Overview
This is a Node.js + Express backend for a role-based program management platform. It provides secure REST APIs for user management, programs, and dashboards, with JWT-based authentication and role-based access control. Built with MongoDB and Mongoose for data storage.
- User Authentication
- Login with username & password 3.JWT access tokens and refresh tokens (httpOnly cookies) 4.Logout and token revocation 5.Role-Based Access 6.Admin, Editor, and User roles 7.Restrict API access based on roles 8.Programs Management 9.CRUD operations on programs 10.Programs linked to specific activists
Admin: view all activists and programs Editor: add/edit programs Activist: view assigned programs Secure & Scalable Passwords hashed with bcrypt Environment-based configuration Proper error handling and validation
- POST /auth/login – Login with username & password
- GET /auth/refresh – Get new access token using refresh token
- POST /auth/logout – Logout and clear refresh token
- GET /dashboard/activists – List all activists (Admin)
- GET /dashboard/activist/:id – Get an activist by ID (Admin)
- GET /dashboard/program – Get all programs (Admin)
- POST /dashboard/program – Enter a new program (Editor)
- GET /dashboard/program/:id – Get program by ID (Admin/Editor)
- PUT /dashboard/program/:id – Edit program by ID (Admin/Editor)
- DELETE /dashboard/program/:id – Delete program by ID (Admin/Editor)
Note: All endpoints require authentication via JWT and correct roles.
Clone the repository:
npm install
MONGO_URI=<your-mongodb-uri>\n ACCESS_TOKEN_SECRET=<your-access-token-secret>\n REFRESH_TOKEN_SECRET=<your-refresh-token-secret>
npm start
- Node.js, Express
- MongoDB, Mongoose
- JWT (jsonwebtoken)
- bcrypt (password hashing)
- cookie-parser (refresh token handling)
- dotenv (environment variables)
Frontend apps can consume these APIs by logging in first to get an access token, then sending it in the Authorization header for protected routes. Refresh tokens are stored as httpOnly cookies for secure token renewal.