A secure, production-style REST API for managing personal tasks β built with Node.js, Express.js, and PostgreSQL.
| API | https://taskion.onrender.com |
| Swagger Docs | https://taskion.onrender.com/api-docs |
| GitHub | https://github.com/Vrishali34/taskion |
| Feature | Details |
|---|---|
| Authentication | JWT-based register and login with bcrypt password hashing |
| Authorization | Protected routes β users can only access their own data |
| Rate Limiting | 100 req/15min globally Β· 10 req/15min on auth endpoints |
| Security Headers | Helmet.js β removes X-Powered-By, prevents XSS, clickjacking, MIME sniffing |
| Input Validation | Joi schemas on every endpoint β fail fast, reject early |
| Feature | Details |
|---|---|
| Task Management | Full CRUD β create, read, update, delete tasks |
| Pagination | page and limit query params with metadata in response |
| Filtering | Filter by completion status β completed=true or false |
| Sorting | Sort by id, title, or completed Β· asc or desc order |
| Feature | Details |
|---|---|
| Structured Logging | Winston + Morgan β timestamped logs, HTTP audit trail, error stack traces |
| Automated Testing | 19 tests across auth and task endpoints using Jest + Supertest |
| Docker Support | docker compose up --build β API + PostgreSQL, one command |
| API Documentation | Swagger UI β interactive docs, test endpoints live from browser |
| Error Handling | Centralized middleware β consistent error format across all endpoints |
| Layer | Technology |
|---|---|
| Runtime | Node.js v24 |
| Framework | Express.js v5 |
| Database | PostgreSQL |
| Authentication | JWT + bcrypt |
| Validation | Joi |
| Security | Helmet.js + express-rate-limit |
| Logging | Winston + Morgan |
| Documentation | Swagger (OpenAPI 3.0) |
| Testing | Jest + Supertest |
| Containerization | Docker + docker-compose |
| Configuration | dotenv |
taskion
β
βββ config
β βββ db.js # PostgreSQL connection pool
β
βββ controllers
β βββ authController.js # Register and login logic
β βββ taskController.js # CRUD task logic
β
βββ middleware
β βββ authMiddleware.js # JWT verification
β βββ validateMiddleware.js # Reusable Joi validation
β βββ morganMiddleware.js # HTTP request logging
β βββ errorHandler.js # Centralized error handler
β
βββ routes
β βββ authRoutes.js # Auth endpoints + Swagger docs
β βββ taskRoutes.js # Task endpoints + Swagger docs
β
βββ validators
β βββ authValidator.js # Register and login schemas
β βββ taskValidator.js # Create and update task schemas
β
βββ utils
β βββ logger.js # Winston logger configuration
β
βββ docs
β βββ swagger.js # Swagger configuration
β
βββ tests
β βββ auth.test.js # Auth endpoint tests
β βββ task.test.js # Task endpoint tests
β
βββ screenshots
β βββ taskion-live-register.png
β βββ taskion-jest-results.png
β
βββ logs
β βββ combined.log # All logs (gitignored)
β βββ error.log # Error logs only (gitignored)
β
βββ app.js # Express app configuration
βββ server.js # Server entry point
βββ Dockerfile # Docker image instructions
βββ docker-compose.yml # Multi-container orchestration
βββ init.sql # Database table initialization
βββ .env # Environment variables (not committed)
βββ package.json
Prerequisites: Docker Desktop installed
git clone https://github.com/Vrishali34/taskion.git
cd taskion
docker compose up --buildServer runs at http://localhost:5000
That's it. No manual database setup needed.
Prerequisites: Node.js v20+, PostgreSQL
git clone https://github.com/Vrishali34/taskion.git
cd taskionnpm installCreate a .env file in the root directory:
PORT=5000
DB_USER=your_db_user
DB_HOST=localhost
DB_NAME=taskdb
DB_PASSWORD=your_db_password
DB_PORT=5432
JWT_SECRET=your_jwt_secret_key
CREATE TABLE users (
id SERIAL PRIMARY KEY,
email VARCHAR UNIQUE NOT NULL,
password VARCHAR NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
CREATE TABLE tasks (
id SERIAL PRIMARY KEY,
title VARCHAR NOT NULL,
completed BOOLEAN DEFAULT FALSE,
user_id INTEGER REFERENCES users(id),
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);npm startServer runs at http://localhost:5000
npm testExpected output:
Tests: 19 passed, 19 total
Test Suites: 2 passed, 2 total
Interactive Swagger documentation available locally at:
http://localhost:5000/api-docs
Or live at:
https://taskion.onrender.com/api-docs
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| POST | /auth/register | Register a new user | No |
| POST | /auth/login | Login and get JWT token | No |
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| GET | /tasks | Get all tasks | Yes |
| POST | /tasks | Create a new task | Yes |
| PUT | /tasks/:id | Update a task | Yes |
| DELETE | /tasks/:id | Delete a task | Yes |
| Parameter | Type | Description | Example |
|---|---|---|---|
| page | integer | Page number | 1 |
| limit | integer | Tasks per page | 10 |
| completed | boolean | Filter by status | true |
| sort | string | Sort field | title |
| order | string | Sort direction | desc |
1. Register β POST /auth/register
2. Login β POST /auth/login β receive JWT token
3. Use token in Authorization header for all task requests
Authorization: Bearer <your_token>
- All routes β 100 requests per 15 minutes per IP
- Auth routes β 10 requests per 15 minutes per IP
- Exceeding the limit returns
429 Too Many Requests - Implements sliding window counter algorithm
- Removes
X-Powered-Byheader to hide server technology - Sets
X-Content-Type-Optionsto prevent MIME sniffing - Sets
X-Frame-Optionsto prevent clickjacking - Sets
Content-Security-Policyto prevent malicious content injection
Winston and Morgan provide structured logging across the application.
error β application errors with stack traces
warn β suspicious activity
info β server startup and key events
http β every HTTP request with method, URL, status, response time
logs/combined.log β all log levels
logs/error.log β errors only
2026-03-28 13:49:10 [INFO]: App configured successfully
2026-03-28 13:49:10 [HTTP]: POST /auth/register HTTP/1.1 201
2026-03-28 13:49:10 [ERROR]: Task not found β PUT /tasks/99999
- Email must be a valid email address
- Password must be at least 6 characters and max 128 characters
- Email must be a valid email address
- Password must not be empty
- Title is required, min 3 characters, max 255 characters
- Title is optional, min 3 characters, max 255 characters
- Completed is optional, must be boolean
# Start all services
docker compose up --build
# Stop all services
docker compose down
# Stop and remove volumes
docker compose down -v- JWT Authentication
- CRUD Task Operations
- Pagination, Filtering, Sorting
- Joi Request Validation
- Swagger Documentation
- Automated Testing with Jest
- Rate Limiting + Security Headers
- Docker Support
- Winston Logging
- Production Deployment
Vrishali β GitHub

