Sandesh Shrestha
April 2025 – Present/Advanced
Live Demo
Codebase is confidential
Codebase is confidentialCase Study: Word Impact Network – Modern LMS Backend
Project at a Glance
- Role: Backend Developer & System Architect
- Stack: Node.js, Express.js, TypeScript, Prisma ORM, PostgreSQL, Redis, Zod, Docker, Swagger, Socket.io, Cloudinary, Winston, Jest
- DevOps: Docker Compose, CI/CD, multi-environment support
- Team: 1 (Full ownership)
- API Endpoints: 88+
My Role & Impact
- Architected and implemented a robust, scalable backend for a full-featured LMS
- Designed a modular, type-safe codebase with Prisma and Zod
- Integrated real-time features (Socket.io), file uploads (Cloudinary), and email (Nodemailer)
- Automated testing, linting, and formatting for code quality
- Led all DevOps, Dockerization, and deployment
Highlights
- Role-based Auth: JWT, refresh tokens, admin/student separation
- Prisma ORM: Type-safe, auto-migrating PostgreSQL schema
- Redis: Caching, session, and rate-limiting
- Zod: End-to-end schema validation
- Swagger: Live API docs
- Real-time: Messaging, notifications, analytics
- Dev Experience: Hot reload, type safety, CI, Prettier, ESLint
Docker & DevOps
- Dockerized Development: The entire backend runs in isolated containers for Node.js, PostgreSQL, Redis, and more, ensuring consistent environments across all machines.
- Docker Compose: Used for orchestrating multi-container setups, including local development and production stacks.
- Multi-Environment Support: Separate Docker Compose files and environment variables for local, staging, and production.
- CI/CD Ready: Docker images are built and deployed automatically as part of the CI/CD pipeline.
- Easy Onboarding: New developers can start the backend with a single
docker-compose upcommand, no manual setup required.
System Architecture
flowchart LR
Client -->|REST/WS| API[Backend API]
API --> DB[(PostgreSQL)]
API --> Redis[(Redis)]
API --> Cloudinary
API --> Email[Email Service]
API --> Vimeo
API -->|WebSocket| Client
Performance & Quality
- Handles 1000+ concurrent users with Redis caching and optimized queries.
- API p99 latency: < 200ms for most endpoints under load.
- Test coverage: >90% with Jest and Supertest.
Security Practices
- JWT authentication with refresh tokens
- Role-based access control for admin/student
- Input validation with Zod and Joi
- Rate limiting and brute-force protection
- HTTPS enforced in production
- Environment variable management for secrets
- Audit logging with Winston
Challenges & Solutions
- Complex Auth: Used middleware and Zod for secure, maintainable role checks
- Data Consistency: Leveraged Prisma transactions and PostgreSQL constraints
- Performance: Redis caching and query optimization
- Scalability: Dockerized, stateless, horizontally scalable
Results
- Production-ready backend powering a modern LMS
- 88+ endpoints for admin, student, and public flows
- Interactive API docs and automated tests
- Ready for thousands of users and real-time workloads
API Reference
See below for a categorized list of all endpoints and their authentication levels.
Authentication Levels
- Public – No authentication required
- Admin – Requires admin authentication (
authenticateAdmin+authorize([UserRole.ADMIN])) - Student – Requires student authentication (
authenticateStudent) - Both – Supports both admin and student authentication (
authenticate)
Admin Routes
POST /api/v1/admin/create-admin– Admin Registration (Public)POST /api/v1/admin/login-admin– Admin Login (Public)POST /api/v1/admin/logout– Admin Logout (Admin)POST /api/v1/admin/refresh-token– Refresh Admin Token (Public)GET /api/v1/admin/profile– Get Admin Profile (Admin)POST /api/v1/admin/request-password-reset– Request Password Reset (Admin)POST /api/v1/admin/verify-password-reset– Verify Password Reset (Admin)POST /api/v1/admin/broadcast– Send Broadcast Message (Admin)GET /api/v1/admin/students– Get All Students (Admin)GET /api/v1/admin/dashboard– Get Dashboard Stats (Admin)
Student Routes
