Build a REST API with user authentication using Node.js and Express. Include routes for user registration (with email validation and password hashing using bcrypt), login (returning JWT access and refresh tokens), token refresh, and logout (token blacklisting). Add middleware for JWT verification, role-based access control (admin, user, guest), and rate limiting per endpoint. Structure the code with separate route, controller, middleware, and utility layers. Include proper error handling with consistent JSON error responses.
#09Backend
File Upload Service
Create a file upload API endpoint that handles multipart form data. Support single and batch file uploads with the following constraints: max file size of 10MB, allowed types (images: jpg/png/webp, documents: pdf/docx), and max 5 files per request. Generate unique filenames, create thumbnails for images using sharp, store metadata (original name, size, mime type, upload date) in the database, and return signed URLs for access. Include virus scanning middleware and cleanup of orphaned files.
#10Backend
WebSocket Real-Time Chat
Implement a real-time chat server using WebSockets (ws or Socket.IO). Support multiple chat rooms, user join/leave notifications, typing indicators, message history (last 50 messages loaded on join), and online user presence. Messages should be persisted to a database. Include connection heartbeat monitoring, automatic reconnection handling on the client side, and graceful connection cleanup. Add rate limiting to prevent message flooding (max 10 messages per 10 seconds per user).
#11Backend
Task Queue with Job Processing
Build a background job processing system using a task queue (BullMQ with Redis or a similar pattern). Create a job producer that enqueues tasks like sending emails, generating reports, and processing image uploads. Implement a worker that processes jobs with configurable concurrency, automatic retries with exponential backoff (max 3 attempts), and dead letter queue for failed jobs. Add a simple status API endpoint that returns queue health: pending count, active jobs, completed in last hour, and failure rate.
#12Backend
GraphQL API with Resolvers
Set up a GraphQL API server with type definitions and resolvers for a blog platform. Define types for User, Post, and Comment with their relationships (User has many Posts, Post has many Comments). Implement queries for listing posts with pagination (cursor-based), fetching a single post with nested comments, and searching posts by title. Add mutations for creating, updating, and deleting posts with input validation. Include a DataLoader implementation to solve the N+1 query problem on nested fields.
#13Backend
OAuth2 Social Login Integration
Implement OAuth2 social login supporting Google and GitHub providers. Create the full authorization code flow: redirect to provider, handle callback with code exchange, fetch user profile, and create or link local account. Store provider tokens securely, handle account linking when a user signs in with a different provider but the same email, and implement token refresh for expired provider tokens. Include CSRF protection using the state parameter and PKCE for public clients.
#14Backend
API Rate Limiter Middleware
Build a flexible API rate limiting middleware with multiple strategies: fixed window (100 requests per minute), sliding window log (more accurate tracking), and token bucket (burst-friendly). Store rate limit state in Redis for distributed environments. Return standard rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) on every response. Support different limits per route and per user tier (free: 60/min, pro: 600/min). Include IP-based fallback for unauthenticated requests and a bypass mechanism for health check endpoints.