Echo - Social Media Platform (Backend API)

A robust, scalable Node.js backend API for the Echo social media platform, providing real-time chat, video calling, post management, and user authentication features. Built with Express.js, MongoDB, Socket.io, and Redis for optimal performance.

🚀 Live API

• Production: https://api.echo.linkpc.net
• Frontend: Echo App
• Repository: Echo-Backend

🌟 Key Features

🔐 Authentication & Security

• JWT-based Authentication with access & refresh tokens
• Password Encryption using bcrypt
• Email Verification system
• Password Reset functionality
• Rate Limiting for API protection
• CORS Configuration for secure cross-origin requests
• Cookie-based Session Management

💬 Real-time Chat System

• Socket.io Integration for instant messaging
• Message Encryption/Decryption for privacy
• Real-time Notifications for new messages
• Group Conversations support
• Online/Offline Status tracking
• Message Read Receipts
• File/Media Sharing capabilities

📞 Video & Audio Calling

• WebRTC Signaling Server for peer-to-peer connections
• Call Management (initiate, accept, decline, end)
• Audio/Video Call Support
• Call Notifications and status updates
• ICE Candidate Exchange for connectivity

📱 Social Media Features

• Post Creation & Management with media upload
• Like/Unlike functionality
• Comment System with threaded replies
• User Following/Followers system
• Feed Generation based on connections
• User Search with advanced filtering
• Profile Management with customizable information

🗄️ Data Management

• MongoDB with Mongoose ODM
• Redis for session storage and caching
• Cloudinary for media storage and optimization
• MeiliSearch for advanced search capabilities
• Node-Cache for in-memory caching

🏗️ Technical Architecture

Core Technologies

• Node.js - Runtime environment
• Express.js 4.21.1 - Web framework
• MongoDB 8.8.3 - NoSQL database
• Mongoose - MongoDB object modeling
• Socket.io 4.8.1 - Real-time communication
• Redis 4.7.0 - In-memory data store
• JWT - Authentication tokens

Security & Middleware

• Helmet 8.0.0 - Security headers
• CORS 2.8.5 - Cross-origin resource sharing
• Express Rate Limit 7.4.1 - Request rate limiting
• Express Validator 7.2.0 - Input validation
• Cookie Parser 1.4.7 - Cookie handling

File & Media Handling

• Multer 1.4.5 - File upload middleware
• Cloudinary 2.5.1 - Cloud media storage
• Node-Cache 5.1.2 - Memory caching

Communication & Search

• Nodemailer 6.9.16 - Email service
• MeiliSearch 0.50.0 - Full-text search engine
• BCrypt 5.1.1 - Password hashing

