A modern, secure web application built with Next.js 15, featuring JWT-based authentication, task management, and a responsive dashboard. This project demonstrates best practices in full-stack development with a focus on security, scalability, and user experience.
- JWT-based Authentication with HTTP-only cookies
- Password Hashing using bcryptjs
- Protected Routes with middleware authentication
- Session Management with automatic token validation
- Secure Logout with session cleanup
- User Profile Management - View and edit profile information
- Task Management - Full CRUD operations (Create, Read, Update, Delete)
- Real-time Updates - Auto-refresh task list every 5 seconds
- Search & Filter - Search tasks by title/description and filter by status
- Deadline Tracking - Visual indicators for overdue tasks
- Responsive Design - Optimized for desktop, tablet, and mobile
- Modern UI with TailwindCSS and Radix UI components
- Dark Mode Support with theme persistence
- Form Validation - Client-side and server-side validation
- Loading States - Smooth loading indicators
- Error Handling - User-friendly error messages
- Next.js 15 - React framework with App Router
- TypeScript - Type-safe development
- TailwindCSS - Utility-first CSS framework
- Radix UI - Accessible component library
- React Hook Form - Form state management
- Next.js API Routes - Serverless API endpoints
- MongoDB - NoSQL database with connection pooling
- JWT - JSON Web Tokens for authentication
- bcryptjs - Password hashing library
Before running this project, ensure you have:
- Node.js 18.x or higher
- npm or pnpm package manager
- MongoDB instance (local or MongoDB Atlas)
git clone <your-repo-url>
cd secure-board-web-applicationnpm install
# or
pnpm installCreate a .env.local file in the root directory:
MONGODB_URI=mongodb://localhost:27017/taskmanager
# or for MongoDB Atlas:
# MONGODB_URI=mongodb+srv://<username>:<password>@cluster.mongodb.net/taskmanager
JWT_SECRET=your-super-secret-jwt-key-min-32-characters-longImportant:
- Replace
MONGODB_URIwith your actual MongoDB connection string - Generate a strong random string for
JWT_SECRET(minimum 32 characters) - Never commit
.env.localto version control
npm run dev
# or
pnpm devOpen http://localhost:3000 in your browser.
npm run build
npm startsecure-board-web-application/
βββ app/ # Next.js App Router
β βββ api/ # API Routes
β β βββ auth/ # Authentication endpoints
β β βββ profile/ # Profile management
β β βββ tasks/ # Task CRUD operations
β βββ dashboard/ # Protected dashboard pages
β βββ login/ # Login page
β βββ register/ # Registration page
βββ components/ # React components
β βββ ui/ # Reusable UI components
β βββ login-form.tsx # Login form component
β βββ register-form.tsx # Registration form
β βββ task-list.tsx # Task list with CRUD
β βββ protected-route.tsx # Route protection HOC
βββ lib/ # Utility functions
β βββ auth.ts # Client-side auth utilities
β βββ auth-server.ts # Server-side auth logic
β βββ db.ts # Database connection
β βββ models.ts # Database models
β βββ session.ts # Session management
β βββ validation.ts # Form validation
β βββ utils.ts # General utilities
βββ public/ # Static assets
| Method | Endpoint | Description | Authentication |
|---|---|---|---|
| POST | /api/auth/register |
Register new user | No |
| POST | /api/auth/login |
Login user | No |
| POST | /api/auth/logout |
Logout user | Yes |
| GET | /api/auth/me |
Get current user | Yes |
| Method | Endpoint | Description | Authentication |
|---|---|---|---|
| GET | /api/profile |
Get user profile | Yes |
| PATCH | /api/profile |
Update user profile | Yes |
| Method | Endpoint | Description | Authentication |
|---|---|---|---|
| GET | /api/tasks |
Get all user tasks | Yes |
| POST | /api/tasks |
Create new task | Yes |
| GET | /api/tasks/[id] |
Get specific task | Yes |
| PATCH | /api/tasks/[id] |
Update task | Yes |
| DELETE | /api/tasks/[id] |
Delete task | Yes |
POST /api/auth/register
Content-Type: application/json
{
"fullName": "John Doe",
"email": "john@example.com",
"password": "securepassword123",
"confirmPassword": "securepassword123"
}POST /api/tasks
Content-Type: application/json
{
"title": "Complete project documentation",
"description": "Write comprehensive README",
"deadline": "2025-12-31T23:59:59.000Z"
}See TESTING.md for comprehensive testing instructions.
-
Registration Flow
- Navigate to
/register - Fill form with valid data
- Verify account creation and redirect
- Navigate to
-
Login Flow
- Navigate to
/login - Enter credentials
- Verify dashboard access
- Navigate to
-
Task Management
- Create new task
- Edit task title/status
- Delete task
- Search and filter tasks
-
Profile Management
- View profile information
- Update name/email
- Verify changes persist
Import the Postman collection from TaskManager-API.postman_collection.json and test all endpoints.
