Forem: shourya sharma The latest articles on Forem by shourya sharma (@shouryasharma33). https://forem.com/shouryasharma33 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3673010%2F5f1244cb-c111-4c7b-9b2d-8774321ee7e0.jpeg Forem: shourya sharma https://forem.com/shouryasharma33 en Simple Backend Development using Express.js and Node.js with a simple practical project shourya sharma Sun, 21 Dec 2025 20:30:02 +0000 https://forem.com/shouryasharma33/simple-backend-development-using-expressjs-and-nodejs-with-a-simple-practical-project-3jn6 https://forem.com/shouryasharma33/simple-backend-development-using-expressjs-and-nodejs-with-a-simple-practical-project-3jn6 <h1> Simple Node.js Backend Development </h1> <p>Hello everyone. I have seen a lot of people having issues getting into backend development because backend development is really vast and a little granular. There are many small bits of knowledge you need to learn almost throughout your entire career. Backend development is obviously very broad.</p> <p>It also involves a lot of theoretical concepts. However, this blog will break you out of that loop and bring you to a practical project that you will build and see for yourself what backend development is actually about. There are a bunch of theoretical concepts which many practical blogs skip, but I will cover them because I do not want to make this just about building a backend. It is about how it feels to be a backend developer, giving a bigger picture, and also adding many of my personal discoveries and perspectives into this.</p> <h2> Theoretical Concepts </h2> <p>Backend development is a process of making something. You are not memorizing something, you are engineering something. Building requires breaking.</p> <p>This is important. A lot of people think it is memorizing syntax or a method, but a language is only a way to build things.</p> <p>Whatever I am telling you, look at it as millions of people building their own stuff, sharing, engaging, and experimenting until they achieve their desired results. Whatever you are learning is meant to help you write better practical code. Whatever is required in the industry is simply what is best and most efficient in the modern ecosystem.</p> <p>When we say technology changes, it means a gradual change toward better practices and wider availability to modern people.</p> <p>That is why technology itself exists on a spectrum. Some people say PHP is dead, but the reason it is still alive and innovations are still made in PHP is because applications like Facebook are built on it. Rewriting such massive codebases in a different language is practically impossible. As a web developer, you need to know what is currently the best technology for you to learn to get a better job. When you learn, you are adding to pre existing knowledge and established practices.</p> <p>Now enough with this discussion. Let us move to theory. A little theory might seem unrelated, but it is very helpful and practical.</p> <h3> Small Concepts </h3> <h4> API </h4> <p>API stands for Application Programming Interface.</p> <p>It is a set of rules and methods that allows different software applications to communicate and interact with each other.</p> <h4> Ports </h4> <p>A port is basically where we interact with our API.</p> <h4> Server </h4> <p>A server is something that serves a service. For example, if we have a calculator app, we can say that it provides a service of calculating.</p> <h4> Database </h4> <p>People often confuse servers with databases. I have seen people say things like all your data is stored in 'Facebook servers', but your data is stored in a database, and a server is responsible for serving that data in whatever way you request it.</p> <h4> Frontend </h4> <p>Frontend is basically how you interact with your app. It is always separate from the backend.</p> <h4> CORS </h4> <p>CORS stands for Cross Origin Resource Sharing. It allows your backend and frontend to communicate with each other. The data shared between them is usually in JSON format.</p> <h4> JSON </h4> <p>JSON is a data format used to store and share data.</p> <p><strong>Example</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"userId"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nl">"username"</span><span class="p">:</span><span class="w"> </span><span class="s2">"john_doe"</span><span class="p">,</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"john@example.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"isActive"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Framework </h3> <p>A framework is a structured set of tools, conventions, and abstractions that helps you build software faster and in a more organized way.</p> <p>In backend development, a framework takes care of many low-level details for you, such as (You will familiarise with all this later):</p> <ul> <li>Handling incoming HTTP requests</li> <li>Routing requests to the correct logic</li> <li>Managing middleware</li> <li>Providing a consistent project structure</li> </ul> <p>Instead of writing everything from scratch using only a programming language or requiring wizardary of computer networking and CS fundamentals, a framework gives you a foundation to build on. You focus more on <strong>what your application should do</strong>, rather than <strong>how the underlying plumbing works</strong>.</p> <p>A framework also enforces certain patterns. This is important because when multiple developers work on the same codebase, having a common structure makes the code easier to read, maintain, and scale.</p> <h3> Node.js? </h3> <p>Node.js is a runtime environment that allows you to run JavaScript outside the browser.</p> <p>Originally, JavaScript was only meant to run in browsers. It was used to handle small interactions like button clicks, form validation, and simple UI logic. The browser was responsible for executing JavaScript code.</p> <p>Node.js changed this by taking Google’s V8 JavaScript engine (the same engine used by Chrome) and making it available on the server. This means JavaScript can now be used to write backend code.</p> <p>With Node.js, JavaScript can:</p> <ul> <li>Create servers</li> <li>Handle HTTP requests</li> <li>Read and write files</li> <li>Communicate with databases</li> <li>Build APIs</li> </ul> <p>In simple terms, Node.js makes JavaScript a backend language.<br> I remember making a tweet where I pointed this exact thing out<br> that JavaScript wasn't really meant to be a backend development language, but slowly infrastructure evolved and we got typescript and faster frameworks and faster runtime environments like <code>bun</code> and thats how it became what it is today</p> <h4> Why Node.js exists </h4> <p>Before Node.js, backend development was usually done using languages like Java, PHP, Python, or C#. Frontend and backend were written in different languages.</p> <p>Node.js allows developers to use <strong>one language (JavaScript)</strong> for both frontend and backend. This reduces context switching and makes development faster, especially for small teams and startups.</p> <p>Another important reason Node.js exists is performance.</p> <p>Node.js uses an <strong>event-driven, non-blocking I/O model</strong>. This means:</p> <ul> <li>It does not wait for slow operations (like database queries or file reads) to finish</li> <li>It can handle many requests at the same time using a single thread</li> </ul> <p>This makes Node.js very efficient for applications that deal with many concurrent users, such as APIs, chat apps, and real-time systems.</p> <h4> Node.js is not a framework </h4> <p>This is a very important distinction.</p> <p>Node.js is <strong>not</strong> a framework.<br><br> It does not give you routing, middleware, or project structure.</p> <p>Node.js only provides:</p> <ul> <li>Core modules (http, fs, path, etc.)</li> <li>Low-level APIs for networking and system access</li> </ul> <p>Node.js is the foundation.<br><br> Express is a layer built on top of that foundation.</p> <h4> How Node.js fits in backend development </h4> <p>You can think of the backend stack like this:</p> <ul> <li> <strong>JavaScript</strong> → the language </li> <li> <strong>Node.js</strong> → the runtime environment </li> <li> <strong>Express</strong> → the framework </li> <li> <strong>Database</strong> → where data is stored </li> </ul> <p>Each layer solves a different problem, and together they form a complete backend system.</p> <h3> Express? </h3> <p>Express is a minimal and flexible backend framework built on top of Node.js.</p> <p>Node.js by itself only provides low-level APIs for handling HTTP requests and responses. While this is powerful, writing a real-world backend using only Node.js quickly becomes repetitive and hard to manage.</p> <p>Express simplifies this by providing:</p> <ul> <li>A clean and simple routing system</li> <li>Middleware support for handling logic between request and response</li> <li>Easy integration with databases, authentication, and other libraries</li> <li>A lightweight core that does not force heavy abstractions</li> </ul> <p>Express does not hide Node.js from you. Instead, it sits on top of it and makes common backend tasks easier and more readable.</p> <p>Because of this, Express is often the first framework developers learn when getting into backend development with Node.js. It gives you enough structure to build real applications while still letting you understand what is happening under the hood.</p> <p>Express is not opinionated. This means it does not force you into a strict project structure. You are free to design your backend in a way that makes sense for your application.</p> <h3> Environment Variables (<code>.env</code>) </h3> <p>When building backend applications, you often need to store <strong>sensitive data</strong> or <strong>configuration</strong> outside your code.<br><br> Examples include:</p> <ul> <li> Database connection URLs</li> <li> API keys</li> <li> Secret keys for authentication</li> <li> Port numbers</li> </ul> <p>Instead of hardcoding these values in your code, which can get exposed (DISASTROUS SERIOUSLY), we use <strong>environment variables</strong> stored in a <code>.env</code> file.</p> <h4> Example <code>.env</code> file: </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>PORT=3000 DB_URL=mongodb://localhost:27017/chatapp JWT_SECRET=mysecretkey CLOUDINARY_URL=your_cloudinary_url_here </code></pre> </div> <p>Where do we get these variables from? Simply from the website, after logging in, say u want to use Cloudinary, simply go on their app and get yourself the URL, if its confusing, the setup process is usually always in the documentations</p> <h4> Using <code>.env</code> in Node.js </h4> <p>To access these variables in your application, we use the <code>dotenv</code> package.</p> <ol> <li> Install dotenv: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>dotenv </code></pre> </div> <ol> <li> Load the environment variables at the <strong>top of your <code>index.js</code></strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">dotenv</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">dotenv</span><span class="dl">"</span><span class="p">;</span> <span class="nx">dotenv</span><span class="p">.</span><span class="nf">config</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">PORT</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PORT</span> <span class="o">||</span> <span class="mi">3000</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">DB_URL</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DB_URL</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">JWT_SECRET</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Server running on port:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">PORT</span><span class="p">);</span> </code></pre> </div> <h4> Why use <code>.env</code>? </h4> <ul> <li> Keeps sensitive data out of your code</li> <li> Makes it easy to change configuration without modifying code</li> <li> Allows different settings for development, testing, and production</li> </ul> <blockquote> <p>Never commit your <code>.env</code> file to version control (like Git). Add it to <code>.gitignore</code>:<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># .gitignore .env </code></pre> </div> <p>we will talk about this <code>.gitignore</code> file soon in this chapter</p> <h3> SOLID principles </h3> <blockquote> <p>No Need to go too deep into SOLID PRINCIPLES right now, I just wanted to give you a sneak peak into this, whatever written in this chapter is sufficient as far as this project is concerned.</p> </blockquote> <p>SOLID principles consist of five principles. It is a very detailed topic with a lot of what we call design patterns, but we do not need them right now. We will only take a small look.</p> <p>SOLID principles ensure that our code follows best practices and is written in a clean and maintainable way.</p> <h4> SOLID Design Principles </h4> <p><strong>S. Single Responsibility Principle</strong><br><br> A class should have one and only one reason to change, meaning it should have only one job.</p> <p><strong>O. Open Closed Principle</strong><br><br> Software entities should be open for extension but closed for modification.</p> <p><strong>L. Liskov Substitution Principle</strong><br><br> Subclasses should be replaceable for their base classes without breaking behavior.</p> <p><strong>I. Interface Segregation Principle</strong><br><br> Clients should not be forced to depend on interfaces they do not use.</p> <p><strong>D. Dependency Inversion Principle</strong><br><br> Depend on abstractions, not on concrete implementations.</p> <p>This might seem like a lot right now, but just remember that these principles exist. They are rules you should follow to write good code.</p> <p>For this fairly simple project, we will mainly use the Single Responsibility Principle and the Open Closed Principle.</p> <p>The others are also practical but a bit less visible in small projects. What these principles basically mean is that our code should be scalable. We should not need to change old code just to add a new feature. We should not have to trace back previous features and read old parts of the codebase every time we want to add something new.</p> <p>If we want to scale a business, we cannot afford to constantly touch old code instead of adding new features.</p> <p>One class having one responsibility can be confusing in this project because we will not strictly use object oriented or struct based programming like in Rust. I personally see this principle as analogous to folders in JavaScript, where one folder exists for one and only one purpose.</p> <p>You can study these design patterns later. It is not like you need to master them before building this project. They are just an overview of why we will write code in a certain way.</p> <h2> Understanding the Building Process of an API </h2> <p>In this section, we will understand the essential concepts behind how an API works.</p> <p>We will cover:</p> <ul> <li>Different types of functions</li> <li>Different types of APIs</li> <li>REST APIs</li> <li>Request–response cycle and status codes</li> </ul> <h3> The two primary building blocks of an application </h3> <p>At its core, every application is built using two things:</p> <ul> <li><strong>Data</strong></li> <li><strong>Functions</strong></li> </ul> <p>Data is information that exists and is usually stored in a structured format like JSON.<br><br> Functions (or methods, if you think in terms of object-oriented programming) are pieces of code that operate on this data.</p> <h3> How an API works </h3> <p>Let’s look at the basic workflow of an API:</p> <ol> <li>We set up an application </li> <li>We run it on a specific <strong>port</strong> </li> <li>A client sends a <strong>request</strong> to that port (the request contains a packet of data) </li> <li>The server receives the request and runs the appropriate code for that specific request </li> <li>The server sends back a <strong>response</strong> along with a <strong>status code</strong> </li> </ol> <p>This request–response cycle is the foundation of backend development.</p> <h3> Understanding status codes </h3> <p>A status code is simply a number attached to the response that tells the client what happened to the request.</p> <p>It might sound complicated, but a status code is just a label that describes the outcome of the request.<br><br> It is the developer’s responsibility to choose the correct status code.</p> <p>For example:</p> <ul> <li>If a user tries to access an admin-only route without proper authorization</li> <li>Or sends a request that requires authentication without being logged in</li> </ul> <p>The server can respond with an appropriate status code.