📁 Project Structure

Backend/
├── index.js                 # Main server entry point
├── package.json             # Dependencies and scripts
├── .env                     # Environment variables
├── controllers/             # Business logic controllers
│   ├── AdminController/     # Admin operations
│   │   └── uploadAll.js     # Bulk data upload
│   ├── AuthControllers/     # Authentication logic
│   │   ├── userLogin.js     # User login
│   │   ├── userRegister.js  # User registration
│   │   ├── userLogout.js    # User logout
│   │   ├── verifyUser.js    # Email verification
│   │   ├── forgetPassword.js # Password reset request
│   │   ├── verifyResetToken.js # Reset token validation
│   │   ├── updatePassword.js # Password update
│   │   └── loggedPassword.js # Logged-in password change
│   ├── ChatControllers/     # Chat functionality
│   │   ├── chatList.js      # Get user conversations
│   │   └── fetchChats.js    # Fetch chat messages
│   ├── PostControllers/     # Post management
│   │   ├── uploadPost.js    # Create new post
│   │   ├── feedPost.js      # Get user feed
│   │   ├── fetchPosts.js    # Fetch user posts
│   │   ├── fetchComments.js # Get post comments
│   │   ├── likePost.js      # Like/unlike posts
│   │   ├── postComment.js   # Add comments
│   │   └── deletePost.js    # Delete posts
│   └── UserControllers/     # User management
│       ├── userProfile.js   # Get user profile
│       ├── userAbout.js     # Get user details
│       ├── userBasic.js     # Basic user info
│       ├── updateProfile.js # Update profile
│       ├── searchUser.js    # Search users
│       ├── followUser.js    # Follow users
│       ├── unfollowUser.js  # Unfollow users
│       ├── fetchFollowers.js # Get followers
│       ├── fetchFollowing.js # Get following
│       ├── removeFollower.js # Remove follower
│       ├── checkExistingUser.js # Check user existence
│       └── deleteAccount.js # Delete user account
├── models/                  # Database schemas
│   ├── user.js             # User model
│   ├── post.js             # Post model
│   ├── comment.js          # Comment model
│   ├── conversation.js     # Conversation model
│   └── message.js          # Message model
├── routes/                  # API route definitions
│   ├── authRoutes.js       # Authentication routes
│   ├── userRoutes.js       # User management routes
│   ├── postRoutes.js       # Post-related routes
│   ├── chatRoutes.js       # Chat functionality routes
│   └── adminRoute.js       # Admin operations routes
├── middlewares/            # Custom middleware
│   ├── cookieAuthentication.js # JWT auth middleware
│   └── limiter.js          # Rate limiting middleware
├── sockets/                # Socket.io event handlers
│   ├── onConnection.js     # Main socket connection handler
│   └── events/             # Individual socket events
│       ├── online.js       # User online status
│       ├── offline.js      # User offline status
│       ├── sendMessage.js  # Send chat messages
│       ├── readMsg.js      # Mark messages as read
│       ├── joinAllRooms.js # Join chat rooms
│       ├── callUser.js     # Initiate calls
│       ├── callAccepted.js # Accept calls
│       ├── declinedCall.js # Decline calls
│       ├── cancelCall.js   # Cancel calls
│       ├── endCall.js      # End calls
│       ├── sendOffer.js    # WebRTC offer
│       ├── sendAnswer.js   # WebRTC answer
│       ├── sendNewOffer.js # New WebRTC offer
│       ├── sendNewAnswer.js # New WebRTC answer
│       ├── sendIceCandidate.js # ICE candidates
│       ├── newPost.js      # New post notifications
│       ├── deletePost.js   # Post deletion events
│       ├── offlineMessages.js # Handle offline messages
│       ├── removeOfflineMessages.js # Remove offline messages
│       ├── redirectConvo.js # Redirect conversations
│       └── leaveChat.js    # Leave chat rooms
├── Utils/                  # Utility functions
│   ├── mongoConnect.js     # MongoDB connection
│   ├── redis.js           # Redis configuration
│   ├── cloudinary.js      # Cloudinary setup
│   ├── mail.js            # Email service
│   ├── cookie.js          # JWT token utilities
│   ├── cache.js           # Caching utilities
│   ├── io.js              # Socket.io setup
│   ├── sockets.js         # Socket configuration
│   ├── encryptdecryptMsg.js # Message encryption
│   ├── getRoomId.js       # Chat room ID generation
│   └── meilisearchConnect.js # Search engine setup
└── public/                # Static files
    ├── temp/              # Temporary file storage
    └── templates/         # Email templates
        ├── verifyEmail.html # Email verification template
        └── forgetPassword.html # Password reset template

🗄️ Database Schema

User Model

{
  email: String (unique, required),
  isVerified: Boolean (default: false),
  profileStatus: Boolean (default: false),
  password: String (hashed),
  username: String (unique, lowercase),
  fullname: String,
  dob: String,
  gender: String,
  bio: String,
  website: String,
  interests: String,
  follower: [ObjectId] (ref: 'user'),
  following: [ObjectId] (ref: 'user'),
  profileImage: String (default URL),
  coverImage: String (default URL),
  timestamps: true
}

Post Model

{
  userId: ObjectId (ref: 'user', required),
  caption: String,
  media: String (required),
  ratio: String (required),
  likes: [ObjectId] (ref: 'user'),
  comments: [ObjectId] (ref: 'comment'),
  timestamps: true
}

Conversation Model

{
  participants: [ObjectId] (ref: 'user', required),
  roomId: String,
  messages: [ObjectId] (ref: 'message'),
  timestamps: true
}

