A robust and scalable URL shortening REST API built with Express.js, TypeScript, and MongoDB. This project provides a complete backend solution for creating, managing, and tracking short URLs with enterprise-grade security and performance features.
- π JWT Authentication with access/refresh tokens (refresh tokens stored in httpOnly cookies)
- π₯ Role-based Authorization (
user,admin) with granular permissions - π¦ Rate Limiting per route type to prevent abuse
- π§ Password Reset via email tokens with secure mail templates
- π Link Management - create, read, update, delete with pagination
- π Analytics - track visit counts and user engagement
- π‘οΈ Security - Helmet.js, CORS, input validation, and sanitization
- π Logging - Winston logger with Logtail integration
- π Performance - Response compression and optimized database queries
- π± API Documentation - Comprehensive GitBook-style documentation
- Node.js 18+
- MongoDB 8.17+
- npm or yarn
-
Clone the repository
git clone https://github.com/yourusername/shortly-api-tuts.git cd shortly-api-tuts -
Install dependencies
npm install
-
Environment Setup
cp .env.example .env # Edit .env with your configuration -
Run the application
# Development npm run dev # Production build npm run build npm start
POST /auth/register- User registrationPOST /auth/login- User loginPOST /auth/logout- User logoutPOST /auth/refresh-token- Refresh access tokenPOST /auth/forgot-password- Request password resetPOST /auth/reset-password- Reset password with token
POST /links- Create short linkGET /links- Get user's links (paginated)PUT /links/:id- Update linkDELETE /links/:id- Delete link
GET /users/me- Get current user profilePUT /users/me- Update current user profileDELETE /users/me- Delete current user account
GET /:backHalf- Redirect to destination URL
src/
βββ @types/ # TypeScript type definitions
βββ config/ # Configuration files
βββ controllers/ # Route controllers
β βββ auth/ # Authentication controllers
β βββ link/ # Link management controllers
β βββ redirect/ # Redirect controller
β βββ user/ # User profile controllers
βββ lib/ # Core libraries and utilities
βββ mailTemplates/ # Email templates
βββ middlewares/ # Express middlewares
βββ models/ # MongoDB models
βββ routes/ # API routes
βββ types/ # TypeScript interfaces
βββ utils/ # Utility functions
βββ server.ts # Main server file
The application uses environment variables for configuration. Key variables include:
PORT- Server port (default: 3000)MONGODB_URI- MongoDB connection stringJWT_SECRET- JWT signing secretJWT_REFRESH_SECRET- JWT refresh token secretSMTP_HOST- SMTP server for emailsCLIENT_ORIGIN- Allowed CORS origin
Comprehensive documentation is available in the docs/ folder:
- Getting Started Guide
- Environment Setup
- API Reference
- Authentication Guide
- Rate Limits
- Security Best Practices
npm run dev # Start development server with nodemon
npm run build # Build TypeScript to JavaScript
npm start # Start production server
npm run lint # Run ESLint
npm run format # Format code with Prettier- ESLint - Code linting and style enforcement
- Prettier - Code formatting
- TypeScript - Static type checking
- ESLint Config Prettier - Prettier integration
- Helmet.js - Security headers
- CORS - Cross-origin resource sharing
- Rate Limiting - Prevent API abuse
- Input Validation - Request data sanitization
- JWT Security - Secure token handling
- Password Hashing - bcrypt encryption
- HTTP-Only Cookies - XSS protection
- Name, email, password
- Role-based access control
- Password reset functionality
- Visit count tracking
- Title and destination URL
- Custom back-half support
- Creator association
- Visit count analytics
- Timestamps
The application is production-ready with:
- Graceful shutdown handling
- Environment-based configuration
- Comprehensive error logging
- Performance optimizations
- Security best practices
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
codewithsadee
- GitHub: @codewithsadee
- Express.js team for the amazing framework
- MongoDB team for the robust database
- TypeScript team for the type safety
- All contributors and supporters
β Star this repository if you find it helpful!