Users & Deployments |
# One-command staging preparation
npm run staging:prepareThis automated workflow:
- โ
Creates temporary
feature/staging-preparebranch - โ Removes JSDoc documentation (2500+ lines)
- โ Eliminates debug logs and development comments
- โ Deletes development scripts and tools
- โ
Merges clean code into
stagingbranch - โ Keeps demo branch for process transparency
# Generate and serve API documentation
npm run docs # Generate JSDoc documentation
npm run docs:serve # Serve on http://localhost:8080
npm run docs:clean # Clean generated docs- ๐๏ธ Multi-Environment Architecture: Development, Feature, Staging, Production deployments
- ๐๏ธ Database-per-Session: Isolated MySQL databases for each user/guest session
- ๐ Secure Authentication: Cookie-based sessions with bcrypt password hashing
- โก Auto-Deployment: Complete PM2 + Nginx deployment packages with SSL
- ๐ Production Ready: Let's Encrypt SSL, rate limiting, security headers
- ๐ RESTful API: Complete CRUD operations with full session isolation
- ๐ฅ Multi-User Security: Isolated server users with proper privilege separation
- ๐ฅ Advanced Security: UFW firewall scripts for cloud and self-hosted setups
- ๐ ๏ธ Development Tools: Comprehensive debugging and testing utilities
- ๐ Comprehensive Docs: Detailed guides for development, deployment, and security
- Framework: Node.js with Express.js
- Database: MySQL/MariaDB with dynamic database creation
- Authentication: Session-based with secure HTTP-only cookies
- Deployment: PM2 process management with Nginx reverse proxy
- Security: Multi-layer protection with environment-specific configurations
- Monitoring: Comprehensive logging and error handling
- Node.js 18+
- MySQL/MariaDB 8.0+
- Git
# Clone the repository
git clone <repository-url>
cd lets-todo-api
# Install dependencies
npm install
# Copy environment files
cp config/env/.env.development.example config/env/.env.development
cp ecosystem.config.cjs.example ecosystem.config.cjs
# Setup development database (multi-environment support)
npm run dev:db # Development setup (default)
NODE_ENV=feature npm run dev:db # Feature environment setup
NODE_ENV=staging npm run dev:db # Staging environment setup
# Start development server
npm run dev- Development: http://127.0.0.1:3000
- Feature: http://127.0.0.1:3003
- Staging: http://127.0.0.1:3004
- Production: http://127.0.0.1:3002
๐ก Full-Stack Setup: Use with Let's Todo Frontend for complete development experience on http://127.0.0.1:5500
| Method | Endpoint | Description |
|---|---|---|
POST |
/api/register |
Create user account + dedicated database |
POST |
/api/login |
Login user + set session cookie |
POST |
/api/logout |
Clear session cookie |
| Method | Endpoint | Description |
|---|---|---|
POST |
/api/session/guest |
Start guest session + temp database |
GET |
/api/session/validate |
Check current session status |
POST |
/api/session/guest/end |
End guest session + cleanup database |
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/todos |
Get all todos for current session |
POST |
/api/todos |
Create new todo |
GET |
/api/todos/:id |
Get specific todo |
PATCH |
/api/todos/:id |
Update todo (partial update) |
DELETE |
/api/todos/:id |
Delete todo |
# Register new user
curl -c cookies.txt -X POST http://127.0.0.1:3000/api/register \
-H "Content-Type: application/json" \
-d '{"email":"dev@test.com","password":"dev123"}'
# Login user (saves cookies)
curl -b cookies.txt -X POST http://127.0.0.1:3000/api/login \
-H "Content-Type: application/json" \
-d '{"email":"dev@test.com","password":"dev123"}'
# Create todo (uses saved cookies)
curl -b cookies.txt -X POST http://127.0.0.1:3000/api/todos \
-H "Content-Type: application/json" \
-d '{"title":"Development Todo","description":"Testing API"}'