Message Model

{
  sender: ObjectId (ref: 'user', required),
  receiver: ObjectId (ref: 'user', required),
  conversationId: ObjectId (ref: 'conversation', required),
  message: String (encrypted, required),
  iv: String (encryption vector),
  read: Boolean (default: false),
  timestamps: true
}

Comment Model

{
  userId: ObjectId (ref: 'user', required),
  postId: ObjectId (ref: 'post', required),
  comment: String (required),
  timestamps: true
}

🔌 API Endpoints

Authentication Routes (/api/auth)

POST   /create                    # Register new user
POST   /verify                    # Verify email
POST   /login                     # User login
POST   /logout                    # User logout
POST   /forget-password           # Request password reset
GET    /verify-reset-token/:token # Verify reset token
POST   /update-password/:token    # Update password with token
POST   /update/logged/password    # Update password (logged in)

User Routes (/api/user)

GET    /profile/:username         # Get user profile
GET    /about                     # Get current user details
GET    /basic/:username           # Get basic user info
PUT    /update                    # Update user profile
GET    /search/:query             # Search users
POST   /follow                    # Follow user
POST   /unfollow                  # Unfollow user
GET    /followers/:username       # Get user followers
GET    /following/:username       # Get user following
POST   /remove/follower           # Remove follower
GET    /check/:username           # Check if user exists
DELETE /delete                    # Delete user account

Post Routes (/api/post)

POST   /upload                    # Create new post
GET    /feed                      # Get user feed
GET    /user/:username            # Get user posts
GET    /comments/:postId          # Get post comments
POST   /like                      # Like/unlike post
POST   /comment                   # Add comment to post
DELETE /:postId                   # Delete post

Chat Routes (/api/chat)

GET    /list/:userId              # Get user conversations
GET    /fetch/msg/:conversationId # Fetch chat messages

Admin Routes (/api/admin)

POST   /upload/all                # Bulk upload data

🔄 Socket.io Events

Connection Events

// User Status
"online"; // User comes online
"offline"; // User goes offline

// Chat Events
"joinAllRooms"; // Join multiple chat rooms
"sendMessage"; // Send chat message
"receiveMsg"; // Receive chat message
"readMsg"; // Mark message as read
"offlineMessage"; // Handle offline messages
"rmOfflineMsg"; // Remove offline messages
"redirectConvo"; // Redirect to conversation

// Calling Events
"callUser"; // Initiate call
"receiveCall"; // Receive incoming call
"acceptedCall"; // Accept call
"callAccepted"; // Call accepted notification
"declinedCall"; // Decline call
"cancelledCall"; // Call cancelled
"CancelCall"; // Cancel ongoing call
"endCall"; // End call

// WebRTC Signaling
"sendOffer"; // Send WebRTC offer
"getOffer"; // Receive WebRTC offer
"sendAnswer"; // Send WebRTC answer
"getAnswer"; // Receive WebRTC answer
"sendNewOffer"; // Send new offer (renegotiation)
"sendNewAnswer"; // Send new answer (renegotiation)
"sendIceCandidate"; // Send ICE candidate
"getIceCandidate"; // Receive ICE candidate

// Post Events
"newPost"; // New post notification
"deletePost"; // Post deletion notification

🚀 Getting Started

Prerequisites

• Node.js 16+
• MongoDB
• Redis
• Cloudinary account
• MeiliSearch (optional)

Installation

1. Clone the repository

   git clone https://github.com/akashkhedar/Echo-Backend.git
   cd Echo-Backend

2. Install dependencies

   npm install

3. Environment Variables Create a .env file with the following variables:

   PORT=5000
   NODE_ENV=development
   
   # Database
   MONGODB_URI=mongodb://localhost:27017/echo
   
   # Redis
   REDIS_URL=redis://localhost:6379
   
   # JWT Secrets
   JWT_ACCESS_SECRET=your_access_secret
   JWT_REFRESH_SECRET=your_refresh_secret
   
   # Cloudinary
   CLOUDINARY_CLOUD_NAME=your_cloud_name
   CLOUDINARY_API_KEY=your_api_key
   CLOUDINARY_API_SECRET=your_api_secret
   