POST /api/v1/student/register– Student Registration (Public)POST /api/v1/student/login– Student Login (Public)POST /api/v1/student/refresh-token– Refresh Student Token (Public)POST /api/v1/student/logout– Student Logout (Public)GET /api/v1/student/profile– Get Student Profile (Student)PUT /api/v1/student/profile– Update Student Profile (Student)GET /api/v1/student/courses– Get Available Courses (Student)POST /api/v1/student/courses/:courseId/enroll– Enroll in Course (Student)GET /api/v1/student/progress– Get Student Progress (Student)GET /api/v1/student/chapters/:chapterId/progress– Get Chapter Progress (Student)POST /api/v1/student/videos/:videoId/progress– Update Video Progress (Student)GET /api/v1/student/exams/:examId– Get Exam Details (Student)POST /api/v1/student/exams/:examId/attempt– Start Exam Attempt (Student)POST /api/v1/student/exam-attempts/:attemptId/submit– Submit Exam Attempt (Student)GET /api/v1/student/exam-attempts/:attemptId/result– Get Exam Result (Student)GET /api/v1/student/courses/:courseId/preview– Preview Course (Public)GET /api/v1/student/courses/:courseId/content– Get Full Course Content (Student)GET /api/v1/student/videos/:videoId/access-status– Check Video Access (Student)GET /api/v1/student/exams/:examId/access-status– Check Exam Access (Student)GET /api/v1/student/courses/:courseId/unlocked-content– Get Unlocked Content Summary (Student)POST /api/v1/student/request-password-reset– Request Password Reset (Public)POST /api/v1/student/complete-password-reset– Complete Password Reset (Public)
Application Routes
GET /api/v1/applications– Get All Applications (Admin)GET /api/v1/applications/:id– Get Application by ID (Admin)PATCH /api/v1/applications/update-status/:id– Update Application Status (Admin)DELETE /api/v1/applications/:id– Delete Application (Admin)
Course Routes
POST /api/v1/courses– Create Course (Admin)GET /api/v1/courses– Get All Courses (Public)GET /api/v1/courses/:id– Get Course by ID (Admin)PUT /api/v1/courses/:id– Update Course (Admin)DELETE /api/v1/courses/:id– Delete Course (Admin)POST /api/v1/courses/:courseId/chapters– Create Chapter (Admin)GET /api/v1/courses/:courseId/chapters– Get Chapters by Course (Public)
Chapter Routes
GET /api/v1/chapters/:id– Get Chapter by ID (Public)PUT /api/v1/chapters/:id– Update Chapter (Admin)DELETE /api/v1/chapters/:id– Delete Chapter (Admin)POST /api/v1/chapters/:chapterId/videos– Add Video to Chapter (Admin)POST /api/v1/chapters/:chapterId/videos/vimeo– Add Video with Vimeo ID (Admin)POST /api/v1/chapters/:chapterId/video– Add Video (Singular) (Admin)GET /api/v1/chapters/:chapterId/videos– Get Videos by Chapter (Public)GET /api/v1/chapters/:chapterId/video– Get Videos (Singular) (Public)PATCH /api/v1/chapters/:id/reorder– Reorder Chapter (Admin)
Video Routes
GET /api/v1/videos/:id– Get Video by ID (Public)PUT /api/v1/videos/:id– Update Video (Admin)DELETE /api/v1/videos/:id– Delete Video (Admin)
Exam Routes
POST /api/v1/exams/chapters/:chapterId– Create Exam (Admin)GET /api/v1/exams/:id– Get Exam by ID (Admin)PUT /api/v1/exams/:id– Update Exam (Admin)DELETE /api/v1/exams/:id– Delete Exam (Admin)POST /api/v1/exams/:examId/questions– Add Question (Admin)PUT /api/v1/exams/:examId/questions/:id– Update Question (Admin)DELETE /api/v1/exams/:examId/questions/:id– Delete Question (Admin)
Message Routes
POST /api/v1/messages– Send Message (Student)POST /api/v1/messages/admin– Send Admin Message (Admin)GET /api/v1/messages/unread-count– Get Unread Count (Both)GET /api/v1/messages/conversations– Get Conversations (Admin)GET /api/v1/messages/conversations/:partnerId– Get Conversation Messages (Admin)PUT /api/v1/messages/conversations/:partnerId/read– Mark as Read (Admin)GET /api/v1/messages/admin-conversation– Get Student-Admin Conversation (Student)
Notification Routes
GET /api/v1/notifications– Get All Notifications (Both)PUT /api/v1/notifications/:id/read– Mark Notification as Read (Both)PUT /api/v1/notifications/read-all– Mark All as Read (Both)
Analytics Routes
