Backend / API
Versioned Express REST API (`/api/v1`) for posts, nested comments, likes, and bookmarks on MongoDB. Users register and verify email via OTP email (Nodemailer); JWT protects mutations, with an extra database-backed verified-email check for write operations. List endpoints support query pagination (`page`), and auth-sensitive routes use express-rate-limit. Vitest and Supertest cover HTTP behavior against MongoDB when available.
API surface
Core Post Backend — blog & engagement API
/JSON hello / basic liveness response.
/api/v1/auth/registerCreate account (rate-limited).
/api/v1/auth/loginAuthenticate and obtain JWT (rate-limited).
/api/v1/auth/logoutLogout for authenticated user.
/api/v1/auth/verify-accountConfirm email with verification code (rate-limited).
/api/v1/postsPaginated list of posts (`page` query).
/api/v1/posts/:_idSingle post; optional JWT enriches liked/bookmarked-by-me flags.
/api/v1/posts/createCreate post (authenticated + verified).
/api/v1/posts/:postId/commentsPaginated comments for a post.
/api/v1/posts/:postId/likeLike a post (authenticated + verified).
/api/v1/posts/:postId/likes/countPublic like count for a post.
/api/v1/users/meUpdate current user profile (authenticated).
/api/v1/users/me/bookmarksPaginated saved posts for current user.
/api/v1/users/:idUser profile with posts.
`createApp()` in src/app.ts mounts versioned routers under `/api/v1` and applies helmet, compression, CORS, cookie-parser, json/urlencoded parsers.
Routers in src/routers/* delegate to controllers in src/controllers/*.
Controllers call services in src/services/*; Joi validation is centralized in src/utils/validator.ts.
Mongoose models in src/models/* persist to MongoDB; index.ts connects via MONGODB_URI then listens.
Cross-cutting: asyncHandler, AppError + errorHandler, isAuthenticated / optionalAuthenticated / isVerified, and rate limiters on auth routes.
No OpenAPI/Swagger spec or `.github/workflows` in repo; tests use Vitest + Supertest in src/app.test.ts.