</p> <h3> Common HTTP Status Codes </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Status Code</th> <th>Meaning</th> <th>When it is used</th> </tr> </thead> <tbody> <tr> <td>200</td> <td>OK</td> <td>Request was successful</td> </tr> <tr> <td>201</td> <td>Created</td> <td>A resource was successfully created</td> </tr> <tr> <td>400</td> <td>Bad Request</td> <td>Invalid or malformed request data</td> </tr> <tr> <td>401</td> <td>Unauthorized</td> <td>User is not authenticated</td> </tr> <tr> <td>403</td> <td>Forbidden</td> <td>User is authenticated but not allowed</td> </tr> <tr> <td>404</td> <td>Not Found</td> <td>Requested resource does not exist</td> </tr> <tr> <td>500</td> <td>Internal Server Error</td> <td>Something went wrong on the server</td> </tr> </tbody> </table></div> <p>This is the basic API workflow.<br> As we start writing actual code, these concepts will become much clearer and more intuitive.</p> <h3> What is a REST API? </h3> <p>REST stands for <strong>Representational State Transfer</strong>.</p> <p>A REST API is a way of designing APIs where:</p> <ul> <li>Each URL represents a resource</li> <li>The action you want to perform is defined by the HTTP method</li> <li>Data is usually sent and received in JSON format</li> </ul> <p>You can think of a REST API as a set of rules for how clients and servers should communicate.</p> <p>For example:</p> <ul> <li> <code>/users</code> represents users</li> <li> <code>/messages</code> represents messages</li> </ul> <p>Instead of creating different URLs for every action, REST uses <strong>HTTP methods</strong> to decide what should happen.</p> <p>This makes APIs predictable, scalable, and easy to understand.</p> <h3> HTTP Methods </h3> <p>HTTP methods define <strong>what action you want to perform</strong> on a resource.</p> <p>The most commonly used methods are:</p> <ul> <li> <strong>GET</strong> → Fetch data </li> <li> <strong>POST</strong> → Create new data </li> <li> <strong>PUT</strong> → Update existing data </li> <li> <strong>DELETE</strong> → Remove data </li> </ul> <p>For example:</p> <ul> <li> <code>GET /messages</code> → get all messages </li> <li> <code>POST /messages</code> → create a new message </li> <li> <code>PUT /messages/:id</code> → update a message </li> <li> <code>DELETE /messages/:id</code> → delete a message </li> </ul> <p>This separation of <strong>resource</strong> and <strong>action</strong> is what makes REST APIs clean and structured.</p> <h3> Writing your first API endpoint in Express </h3> <p>Now let’s write a very simple API endpoint.</p> <p>Inside <code>src/index.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">express</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">PORT</span> <span class="o">=</span> <span class="mi">3000</span><span class="p">;</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Server is running</span><span class="dl">"</span> <span class="p">});</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">PORT</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Server running on port </span><span class="p">${</span><span class="nx">PORT</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>What is happening here:</p> <ul> <li> We create an Express app</li> <li> We define a route using <code>GET</code> </li> <li> When a request hits <code>/</code>, the server sends a JSON response</li> <li> The server listens on a specific port</li> </ul> <h4> Testing your API (using Postman or the browser) </h4> <p>Now that the server is running, we need a way to <strong>test</strong> it.</p> <p>When we say “hitting a URL”, what we really mean is <strong>sending an HTTP request</strong> to our server.</p> <p>Since our server is listening on port <code>3000</code>, the full URL becomes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>http://localhost:3000/ </code></pre> </div> <h5> Testing using a browser </h5> <p>The simplest way to test this endpoint is by opening a browser and visiting the URL above.</p> <p>When you do this:</p> <ul> <li> The browser sends a <strong>GET request</strong> to <code>/</code> </li> <li> The server receives the request</li> <li> The server responds with JSON</li> </ul> <p>You should see something like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Server is running"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>This confirms that:</p> <ul> <li> Your server is running</li> <li> Your route is working</li> <li> Your request–response cycle is functioning correctly</li> </ul> <h5> Testing using Postman </h5> <p>While the browser works for simple GET requests, real backend development requires better tools. This is where <strong>Postman</strong> comes in.</p> <p>Postman is a tool that allows you to:</p> <ul> <li> Send different types of HTTP requests (GET, POST, PUT, DELETE)</li> <li> Add headers, body, and authentication</li> <li> Inspect responses and status codes</li> </ul> <p>To test this endpoint in Postman:</p> <ol> <li> Open Postman</li> <li> Select <strong>GET</strong> as the request type</li> <li> Enter the URL <code>http://localhost:3000/</code> </li> <li> Click <strong>Send</strong> </li> </ol> <p>You should see:</p> <ul> <li> Status code: <code>200 OK</code> </li> <li> Response body containing the JSON message</li> </ul> <p>This is exactly what frontend applications do behind the scenes.<br><br> The only difference is that Postman lets you see and control everything manually.</p> <p>As we build more endpoints, Postman will become one of your most important tools for testing and debugging your backend.</p> <h3> Connecting routes to controllers </h3> <p>As your application grows, writing all logic inside <code>index.js</code> becomes messy and hard to maintain.</p> <p>To follow good practices (and the SOLID principles discussed earlier), we separate concerns.</p> <p>A common pattern is:</p> <ul> <li> <strong>Routes</strong> → define endpoints</li> <li> <strong>Controllers</strong> → contain business logic</li> </ul> <p>Example folder structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>src/ ├── controllers/ │ └── user.controller.js ├── routes/ │ └── user.routes.js ├── index.js </code></pre> </div> <p><strong>Route file (<code>user.routes.js</code>)</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">express</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getUsers</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../controllers/user.controller.js</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">router</span> <span class="o">=</span> <span class="nx">express</span><span class="p">.</span><span class="nc">Router</span><span class="p">();</span> <span class="nx">router</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">,</span> <span class="nx">getUsers</span><span class="p">);</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">router</span><span class="p">;</span> </code></pre> </div> <p><strong>Controller file (<code>user.controller.js</code>)</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">getUsers</span> <span class="o">=</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">users</span><span class="p">:</span> <span class="p">[]</span> <span class="p">});</span> <span class="p">};</span> </code></pre> </div> <p><strong>Connecting routes in <code>index.js</code></strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">userRoutes</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./routes/user.routes.js</span><span class="dl">"</span><span class="p">;</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="dl">"</span><span class="s2">/users</span><span class="dl">"</span><span class="p">,</span> <span class="nx">userRoutes</span><span class="p">);</span> </code></pre> </div> <p>Now:</p> <ul> <li> <code>/users</code> is handled by the route file</li> <li> The route calls a controller function</li> <li> The controller sends the response</li> </ul> <p>This structure makes your application:</p> <ul> <li> Easier to read</li> <li> Easier to scale</li> <li> Easier to debug</li> </ul> <p>As we continue building the project, this separation will become very natural.</p> <h3> Middleware </h3> <p>Middleware is one of the most important concepts in backend development.</p> <p>A middleware is a function that runs <strong>between the request and the response</strong>.</p> <p>Think of middleware as a checkpoint.</p> <p>When a request comes in:</p> <ol> <li>The request hits the server</li> <li>Middleware runs</li> <li>The request reaches the route handler</li> <li>A response is sent back</li> </ol> <p>Middleware can:</p> <ul> <li>Modify the request</li> <li>Stop the request</li> <li>Pass the request forward</li> </ul> <p>Example middleware:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">((</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Request received</span><span class="dl">"</span><span class="p">);</span> <span class="nf">next</span><span class="p">();</span> <span class="p">});</span> </code></pre> </div> <p>If <code>next()</code> is not called, the request will never reach the route.</p> <p>Common uses of middleware:</p> <ul> <li> Authentication</li> <li> Logging</li> <li> Parsing JSON</li> <li> Error handling</li> </ul> <h3> Authentication Flow </h3> <p>Authentication is the process of verifying <strong>who a user is</strong>.</p> <p>A typical authentication flow looks like this:</p> <ol> <li> User sends login credentials (email, password)</li> <li> Server verifies the credentials</li> <li> Server generates a token</li> <li> Token is sent back to the client</li> <li> Client sends the token with future requests</li> <li> Server verifies the token before allowing access</li> </ol> <p>This allows the server to know <strong>who is making the request</strong> without asking for credentials every time.</p> <p>Authentication logic is usually implemented using middleware.</p> <h3> Passing Parameters and Query Strings </h3> <p>When building APIs, you often need to send <strong>extra information</strong> along with a request.<br><br> Express supports two main ways to do this:</p> <ol> <li> <strong>Route Parameters (Params)</strong> </li> <li> <strong>Query Parameters (Query Strings)</strong> </li> </ol> <p>Both are used for different purposes, and understanding the difference is very important.</p> <h3> Route Parameters (Params) </h3> <p>Route parameters are <strong>part of the URL path itself</strong>.<br> They are commonly used to identify a <strong>specific resource</strong>, such as a user, message, or post.<br> Example route:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GET /users/:id </code></pre> </div> <p>Here, <code>:id</code> is a <strong>route parameter</strong>.</p> <h4> Defining a route with params </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">/users/:id</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">userId</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="nx">userId</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h4> Example request </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GET /users/42 </code></pre> </div> <h4> What happens </h4> <ul> <li> <code>42</code> gets captured by <code>:id</code> </li> <li> You access it using <code>req.params.id</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">req</span><span class="p">.</span><span class="nx">params</span> <span class="c1">// { id: "42" }</span> </code></pre> </div> <p>Examples:</p> <ul> <li> <code>GET /messages/10</code> </li> <li> <code>DELETE /users/5</code> </li> <li> <code>PUT /posts/99</code> </li> </ul> <h3> Query Parameters (Query Strings) </h3> <p>Query parameters are <strong>optional key–value pairs</strong> added <strong>after <code>?</code></strong> in the URL.<br> They are usually used for:</p> <ul> <li> Filtering</li> <li> Searching</li> <li> Pagination</li> <li> Sorting</li> </ul> <p>Example URL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GET /messages?limit=10&amp;page=2 </code></pre> </div> <h4> Accessing query parameters </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">/messages</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">limit</span><span class="p">,</span> <span class="nx">page</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">query</span><span class="p">;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="nx">limit</span><span class="p">,</span> <span class="nx">page</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h4> What Express receives </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">req</span><span class="p">.</span><span class="nx">query</span> <span class="c1">// { limit: "10", page: "2" }</span> </code></pre> </div> <p>Query values are always strings by default.</p> <h3> JWT (JSON Web Token) — Explained Intuitively </h3> <p>JWT stands for <strong>JSON Web Token</strong>.<br> A JWT is a string that represents a user’s identity.<br> You can think of it like a <strong>digital ID card</strong>.<br> Once the user logs in:</p> <ul> <li> The server creates a token</li> <li> The token contains encoded information (like user ID)</li> <li> The token is signed so it cannot be tampered with</li> </ul> <p>On future requests:</p> <ul> <li> The client sends the token</li> <li> The server verifies it</li> <li> If valid, the request is allowed</li> </ul> <p>The server does <strong>not</strong> store session data.<br><br> Everything needed is inside the token itself.</p> <p>This makes JWT-based authentication:</p> <ul> <li> Stateless</li> <li> Scalable</li> <li> Fast</li> </ul> <h3> Database Models with Mongoose </h3> <p>A database stores your application’s data.</p> <p>Since we are using MongoDB, we use <strong>Mongoose</strong> to interact with the database.</p> <p><strong>MongoDB</strong> : MongoDB is a noSQL (not only SQL) Database that stores data in form of document that are of json format<br> <strong>Schema</strong> : The format of the data to be stored</p> <p>Mongoose allows us to:</p> <ul> <li> Define the shape of our data</li> <li> Enforce rules and validations</li> <li> Interact with the database using JavaScript</li> </ul> <p>A <strong>model</strong> represents a collection in the database.</p> <p>Example user model:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">mongoose</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">mongoose</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">userSchema</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nc">Schema</span><span class="p">({</span> <span class="na">username</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">required</span><span class="p">:</span> <span class="kc">true</span> <span class="p">},</span> <span class="na">email</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">required</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">unique</span><span class="p">:</span> <span class="kc">true</span> <span class="p">},</span> <span class="na">password</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">required</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">});</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">User</span> <span class="o">=</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">model</span><span class="p">(</span><span class="dl">"</span><span class="s2">User</span><span class="dl">"</span><span class="p">,</span> <span class="nx">userSchema</span><span class="p">);</span> </code></pre> </div> <p>This model defines:</p> <ul> <li> What fields a user has</li> <li> What type of data is allowed</li> <li> What rules must be followed</li> </ul> <p>Models are used inside controllers to:</p> <ul> <li> Create data</li> <li> Read data</li> <li> Update data</li> <li> Delete data</li> </ul> <p>This is how your API connects logic to persistent storage.</p> <h2> Setup Process </h2> <h3> Initializing a project </h3> <p>To start a new Node.js project, open your terminal in an empty folder and run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm init <span class="nt">-y</span> </code></pre> </div> <p>This command initializes a new Node.js project.<br> After running it, a file called <code>package.json</code> will appear in your project directory.</p> <h3> What is <code>package.json</code>? </h3> <p>I like to think of <code>package.json</code> as the <strong>ingredient list</strong> for your project.</p> <p>It contains all the information required for your application to run.<br><br> If this file does not exist, your Node.js application cannot properly run or manage its dependencies.</p> <p><code>package.json</code> stores:</p> <ul> <li> Project information</li> <li> Scripts to run your application</li> <li> Dependencies your project relies on</li> </ul> <h3> Example <code>package.json</code> </h3> <p>Below is a dummy <code>package.json</code> file with some example dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"simple-node-backend"</span><span class="p">,</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.0.