# Get all todos
curl -b cookies.txt http://127.0.0.1:3000/api/todos
# Test guest session
curl -c guest_cookies.txt -X POST http://127.0.0.1:3000/api/session/guest
curl -b guest_cookies.txt http://127.0.0.1:3000/api/todos # Should be emptyRevolutionary session isolation with dedicated databases:
Central Management:
โโโ todos_users_dev # User accounts & metadata (development)
โโโ todos_users # User accounts & metadata (feature/staging)
User Sessions (Persistent):
โโโ todos_user_123 # Dedicated database for user ID 123
โโโ todos_user_456 # Dedicated database for user ID 456
โโโ todos_user_... # Each user gets own database
Guest Sessions (Temporary):
โโโ todos_guest_uuid1 # Temporary database for guest session
โโโ todos_guest_uuid2 # Automatically cleaned up on session end
โโโ todos_guest_... # Each guest gets own database
| Environment | Port | Domain | Database | Purpose |
|---|---|---|---|---|
| Development | 3000 | 127.0.0.1:3000 |
todos_users_dev |
Local development with debug logging |
| Feature | 3003 | lets-todo-api-feat.dev2k.org |
todos_users |
Feature testing environment |
| Staging | 3004 | lets-todo-api-stage.dev2k.org |
todos_users |
Pre-production testing |
| Production | 3002 | lets-todo-api.dev2k.org |
todos_users |
Live production system |
// Dynamic pool management
const pools = {
core: createPool(coreConfig), // System operations
user: createPool(userConfig), // User data operations
guest: createPool(guestConfig), // Guest session operations
};
// Pool middleware assigns correct pool per request
app.use(poolMiddleware); // req.pool = appropriate poolCreate environment files in config/env/:
# config/env/.env.development
DB_HOST=127.0.0.1
DB_USER=root
DB_PASSWORD=
DB_NAME=todos_dev
DB_USERS=todos_users_dev
PORT=3000
NODE_ENV=development
DEBUG=true
LOG_LEVEL=verboseThe system detects environment based on:
NODE_ENVenvironment variable- System paths (
/home/,/Users/= development) - Database host (
127.0.0.1= development)
# Copy example config
cp ecosystem.config.cjs.example ecosystem.config.cjs
# Start all environments
pm2 start ecosystem.config.cjs
# Start specific environment
pm2 start ecosystem.config.cjs --only lets-todo-api-prod
# Monitor processes
pm2 logs lets-todo-api-prod
pm2 monit# Create deployment package
./deploy/create-deployment-package.sh
# Deploy to server
scp deploy/package/lets-todo-api-deployment.tar.gz server:/path/The deployment package includes:
- Nginx reverse proxy configurations
- Let's Encrypt SSL certificate setup
- Rate limiting and security headers
- Password Hashing: bcrypt with salt rounds
- SQL Injection Prevention: Prepared statements only
- Session Isolation: Complete database separation per session
- CORS Protection: Environment-specific allowed origins
- Environment-aware Cookies: Secure settings per environment
| Script | Command | Description |
|---|---|---|
npm run dev |
nodemon server.js |
Development server with auto-reload |
npm run dev:db |
node scripts/setup-multi-env-db.js |
Setup/reset development database |
npm start |
node server.js |
Production server |
npm run prod |
NODE_ENV=production npm start |
Explicit production mode |
# Test different environments locally
NODE_ENV=development npm start # Port 3000
NODE_ENV=feature npm start # Port 3003
NODE_ENV=staging npm start # Port 3004
NODE_ENV=production npm start # Port 3002Recommended API Testing:
- curl (command line) - Quick testing
- Browser DevTools - Network tab for cookie inspection
Database Inspection:
# View all user databases
mysql -e "SHOW DATABASES LIKE 'todos_%';"
# Check specific user's data
mysql todos_user_123 -e "SELECT * FROM todos;"
# Monitor guest databases (should be temporary)
mysql -e "SELECT SCHEMA_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME LIKE 'todos_guest_%';"-c cookies.txt and -b cookies.txt with curl.
