A production-minded project management app with an Express/MongoDB backend and a dependency-free frontend served from public/.
- JWT auth with access and refresh tokens
- Email verification and password reset flows
- Project CRUD with role-based membership
- Task, subtask, note, and attachment management
- Centralized validation and error responses
- Basic security headers, CORS, rate limiting, and graceful shutdown
- Static frontend for auth, projects, members, tasks, subtasks, and notes
- Copy
.env.exampleto.env. - Fill in MongoDB, JWT, and optional Mailtrap values.
- Install dependencies with
npm install. - Start the app with
npm run dev. - Open
http://localhost:3000.
npm run dev # start with nodemon
npm start # start production server
npm run check # verify the app imports
npm test # run Node test suite
npm run lint # check formatting
npm run format # format the projectOn Windows PowerShell, use npm.cmd run dev if script execution policy blocks npm.
All API routes live under /api/v1.
/auth: register, login, logout, current user, refresh token, email verification, password reset/projects: project CRUD and member management/tasks: project tasks, subtasks, assignment, statuses, attachments/notes: project notes/healthcheck: service health
Study the project in this order:
- Models in
src/models - Validation in
src/validators - Auth and permission middleware in
src/middlewares - Controllers in
src/controllers - Routes in
src/routes - Frontend API calls in
public/app.js
That order mirrors how a request moves through the app.