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"A simple backend project using Node.js and Express"</span><span class="p">,</span><span class="w"> </span><span class="nl">"main"</span><span class="p">:</span><span class="w"> </span><span class="s2">"index.js"</span><span class="p">,</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"start"</span><span class="p">:</span><span class="w"> </span><span class="s2">"node index.js"</span><span class="p">,</span><span class="w"> </span><span class="nl">"dev"</span><span class="p">:</span><span class="w"> </span><span class="s2">"nodemon index.js"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"author"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Your Name"</span><span class="p">,</span><span class="w"> </span><span class="nl">"license"</span><span class="p">:</span><span class="w"> </span><span class="s2">"MIT"</span><span class="p">,</span><span class="w"> </span><span class="nl">"dependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"express"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^4.19.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"cors"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^2.8.5"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"devDependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"nodemon"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^3.0.0"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Understanding <code>package.json</code> </h3> <p>There are a few important things to understand here.</p> <h4> 1. Metadata </h4> <p>Metadata includes information about your project such as:</p> <ul> <li> Project name</li> <li> Version</li> <li> Description</li> <li> Author</li> <li> License</li> <li> Entry file (<code>main</code>)</li> </ul> <p>This information helps tools, developers, and deployment platforms understand your project.</p> <h4> 1.1 Scripts </h4> <p>Scripts are shortcuts for running commands.</p> <p>Earlier, you ran <code>npm init</code>, which is a command.<br><br> In real projects, some commands can become long and repetitive.</p> <p>Instead of typing the full command every time, you can define it once in the <code>scripts</code> section and give it a name.</p> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"start"</span><span class="p">:</span><span class="w"> </span><span class="s2">"node index.js"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Now, instead of writing the full command, you can simply run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run start </code></pre> </div> <p>This makes working with your project much easier and cleaner.</p> <h4> 2. Dependencies </h4> <p>Dependencies are external code that your project depends on.</p> <p>At the very beginning, your project only has a <code>package.json</code> file. You can already write and run JavaScript code at this point.</p> <p>However, when building real applications, a lot of functionality is repetitive across projects.</p> <p>For example:</p> <ul> <li> Authentication</li> <li> Input validation</li> <li> Security headers</li> <li> Request handling</li> </ul> <p>These problems have already been solved by other developers.<br> Does that mean you need to learn cybersecurity from scratch just to add authentication?<br><br> No.<br> Instead, developers share reusable code as <strong>packages</strong>.<br> This is where <strong>npm</strong> comes in.</p> <h3> What is npm? </h3> <p>npm stands for <strong>Node Package Manager</strong>.</p> <p>It is a registry and a tool where developers publish packages that other developers can reuse. These packages are available on the npm website and can be installed into your project.</p> <p>When you install a package, it gets added to your <code>dependencies</code>, and your project can now use that code.</p> <h3> Installing packages with npm </h3> <p>We can very easily install a dependency package and bring it into our local project.</p> <p>Each package has an official page on the npm website where you can:</p> <ul> <li>Read documentation</li> <li>See usage examples</li> <li>Find the installation command</li> </ul> <p>For example, to install <strong>Express</strong>, you run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>express </code></pre> </div> <p>After running this command:</p> <ul> <li> The package is downloaded to your local machine</li> <li> It is placed inside a folder called <code>node_modules</code> </li> <li> The package name is added to <code>package.json</code> under <code>dependencies</code> </li> </ul> <p>This means your project now depends on Express.</p> <h3> What is <code>node_modules</code>? </h3> <p><code>node_modules</code> is a folder that contains all the installed dependencies for your project.</p> <p>It includes:</p> <ul> <li> The packages you directly installed</li> <li> The dependencies of those packages</li> <li> The dependencies of those dependencies, and so on This folder can become very large because modern applications rely on many small packages. You should <strong>never manually edit</strong> anything inside <code>node_modules</code>.</li> </ul> <h3> What if <code>node_modules</code> is deleted? </h3> <p>Deleting <code>node_modules</code> is completely safe.<br> In fact, many developers delete it intentionally to:</p> <ul> <li> Fix dependency issues</li> <li> Reduce project size</li> <li> Reset the project environment</li> </ul> <p>If <code>node_modules</code> is deleted, your project will not run because the dependencies are missing.<br> To restore it, simply run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> </code></pre> </div> <p>npm will read the <code>package.json</code> file and reinstall <strong>all required dependencies</strong> automatically.<br> This is why <code>package.json</code> is so important.</p> <h3> How dependencies are added </h3> <p>There are two common ways to add dependencies to a project.</p> <h4> 1. Installing directly using npm </h4> <p>You can install a package by running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>express </code></pre> </div> <p>npm will automatically:</p> <ul> <li> Download the package</li> <li> Add it to <code>node_modules</code> </li> <li> Update <code>package.json</code> with the dependency This is the most common and recommended approach. #### 2. Adding the dependency manually You can also manually add a dependency name to <code>package.json</code>, like this: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="nl">"dependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"express"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^4.19.0"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>After doing this, you must run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> </code></pre> </div> <p>npm will read the updated <code>package.json</code> and install the missing dependencies into <code>node_modules</code>.<br> Both approaches achieve the same result.</p> <h2> Socket IO </h2> <p>Socket IO is a library that enables <strong>real-time, bidirectional communication</strong> between the server and clients (like web browsers).</p> <p>Unlike traditional HTTP requests where the client asks and the server responds once, Socket IO creates a <strong>persistent connection</strong> that stays open. This allows the server to push updates to clients instantly without waiting for requests.</p> <h4> Why Socket IO Exists </h4> <p>HTTP is request-response based—great for fetching data, but terrible for real-time features. Imagine a chat app: constantly polling "any new messages?" wastes resources and feels laggy.</p> <p>Socket IO solves this with <strong>WebSockets</strong> (the technology behind persistent connections) plus smart fallbacks. The server can send messages to specific clients, rooms, or everyone instantly.</p> <p>Common use cases:</p> <ul> <li>Chat applications</li> <li>Live notifications</li> <li>Collaborative editing (Google Docs)</li> <li>Gaming</li> <li>Live dashboards</li> </ul> <h4> Socket IO vs HTTP </h4> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>HTTP (Express)</th> <th>Socket IO</th> </tr> </thead> <tbody> <tr> <td>Connection</td> <td>Short-lived (request → response)</td> <td>Persistent (always connected)</td> </tr> <tr> <td>Direction</td> <td>Client → Server → Client</td> <td>Both directions, anytime</td> </tr> <tr> <td>Real-time</td> <td>No (polling needed)</td> <td>Yes (instant)</td> </tr> <tr> <td>Use case</td> <td>Fetch data, forms</td> <td>Live updates, chat</td> </tr> </tbody> </table></div> <p>Socket IO <strong>sits on top of Express</strong>—you still use HTTP for login/register, but Socket IO handles live messaging.</p> <h4> How Socket IO Works </h4> <ol> <li> <strong>Client connects</strong> to server (handshake)</li> <li> <strong>Persistent connection</strong> established</li> <li> <strong>Client emits</strong> events → server receives instantly</li> <li> <strong>Server emits</strong> events → client receives instantly</li> <li>Connection stays alive until closed</li> </ol> <p>Think of it like a <strong>phone call</strong> vs <strong>texting</strong>:</p> <ul> <li>HTTP = Send text, wait for reply</li> <li>Socket IO = Phone call, talk anytime</li> </ul> <h4> Core Concepts </h4> <p><strong>Events</strong>: Socket IO uses named events like radio stations. Anyone "tuned" to that event receives messages.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Client sends "join_room"</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">emit</span><span class="p">(</span><span class="dl">"</span><span class="s2">join_room</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">room</span><span class="p">:</span> <span class="dl">"</span><span class="s2">general</span><span class="dl">"</span> <span class="p">});</span> <span class="c1">// Server receives and responds</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">join_room</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">room</span><span class="p">);</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">emit</span><span class="p">(</span><span class="dl">"</span><span class="s2">joined</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Welcome!</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p><strong>Rooms</strong>: Group clients logically (chat rooms, game lobbies).<br><br> <strong>Namespaces</strong>: Separate Socket IO servers on same port (chat vs notifications).</p> <h4> Socket IO with Express (Integration) </h4> <p>Socket IO needs an <strong>HTTP server</strong> (not just Express app). Here's the exact pattern from your <code>lib/socket.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Server</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">socket.io</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">http</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">http</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">express</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="c1">// Express app</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="nx">http</span><span class="p">.</span><span class="nf">createServer</span><span class="p">(</span><span class="nx">app</span><span class="p">);</span> <span class="c1">// HTTP server wrapping Express</span> <span class="kd">const</span> <span class="nx">io</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Server</span><span class="p">(</span><span class="nx">server</span><span class="p">,</span> <span class="p">{</span> <span class="c1">// Socket IO attaches to HTTP server</span> <span class="na">cors</span><span class="p">:</span> <span class="p">{</span> <span class="na">origin</span><span class="p">:</span> <span class="dl">"</span><span class="s2">http://localhost:5173</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// Your frontend</span> <span class="na">credentials</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">});</span> <span class="k">export</span> <span class="p">{</span> <span class="nx">io</span><span class="p">,</span> <span class="nx">app</span><span class="p">,</span> <span class="nx">server</span> <span class="p">};</span> <span class="c1">// Export all three!</span> </code></pre> </div> <p><strong>Why this structure?</strong></p> <ul> <li> <code>app</code> → Your Express routes/middleware</li> <li> <code>server</code> → Listens on port (not <code>app.listen()</code>)</li> <li> <code>io</code> → Socket IO instance</li> </ul> <p>In <code>index.js</code>, import and use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">app</span><span class="p">,</span> <span class="nx">server</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./lib/socket.js</span><span class="dl">"</span><span class="p">;</span> <span class="nx">server</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">PORT</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="p">...</span> <span class="p">});</span> <span class="c1">// server, not app!</span> </code></pre> </div> <h4> Client-Side Setup </h4> <p>Frontend connects automatically:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// In React/Vite (port 5173)</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">io</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">socket.io-client</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">socket</span> <span class="o">=</span> <span class="nf">io</span><span class="p">(</span><span class="dl">"</span><span class="s2">http://localhost:3000</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// Backend URL</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">message</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">New message:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="p">});</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">emit</span><span class="p">(</span><span class="dl">"</span><span class="s2">send_message</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">text</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Hello!</span><span class="dl">"</span> <span class="p">});</span> </code></pre> </div> <h4> Chat App Example (Your Project) </h4> <p>For your chat backend:</p> <ol> <li> <strong>User authenticates</strong> via HTTP → gets JWT</li> <li> <strong>Socket connects</strong> → sends JWT for verification</li> <li> <strong>Join room</strong> → <code>socket.join(user.room)</code> </li> <li> <strong>Send message</strong> → <code>io.to(room).emit("new_message", msg)</code> </li> <li> <strong>Everyone in room</strong> receives instantly </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Server-side (middleware/auth example)</span> <span class="nx">io</span><span class="p">.</span><span class="nf">use</span><span class="p">((</span><span class="nx">socket</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">socket</span><span class="p">.</span><span class="nx">handshake</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">token</span><span class="p">;</span> <span class="c1">// Verify JWT...</span> <span class="nf">next</span><span class="p">();</span> <span class="p">});</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">send_message</span><span class="dl">"</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Save to MongoDB</span> <span class="kd">const</span> <span class="nx">message</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Message</span><span class="p">({</span> <span class="na">text</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">text</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">message</span><span class="p">.</span><span class="nf">save</span><span class="p">();</span> <span class="c1">// Broadcast to room</span> <span class="nx">io</span><span class="p">.</span><span class="nf">to</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">room</span><span class="p">).</span><span class="nf">emit</span><span class="p">(</span><span class="dl">"</span><span class="s2">new_message</span><span class="dl">"</span><span class="p">,</span> <span class="nx">message</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <h4> Key Benefits for Your Chat App </h4> <ul> <li> <strong>Real-time</strong>: Messages appear instantly</li> <li> <strong>Rooms</strong>: Private/group chats</li> <li> <strong>Scalable</strong>: Works with your JWT/Mongoose setup</li> <li> <strong>Fallbacks</strong>: Works on old browsers/networks</li> <li> <strong>Typed events</strong>: Clean like Express routes</li> </ul> <p>Socket IO handles connection management, heartbeats, and reconnection automatically. You focus on <strong>chat logic</strong>.</p> <h2> Making an App </h2> <p>at this point we can do two main things:</p> <ul> <li>Initialize an application </li> <li>Install packages </li> </ul> <p>With just these two steps, we can build entire backend applications.</p> <h3> Creating the server with Express </h3> <p>We have already discussed what Express is. Since we want our application to run on a port and accept requests, we need to create a server using Express.</p> <p>First, install Express:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>express </code></pre> </div> <h3> Project structure </h3> <p>Now create the following structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>project-root/ ├── src/ │ └── index.js ├── package.json └── node_modules/ </code></pre> </div> <h3> Updating <code>package.json</code> </h3> <p>Next, update the <code>scripts</code> field in your <code>package.json</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"dev"</span><span class="p">:</span><span class="w"> </span><span class="s2">"node src/index.js"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>This ensures that when you run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run dev </code></pre> </div> <p>the <code>index.js</code> file inside the <code>src</code> folder is executed.