- Password Hashing: bcrypt with configurable salt rounds
- Session Cookies: HTTP-only, secure, domain-specific
- Database Isolation: Complete separation per user/guest session
- SQL Injection Prevention: Parameterized queries only
- Multi-Layer Protection: Application, database, and network level
- Environment-Specific Settings: Different security configs per environment
- Rate Limiting: API request throttling (10 req/sec with burst)
- Security Headers: HSTS, X-Frame-Options, CSP
- Reverse Proxy: Nginx handles all external traffic
- Port Isolation: App ports blocked from direct internet access
- SSL/TLS: Automated Let's Encrypt certificate management
- Firewall Integration: UFW scripts for cloud and self-hosted setups
- Complete Setup & Deployment Guide - Local development through production deployment
- Development Guidelines - Architecture patterns and coding standards
- Scripts Documentation - Database management and utilities
- Architecture: Vanilla JavaScript ES6+ modules, no build step required
- Integration: Automatic environment detection and API connection
- Session Management: Cookie-based authentication with backend
- Development: Live development server on
127.0.0.1:5500 - Features: Dark/light themes, PWA-ready, responsive design
Database Connection Issues
# Check if MariaDB is running
sudo systemctl status mariadb
# Test database connection
mysql -u root -p -e "SELECT 1;"
# View all todo databases
mysql -e "SHOW DATABASES LIKE 'todos_%';"
# Check specific user's database
mysql todos_user_123 -e "DESCRIBE todos;"Environment Detection Issues
# Force specific environment
NODE_ENV=production npm start
NODE_ENV=feature npm start
# Check detected environment (shows in startup logs)
npm run dev
# Debug environment variables
node -e "console.log('NODE_ENV:', process.env.NODE_ENV);"Session/Cookie Issues
# Test cookie behavior
curl -c cookies.txt -X POST http://127.0.0.1:3000/api/login \
-H "Content-Type: application/json" \
-d '{"email":"test@dev.local","password":"dev123"}'
# Check saved cookies
cat cookies.txt
# Test cookie usage
curl -b cookies.txt http://127.0.0.1:3000/api/session/validatePort Conflicts
# Check what's using ports
netstat -tlnp | grep :3000
# Kill process on specific port
lsof -ti:3000 | xargs kill -9- Development:
127.0.0.1:5500โ127.0.0.1:3000(same domain) - Production: Restricted to
.dev2k.orgdomain - Security: Modern browsers block insecure cookies in production
# Create deployment package
./deploy/create-step-deployment.sh
# Upload and deploy to server
scp lets-todo-step-deployment_*.tar.gz root@server:/tmp/
ssh root@server
cd /tmp && tar -xzf lets-todo-step-deployment_*.tar.gz
cd step-by-step-package && sudo ./deploy.sh prodsudo ./deploy.sh feat # Feature environment
sudo ./deploy.sh stage # Staging environment
sudo ./deploy.sh prod # Production environment
sudo ./deploy.sh all # All environments๐ Complete deployment guide: DEPLOYMENT.md
- Follow the 14-line function limit rule
- Write comprehensive JSDoc comments in English
- Use ES6+ modules with proper imports/exports
- Implement parameterized queries for all database operations
- Test across multiple environments (dev, feature, staging)
- Maintain session isolation in all new features
- Create feature branch from
feature/main-feature - Implement feature following coding standards in
copilot-instructions.md - Test thoroughly across development environments
- Update documentation for any new API endpoints
- Verify security - no SQL injection vulnerabilities
- Submit pull request with comprehensive description
- API endpoints work with both user and guest sessions
- Database isolation maintained between sessions
- Proper error handling and logging
- Cookie-based authentication functions correctly
- Cross-environment compatibility verified
- WebSocket integration for real-time updates
- Advanced caching strategies with Redis
- API versioning system (v2 endpoints)
- Enhanced monitoring and analytics
- OAuth integration experiments
- Database connection pool optimization
- Enhanced error tracking and reporting
- Performance monitoring dashboards
- Automated security scanning
- Advanced rate limiting strategies
This project is licensed under the MIT License - see the LICENSE file for details.
For questions, issues, or contributions:
- Check Documentation: Review
DEPLOYMENT.mdandcopilot-instructions.md - Review Troubleshooting: Common issues section above
- Create GitHub Issue: For bugs or feature requests
- Contact Development Team: For urgent support needs
Built with โค๏ธ for modern full-stack development
Happy coding! ๐