Node.js + Express + MongoDB backend for TinySteps - Parental Management Platform
- β User Authentication (JWT)
- β Parent Account Management
- β Child Profile Management
- β Task/Routine Management
- β Reward System
- β Progress Tracking
- β Notification System
- β COPPA & GDPR Compliance
- β Security Best Practices
- β Rate Limiting
- β Error Handling
- Runtime: Node.js
- Framework: Express.js
- Database: MongoDB
- Authentication: JWT (JSON Web Tokens)
- Password Hashing: bcryptjs
- Validation: Mongoose Schema Validation
- Security: Helmet.js, CORS, Rate Limiting
- Development: Nodemon
- Node.js (v16 or higher)
- MongoDB (Local or MongoDB Atlas)
- npm or yarn
cd backend
npm installCopy .env.example to .env and update the values:
cp .env.example .envImportant environment variables:
# MongoDB
MONGODB_URI=mongodb://localhost:27017/tinysteps
# Server
PORT=5000
NODE_ENV=development
# JWT
JWT_SECRET=your_super_secret_key_here
JWT_EXPIRE=7d
# CORS
FRONTEND_URL=http://localhost:5173
# Database
DB_NAME=tinystepsLocal MongoDB:
mongodOR use MongoDB Atlas (Cloud):
- Replace
MONGODB_URIwith your Atlas connection string - Format:
mongodb+srv://username:[email protected]/tinysteps?retryWrites=true&w=majority
Development mode (with auto-reload):
npm run devProduction mode:
npm startServer will be running at: http://localhost:5000
backend/
βββ config/
β βββ database.js # MongoDB connection setup
βββ models/
β βββ User.js # Parent user model
β βββ Child.js # Child profile model
β βββ Task.js # Task/routine model
β βββ TaskCompletion.js # Task completion tracking
β βββ Reward.js # Reward/sticker model
β βββ Notification.js # Notification model
βββ routes/ # API routes (to be added)
βββ controllers/ # Request handlers (to be added)
βββ middleware/ # Custom middleware (to be added)
βββ utils/ # Helper functions (to be added)
βββ .env # Environment variables
βββ .env.example # Environment template
βββ .gitignore # Git ignore rules
βββ package.json # Dependencies
βββ server.js # Main server file
- Authentication & profile management
- Child account ownership
- Preferences & settings
- GDPR compliance
- Child profile information
- Age & preferences
- Stats & achievements
- Parent assignment
- Routine/task definitions
- Scheduling & frequency
- Points & rewards
- Category & difficulty
- Records task completions
- Verification status
- Photo evidence
- Quality ratings
- Reward definitions
- Points/stickers cost
- Redemption tracking
- One-time or recurring
- In-app & email notifications
- Status & delivery tracking
- Expiration handling
- Priority levels
- β Password hashing with bcryptjs
- β JWT token authentication
- β CORS protection
- β Helmet security headers
- β Rate limiting
- β Input validation
- β SQL injection prevention (Mongoose)
- β Account lockout (5 failed attempts)
- β HTTPS support (production)
# Run tests (to be added)
npm test
# Run tests with coverage
npm run test:coveragePOST /api/auth/register- Register new parentPOST /api/auth/login- Login parentPOST /api/auth/logout- Logout parentPOST /api/auth/refresh-token- Refresh JWTPOST /api/auth/forgot-password- Request password resetPOST /api/auth/reset-password- Reset password
GET /api/users/profile- Get parent profilePUT /api/users/profile- Update parent profileDELETE /api/users/account- Delete account
POST /api/children- Create child profileGET /api/children- Get all childrenGET /api/children/:id- Get specific childPUT /api/children/:id- Update childDELETE /api/children/:id- Delete child
POST /api/tasks- Create taskGET /api/tasks- Get all tasksGET /api/tasks/:id- Get specific taskPUT /api/tasks/:id- Update taskDELETE /api/tasks/:id- Delete taskGET /api/tasks/child/:childId- Get child's tasksPOST /api/tasks/:id/complete- Mark task complete
POST /api/rewards- Create rewardGET /api/rewards- Get all rewardsGET /api/rewards/:id- Get specific rewardPUT /api/rewards/:id- Update rewardDELETE /api/rewards/:id- Delete reward
GET /api/dashboard/stats- Get parent dashboard statsGET /api/progress/child/:childId- Get child progress
# Build Docker image
docker build -t tinysteps-backend .
# Run Docker container
docker run -p 5000:5000 --env-file .env tinysteps-backend# Install Heroku CLI
heroku login
# Create app
heroku create your-app-name
# Set environment variables
heroku config:set MONGODB_URI=your_atlas_uri
heroku config:set JWT_SECRET=your_secret
# Deploy
git push heroku mainSee deployment guides in /docs/deployment
-
MONGODB_URI- Your MongoDB connection string -
PORT- Server port (default: 5000) -
JWT_SECRET- Secret key for JWT (min 32 characters) -
JWT_EXPIRE- Token expiration (e.g., 7d) -
NODE_ENV- development/production -
FRONTEND_URL- Frontend URL for CORS -
DB_NAME- Database name
Error: connect ECONNREFUSED 127.0.0.1:27017
Solution: Make sure MongoDB is running (mongod)
Error: JsonWebTokenError: invalid token
Solution: Check JWT_SECRET is set correctly & token is valid
Access to XMLHttpRequest blocked by CORS policy
Solution: Verify FRONTEND_URL in .env matches your frontend URL
Error: listen EADDRINUSE: address already in use :::5000
Solution: Change PORT in .env or kill process on port 5000
- API Documentation - Detailed API reference
- Database Schema - Database design
- Authentication Flow - Auth system details
- Deployment Guide - Deployment steps
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit changes (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing-feature) - Open a Pull Request
MIT License - see LICENSE file for details
For issues and questions:
- GitHub Issues: [Create an issue]
- Email: [email protected]
Happy Coding! π