</p> <p>Congratulations <br> You have now created the <strong>foundation of your backend application</strong>.</p> <h3> Organizing your code </h3> <p>You can technically put <strong>all your code inside <code>index.js</code></strong> and call it a day.</p> <p>But this is a <strong>bad practice</strong>.</p> <p>As discussed earlier in the <strong>SOLID principles</strong> section, code that is not organized becomes:</p> <ul> <li> Hard to scale</li> <li> Hard to maintain</li> <li> Hard to understand as the project grows</li> </ul> <p>Instead of writing everything in one file, we split our code into multiple files and folders.</p> <p>Each file or folder has:</p> <ul> <li> A single responsibility</li> <li> One type of functionality</li> </ul> <p>We will discuss this structure in detail later.<br> For now, just understand this important idea:</p> <p>Even though the code is split across many files, <strong>everything eventually connects back to <code>index.js</code></strong>.<br> <code>index.js</code> acts as the entry point of your application.<br> There are some exceptions, such as special scripts like <strong>database seeding</strong> (do not worry, we will cover what seeding is later). Apart from those cases, almost all application logic can be traced back to <code>index.js</code>.</p> <p>This approach makes development easier, cleaner, and scalable as your application grows.</p> <p>Here’s a <strong>short and clean version</strong> you can drop in without breaking the flow:</p> <h3> Using ES Modules (<code>type: "module"</code>) </h3> <p>By default, Node.js uses CommonJS (<code>require</code>). Modern JavaScript uses <strong>ES Modules</strong> (<code>import</code> / <code>export</code>).<br> To enable ES Modules, add this to your <code>package.json</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"module"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>This tells Node.js to treat all <code>.js</code> files as ES Modules.<br> Now you can write:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">express</span><span class="dl">"</span><span class="p">;</span> </code></pre> </div> <p>instead of:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">express</span><span class="dl">"</span><span class="p">);</span> </code></pre> </div> <p>Most modern Node.js projects use this approach, and we will use it throughout this project.</p> <h2> Starting Building Our Application </h2> <p>Finally, we can start working on our application.</p> <p>For this blog, our app will be a <strong>small chat application backend with authentication</strong>. We will understand a lot of concepts while building this project, so stay tuned.</p> <p>First, we will install all the required dependencies. At this stage, it is completely okay if you do not understand what every package does. Some of these might already sound familiar, and others might not. We will cover each of them later when we actually use them.</p> <h3> Installing dependencies </h3> <p>You have two options.</p> <h4> Option 1: Copy <code>package.json</code> </h4> <p>You can copy and paste the following into your <code>package.json</code> file and then run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"backend"</span><span class="p">,</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.0.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="p">,</span><span class="w"> </span><span class="nl">"main"</span><span class="p">:</span><span class="w"> </span><span class="s2">"src/index.js"</span><span class="p">,</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"dev"</span><span class="p">:</span><span class="w"> </span><span class="s2">"nodemon src/index.js"</span><span class="p">,</span><span class="w"> </span><span class="nl">"start"</span><span class="p">:</span><span class="w"> </span><span class="s2">"node src/index.js"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"keywords"</span><span class="p">:</span><span class="w"> </span><span class="p">[],</span><span class="w"> </span><span class="nl">"author"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="p">,</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"module"</span><span class="p">,</span><span class="w"> </span><span class="nl">"license"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ISC"</span><span class="p">,</span><span class="w"> </span><span class="nl">"dependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"bcryptjs"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^2.4.3"</span><span class="p">,</span><span class="w"> </span><span class="nl">"cloudinary"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^2.5.1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"cookie-parser"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^1.4.7"</span><span class="p">,</span><span class="w"> </span><span class="nl">"cors"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^2.8.5"</span><span class="p">,</span><span class="w"> </span><span class="nl">"dotenv"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^16.4.5"</span><span class="p">,</span><span class="w"> </span><span class="nl">"express"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^4.21.1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"jsonwebtoken"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^9.0.2"</span><span class="p">,</span><span class="w"> </span><span class="nl">"mongoose"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^8.8.1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"socket.io"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^4.8.1"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"devDependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"nodemon"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^3.1.7"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Bash Command</strong> :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> </code></pre> </div> <h4> Option 2: Install everything using npm </h4> <p>You can also install all dependencies directly using npm:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>express mongoose cors dotenv cookie-parser bcryptjs jsonwebtoken cloudinary socket.io npm <span class="nb">install</span> <span class="nt">-D</span> nodemon </code></pre> </div> <p>Do not worry about what each package does right now. We will understand them one by one as we build the application.</p> <h4> Dev Dependencies </h4> <p><strong>Dev dependencies</strong> are packages that are only needed during development, not in production.</p> <p>A common example is <strong>nodemon</strong>.</p> <p><code>nodemon</code> automatically restarts your server whenever you change a file. Without it, you would have to stop and restart the server manually every time you make a change.</p> <p>This makes development faster and more convenient.</p> <p>That is why <code>nodemon</code> is added under <code>devDependencies</code>.</p> <h3> Building the project </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>backend/ └── src/ ├── controllers/ ├── lib/ ├── middleware/ ├── models/ ├── routes/ ├── seeds/ └── index.js </code></pre> </div> <h3> Folder &amp; File Responsibilities </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Folder / File</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td><code>index.js</code></td> <td>Entry point; sets up middleware, routes, and server</td> </tr> <tr> <td><code>routes/</code></td> <td>Defines API endpoints and maps URLs to controllers</td> </tr> <tr> <td><code>controllers/</code></td> <td>Handles business logic and communicates with models</td> </tr> <tr> <td><code>models/</code></td> <td>Defines database schemas and handles DB operations</td> </tr> <tr> <td><code>middleware/</code></td> <td>Runs pre-controller logic like auth and validation</td> </tr> <tr> <td><code>lib/</code></td> <td>Stores shared utilities and helper functions</td> </tr> <tr> <td><code>seeds/</code></td> <td>Inserts dummy/test data; run manually for development</td> </tr> </tbody> </table></div> <h3> <code>index.js</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// =========================================</span> <span class="c1">// IMPORTS</span> <span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">express</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">dotenv</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">dotenv</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">cookieParser</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">cookie-parser</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">cors</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">cors</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">path</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">path</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">connectDB</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./lib/db.js</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">authRoutes</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./routes/auth.route.js</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">messageRoutes</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./routes/message.route.js</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">app</span><span class="p">,</span> <span class="nx">server</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./lib/socket.js</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// END - IMPORTS</span> <span class="c1">// =========================================</span> <span class="c1">// =========================================</span> <span class="c1">// CONSTANTS</span> <span class="kd">const</span> <span class="nx">PORT</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PORT</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">__dirname</span> <span class="o">=</span> <span class="nx">path</span><span class="p">.</span><span class="nf">resolve</span><span class="p">();</span> <span class="c1">// END - CONSTANTS</span> <span class="c1">// =========================================</span> <span class="c1">// main function</span> <span class="kd">function</span> <span class="nf">main</span> <span class="p">()</span> <span class="p">{</span> <span class="c1">// =========================================</span> <span class="c1">// DOTENV SETUP</span> <span class="nx">dotenv</span><span class="p">.</span><span class="nf">config</span><span class="p">();</span> <span class="c1">// ENV - DOTENV SETUP</span> <span class="c1">// =========================================</span> <span class="c1">// =========================================</span> <span class="c1">// MIDDLEWARE</span> <span class="c1">// to get json</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="c1">// END - to get json</span> <span class="c1">// to pass cookies</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cookieParser</span><span class="p">());</span> <span class="c1">// END - to pass cookie</span> <span class="c1">// to share resouces to frontend</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span> <span class="nf">cors</span><span class="p">({</span> <span class="na">origin</span><span class="p">:</span> <span class="dl">"</span><span class="s2">http://localhost:5173</span><span class="dl">"</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">})</span> <span class="p">);</span> <span class="c1">// END - to share resouces to frontend</span> <span class="c1">// ROUTES MIDDLEWARE</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="dl">"</span><span class="s2">/api/auth</span><span class="dl">"</span><span class="p">,</span> <span class="nx">authRoutes</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="dl">"</span><span class="s2">/api/messages</span><span class="dl">"</span><span class="p">,</span> <span class="nx">messageRoutes</span><span class="p">);</span> <span class="c1">// END - ROUTES MIDDLEWARE</span> <span class="c1">// END - MIDDLEWARE</span> <span class="c1">// =========================================</span> <span class="c1">// =========================================</span> <span class="k">if </span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">production</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">static</span><span class="p">(</span><span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="dl">"</span><span class="s2">../frontend/dist</span><span class="dl">"</span><span class="p">)));</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">*</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">sendFile</span><span class="p">(</span><span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="dl">"</span><span class="s2">../frontend</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">dist</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">index.html</span><span class="dl">"</span><span class="p">));</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// =========================================</span> <span class="c1">// SERVER LISTEN</span> <span class="nx">server</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">PORT</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">server is running on PORT:</span><span class="dl">"</span> <span class="o">+</span> <span class="nx">PORT</span><span class="p">);</span> <span class="nf">connectDB</span><span class="p">();</span> <span class="p">});</span> <span class="c1">// END - SERVER LISTEN</span> <span class="p">}</span> <span class="nf">main</span><span class="p">();</span> <span class="c1">// END - main function</span> </code></pre> </div> <p><strong>Core Constants and Setup</strong></p> <p><code>const PORT = process.env.PORT; const __dirname = path.resolve();</code> </p> <p>These lines define essential constants. <code>PORT</code> pulls the server port from environment variables for flexibility across environments. <code>path.resolve()</code> without arguments returns the absolute path to the current working directory (e.g., <code>C:\Users\Shourya\projects\chat-backend</code>), serving as the base path for file operations.</p> <p>The <code>main()</code> function wrapper is optional but organizes startup logic cleanly. All middleware, routes, and server initialization execute sequentially when <code>main()</code> runs.</p> <p><code>dotenv.config();</code>configures the environment variables.</p> <h4> <strong>Production Environment: Serving Frontend Static Files</strong> </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">if </span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">production</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">static</span><span class="p">(</span><span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="dl">"</span><span class="s2">../frontend/dist</span><span class="dl">"</span><span class="p">)));</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">*</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">sendFile</span><span class="p">(</span><span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="dl">"</span><span class="s2">../frontend</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">dist</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">index.html</span><span class="dl">"</span><span class="p">));</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>This block enables a single-backend deployment strategy, eliminating the need for separate frontend and backend servers in production.</p> <p><strong>How it works:</strong></p> <ol> <li> <strong>Static File Serving</strong>: <code>express.static(path.join(__dirname, "../frontend/dist"))</code> serves all files from the frontend's <code>dist</code> folder (built Vite/React output) as static assets. This handles CSS, JS bundles, images, etc. directly from the backend.</li> <li> <strong>Single Page Application (SPA) Routing</strong>: The <code>app.get("*", ...)</code> catch-all route serves <code>index.html</code> for any unmatched path. This supports client-side routing in React Router or Vite, where the frontend handles paths like <code>/chat/:id</code> without backend route conflicts.</li> </ol> <p><strong>Why only in production?</strong></p> <ul> <li> <strong>Development</strong>: <code>NODE_ENV !== "production"</code> skips this block. Vite dev server (<code>localhost:5173</code>) handles frontend separately with hot reloading.</li> <li> <strong>Production</strong>: <code>NODE_ENV === "production"</code> activates static serving for a streamlined deployment. Build your frontend (<code>npm run build</code>), place <code>dist</code> in <code>../frontend/dist</code>, and the backend serves everything from one port.</li> </ul> <p><strong>Path Resolution Example</strong>:</p> <ul> <li> Backend: <code>chat-backend/index.js</code> </li> <li> Frontend build: <code>chat-backend/../frontend/dist</code> → <code>frontend/dist</code> </li> <li> Result: Single server at <code>yourdomain.com</code> serves API (<code>/api/*</code>) and frontend.