A robust project and task management REST API built with Node.js, Express, Prisma ORM, and PostgreSQL (Supabase).
The API is deployed and available at:
https://task-manager-system-uqus.onrender.com
Base API URL: https://task-manager-system-uqus.onrender.com/api/v1
Note: The application is hosted on Render's free tier, so the first request may take a few seconds as the server spins up from sleep mode.
- Features
- Tech Stack
- Getting Started
- API Documentation
- Project Structure
- Environment Variables
- Contributing
- User registration and login
- JWT-based authentication (access & refresh tokens)
- Cookie-based token management
- Password change functionality
- Account deletion
- Protected routes with middleware
- Create, read, update, and delete projects
- Role-based access control (Owner, Admin, Manager, Contributor, Viewer)
- Team collaboration with member management
- Add/remove project members
- Update member roles
- Permission-based operations
- Create and organize tasks within projects
- Subtask support for better task breakdown
- Full CRUD operations on tasks and subtasks
- Role-based task permissions
- Task filtering and retrieval
- Runtime: Node.js
- Framework: Express.js v5
- Database: PostgreSQL (Supabase)
- ORM: Prisma
- Authentication: JWT + bcryptjs
- Validation: Zod
- HTTP Logging: Morgan
- Security: CORS, cookie-parser
- Deployment: Render
- Testing: Vitest
- Node.js (v14 or higher)
- npm or yarn
- PostgreSQL database (Supabase account)
- Clone the repository
git clone https://github.com/yourusername/task-manager-system.git
cd task-manager-system- Install dependencies
npm install- Set up environment variables
cp .env.example .envEdit .env with your configuration (see Environment Variables)
- Generate Prisma Client
npx prisma generate- Run database migrations
npx prisma migrate dev- Start the development server
npm run devThe API will be available at http://localhost:8000
Production: https://task-manager-system-uqus.onrender.com/api/v1
Local Development: http://localhost:8000/api/v1
GET /healthcheck- Check API status
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| POST | /register |
Register new user | No |
| POST | /login |
Login user | No |
| POST | /refresh-token |
Refresh access token | No |
| POST | /logout |
Logout user | Yes |
| GET | /me |
Get current user | Yes |
| DELETE | /me |
Delete account | Yes |
| PATCH | /me/change-password |
Change password | Yes |
| Method | Endpoint | Description | Required Role |
|---|---|---|---|
| GET | / |
Get all projects | Authenticated |
| POST | / |
Create project | Authenticated |
| GET | /:projectId |
Get project by ID | Member |
| PATCH | /:projectId |
Update project | Manager+ |
| DELETE | /:projectId |
Delete project | Owner |
| POST | /:projectId/members |
Add members | Manager+ |
| GET | /:projectId/members |
Get members | Member |
| DELETE | /:projectId/members/:userId |
Remove member | Admin+ |
| PATCH | /:projectId/members/:userId/role |
Update member role | Admin+ |
| Method | Endpoint | Description | Required Role |
|---|---|---|---|
| GET | /projects/:projectId/tasks |
Get all tasks | Member |
| POST | /projects/:projectId/tasks |
Create task | Contributor+ |
| GET | /:projectId/tasks/:taskId |
Get task by ID | Member |
| PATCH | /:projectId/tasks/:taskId |
Update task | Contributor+ |
| DELETE | /:projectId/tasks/:taskId |
Delete task | Manager+ |
| POST | /:taskId/subtasks |
Create subtask | Contributor+ |
| PATCH | /:taskId/subtasks/:subTaskId |
Update subtask | Contributor+ |
| DELETE | /:taskId/subtasks/:subTaskId |
Delete subtask | Manager+ |
The system uses five distinct user roles with hierarchical permissions:
- Owner: Full control over the project (can delete project, manage all members)
- Admin: Can manage members and all project content
- Manager: Can manage tasks and project settings
- Member: Can contribute to tasks (create, edit tasks and subtasks)
- Viewer: Read-only access to project and tasks
Project Operations:
ADMIN_ROLES: Owner, AdminMANAGER_ROLES: Owner, Admin, Manager
Task Operations:
CONTRIBUTOR_ROLES: Owner, Admin, Manager, MemberMANAGER_ROLES: Owner, Admin, Manager
task-manager-system/
βββ src/
β βββ controllers/ # Request handlers
β β βββ auth.controller.js
β β βββ healthchecker.routes
β β βββ project.controller.js
β β βββ task.controller.js
β βββ middlewares/ # Custom middleware
β β βββ auth.middleware.js
β β βββ error-handler.middleware.js
β β βββ validate.middleware.js
β βββ routes/ # API routes
β β βββ auth.routes.js
β β βββ healthchecker.routes
β β βββ project.routes.js
β β βββ task.routes.js
β βββ schemas/ # Zod validation schemas
β βββ utils/ # Utility functions
β βββ app.js # Express app setup
βββ prisma/
β βββ schema.prisma # Database schema
βββ .env # Environment variables
βββ .gitignore
βββ package.json
Create a .env file in the root directory:
# Server
PORT=
NODE_ENV=
# Database
DATABASE_URL=
DIRECT_URL=
# JWT
REFRESH_TOKEN_SECRET=
ACCESS_TOKEN_SECRET=
JWT_EXPIRY=
JWT_REFRESH_
# CORS
CORS_ORIGIN=- JWT-based authentication with access and refresh tokens
- Password hashing with bcryptjs
- HTTP-only cookies for token storage
- CORS protection
- Input validation with Zod schemas
- Role-based access control (RBAC)
- Protected routes with authentication middleware
Validates JWT tokens and attaches user to request object.
Validates request data against Zod schemas.
Checks user's role and permissions for project operations.
Centralized error handling with consistent response format.
{
"@prisma/client": "^6.19.0",
"bcryptjs": "^3.0.3",
"cookie-parser": "^1.4.7",
"cors": "^2.8.5",
"dotenv": "^17.2.3",
"express": "^5.1.0",
"jsonwebtoken": "^9.0.2",
"morgan": "^1.10.1",
"prisma": "^6.19.0",
"zod": "^4.1.12"
}This application is deployed on Render with the following configuration:
- Platform: Render Web Service
- Database: Supabase PostgreSQL
- Build Command:
npm install && npx prisma generate && npx prisma migrate deploy - Start Command:
npm start
- Fork this repository
- Create a new Web Service on Render
- Connect your GitHub repository
- Set up environment variables in Render dashboard
- Deploy!
This project is licensed under the MIT License.
Lucas Herzinger Souza