A lightweight Node.js backend for the Muslim Tech Collaborative platform.
- JWT Authentication with secure password hashing
- SQLite Database (no setup required)
- Admin Role Management (first user becomes admin)
- Project Approval Workflow with admin controls
- RESTful API with comprehensive endpoints
- CORS Enabled for frontend integration
- Node.js + Express.js
- SQLite3 database
- JWT for authentication
- bcryptjs for password hashing
- CORS for cross-origin requests
# Clone and install
git clone <your-repo>
cd mtc-backend
npm install
# Run the server
npm start
# Development with auto-restart
npm run dev- id (TEXT PRIMARY KEY)
- email (TEXT UNIQUE)
- password (TEXT) -- bcrypt hashed
- name (TEXT)
- location (TEXT)
- skills (TEXT) -- JSON array
- joinedAt (DATETIME)
- isAdmin (BOOLEAN)- id (TEXT PRIMARY KEY)
- name (TEXT)
- description (TEXT)
- type (TEXT) -- ai/ml, web-dev, mobile, etc.
- difficulty (TEXT) -- beginner, intermediate, advanced
- location (TEXT)
- status (TEXT) -- pending, approved, rejected
- createdBy (TEXT) -- user ID
- createdAt (DATETIME)- userId (TEXT)
- projectId (TEXT)
- joinedAt (DATETIME)POST /api/auth/signup # Register new user
POST /api/auth/login # User login
GET /api/auth/profile # Get current user (requires auth)GET /api/projects # Get all approved projects
POST /api/projects # Create new project (requires auth)
POST /api/projects/:id/join # Join a project (requires auth)
DELETE /api/projects/:id/leave # Leave a project (requires auth)GET /api/admin/projects/pending # Get pending projects
PUT /api/admin/projects/:id/approve # Approve project
PUT /api/admin/projects/:id/reject # Reject project
GET /api/admin/users # Get all usersPUT /api/users/skills # Update user skills (requires auth)
PUT /api/users/password # Update password (requires auth)GET /api/health # Server health statusThe API uses JWT Bearer tokens. Include in request headers:
Authorization: Bearer <your-jwt-token>curl -X POST http://localhost:5000/api/auth/signup \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "password123",
"name": "John Doe",
"location": "Seattle",
"skills": ["JavaScript", "React"]
}'curl -X POST http://localhost:5000/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "password123"
}'curl http://localhost:5000/api/projectscurl -X POST http://localhost:5000/api/projects \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <your-token>" \
-d '{
"name": "New Project",
"description": "Project description",
"type": "web-dev",
"difficulty": "intermediate",
"location": "Remote"
}'# Install Railway CLI
npm install -g @railway/cli
# Login and deploy
railway login
railway init
railway up- Push code to GitHub
- Connect to Render.com
- Deploy as Web Service
- Set environment variables
# Install Vercel CLI
npm install -g vercel
# Deploy
vercel# Install Heroku CLI, then:
heroku create mtc-backend
git push heroku main
heroku config:set JWT_SECRET=your-secret-keyCreate .env file:
PORT=5000
JWT_SECRET=your-super-secret-jwt-key
NODE_ENV=production# Start development server with auto-reload
npm run dev
# Test endpoints
curl http://localhost:5000/api/health- β User Registration & Login
- β JWT Authentication
- β Password Hashing (bcrypt)
- β Admin Role Management
- β Project CRUD Operations
- β Admin Approval Workflow
- β Project Membership Management
- β User Profile Updates
- β Secure API Endpoints
- β Database Auto-initialization
- β Mock Data Seeding
- Password hashing with bcrypt
- JWT token authentication
- SQL injection prevention (parameterized queries)
- CORS configuration
- Admin-only protected routes
- Token expiration (7 days)
- Add rate limiting (express-rate-limit)
- Email verification for signup
- Password reset functionality
- File upload for project images
- Real-time notifications (Socket.io)
- Logging (winston)
- Testing (Jest)
π Ready to integrate with your frontend!