</li> </ul> <p>This creates a production-ready, unified deployment while preserving development workflow flexibility.</p> <h4> <strong>Triggering Server and Adding Routes</strong> </h4> <p>One thing you may notice is that there is <strong>no <code>app = express()</code> initialization</strong> in the main entry file. That’s because the Express app is <strong>initialized inside the socket setup file</strong> and then imported wherever it’s needed. We’ll fully understand this when we reach the socket setup section, but for now, just know that <strong><code>app</code> is being imported from the socket file</strong>, not created again.</p> <p>Here’s a quick sneak peek to give you a clear picture:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Server</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">socket.io</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">http</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">http</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">express</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="nx">http</span><span class="p">.</span><span class="nf">createServer</span><span class="p">(</span><span class="nx">app</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">io</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Server</span><span class="p">(</span><span class="nx">server</span><span class="p">,</span> <span class="p">{</span> <span class="na">cors</span><span class="p">:</span> <span class="p">{</span> <span class="na">origin</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">http://localhost:5173</span><span class="dl">"</span><span class="p">],</span> <span class="p">},</span> <span class="p">});</span> <span class="c1">// .............</span> <span class="c1">// OTHER LOGIC WE WILL SEE HERE</span> <span class="c1">// ............</span> <span class="k">export</span> <span class="p">{</span> <span class="nx">io</span><span class="p">,</span> <span class="nx">app</span><span class="p">,</span> <span class="nx">server</span> <span class="p">};</span> </code></pre> </div> <p>In this file:</p> <ul> <li> We <strong>initialize the Express app</strong> </li> <li> Create an <strong>HTTP server</strong> using that app</li> <li> Create a <strong>SocketIO server</strong> on top of the HTTP server</li> <li> Finally, we <strong>export <code>app</code>, <code>server</code>, and <code>io</code></strong> so they can be reused across the application</li> </ul> <p>This allows both <strong>HTTP requests (REST APIs)</strong> and <strong>WebSocket connections</strong> to run on the same server.</p> <h4> <strong>Middlewares and Routes</strong> </h4> <p>Below is where we configure our <strong>middlewares and routes</strong> on the imported <code>app</code> instance.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cookieParser</span><span class="p">());</span> </code></pre> </div> <ul> <li> <code>express.json()</code> parses incoming JSON request bodies and makes the data available on <code>req.body</code> </li> <li> <code>cookieParser()</code> parses cookies from incoming requests and attaches them to <code>req.cookies</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span> <span class="nf">cors</span><span class="p">({</span> <span class="na">origin</span><span class="p">:</span> <span class="dl">"</span><span class="s2">http://localhost:5173</span><span class="dl">"</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">})</span> <span class="p">);</span> </code></pre> </div> <p>This enables <strong>CORS (Cross-Origin Resource Sharing)</strong>, allowing the frontend (running on <code>http://localhost:5173</code>) to communicate with the backend.<br><br> The <code>credentials: true</code> option allows cookies and authentication headers to be sent along with requests.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="dl">"</span><span class="s2">/api/auth</span><span class="dl">"</span><span class="p">,</span> <span class="nx">authRoutes</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="dl">"</span><span class="s2">/api/messages</span><span class="dl">"</span><span class="p">,</span> <span class="nx">messageRoutes</span><span class="p">);</span> </code></pre> </div> <p>Here, we <strong>import route modules</strong> and mount them on specific base paths:</p> <ul> <li> All authentication-related endpoints are handled under <code>/api/auth</code> </li> <li> All message-related endpoints are handled under <code>/api/messages</code> </li> </ul> <h3> <code>routes/</code> </h3> <p>Routes are responsible for <strong>defining endpoints only</strong>.<br><br> They do <strong>not</strong> contain business logic. Their job is simply to connect:</p> <ul> <li> an HTTP method</li> <li> a URL path </li> <li> optional middlewar</li> <li> the correct controller function</li> </ul> <h4> <code>routes/auth.routes.js</code> </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">express</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">checkAuth</span><span class="p">,</span> <span class="nx">login</span><span class="p">,</span> <span class="nx">logout</span><span class="p">,</span> <span class="nx">signup</span><span class="p">,</span> <span class="nx">updateProfile</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../controllers/auth.controller.js</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">protectRoute</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../middleware/auth.middleware.js</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">router</span> <span class="o">=</span> <span class="nx">express</span><span class="p">.</span><span class="nc">Router</span><span class="p">();</span> <span class="nx">router</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">"</span><span class="s2">/signup</span><span class="dl">"</span><span class="p">,</span> <span class="nx">signup</span><span class="p">);</span> <span class="nx">router</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">"</span><span class="s2">/login</span><span class="dl">"</span><span class="p">,</span> <span class="nx">login</span><span class="p">);</span> <span class="nx">router</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">"</span><span class="s2">/logout</span><span class="dl">"</span><span class="p">,</span> <span class="nx">logout</span><span class="p">);</span> <span class="nx">router</span><span class="p">.</span><span class="nf">put</span><span class="p">(</span><span class="dl">"</span><span class="s2">/update-profile</span><span class="dl">"</span><span class="p">,</span> <span class="nx">protectRoute</span><span class="p">,</span> <span class="nx">updateProfile</span><span class="p">);</span> <span class="nx">router</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">/check</span><span class="dl">"</span><span class="p">,</span> <span class="nx">protectRoute</span><span class="p">,</span> <span class="nx">checkAuth</span><span class="p">);</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">router</span><span class="p">;</span> </code></pre> </div> <p>There is <strong>very little logic</strong> inside a routes file, and that’s intentional.<br><br> In this file we only do four things:</p> <ol> <li><p><strong>Choose the HTTP method</strong><br><br> (<code>GET</code>, <code>POST</code>, <code>PUT</code>, etc.)</p></li> <li><p><strong>Define the route path</strong><br><br> (<code>/signup</code>, <code>/login</code>, <code>/update-profile</code>, etc.)</p></li> <li><p><strong>Attach the controller</strong><br><br> The controller contains the actual logic (database calls, validation, responses).</p></li> <li><p><strong>Attach middleware when needed</strong><br><br> <code>protectRoute</code> is used on routes that require authentication, such as checking auth status or updating the user profile.</p></li> </ol> <p>This keeps routing clean and predictable, while controllers handle the heavy work.</p> <h4> <code>routes/message.routes.js</code> </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// IMPORT</span> <span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">express</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">protectRoute</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../middleware/auth.middleware.js</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getMessages</span><span class="p">,</span> <span class="nx">getUsersForSidebar</span><span class="p">,</span> <span class="nx">sendMessage</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../controllers/message.controller.js</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// END - IMPORT</span> <span class="kd">const</span> <span class="nx">router</span> <span class="o">=</span> <span class="nx">express</span><span class="p">.</span><span class="nc">Router</span><span class="p">();</span> <span class="nx">router</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">/users</span><span class="dl">"</span><span class="p">,</span> <span class="nx">protectRoute</span><span class="p">,</span> <span class="nx">getUsersForSidebar</span><span class="p">);</span> <span class="nx">router</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">/:id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">protectRoute</span><span class="p">,</span> <span class="nx">getMessages</span><span class="p">);</span> <span class="nx">router</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">"</span><span class="s2">/send/:id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">protectRoute</span><span class="p">,</span> <span class="nx">sendMessage</span><span class="p">);</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">router</span><span class="p">;</span> </code></pre> </div> <p>This routes file follows the <strong>exact same pattern</strong>:</p> <ul> <li> Every route is protected using <code>protectRoute</code> because messaging requires an authenticated user</li> <li> The route file does <strong>not</strong> care how messages are fetched or sent</li> <li> It simply maps URLs to controllers</li> </ul> <p>For example:</p> <ul> <li> <code>GET /users</code> → fetch users for the sidebar</li> <li> <code>GET /:id</code> → fetch messages for a specific user </li> <li> <code>POST /send/:id</code> → send a message to a specific user</li> </ul> <h3> <code>models/</code> </h3> <p>The <strong>models layer</strong> defines how our data looks and how it is stored in the database.<br><br> In this project, models are written using <strong>Mongoose</strong>, which is an <strong>ODM (Object Data Modeling) library</strong> for MongoDB.</p> <p>MongoDB is a <strong>NoSQL, document-based database</strong>, meaning it stores data as JSON-like objects instead of tables and rows.<br><br> Mongoose sits on top of MongoDB and lets us:</p> <ul> <li> Define a <strong>schema</strong> (structure of the data)</li> <li> Add <strong>validation rules</strong> </li> <li> Create <strong>models</strong> that we use to interact with the database</li> </ul> <p><strong>Models are the blueprint of your database</strong>. They define <strong>what data exists</strong>, <strong>how it is validated</strong>, and <strong>how documents relate to each other</strong>, while keeping the rest of the application clean and maintainable.</p> <p>There is <strong>very little logic</strong> inside models. Their purpose is to <strong>describe data</strong>, not control application flow.<br><br> MongoDB supports many advanced features, but our project keeps things <strong>simple and clean</strong>, using only what we need.</p> <h4> <code>models/message.model.js</code> </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">mongoose</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">mongoose</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">messageSchema</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nc">Schema</span><span class="p">(</span> <span class="p">{</span> <span class="na">senderId</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nx">Schema</span><span class="p">.</span><span class="nx">Types</span><span class="p">.</span><span class="nx">ObjectId</span><span class="p">,</span> <span class="na">ref</span><span class="p">:</span> <span class="dl">"</span><span class="s2">User</span><span class="dl">"</span><span class="p">,</span> <span class="na">required</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="na">receiverId</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nx">Schema</span><span class="p">.</span><span class="nx">Types</span><span class="p">.</span><span class="nx">ObjectId</span><span class="p">,</span> <span class="na">ref</span><span class="p">:</span> <span class="dl">"</span><span class="s2">User</span><span class="dl">"</span><span class="p">,</span> <span class="na">required</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="na">text</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="p">},</span> <span class="na">image</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">{</span> <span class="na">timestamps</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">Message</span> <span class="o">=</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">model</span><span class="p">(</span><span class="dl">"</span><span class="s2">Message</span><span class="dl">"</span><span class="p">,</span> <span class="nx">messageSchema</span><span class="p">);</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">Message</span><span class="p">;</span> </code></pre> </div> <p>This schema defines the <strong>structure of a chat message</strong>.</p> <ul> <li><p><code>senderId</code><br><br> Stores the ID of the user who sent the message.<br><br> It references the <code>User</code> model using MongoDB’s <code>ObjectId</code>.</p></li> <li><p><code>receiverId</code><br><br> Stores the ID of the user receiving the message.<br><br> This also references the <code>User</code> model.</p></li> <li><p><code>text</code><br><br> Holds the message text (optional).</p></li> <li><p><code>image</code><br><br> Stores an image URL if the message contains an image (optional).</p></li> <li><p><code>timestamps: true</code><br><br> Automatically adds <code>createdAt</code> and <code>updatedAt</code> fields to each document.</p></li> </ul> <p>Finally, we convert the schema into a <strong>Mongoose model</strong>, which allows us to:</p> <ul> <li> Create messages</li> <li> Read messages</li> <li> Update or delete messages</li> </ul> <h4> <code>models/user.model.js</code> </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">mongoose</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">mongoose</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">userSchema</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nc">Schema</span><span class="p">(</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">required</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">unique</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="na">fullName</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">required</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="na">password</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">required</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">minlength</span><span class="p">:</span> <span class="mi">6</span><span class="p">,</span> <span class="p">},</span> <span class="na">profilePic</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">default</span><span class="p">:</span> <span class="dl">""</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">{</span> <span class="na">timestamps</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">User</span> <span class="o">=</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">model</span><span class="p">(</span><span class="dl">"</span><span class="s2">User</span><span class="dl">"</span><span class="p">,</span> <span class="nx">userSchema</span><span class="p">);</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">User</span><span class="p">;</span> </code></pre> </div> <p>This schema defines the <strong>structure of a user document</strong>.</p> <ul> <li> <code>email</code> Must be unique and is required for authentication.</li> <li> <code>fullName</code> Stores the user’s display name.</li> <li> <code>password</code> Stores the hashed password (never plain text). A minimum length of 6 characters is enforced.</li> <li> <code>profilePic</code> Stores the profile image URL, defaulting to an empty string.</li> <li> <code>timestamps: true</code> Automatically tracks when the user was created and last updated.</li> </ul> <h3> <code>/lib</code> </h3> <p>The <code>/lib</code> folder is where we <strong>set up and configure third-party libraries</strong>.<br><br> Most of the code here is <strong>boilerplate</strong>, meaning it’s code you don’t invent yourself—you usually copy it from official documentation and adjust environment variables.