Production-Level Content Management Backend API
Getit is a robust, production-level backend API designed for seamless content and file management. Built with Express.js and MongoDB, it provides a secure and scalable solution for storing text content and managing file uploads with cloud storage integration via Supabase. I developed the complete backend architecture while my teammate Shudhanva crafted the frontend interface. The API features unique key generation, comprehensive input validation, rate limiting, and enterprise-grade security measures.
Developed RESTful endpoints for creating and retrieving text content with automatic unique 6-character alphanumeric ID generation. Implemented comprehensive validation for content names (max 50 chars), descriptions (max 500 chars), and unlimited content storage.
Built a sophisticated file management system supporting up to 10 files per unique key with Supabase cloud storage integration. Features include custom file naming, lobby-based organization, and automatic cleanup for failed uploads. Max file size: 15MB per file.
Implemented multiple security layers including Helmet security headers, CORS configuration, rate limiting (100 requests per 15 minutes), and input validation using express-validator to prevent malicious requests and ensure data integrity.
Developed individual file download endpoints with proper content type headers and metadata retrieval. Files are stored with unique timestamp-based filenames in Supabase while preserving original names and custom labels in MongoDB.
Created a robust unique key generation mechanism producing 6-character alphanumeric identifiers for both content and file uploads, ensuring collision-free access to resources.
Integrated Supabase Storage for reliable cloud-based file hosting with public URL generation. Implemented temporary local storage via multer for upload processing before cloud transfer with automatic cleanup.
Storing files directly on the server would be costly and unsustainable.
Integrated Supabase cloud storage for reliable, scalable file hosting. Implemented a hybrid approach where files are temporarily stored locally for processing, then uploaded to Supabase with automatic cleanup, ensuring efficient resource usage.
Without proper controls, users could overload the system with excessive requests or large files.
Implemented comprehensive rate limiting (100 requests per 15 minutes per IP), file size restrictions (15MB max per file), and lobby limits (10 files max per key). Combined with Helmet security headers and CORS configuration for a robust security layer.
Collision in access keys would be catastrophic for user data privacy.
Developed a collision-resistant 6-character alphanumeric key generation system with database uniqueness validation. The system checks for existing keys and regenerates if necessary, ensuring every content piece and file lobby has a unique identifier.
Handling multiple file uploads while maintaining metadata accuracy and preventing partial uploads.
Architected a transactional approach where all files are validated first, then uploaded together. If any upload fails, the entire operation rolls back with automatic cleanup, ensuring data consistency.
Balancing between allowing flexible file uploads and preventing system abuse.
Implemented a "lobby" system where each unique key can hold up to 10 files. This provides flexibility for users to add files incrementally while preventing resource exhaustion. The system checks available slots before accepting new uploads.
Providing meaningful error messages without exposing system vulnerabilities.
Created a comprehensive error handling system that provides clear, user-friendly messages for validation errors while logging detailed information server-side. Security-sensitive errors return generic messages to prevent information leakage.