A fully featured, production-ready Node.js / Express.js boilerplate using TypeScript. Includes multi-session user authentication with JWT, PostgreSQL integration via TypeORM, and full test coverage with Vitest and Supertest.
- β User registration (email, password, username)
- β Login with access & refresh tokens
- β Multiple session support via refresh tokens
- β Logout invalidates the current session
- β JWT authentication with token rotation
- β
Dependency injection with
tsyringe - β Environment-based configuration
- β Swagger API documentation
- β ESLint + Prettier setup
- β Unit & integration tests with Vitest + Supertest
- β Centralized logging with Winston
- Language: TypeScript
- Runtime: Node.js + Express
- Database: PostgreSQL + TypeORM
- Auth: JWT (access & refresh tokens)
- Testing: Vitest, Supertest
- DI: tsyringe
- Docs: Swagger
- Logging: Winston
Click to view the structure
src/
βββ config/
βββ database/
βββ logic/
β βββ model/
β βββ shared/
βββ app.ts
βββ index.ts
test/
βββ integration/
βββ unit/
βββ global-setup.ts
βββ global-teardown.ts
βββ setup-env.ts- Node.js (v18+)
- PostgreSQL
- Docker (optional)
# Clone the repository
git clone https://github.com/YoUnGi102/NodeJS-Express-Template.git
# Install dependencies
npm install
# Copy environment variables
cp .env.example .env
# Create SSL certificate folder
mkdir ssl
# Generate a self-signed certificate (valid for 365 days)
openssl req -x509 -newkey rsa:2048 -nodes -keyout ssl/key.pem -out ssl/cert.pem -days 365 \
-subj "/C=US/ST=Local/L=Localhost/O=Dev/OU=Dev/CN=localhost"
# store the key.pem and cert.pem in ./ssl under project folderUpdate .env with your database credentials and secrets.
| Script | Description |
|---|---|
npm run dev |
Start development server with hot reload via tsx |
npm run start |
Start the production server using compiled JS |
npm run build |
Compile TypeScript using tsup |
npm run ci |
Clean install, format check, lint, and run unit tests |
npm run test |
Run both integration and unit tests |
npm run lint |
Run biome linter on src and test directories |
npm run format |
Format all files with biome formatter |
npm run format:check |
Check formatting without writing changes |
npm run migration:generate |
Generate new TypeORM migration file |
npm run migration:run |
Run pending database migrations |
npm run migration:revert |
Revert the latest migration |
Migrations require a build (
npm run build) to ensuredist/database/data-source.jsexists.
npm run devnpm run build
npm run start- Access Token: Short-lived token for API requests
- Refresh Token: Long-lived token to issue new access tokens
- Multi-Session: Each device/browser maintains its own refresh session
- Logout: Removes the current session record and invalidates the token
Token secrets and expiration settings are configured via environment variables.
The project uses Winston for structured, centralized logging.
- Defined in:
src/logic/shared/utils/logger.ts - Logs info, warnings, errors, and slow requests
- Configurable via:
SLOW_REQUEST_THRESHOLD_MS
import logger from './logic/shared/utils/logger';
logger.info('Server started');
logger.error('Something went wrong');Custom transports, formats, or levels can be configured in logger.ts.
-
Swagger UI available at:
GET /docs
Documentation is auto-generated from request validation schemas using swagger-jsdoc.
.env.example provides a base for all environments:
NODE_ENV=development
PORT=5000
FRONTEND_URL=http://localhost:5173
BASE_URL=http://localhost:5000
JWT_ACCESS_SECRET=...
JWT_REFRESH_SECRET=...
JWT_ACCESS_EXPIRATION=1h
JWT_REFRESH_EXPIRATION=7d
DB_HOST=localhost
DB_USER=postgres
DB_PASS=postgres
DB_NAME=user_register_db
DB_PORT=5432
SLOW_REQUEST_THRESHOLD_MS=1000
HIDE_API_ERRORS=false
HIDE_API_LOGS=falseGenerate secure JWT secrets:
node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"Tests are split into unit and integration categories using Vitest and Supertest.
# Run all tests
npm run testTest utilities include global-setup.ts, global-teardown.ts, and custom test environment setup.
# Run Biome Linter
npm run lint
# Format code with Biome
npm run format- TypeORM β PostgreSQL ORM
- tsyringe β Dependency injection
- Swagger β API docs
- Winston β Logging
- Biome β Code quality
- Tsup β TypeScript build tool
MIT.
- Add rate-limiting & security middleware
- Add role-based access control
- E2E Tests?
Maintained by TomΓ‘Ε‘ GreΕ‘ (@YoUnGi102).