</p> <p>The idea is simple:</p> <ul> <li> Configure a library <strong>once</strong> </li> <li> Export it or helper functions</li> <li> Reuse it anywhere in the app</li> </ul> <p>There is <strong>almost no business logic</strong> in this folder—only setup and small utility helpers.</p> <h4> <code>lib/cloudinary.js</code> </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">v2</span> <span class="k">as</span> <span class="nx">cloudinary</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">cloudinary</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">config</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">dotenv</span><span class="dl">"</span><span class="p">;</span> <span class="nf">config</span><span class="p">();</span> <span class="nx">cloudinary</span><span class="p">.</span><span class="nf">config</span><span class="p">({</span> <span class="na">cloud_name</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CLOUDINARY_CLOUD_NAME</span><span class="p">,</span> <span class="na">api_key</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CLOUDINARY_API_KEY</span><span class="p">,</span> <span class="na">api_secret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CLOUDINARY_API_SECRET</span><span class="p">,</span> <span class="p">});</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">cloudinary</span><span class="p">;</span> </code></pre> </div> <p>This file <strong>configures Cloudinary</strong>, a service used to store images in the cloud.</p> <p>What’s happening here:</p> <ul> <li> We import the Cloudinary SDK</li> <li> Load environment variables using <code>dotenv</code> </li> <li> Pass Cloudinary credentials from <code>.env</code> </li> <li> Export the configured Cloudinary instance</li> </ul> <p>Once this is done, we can use Cloudinary anywhere in the app without reconfiguring it.</p> <p>Example usage from message logic:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">if </span><span class="p">(</span><span class="nx">image</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">uploadResponse</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">cloudinary</span><span class="p">.</span><span class="nx">uploader</span><span class="p">.</span><span class="nf">upload</span><span class="p">(</span><span class="nx">image</span><span class="p">);</span> <span class="nx">imageUrl</span> <span class="o">=</span> <span class="nx">uploadResponse</span><span class="p">.</span><span class="nx">secure_url</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Here:</p> <ul> <li> The image is uploaded to Cloudinary</li> <li> Cloudinary returns metadata about the upload</li> <li> We store <code>secure_url</code>, which is the hosted image URL</li> </ul> <h4> <code>lib/db.js</code> </h4> <p>This file is responsible for <strong>connecting the backend to MongoDB</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">mongoose</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">mongoose</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">connectDB</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">conn</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">MONGO_URL</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`mongoose connected </span><span class="p">${</span><span class="nx">conn</span><span class="p">.</span><span class="nx">connection</span><span class="p">.</span><span class="nx">host</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">mongodb connection error</span><span class="dl">"</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>What this does:</p> <ul> <li> Uses Mongoose to connect to MongoDB</li> <li> Reads the database URL from environment variables</li> <li> Logs a success message when connected</li> <li> Catches and logs errors if the connection fails</li> </ul> <p>This function is called <strong>once when the server starts</strong>.</p> <h4> <code>lib/generateToken.js</code> </h4> <p>This file is a <strong>utility helper</strong> used to generate and send a JWT token.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">jwt</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">jsonwebtoken</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">generateToken</span> <span class="o">=</span> <span class="p">(</span><span class="nx">userId</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">sign</span><span class="p">(</span> <span class="p">{</span> <span class="nx">userId</span> <span class="p">},</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">,</span> <span class="p">{</span> <span class="na">expiresIn</span><span class="p">:</span> <span class="dl">"</span><span class="s2">7d</span><span class="dl">"</span> <span class="p">}</span> <span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">cookie</span><span class="p">(</span><span class="dl">"</span><span class="s2">jwt</span><span class="dl">"</span><span class="p">,</span> <span class="nx">token</span><span class="p">,</span> <span class="p">{</span> <span class="na">maxAge</span><span class="p">:</span> <span class="mi">7</span> <span class="o">*</span> <span class="mi">24</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">,</span> <span class="na">httpOnly</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">sameSite</span><span class="p">:</span> <span class="dl">"</span><span class="s2">strict</span><span class="dl">"</span><span class="p">,</span> <span class="na">secure</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">!==</span> <span class="dl">"</span><span class="s2">development</span><span class="dl">"</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">token</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>What’s happening step by step:</p> <ul> <li> We pass the <strong>user ID</strong> and a <strong>secret key</strong> </li> <li> <code>jwt.sign()</code> converts the payload into a signed token </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">sign</span><span class="p">(</span> <span class="p">{</span> <span class="nx">userId</span> <span class="p">},</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">,</span> <span class="p">{</span> <span class="na">expiresIn</span><span class="p">:</span> <span class="dl">"</span><span class="s2">7d</span><span class="dl">"</span> <span class="p">}</span> <span class="p">);</span> </code></pre> </div> <ul> <li> The token is stored inside an <strong>HTTP-only cookie</strong> </li> <li> <p>The cookie:</p> <ul> <li> Expires after 7 days</li> <li> Cannot be accessed by JavaScript (<code>httpOnly</code>)</li> <li> Is protected against CSRF (<code>sameSite: "strict"</code>)</li> <li> Uses HTTPS in production </li> </ul> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">res</span><span class="p">.</span><span class="nf">cookie</span><span class="p">(</span><span class="dl">"</span><span class="s2">jwt</span><span class="dl">"</span><span class="p">,</span> <span class="nx">token</span><span class="p">,</span> <span class="p">{</span> <span class="na">maxAge</span><span class="p">:</span> <span class="mi">7</span> <span class="o">*</span> <span class="mi">24</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">,</span> <span class="na">httpOnly</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">sameSite</span><span class="p">:</span> <span class="dl">"</span><span class="s2">strict</span><span class="dl">"</span><span class="p">,</span> <span class="na">secure</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">!==</span> <span class="dl">"</span><span class="s2">development</span><span class="dl">"</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <h4> <code>lib/socket.js</code> </h4> <p>This file is responsible for <strong>setting up real-time communication using Socket.IO</strong> and <strong>sharing the same Express app and HTTP server</strong> across the backend.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// IMPORT</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Server</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">socket.io</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">http</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">http</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">express</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// END - IMPORT</span> <span class="c1">// WORKFLOW</span> <span class="c1">// MAKE A CONNECTION TO THE SERVER U WANT TO SHARE RESOUSES TO</span> <span class="c1">// AND THEN CREATE AN EMPTY SET TO STORE USERS IN</span> <span class="c1">// WHEN WE WILL CONNECT A CALLBACK WILL RUN</span> <span class="c1">// THAT WILL STORE ALL ONLINE USER ID TO THE SET</span> <span class="c1">// AND WHEN WE DISCONNECT THE SET EMPTIES</span> <span class="c1">// APP AND CREATING SERVER</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="nx">http</span><span class="p">.</span><span class="nf">createServer</span><span class="p">(</span><span class="nx">app</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">io</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Server</span><span class="p">(</span><span class="nx">server</span><span class="p">,</span> <span class="p">{</span> <span class="na">cors</span><span class="p">:</span> <span class="p">{</span> <span class="na">origin</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">http://localhost:5173</span><span class="dl">"</span><span class="p">],</span> <span class="p">},</span> <span class="p">});</span> <span class="c1">// APP AND CREATING SERVER</span> <span class="c1">// TO GET THE RECIEVER SOCKER ID (PARAMETER : USER ID)</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">getReceiverSocketId</span><span class="p">(</span><span class="nx">userId</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">userSocketMap</span><span class="p">[</span><span class="nx">userId</span><span class="p">];</span> <span class="p">}</span> <span class="c1">// END - TO GET THE RECIEVER SOCKER ID (PARAMETER : USER ID)</span> <span class="c1">// SET OF USERS</span> <span class="kd">const</span> <span class="nx">userSocketMap</span> <span class="o">=</span> <span class="p">{};</span> <span class="c1">// END - SET OF USERS</span> <span class="c1">// WE TOOK IO ID AND CREATING A CONNECTION</span> <span class="nx">io</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">connection</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">socket</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">A user connected</span><span class="dl">"</span><span class="p">,</span> <span class="nx">socket</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="c1">// CREATED A HANDSHAKE</span> <span class="kd">const</span> <span class="nx">userId</span> <span class="o">=</span> <span class="nx">socket</span><span class="p">.</span><span class="nx">handshake</span><span class="p">.</span><span class="nx">query</span><span class="p">.</span><span class="nx">userId</span><span class="p">;</span> <span class="c1">// IF USER ID EXIST, THEN ADD USERID IS EQUAL TO SOCKET ID</span> <span class="k">if </span><span class="p">(</span><span class="nx">userId</span><span class="p">)</span> <span class="nx">userSocketMap</span><span class="p">[</span><span class="nx">userId</span><span class="p">]</span> <span class="o">=</span> <span class="nx">socket</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="c1">// END - IF USER ID EXIST, THEN ADD USERID IS EQUAL TO SOCKET ID</span> <span class="c1">// END - CREATED A HANDSHAKE</span> <span class="c1">// WE ARE CONNECTING TO ALL USER THAT ARE ONLINE</span> <span class="nx">io</span><span class="p">.</span><span class="nf">emit</span><span class="p">(</span><span class="dl">"</span><span class="s2">getOnlineUsers</span><span class="dl">"</span><span class="p">,</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">keys</span><span class="p">(</span><span class="nx">userSocketMap</span><span class="p">));</span> <span class="c1">// END - WE ARE CONNECTING TO ALL USER THAT ARE ONLINE</span> <span class="c1">// WHEN WE WANNA DISCONNECT IT WILL DELETE THE USERS</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">disconnect</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">A user disconnected</span><span class="dl">"</span><span class="p">,</span> <span class="nx">socket</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">delete</span> <span class="nx">userSocketMap</span><span class="p">[</span><span class="nx">userId</span><span class="p">];</span> <span class="nx">io</span><span class="p">.</span><span class="nf">emit</span><span class="p">(</span><span class="dl">"</span><span class="s2">getOnlineUsers</span><span class="dl">"</span><span class="p">,</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">keys</span><span class="p">(</span><span class="nx">userSocketMap</span><span class="p">));</span> <span class="p">});</span> <span class="c1">// END - WHEN WE WANNA DISCONNECT IT WILL DELETE THE USERS</span> <span class="p">});</span> <span class="c1">// END - WE TOOK IO ID AND CREATING A CONNECTION</span> <span class="k">export</span> <span class="p">{</span> <span class="nx">io</span><span class="p">,</span> <span class="nx">app</span><span class="p">,</span> <span class="nx">server</span> <span class="p">};</span> </code></pre> </div> <p>Its responsibilities are:</p> <ul> <li>Create and export the Express app</li> <li>Create an HTTP server</li> <li>Attach Socket.IO to that server</li> <li>Track online users</li> <li>Expose helpers to interact with sockets from anywhere in the app </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// IMPORT</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Server</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">socket.io</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">http</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">http</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">express</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// END - IMPORT</span> </code></pre> </div> <p>Here:</p> <ul> <li> <code>express</code> creates the main app</li> <li> <code>http</code> is used to create a raw HTTP server</li> <li> <code>socket.io</code> needs access to the HTTP server to enable real-time connections</li> </ul> <p><strong>Creating the App and Server</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="nx">http</span><span class="p">.</span><span class="nf">createServer</span><span class="p">(</span><span class="nx">app</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">io</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Server</span><span class="p">(</span><span class="nx">server</span><span class="p">,</span> <span class="p">{</span> <span class="na">cors</span><span class="p">:</span> <span class="p">{</span> <span class="na">origin</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">http://localhost:5173</span><span class="dl">"</span><span class="p">],</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <p>What’s happening here:</p> <ul> <li>We create a single <strong>Express app</strong> </li> <li>Wrap it inside an <strong>HTTP server</strong> </li> <li>Attach <strong>Socket.IO</strong> to that server</li> <li>Enable CORS so the frontend can connect</li> </ul> <p>This is important:<br> Because the server is created here, <strong>we export <code>app</code> and <code>server</code> from this file</strong> and import them elsewhere (like <code>index.js</code>).<br> This ensures <strong>HTTP requests and WebSocket connections share the same server</strong>.</p> <p><strong>Tracking Online Users</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">userSocketMap</span> <span class="o">=</span> <span class="p">{};</span> </code></pre> </div> <p>This object acts as an <strong>in-memory store</strong>:</p> <ul> <li>Key → <code>userId</code> </li> <li>Value → <code>socket.id</code> </li> </ul> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="p">{</span> <span class="dl">"</span><span class="s2">123</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">af8sdf9as8df</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">456</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">asd9f8as7df</span><span class="dl">"</span> <span class="p">}</span> </code></pre> </div> <p>This lets us know:</p> <ul> <li>Which users are online</li> <li>Which socket belongs to which user</li> </ul> <p><strong>Handling Socket Connections</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">io</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">connection</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">socket</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">A user connected</span><span class="dl">"</span><span class="p">,</span> <span class="nx">socket</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> </code></pre> </div> <p>This callback runs <strong>every time a user connects</strong> via Socket.IO.</p> <ul> <li> <code>socket.id</code> is a unique identifier for that connection</li> </ul> <p><strong>Handshake &amp; User Identification</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">userId</span> <span class="o">=</span> <span class="nx">socket</span><span class="p">.