Scalable full-stack web app with authentication + protected dashboard.
Repository: https://github.com/Sarthak-Developer-Coder/Primetrade.ai
- Frontend: Next.js (App Router) + TypeScript + TailwindCSS
- Backend: Node.js + Express + TypeScript
- Auth: JWT stored in httpOnly cookie
- DB: SQLite via Prisma ORM
- Validation: Zod (server) + React Hook Form + Zod (client)
- Authentication: register / login / logout (JWT)
- Protected routes: dashboard requires login
- Profile: fetch + update
- Sample entity: Tasks CRUD
- Dashboard: profile + CRUD UI + search + status filter
- Security: password hashing (bcrypt), JWT validation middleware, centralized error handling
frontend/— Next.js appbackend/— Express API + Prismadocs/— Postman collection
- Node.js 18+ (recommended)
- npm 9+
From repo root:
npm installCopy:
copy backend\.env.example backend\.envUpdate backend/.env if needed:
DATABASE_URLdefaults to SQLite filebackend/dev.dbJWT_SECRETshould be a long random string
npm run db:pushnpm run dev- Frontend:
http://localhost:3000 - Backend:
http://localhost:4000
Note: Frontend proxies /api/* to backend during dev (see frontend/next.config.ts).
From repo root:
npm run dev— run backend + frontendnpm run dev:backend— backend onlynpm run dev:frontend— frontend onlynpm run db:push— Prisma DB syncnpm run db:studio— Prisma Studionpm run build— build backend + frontend
Base URL (direct): http://localhost:4000
Auth uses an httpOnly cookie named token.
GET /health
POST /api/auth/register- body:
{ "email": string, "password": string, "name"?: string }
- body:
POST /api/auth/login- body:
{ "email": string, "password": string }
- body:
POST /api/auth/logout
GET /api/me(auth required)PUT /api/me(auth required)- body:
{ "name"?: string | null }
- body:
GET /api/tasks(auth required)- query:
q?,status?(TODO|IN_PROGRESS|DONE),page?,limit?
- query:
POST /api/tasks(auth required)- body:
{ "title": string, "description"?: string, "status"?: "TODO"|"IN_PROGRESS"|"DONE" }
- body:
GET /api/tasks/:id(auth required)PUT /api/tasks/:id(auth required)DELETE /api/tasks/:id(auth required)
Validation errors return 400 with details.
Import the collection:
docs/primetrade-assignment.postman_collection.json
Recommended flow:
- Register
- Login
- Get Me
- Create Task
- List Tasks (search/filter)
- Update Task
- Logout
High-level steps to scale this architecture:
-
Auth & Security
- Serve everything behind HTTPS and set cookie
secure: true - Consider refresh tokens + rotation, session invalidation, and logout-all
- Add CSRF protection if using cookies across different origins
- Add rate limiting,
helmet, request size limits, audit logging
- Serve everything behind HTTPS and set cookie
-
Backend scalability
- Move from SQLite to Postgres (same Prisma models)
- Use connection pooling, migrations, and separate read replicas if needed
- Add structured logging + tracing (OpenTelemetry)
- Containerize and run behind a load balancer
-
Frontend scalability
- Use a data layer like React Query/SWR for caching + retries
- Add typed API client generation (OpenAPI) to prevent contract drift
- Split dashboard into smaller components and introduce feature modules
-
Deployment
- Single domain recommended (frontend + backend behind reverse proxy) for clean cookie auth
- CI: lint + typecheck + build + integration tests
- Run
npm run devand verify login + dashboard CRUD works - Ensure
backend/.envis not committed (it is gitignored) - Include the GitHub repo link + this README + Postman collection
Email your resume + GitHub repo link + any requested logs to:
Subject:
- Frontend Developer Task
If they ask for logs, you can attach:
- A screenshot or copy-paste of
npm run buildoutput - A screenshot of successful UI flow (register → dashboard → CRUD)