A modern news website built with Next.js frontend and Node.js TypeScript backend, utilizing GraphQL for efficient data fetching and MongoDB for data storage. The project implements a full-featured news management system with user authentication, role-based access control, and content management capabilities.
- Next.js 14
- TypeScript
- Apollo Client for GraphQL
- Tailwind CSS
- Modern UI/UX design
- Responsive layout
- Node.js
- TypeScript
- GraphQL with Apollo Server
- MongoDB with Mongoose
- Express.js
- JWT Authentication
- BCrypt for password hashing
- Jest for testing
- In-memory MongoDB for testing
├── frontend/ # Next.js frontend
│ ├── src/
│ │ ├── app/ # Next.js app directory
│ │ ├── components/ # Reusable UI components
│ │ ├── lib/ # Utility functions and configurations
│ │ └── styles/ # Global styles and Tailwind config
│ └── package.json
│
├── backend/ # Node.js TypeScript backend
│ ├── src/
│ │ ├── models/ # MongoDB Mongoose models
│ │ │ ├── User.ts # User model with authentication
│ │ │ ├── News.ts # News article model
│ │ │ └── Category.ts # Category model
│ │ ├── resolvers/ # GraphQL resolvers
│ │ │ ├── userResolver.ts # User-related operations
│ │ │ ├── newsResolver.ts # News-related operations
│ │ │ └── categoryResolver.ts # Category operations
│ │ ├── schemas/ # GraphQL type definitions
│ │ │ ├── user.graphql
│ │ │ ├── news.graphql
│ │ │ └── category.graphql
│ │ ├── utils/ # Helper functions
│ │ │ ├── db.ts # Database connection
│ │ │ └── seedData.ts # Seed data utilities
│ │ └── scripts/ # Utility scripts
│ │ ├── seed.ts # Database seeding
│ │ └── updatePassword.ts # Password update utility
│ ├── __tests__/ # Test files
│ │ ├── models/ # Model tests
│ │ ├── resolvers/ # Resolver tests
│ │ └── README.md # Test documentation
│ └── package.json
-
User Authentication System
- JWT-based authentication
- Password hashing with BCrypt
- Role-based authorization (ADMIN, EDITOR, JOURNALIST)
- Secure password storage and validation
- Token-based session management
-
News Management
- CRUD operations for news articles
- Category management
- Status tracking (DRAFT, PUBLISHED, ARCHIVED)
- Tags support
- Slug generation for SEO-friendly URLs
- Multiple image support with main image designation
-
User Management
- User registration and login
- Profile management
- Role-based access control
- Email validation
- Password strength requirements
- Profile updates with role protection
-
Category System
- Category CRUD operations
- News article categorization
- Slug generation for categories
- Duplicate category prevention
-
Testing Infrastructure
- Comprehensive test suite
- Model validation tests
- Resolver operation tests
- Authentication tests
- Authorization tests
- In-memory database for testing
- Frontend Implementation
- Comments System
- Search Functionality
- Full-text search across news articles
- Advanced filtering options (by date, category, author)
- Real-time search suggestions
- Search within specific fields (title, content, tags)
- Relevance-based sorting
- Search history tracking
- Popular searches analytics
- Category-specific search
- Multi-language search support
- Fuzzy search for typo tolerance
- Image Upload
- Rich Text Editor
- Analytics Dashboard
- Email Notifications
- Social Media Integration
- Content Moderation System
- API Rate Limiting
- Caching Layer
- Node.js (v18 or higher)
- MongoDB
- npm or yarn
- Git
-
Clone the repository and navigate to the backend directory:
cd news/backend
-
Install dependencies:
npm install
-
Create a
.env
file in the backend directory:PORT=4000 MONGO_USER=your_mongodb_user MONGO_PASS=your_mongodb_password MONGO_DB_NAME=your_database_name JWT_SECRET=your_jwt_secret JWT_EXPIRES_IN=24h
-
Seed the database with initial data:
npm run seed
-
Start the development server:
npm run dev
The GraphQL server will be available at http://localhost:4000/graphql
-
Navigate to the frontend directory:
cd news/frontend
-
Install dependencies:
npm install
-
Create a
.env.local
file:NEXT_PUBLIC_API_URL=http://localhost:4000/graphql
-
Start the development server:
npm run dev
The frontend will be available at http://localhost:3000
mutation {
registerUser(input: {
name: "User Name"
email: "[email protected]"
password: "password"
role: JOURNALIST
registrationSource: PUBLIC_PORTAL
}) {
token
user {
id
name
email
role
registrationSource
}
}
}
mutation {
loginUser(input: {
email: "[email protected]"
password: "your-password"
}) {
token
user {
id
name
email
role
}
}
}
mutation {
updateUser(
id: "user-id"
input: {
name: "Updated Name"
email: "[email protected]"
password: "newPassword"
currentPassword: "oldPassword"
}
) {
id
name
email
role
}
}
mutation {
createNews(input: {
title: "News Title"
content: "News Content"
summary: "Brief summary"
categoryId: "category-id"
tags: ["tag1", "tag2"]
images: [
{
url: "image-url",
isMain: true
}
]
}) {
id
title
content
status
slug
images {
url
isMain
}
}
}
mutation {
updateNews(input: {
id: "news-id"
title: "Updated Title"
content: "Updated Content"
status: PUBLISHED
categoryId: "new-category-id"
tags: ["updated-tag"]
}) {
id
title
status
category {
id
name
}
}
}
query {
searchNews(input: {
query: "search term"
status: PUBLISHED
categoryId: "optional-category-id"
tags: ["optional-tag"]
limit: 10
offset: 0
}) {
news {
id
title
summary
slug
}
total
hasMore
}
}
mutation {
createCategory(input: {
name: "Category Name"
}) {
id
name
slug
}
}
mutation {
updateCategory(
id: "category-id"
input: {
name: "Updated Category Name"
}
) {
id
name
slug
}
}
query {
categories {
id
name
slug
}
}
- Create a new branch for each feature/fix
- Write tests (when implemented)
- Submit pull requests
- Code review
- Merge to main branch
The API implements consistent error handling with specific error codes:
- UNAUTHENTICATED: Authentication issues
- Invalid credentials
- Missing or expired tokens
- Invalid token format
- FORBIDDEN: Authorization issues
- Insufficient permissions
- Role-based access violations
- Resource ownership conflicts
- NOT_FOUND: Resource not found
- Invalid IDs
- Deleted resources
- Non-existent endpoints
- BAD_USER_INPUT: Invalid input data
- Validation failures
- Duplicate entries
- Format violations
- INTERNAL_SERVER_ERROR: Server-side issues
# Run all tests
npm test
# Run specific test suite
npm test -- user.test.ts
# Run tests with coverage
npm test -- --coverage
The project maintains high test coverage across critical components:
- Models: Data validation, relationships, and methods
- Resolvers: GraphQL operations and error handling
- Authentication: User security and token management
- Authorization: Role-based access control
- Error Handling: Proper error responses
Detailed test documentation can be found in backend/src/__tests__/README.md
- Passwords are hashed using BCrypt
- JWT tokens for authentication
- Short expiration times
- Secure token storage
- Token refresh mechanism
- Role-based access control
- Granular permissions
- Resource-level access control
- Input validation and sanitization
- GraphQL input validation
- Data type checking
- XSS prevention
- MongoDB injection prevention
- CORS configuration
- Rate limiting (planned)
- Security headers
- Regular dependency updates
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature
) - Commit your changes (
git commit -m 'Add some amazing feature'
) - Push to the branch (
git push origin feature/amazing-feature
) - Open a Pull Request
This project is licensed under the MIT License.
Project Link: https://github.com/oguzhanural/news