   # Email Service
   EMAIL_HOST=smtp.gmail.com
   EMAIL_PORT=587
   EMAIL_USER=[email protected]
   EMAIL_PASS=your_app_password
   
   # MeiliSearch
   MEILISEARCH_HOST=http://localhost:7700
   MEILISEARCH_API_KEY=your_meilisearch_key

4. Start the server

   npm start

Development

# Start with nodemon for development
npx nodemon index.js

🔧 Configuration

CORS Settings

const allowedOrigins = [
  "http://localhost:3000", // Development frontend
  "https://app.echo.linkpc.net", // Production frontend
];

Cookie Configuration

• Access Token: 1 hour expiry, HTTP-only
• Refresh Token: 7 days expiry, HTTP-only
• Secure: True in production
• SameSite: "None" in production, "Lax" in development

Rate Limiting

• Auth Routes: Limited to prevent brute force attacks
• General API: Standard rate limiting applied

🛡️ Security Features

Authentication Security

• Password Hashing: BCrypt with salt rounds
• JWT Tokens: Separate access and refresh tokens
• Token Rotation: Automatic token refresh
• Session Management: Redis-based session storage

Data Protection

• Message Encryption: End-to-end message encryption
• Input Validation: Express-validator for all inputs
• SQL Injection: MongoDB's natural protection
• XSS Protection: Helmet security headers

API Security

• Rate Limiting: Prevents API abuse
• CORS: Controlled cross-origin access
• Cookie Security: HTTP-only, secure cookies
• Environment Variables: Sensitive data protection

📊 Performance Optimizations

Caching Strategy

• Node-Cache: In-memory caching for frequently accessed data
• Redis: Session storage and distributed caching
• MongoDB Indexing: Optimized database queries

File Management

• Cloudinary: Optimized media storage and delivery
• Multer: Efficient file upload handling
• Temporary Storage: Automatic cleanup of temp files

Database Optimization

• Connection Pooling: MongoDB connection management
• Index Strategy: Optimized queries with proper indexing
• Population: Efficient data fetching with Mongoose

🧪 Testing

API Testing

• Use Postman collection for comprehensive API testing
• Authentication flow testing
• Socket.io event testing
• File upload testing

Load Testing

• WebRTC signaling performance
• Concurrent user handling
• Database query optimization

📦 Deployment

Production Setup

1. Environment Configuration

   NODE_ENV=production

2. Database Setup

   • MongoDB Atlas or self-hosted MongoDB
   • Redis Cloud or self-hosted Redis

3. Media Storage

   • Cloudinary for image/video storage
   • CDN configuration for optimal delivery

4. SSL Certificate

   • HTTPS required for WebRTC
   • Secure cookie configuration

Docker Deployment

FROM node:16-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
EXPOSE 5000
CMD ["npm", "start"]

🔍 Monitoring & Logging

Application Monitoring

• Error logging and tracking
• Performance metrics
• Socket connection monitoring
• Database query performance

Health Checks

• Database connectivity
• Redis connection status
• External service availability

🤝 Contributing

1. Fork the repository
2. Create a feature branch (git checkout -b feature/AmazingFeature)
3. Commit your changes (git commit -m 'Add some AmazingFeature')
4. Push to the branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

Development Guidelines

• Follow REST API conventions
• Implement proper error handling
• Add input validation for all endpoints
• Write comprehensive tests
• Document new features

📄 License

This project is licensed under the MIT License. See the LICENSE file for details.

🔗 Related Projects

• Echo Frontend - React.js web application
• Echo Mobile - React Native mobile app

📞 Support

For support, email [email protected] or create an issue on GitHub.

🙏 Acknowledgments

• Express.js - Fast, unopinionated web framework
• Socket.io - Real-time communication
• MongoDB - Flexible NoSQL database
• Cloudinary - Media management platform
• Redis - In-memory data structure store

---

Built with ❤️ by Akash Khedar

Echo Backend - Powering real-time social connections