</span><span class="nx">handshake</span><span class="p">.</span><span class="nx">query</span><span class="p">.</span><span class="nx">userId</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">userId</span><span class="p">)</span> <span class="nx">userSocketMap</span><span class="p">[</span><span class="nx">userId</span><span class="p">]</span> <span class="o">=</span> <span class="nx">socket</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> </code></pre> </div> <p>Here:</p> <ul> <li>The frontend sends <code>userId</code> during connection</li> <li>We extract it from the handshake query</li> <li>If it exists, we map: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> userId → socket.id </code></pre> </div> <p>This is how we associate <strong>authenticated users with sockets</strong>.</p> <p><strong>Broadcasting Online Users</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">io</span><span class="p">.</span><span class="nf">emit</span><span class="p">(</span><span class="dl">"</span><span class="s2">getOnlineUsers</span><span class="dl">"</span><span class="p">,</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">keys</span><span class="p">(</span><span class="nx">userSocketMap</span><span class="p">));</span> </code></pre> </div> <p>What this does:</p> <ul> <li>Sends a list of <strong>currently online user IDs</strong> </li> <li>Broadcasts it to <strong>all connected clients</strong> </li> </ul> <p>This allows the frontend to:</p> <ul> <li>Show online/offline status</li> <li>Update presence in real time</li> </ul> <p><strong>Handling Disconnects</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">socket</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">disconnect</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">A user disconnected</span><span class="dl">"</span><span class="p">,</span> <span class="nx">socket</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">delete</span> <span class="nx">userSocketMap</span><span class="p">[</span><span class="nx">userId</span><span class="p">];</span> <span class="nx">io</span><span class="p">.</span><span class="nf">emit</span><span class="p">(</span><span class="dl">"</span><span class="s2">getOnlineUsers</span><span class="dl">"</span><span class="p">,</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">keys</span><span class="p">(</span><span class="nx">userSocketMap</span><span class="p">));</span> <span class="p">});</span> </code></pre> </div> <p>When a user disconnects:</p> <ul> <li>Their socket entry is removed</li> <li>The updated online users list is broadcast again</li> </ul> <p>This keeps the online state <strong>always accurate</strong>.</p> <p><strong>Helper: Get Receiver Socket ID</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">export</span> <span class="kd">function</span> <span class="nf">getReceiverSocketId</span><span class="p">(</span><span class="nx">userId</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">userSocketMap</span><span class="p">[</span><span class="nx">userId</span><span class="p">];</span> <span class="p">}</span> </code></pre> </div> <p>This helper is used elsewhere (like message controllers):</p> <ul> <li>Given a <code>userId</code> </li> <li>Returns their active <code>socket.id</code> (if online)</li> </ul> <p>This enables <strong>targeted real-time events</strong>, such as sending a message notification to a specific user.</p> <p><strong>Exports</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">export</span> <span class="p">{</span> <span class="nx">io</span><span class="p">,</span> <span class="nx">app</span><span class="p">,</span> <span class="nx">server</span> <span class="p">};</span> </code></pre> </div> <p>What we export:</p> <ul> <li> <code>app</code> → used to register routes &amp; middleware</li> <li> <code>server</code> → used to start listening on a port</li> <li> <code>io</code> → used to emit socket events from anywhere</li> </ul> <h3> <code>controller/</code> </h3> <p>The <strong>controller layer</strong> is where the <strong>actual application logic lives</strong>.<br><br> When a request hits an endpoint, this is the final stop after:</p> <ol> <li> Route matching</li> <li> Middleware checks (auth, validation, etc.)</li> </ol> <p>Controllers:</p> <ul> <li> Read data from <code>req</code> </li> <li> Perform logic (DB calls, hashing, uploads, etc.)</li> <li> Send the <strong>final response</strong> using <code>res</code> </li> </ul> <h4> <code>auth.controller.js</code> </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// IMPORT</span> <span class="k">import</span> <span class="nx">User</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../models/user.model.js</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">bcrypt</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">bcrypt</span><span class="dl">"</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">generateToken</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../lib/utils.js</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">cloudinary</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../lib/cloudinary.js</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// END - IMPORT</span> <span class="c1">// SIGNUP CONTROLLER</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">signup</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// DESTRUCTRING REQUEST</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">fullName</span><span class="p">,</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="c1">// END - DESTRUCTRING REQUEST</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// DETAIL VERIFICATION</span> <span class="k">if</span><span class="p">(</span><span class="o">!</span><span class="nx">fullName</span> <span class="o">||</span> <span class="o">!</span><span class="nx">email</span> <span class="o">||</span> <span class="o">!</span><span class="nx">password</span><span class="p">){</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">add everything</span><span class="dl">"</span> <span class="p">})</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">password</span> <span class="o">||</span> <span class="nx">password</span><span class="p">.</span><span class="nx">length</span> <span class="o">&lt;</span> <span class="mi">6</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">password must be at least 6 characters</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// END - DETAIL VERIFICATION</span> <span class="c1">// DETAIL IF ALREADY IS IN DATABASE </span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="nx">email</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">User already exists</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// END - DETAIL IF ALREADY IS IN DATABASE </span> <span class="c1">// HASHING PASSWORD</span> <span class="kd">const</span> <span class="nx">salt</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">genSalt</span><span class="p">(</span><span class="mi">10</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">hashPassword</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="nx">salt</span><span class="p">);</span> <span class="c1">// END - HASHING PASSWORD</span> <span class="c1">// SAVE USER IN DATABASE</span> <span class="kd">const</span> <span class="nx">newUser</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">fullName</span> <span class="p">:</span> <span class="nx">fullName</span><span class="p">,</span> <span class="na">email</span> <span class="p">:</span> <span class="nx">email</span><span class="p">,</span> <span class="na">password</span> <span class="p">:</span> <span class="nx">hashPassword</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">newUser</span><span class="p">)</span> <span class="p">{</span> <span class="nf">generateToken</span><span class="p">(</span><span class="nx">newUser</span><span class="p">.</span><span class="nx">_id</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="k">await</span> <span class="nx">newUser</span><span class="p">.</span><span class="nf">save</span><span class="p">();</span> <span class="p">}</span> <span class="c1">// END - SAVE USER IN DATABASE</span> <span class="c1">// HAPPY RESPONSE</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">_id</span> <span class="p">:</span> <span class="nx">newUser</span><span class="p">.</span><span class="nx">_id</span><span class="p">,</span> <span class="na">fullName</span> <span class="p">:</span> <span class="nx">newUser</span><span class="p">.</span><span class="nx">fullName</span><span class="p">,</span> <span class="na">email</span> <span class="p">:</span> <span class="nx">newUser</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">profilePic</span> <span class="p">:</span> <span class="nx">newUser</span><span class="p">.</span><span class="nx">profilePic</span> <span class="p">}</span> <span class="p">);</span> <span class="c1">// HAPPY RESPONSE</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Server error</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> <span class="p">};</span> <span class="c1">// END - SIGNUP CONTROLLER</span> <span class="c1">// LOGIN CONTROLLER</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">login</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// DESTRUCTURE REQUEST</span> <span class="kd">const</span> <span class="p">{</span><span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="c1">// END - DESTRUCTURE REQUEST</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// FIND USER</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span><span class="nx">email</span><span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">invalid credential</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// END - FIND USER</span> <span class="c1">// VALIDATE PASSWORD</span> <span class="kd">const</span> <span class="nx">isPasswordCorrect</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">compare</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">password</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">isPasswordCorrect</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">invalid credentials</span><span class="dl">"</span> <span class="p">})</span> <span class="p">}</span> <span class="c1">// END - VALIDATE PASSWORD</span> <span class="c1">// GENERATE TOKEN AND RESPONCE</span> <span class="nf">generateToken</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">_id</span><span class="p">,</span> <span class="nx">res</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">_id</span> <span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">_id</span><span class="p">,</span> <span class="na">fullName</span> <span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">fullName</span><span class="p">,</span> <span class="na">email</span> <span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">profilePic</span> <span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">profilePic</span> <span class="p">})</span> <span class="c1">// END - GENERATE TOKEN AND RESPONCE</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">error in login</span><span class="dl">"</span><span class="p">,</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">internal server error</span><span class="dl">"</span> <span class="p">})</span> <span class="p">}</span> <span class="p">};</span> <span class="c1">// END - LOGIN CONTROLLER</span> <span class="c1">// LOGOUT CONTROLLER</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">logout</span> <span class="o">=</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// CLEAR COOKIE</span> <span class="nx">res</span><span class="p">.</span><span class="nf">cookie</span><span class="p">(</span><span class="dl">"</span><span class="s2">jwt</span><span class="dl">"</span><span class="p">,</span> <span class="dl">""</span><span class="p">,</span> <span class="p">{</span> <span class="na">maxAge</span> <span class="p">:</span> <span class="mi">0</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span><span class="na">message</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">logged out successfully</span><span class="dl">"</span><span class="p">})</span> <span class="c1">// END - CLEAR COOKIE</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">error in logout controller</span><span class="dl">"</span><span class="p">,</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">internal server error</span><span class="dl">"</span> <span class="p">})</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// END - LOGOUT CONTROLLER</span> <span class="c1">// UPDATE CONTROLLER</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">updateProfile</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// DESTRUCIRE PIC URL AND USERID FROM REQ</span> <span class="kd">const</span> <span class="p">{</span><span class="nx">profilePic</span><span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">userId</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">_id</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">profilePic</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">profile pic require</span><span class="dl">"</span> <span class="p">})</span> <span class="p">}</span> <span class="c1">// END -DESTRUCIRE PIC URL AND USERID FROM REQ</span> <span class="c1">// UPLOAD PFP AND UPDATE USER</span> <span class="kd">const</span> <span class="nx">uploadResponse</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">cloudinary</span><span class="p">.</span><span class="nx">uploader</span><span class="p">.</span><span class="nf">upload</span><span class="p">(</span><span class="nx">profilePic</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">updatedUser</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findByIdAndUpdate</span><span class="p">(</span> <span class="nx">userId</span><span class="p">,</span> <span class="p">{</span><span class="na">profilePic</span> <span class="p">:</span> <span class="nx">uploadResponse</span><span class="p">.</span><span class="nx">secure_url</span><span class="p">},</span> <span class="p">{</span><span class="na">new</span> <span class="p">:</span> <span class="kc">true</span><span class="p">}</span> <span class="p">)</span> <span class="c1">// END - UPLOAD PFP AND UPDATE USER</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="nx">updatedUser</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">){</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span><span class="na">message</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">internal server error</span><span class="dl">"</span><span class="p">})</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// END - UPDATE CONTROLLER</span> <span class="c1">// CHECK AUTH CONTROLLER</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">checkAuth</span> <span class="o">=</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">internal server errro</span><span class="dl">"</span> <span class="p">})</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// END - CHECK AUTH CONTROLLER</span> </code></pre> </div> <p>This file handles <strong>authentication and user-related actions</strong>.</p> <h5> 1. <code>signup</code> </h5> <p><strong>Purpose:</strong><br><br> Create a new user account, securely store credentials, and log the user in.</p> <p><strong>Step-by-step flow:</strong></p> <ol> <li> <p><strong>Destructure request body</strong><br> </p> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">fullName</span><span class="p">,</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> </code></pre> <p>Extracts user input sent from the frontend.</p> </li> <li><p><strong>Validate input</strong></p></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>- Ensure all fields exist - Ensure password is at least 6 characters If validation fails → return `400 Bad Request` </code></pre> </div> <ol> <li> <p><strong>Check if user already exists</strong><br> </p> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="nx">email</span> <span class="p">});</span> </code></pre> <p>Prevents duplicate accounts with the same email.</p> </li> <li> <p><strong>Hash the password</strong><br> </p> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">salt</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">genSalt</span><span class="p">(</span><span class="mi">10</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">hashPassword</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="nx">salt</span><span class="p">);</span> </code></pre> <p>Passwords are never stored in plain text.</p> </li> <li> <p><strong>Create and save user</strong><br> </p> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">newUser</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">create</span><span class="p">({...});</span> </code></pre> <p>Stores the user in MongoDB.</p> </li> <li> <p><strong>Generate JWT token</strong><br> </p> <pre class="highlight javascript"><code><span class="nf">generateToken</span><span class="p">(</span><span class="nx">newUser</span><span class="p">.