After registration, use your created credentials to test the application.
-
Password Security
- Passwords hashed with bcryptjs (10 salt rounds)
- Never stored in plain text
- Minimum length validation
-
Authentication
- JWT tokens stored in HTTP-only cookies
- Tokens cannot be accessed via JavaScript (XSS protection)
- Automatic token verification on protected routes
-
Authorization
- User-specific data isolation
- Tasks owned by users cannot be accessed by others
- Server-side permission checks
-
Input Validation
- Client-side validation for immediate feedback
- Server-side validation for security
- Email format validation
- SQL injection prevention through MongoDB
-
Session Management
- Secure session creation and verification
- Automatic session cleanup on logout
- Token expiration handling
See SCALING.md for comprehensive production scaling strategies.
-
Static Generation & ISR
- Use Next.js Static Site Generation (SSG) for public pages
- Implement Incremental Static Regeneration (ISR) for dynamic content
- Reduces server load and improves response times
-
CDN Distribution
- Deploy static assets to CDN (Cloudflare, AWS CloudFront)
- Geographic distribution for faster global access
- Automatic edge caching
-
Code Splitting
- Next.js automatic code splitting already implemented
- Lazy load components for better initial load times
- Dynamic imports for heavy components
-
Image Optimization
- Use Next.js Image component for automatic optimization
- WebP format with fallbacks
- Responsive images with srcset
-
Horizontal Scaling
- Deploy multiple Next.js instances behind load balancer
- Use PM2 or similar for process management
- Session state stored in database, not in-memory
-
Database Optimization
- Indexing: Add indexes on frequently queried fields
// users collection db.users.createIndex({ email: 1 }, { unique: true }) // tasks collection db.tasks.createIndex({ userId: 1 }) db.tasks.createIndex({ status: 1 }) db.tasks.createIndex({ deadline: 1 })
- Connection Pooling: Already implemented in
lib/db.ts - Replica Sets: Use MongoDB replica sets for read scaling
- Sharding: Implement sharding for massive datasets
- Indexing: Add indexes on frequently queried fields
-
Caching Layer
- Redis for session storage and caching
- Cache frequently accessed data (user profiles, common queries)
- Implement cache invalidation strategies
// Example: Cache user profile const cacheKey = `user:${userId}`; let user = await redis.get(cacheKey); if (!user) { user = await db.users.findOne({ _id: userId }); await redis.setex(cacheKey, 3600, JSON.stringify(user)); }
-
API Rate Limiting
- Implement rate limiting middleware
- Prevent abuse and DDoS attacks
- Use Redis for distributed rate limiting
-
Background Jobs
- Move heavy operations to background queues (Bull, BullMQ)
- Email notifications
- Data aggregation and reports
- Scheduled task reminders
-
Containerization
# Example Dockerfile FROM node:18-alpine WORKDIR /app COPY package*.json ./ RUN npm ci --only=production COPY . . RUN npm run build EXPOSE 3000 CMD ["npm", "start"]
-
Orchestration
- Use Kubernetes for container orchestration
- Auto-scaling based on CPU/memory metrics
- Rolling updates for zero-downtime deployments
-
Monitoring & Logging
- Implement logging (Winston, Pino)
- Use APM tools (New Relic, Datadog)
- Set up alerts for errors and performance issues
- Centralized logging (ELK stack, CloudWatch)
-
CI/CD Pipeline
- Automated testing on push
- Build and deploy on merge to main
- Environment-specific configurations
- Rollback capabilities
- Vercel - Easiest for Next.js, automatic optimization
- AWS - Full control with ECS/EKS
- Google Cloud Run - Serverless containers
- DigitalOcean - Simple and cost-effective
- Railway/Render - Quick deployment with databases
-
Bundle Size Reduction
- Tree shaking enabled
- Remove unused dependencies
- Analyze bundle with
@next/bundle-analyzer
-
Database Query Optimization
- Use projection to limit returned fields
- Implement pagination for large datasets
- Avoid N+1 query problems
-
Caching Headers
- Set appropriate Cache-Control headers
- Use ETags for conditional requests
- Implement stale-while-revalidate
- Push code to GitHub
- Import project in Vercel
- Add environment variables
- Deploy
- Build the project:
npm run build - Set environment variables on server
- Start with:
npm start - Use a process manager like PM2
- Set up reverse proxy (Nginx) if needed
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Open a Pull Request
- README.md - Main documentation (this file)
- SCALING.md - Production scaling strategies
- TESTING.md - Comprehensive testing guide
- PROJECT-SUMMARY.md - Assignment completion summary
- SUBMISSION-CHECKLIST.md - Pre-submission checklist
- .env.example - Environment variables template
- TaskManager-API.postman_collection.json - API documentation
This project is licensed under the MIT License.
Built as part of a web development assignment demonstrating full-stack capabilities with modern technologies.
- Next.js team for the amazing framework
- Radix UI for accessible components
- MongoDB for the database
- All open-source contributors