Backend API for Yo using Nest framework (NodeJS + TypeScript + MySQL)
Yo is a Twitter Clone.
-
Generate Presigned URL
Backend provides a presigned S3 URL and object key for secure direct image upload. -
Upload Image
Frontend uses the URL to upload the image directly to S3 via a PUT request. -
Save Image Key
The S3 object key is saved in the database as the user's avatar reference. -
Access Avatar
The avatar can later be accessed using a signed URL generated by the backend.
- Implement presigned upload flow
- Store avatar key in user table
- Fix CORS and bucket policy issues
- Add validation for file type and size
-
Kafka Config Setup
Kafka broker and client settings are loaded viaConfigServiceand made globally available. Broker connects to multiple topics dynamically. -
Kafka Producer/Consumer Modules
Services use Kafka client to emit and consume events (e.g., user created). -
Microservice Communication
Kafka enables decoupled communication between services for handling async operations.
- Add Kafka config module using
@nestjs/config - Setup Kafka producer and consumer service
- Emit and listen to example events (e.g., user.created)
- Add retry logic and dead-letter queue (DLQ) support
- Document event schemas and versioning
This plan outlines the steps to transition from the current auth system to a scalable JWT-based model that supports both access and refresh tokens.
- Install necessary packages (
@nestjs/jwt,passport-jwt, etc.) - Configure
JwtModulein the Auth module - Define JWT secret, expiration, and refresh settings in
.env - Create utility methods for
signAccessTokenandsignRefreshToken - Add centralized
TokenServiceto manage token lifecycle
- Update login endpoint to return:
- Access Token (short-lived, e.g., 15 mins)
- Refresh Token (long-lived, e.g., 7 days)
- Save refresh token in HttpOnly cookie or secure storage
- Add logic to hash and store refresh token in DB (optional for security)
- Create
/auth/refreshendpoint - Validate refresh token (DB or verify)
- Issue new access token (and optionally new refresh token)
- Add logic to rotate or blacklist old refresh tokens (optional)
- Implement
JwtAuthGuardusingPassportStrategy - Protect authenticated routes with
@UseGuards(JwtAuthGuard) - Create decorator to extract user info from JWT (
@CurrentUser())
- Create logout endpoint to:
- Invalidate refresh token in DB
- Clear cookie/session
- Optional: Add token revocation list (blacklist)
- Write unit tests for token generation and guards
- Add E2E tests for login, refresh, and access
- Update frontend to handle:
- Storing and refreshing tokens
- Auto-logout on token expiry
- Document auth flow in README
$ npm install# development
$ npm run start
# watch mode
$ npm run start:dev
# production mode
$ npm run start:prod# unit tests
$ npm run test
# e2e tests
$ npm run test:e2e
# test coverage
$ npm run test:covcreate database yoodb;
create user yooadmin with password 'yoopass';
grant all privileges on database yoodb to yooadmin;-
auth-
POST /auth/login
-
-
users-
GET /usersπ -
GET /users/@{username} -
GET /users/{userid} -
POST /users -
PATCH /users/{userid}π -
PUT /users/{userid}/followπ -
DELETE /users/{userid}/followπ -
GET /users/{userid}/followersπ -
GET /users/{userid}/followeesπ
-
-
posts-
GET /postsπ- filter by author
- filter by replyTo
- filter by origPosts
- full-text-search on post content
-
GET /posts/{postid} -
POST /postsπ- simple posts
- reply to a post
- repost / quote post
- #hashtags
- @mentions
-
DELETE /posts/{postid}π -
PUT /posts/{postid}/likeπ -
DELETE /posts/{postid}/likeπ
-
-
hashtags-
GET /hashtagsπ -
GET /hashtags/{tag}/postsπ
-