GET /api/v1/analytics/dashboard– Get Analytics Dashboard (Admin)GET /api/v1/analytics/enrollment-trends– Get Enrollment Trends (Admin)GET /api/v1/analytics/course-completion– Get Course Completion Rates (Admin)GET /api/v1/analytics/video-engagement– Get Video Engagement (Admin)GET /api/v1/analytics/exam-performance– Get Exam Performance (Admin)GET /api/v1/analytics/student-progress– Get Student Progress (Admin)GET /api/v1/analytics/geographic-distribution– Get Geographic Distribution (Admin)GET /api/v1/analytics/referral-stats– Get Referral Stats (Admin)
My Learning Routes
GET /api/v1/mylearning/courses– Get My Learning Courses (Student)GET /api/v1/mylearning/courses/:courseId– Get My Course Detail (Student)GET /api/v1/mylearning/courses/:courseId/chapters/:chapterId– Get My Chapter Detail (Student)POST /api/v1/mylearning/courses/:courseId/chapters/:chapterId/videos/:videoId/heartbeat– Update Video Heartbeat (Student)GET /api/v1/mylearning/courses/:courseId/chapters/:chapterId/exams/:examId– Get My Exam Detail (Student)POST /api/v1/mylearning/courses/:courseId/chapters/:chapterId/exams/:examId/start– Start Exam Attempt (Student)POST /api/v1/mylearning/courses/:courseId/chapters/:chapterId/exams/:examId/attempts/:attemptId/submit– Submit Exam Attempt (Student)
Announcement Routes
GET /api/v1/announcements/active– Get Active Announcements (Public)GET /api/v1/announcements/:id– Get Announcement by ID (Public)GET /api/v1/announcements– Get All Announcements (Admin)POST /api/v1/announcements– Create Announcement (Admin)PUT /api/v1/announcements/:id– Update Announcement (Admin)DELETE /api/v1/announcements/:id– Delete Announcement (Admin)PATCH /api/v1/announcements/:id/toggle-status– Toggle Announcement Status (Admin)
Vimeo Routes
GET /api/v1/vimeo/auth– Get Vimeo Auth URL (Admin)GET /api/v1/vimeo/callback– Handle Vimeo OAuth Callback (Public)POST /api/v1/vimeo/create-upload– Create Upload Session (Admin)
Summary by Authentication Level
- Public Routes: 15
- Admin Only Routes: 45
- Student Only Routes: 25
- Both Admin & Student Routes: 3
- Total Routes: 88
Entity Relationship Diagram
Links
- Live Demo: wordimpactnetwork.org
Note: The codebase for this project is confidential and not publicly available.
Docker & Local Development
- Local Development:
- Install dependencies:
pnpm install - Create a
.envfile based on the example file - Start all services:
pnpm docker:dev - Stop and remove containers:
pnpm docker:dev:down
- Install dependencies:
- Production/Pod Deployment:
- Install dependencies:
pnpm install - Create a
.envfile based on the example file - Start all services:
pnpm docker:prod - Stop and remove containers:
pnpm docker:prod:down
- Install dependencies:
- Database Migrations:
- Run migrations locally:
pnpm db:migrate:devornpx prisma migrate dev - Run migrations in production:
pnpm db:migrate:prodornpx prisma migrate deploy
- Run migrations locally:
Example .env File
# Server Configuration
NODE_ENV=production
PORT=8080
API_PREFIX=/api/v1
# Database Configuration
DB_HOST=your_db_host
DB_PORT=5432
DB_NAME=your_db_name
DB_USER=your_db_user
DB_PASSWORD=your_db_password
# JWT Configuration
JWT_SECRET=your_jwt_secret
JWT_EXPIRES_IN=7d
SMTP_SERVER=smtp.yourprovider.com
SMTP_PORT=465
SMTP_USERNAME=your@email.com
SMTP_PASSWORD=your_email_password
EMAIL_FROM=your@email.com
# CORS
CORS_ORIGINS=https://yourdomain.com,https://admin.yourdomain.com,http://localhost:3000,http://localhost:4000
FRONTEND_URL=https://yourdomain.com
# Redis Configuration
REDIS_HOST=your_redis_host
REDIS_PORT=6379
REDIS_PASSWORD=your_redis_password
# Prisma Database URL
DATABASE_URL="postgresql://your_db_user:your_db_password@your_db_host:5432/your_db_name?schema=public"
# Admin Creation Secret
ADMIN_CREATION_SECRET=your_admin_creation_secret
# CLOUDINARY Configuration
CLOUDINARY_CLOUD_NAME=your_cloudinary_cloud_name
CLOUDINARY_API_KEY=your_cloudinary_api_key
CLOUDINARY_API_SECRET=your_cloudinary_api_secret
CLOUDINARY_URL=cloudinary://your_cloudinary_api_key:your_cloudinary_api_secret@your_cloudinary_cloud_name
# VIMEO Configuration
VIMEO_CLIENT_ID=yourvimeoclientid
VIMEO_CLIENT_SECRET=yourvimeoclientsecret
VIMEO_ACCESS_TOKEN=yourvimeoaccesstoken
VIMEO_REDIRECT_URI=https://admin.yourdomain.com/api/v1/vimeo/callback