</span><span class="nx">_id</span><span class="p">,</span> <span class="nx">res</span><span class="p">);</span> </code></pre> <p>Sets a secure cookie for authentication.</p> </li> <li><p><strong>Send success response</strong><br><br> Returns basic user info (never the password).</p></li> </ol> <p><strong>Flow diagram (signup):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Request ↓ Validate input ↓ Check existing user ↓ Hash password ↓ Create user in DB ↓ Generate JWT cookie ↓ Send response </code></pre> </div> <h5> 2. <code>login</code> </h5> <p><strong>Purpose:</strong><br><br> Authenticate an existing user and issue a JWT token.</p> <p><strong>Flow:</strong></p> <ol> <li> Extract <code>email</code> and <code>password</code> </li> <li> Find user by email</li> <li> Compare hashed password using <code>bcrypt.compare</code> </li> <li> If valid: <ul> <li> Generate JWT</li> <li> Send user data</li> </ul> </li> </ol> <p><strong>Flow diagram (login):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Request ↓ Find user by email ↓ Compare password ↓ Generate JWT cookie ↓ Send response </code></pre> </div> <h5> 3. <code>logout</code> </h5> <p><strong>Purpose:</strong><br><br> Log the user out by clearing the authentication cookie.</p> <p><strong>What it does:</strong></p> <ul> <li> Overwrites the <code>jwt</code> cookie with an empty value</li> <li> Sets <code>maxAge: 0</code> to expire it immediately</li> </ul> <p><strong>Flow diagram (logout):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Request ↓ Clear JWT cookie ↓ Send success response </code></pre> </div> <h5> 4. <code>updateProfile</code> </h5> <p><strong>Purpose:</strong><br><br> Update the user’s profile picture.</p> <p><strong>Flow:</strong></p> <ol> <li> Extract <code>profilePic</code> from request body</li> <li> Get user ID from <code>req.user</code> (set by auth middleware)</li> <li> Upload image to Cloudinary</li> <li> Update user document with image URL</li> <li> Return updated user</li> </ol> <p><strong>Flow diagram (update profile):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Request ↓ Validate image ↓ Upload to Cloudinary ↓ Update user in DB ↓ Send updated user </code></pre> </div> <h5> 5. <code>checkAuth</code> </h5> <p><strong>Purpose:</strong><br><br> Verify whether the user is authenticated.</p> <p><strong>What happens:</strong></p> <ul> <li> Auth middleware already validated the token</li> <li> Controller simply returns <code>req.user</code> </li> </ul> <p><strong>Flow diagram (check auth):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Request ↓ Auth middleware ↓ Return user data </code></pre> </div> <h4> <code>message.controller.js</code> </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">cloudinary</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../lib/cloudinary.js</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">Message</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../models/message.model.js</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">User</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../models/user.model.js</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// RENDER USER ON SIDEBAR CONTROLLLER</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">getUsersForSidebar</span> <span class="o">=</span> <span class="k">async</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// DESTRUCTURE USER FROM USERID</span> <span class="kd">const</span> <span class="nx">loggedInUserId</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">_id</span><span class="p">;</span> <span class="c1">// END - DESTRUCTURE USER FROM USERID</span> <span class="c1">// FILTER USER</span> <span class="kd">const</span> <span class="nx">filteredUsers</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">find</span><span class="p">({</span> <span class="na">_id</span> <span class="p">:</span> <span class="p">{</span><span class="na">$ne</span> <span class="p">:</span> <span class="nx">loggedInUserId</span><span class="p">}</span> <span class="p">}).</span><span class="nf">select</span><span class="p">(</span><span class="dl">"</span><span class="s2">-password</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// END - FILTER USER</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="nx">filteredUsers</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">interneal server error</span><span class="dl">"</span> <span class="p">})</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// END - RENDER USER ON SIDEBAR CONTROLLLER</span> <span class="c1">// GET MESSAGE</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">getMessages</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// EXTRACT ID FROM REQUEST</span> <span class="kd">const</span> <span class="p">{</span><span class="na">id</span><span class="p">:</span><span class="nx">userToChatId</span><span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span> <span class="kd">const</span> <span class="nx">myId</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">_id</span><span class="p">;</span> <span class="c1">// END - EXTRACT ID FROM REQUEST</span> <span class="c1">// SEARCH MESSAGES</span> <span class="kd">const</span> <span class="nx">messages</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Message</span><span class="p">.</span><span class="nf">find</span><span class="p">({</span> <span class="na">$or</span> <span class="p">:</span> <span class="p">[</span> <span class="p">{</span><span class="na">senderId</span> <span class="p">:</span> <span class="nx">myId</span><span class="p">,</span> <span class="na">recieverId</span><span class="p">:</span><span class="nx">userToChatId</span><span class="p">},</span> <span class="p">{</span><span class="na">senderId</span> <span class="p">:</span> <span class="nx">userToChatId</span><span class="p">,</span> <span class="na">recieverId</span><span class="p">:</span><span class="nx">myId</span><span class="p">}</span> <span class="p">]</span> <span class="p">});</span> <span class="c1">// END - SEARCH MESSAGES</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="nx">messages</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">internal server error</span><span class="dl">"</span> <span class="p">})</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// END - GET MESSAGE</span> <span class="c1">// SEND MESSAGE</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">sendMessage</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// EXTRACT TEXT AND IMAGE</span> <span class="kd">const</span> <span class="p">{</span><span class="nx">text</span><span class="p">,</span> <span class="nx">image</span><span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="kd">const</span> <span class="p">{</span><span class="na">id</span> <span class="p">:</span> <span class="nx">recieverId</span><span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">senderId</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">_id</span><span class="p">;</span> <span class="c1">// END - EXTRACT TEXT AND IMAGE</span> <span class="c1">// HANDLE IMAGE</span> <span class="kd">let</span> <span class="nx">imageUrl</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">image</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">uploadResponse</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">cloudinary</span><span class="p">.</span><span class="nx">uploader</span><span class="p">.</span><span class="nf">upload</span><span class="p">(</span><span class="nx">image</span><span class="p">);</span> <span class="nx">imageUrl</span> <span class="o">=</span> <span class="nx">uploadResponse</span><span class="p">.</span><span class="nx">secure_url</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// END - HANDLE IMAGE</span> <span class="c1">// CREATE MESSAGE AND SAVE MESSAGE</span> <span class="kd">const</span> <span class="nx">newMessage</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Message</span><span class="p">({</span> <span class="nx">senderId</span><span class="p">,</span> <span class="nx">recieverId</span><span class="p">,</span> <span class="nx">text</span><span class="p">,</span> <span class="na">image</span> <span class="p">:</span> <span class="nx">imageUrl</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">newMessage</span><span class="p">.</span><span class="nf">save</span><span class="p">();</span> <span class="c1">// END - CREATE MESSAGE AND SAVE MESSAGE</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">201</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="nx">newMessage</span><span class="p">)</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">interna server error</span><span class="dl">"</span> <span class="p">})</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// END - SEND MESSAGE</span> </code></pre> </div> <p>This file handles <strong>chat and messaging logic</strong>.</p> <h5> 1. <code>getUsersForSidebar</code> </h5> <p><strong>Purpose:</strong><br><br> Fetch all users except the logged-in user.</p> <p><strong>Flow:</strong></p> <ol> <li> Extract logged-in user ID from <code>req.user</code> </li> <li> Query DB excluding current user</li> <li> Remove passwords using <code>.select("-password")</code> </li> <li> Send user list</li> </ol> <p><strong>Flow diagram:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Request ↓ Get logged-in user ID ↓ Query users (exclude self) ↓ Send users list </code></pre> </div> <h5> 2. <code>getMessages</code> </h5> <p><strong>Purpose:</strong><br><br> Fetch all messages between two users.</p> <p><strong>Flow:</strong></p> <ol> <li> Extract receiver ID from URL params</li> <li> Get sender ID from <code>req.user</code> </li> <li> Query messages where: <ul> <li> sender → receiver OR</li> <li> receiver → sender</li> </ul> </li> <li> Return messages</li> </ol> <p><strong>Flow diagram:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Request ↓ Extract sender &amp; receiver IDs ↓ Query messages (both directions) ↓ Send messages </code></pre> </div> <h5> 3. <code>sendMessage</code> </h5> <p><strong>Purpose:</strong><br><br> Send a new message (text or image).</p> <p><strong>Flow:</strong></p> <ol> <li> Extract <code>text</code> and <code>image</code> </li> <li> Upload image to Cloudinary (if present)</li> <li> Create new message document</li> <li> Save message in DB</li> <li> Return created message</li> </ol> <p><strong>Flow diagram:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Request ↓ Extract message data ↓ Upload image (optional) ↓ Create message ↓ Save to DB ↓ Send message </code></pre> </div> <h3> <code>middleware/</code> </h3> <p>The <strong>middleware layer</strong> sits <strong>between the request and the controller</strong>.<br><br> It acts like a <strong>guard</strong> or <strong>checkpoint</strong>.</p> <p>Before a controller runs:</p> <ul> <li> Middleware executes first</li> <li> If a condition fails → the request stops there</li> <li> An appropriate response is returned</li> <li> The controller <strong>never runs</strong> </li> </ul> <p>If everything is valid, middleware calls <code>next()</code> and allows the request to continue.</p> <h3> <code>auth.middleware.js</code> </h3> <p>This middleware is responsible for <strong>route protection and authorization</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// IMPORTS</span> <span class="k">import</span> <span class="nx">jwt</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">jsonwebtoken</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">User</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../models/user.model.js</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// END - IMPORTS</span> </code></pre> </div> <ul> <li> <code>jsonwebtoken</code> is used to verify JWT tokens</li> <li> <code>User</code> model is used to fetch the authenticated user</li> </ul> <h4> <code>protectRoute</code> </h4> <p><strong>Purpose:</strong><br><br> Ensure that only authenticated users can access protected routes.</p> <h4> 1. Extract JWT from cookies </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nx">jwt</span><span class="p">;</span> </code></pre> </div> <ul> <li> The JWT token is stored inside cookies</li> <li> If no token exists, the user is not logged in </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">unauthorized - no token provided</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h4> 2. Verify the token </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">decoded</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">);</span> </code></pre> </div> <ul> <li> Checks if the token: <ul> <li> Was signed using the correct secret</li> <li> Has not expired</li> <li> Has not been tampered with</li> </ul> </li> </ul> <p>If verification fails, access is denied:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">decoded</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">unauthorized - invalid token</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h4> 3. Fetch the user from the database </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">decoded</span><span class="p">.</span><span class="nx">userId</span><span class="p">).</span><span class="nf">select</span><span class="p">(</span><span class="dl">"</span><span class="s2">-password</span><span class="dl">"</span><span class="p">);</span> </code></pre> </div> <ul> <li> Uses the <code>userId</code> stored in the token payload</li> <li> Excludes the password for security</li> </ul> <p>If the user no longer exists:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user not found</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h4> 4. Attach user to the request object </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="o">=</span> <span class="nx">user</span><span class="p">;</span> <span class="nf">next</span><span class="p">();</span> </code></pre> </div> <ul> <li> Makes the authenticated user available to: <ul> <li> Controllers</li> <li> Other middleware </li> </ul> </li> <li> Calls <code>next()</code> to continue execution</li> </ul> <h3> Flow diagram (protectRoute) </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Request ↓ Check JWT cookie ↓ Verify token ↓ Find user in DB ↓ Attach user to req ↓ next() → Controller runs </code></pre> </div> <ul> <li> Keeps controllers <strong>clean</strong> </li> <li> Centralizes authentication logic</li> <li> Prevents duplicate checks across controllers</li> <li> Makes protected routes easy to manage</li> </ul> <h3> <code>.gitignore</code> </h3> <p>I assume most of you already know <strong>Git</strong> and <strong>GitHub</strong>, but it’s still important to clearly understand this part.</p> <ul> <li><p><strong>Git</strong> is a <strong>version control system</strong> — it tracks changes in your code over time.</p></li> <li><p><strong>GitHub</strong> is a <strong>platform</strong> where we store and share our Git repositories.</p></li> </ul> <p>Since GitHub repositories are usually <strong>public</strong>, there are certain files and folders that we should <strong>never push</strong> to GitHub.</p> <h3> Why <code>.gitignore</code> exists </h3> <p>A <code>.gitignore</code> file tells Git <strong>which files or folders to ignore</strong> when pushing code.</p> <p>The two most important things you should <strong>never push</strong> are:</p> <ol> <li> <code>node_modules/</code> <ul> <li> Can be regenerated using <code>npm install</code> </li> <li> Extremely large</li> </ul> </li> <li> <code>.env</code> <ul> <li> Contains secrets like API keys, database URLs, and tokens</li> </ul> </li> </ol> <p>There are other files as well (logs, caches, OS files, build output), and managing them manually is annoying.</p> <p>That’s why we usually:</p> <ul> <li> Search <strong>“gitignore generator”</strong> in the browser</li> <li> Select the stack (Node, npm, OS, editor, etc.)</li> <li> Copy-paste the generated <code>.gitignore</code> </li> </ul> <p>You don’t need to overthink it — this is <strong>standard boilerplate</strong>.</p> <h3> <code>.gitignore</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Logs logs *.log npm-debug.log* yarn-debug.log* yarn-error.log* # Runtime data pids *.pid *.seed # Directory for instrumented libs generated by coverage tools lib-cov # Coverage directory coverage *.lcov # nyc test coverage .nyc_output # Cache directories .cache .rpt2_cache/ .rts2_cache_cjs/ .rts2_cache_es/ .rts2_cache_umd/ # Dependency directories node_modules/ jspm_packages/ # Optional npm cache directory .npm # dotenv environment variables file .env .env.test # Build output directories dist/ build/ # Optional REPL history .node_repl_history # IDE and OS files .vscode/ .DS_Store </code></pre> </div> <h2> Finally </h2> <p>With that being said, our project and fundamentals are solid, we can proceed further and build more projects and get deeper and also have understanding of a fairly solid project as a beginner</p> <p>I am very happy to share this with you<br> I will post more backend dev related blogs</p> <p>Written By - Shourya Sharma</p> webdev backend programming javascript