Källkod - BackEndByAlex/Timelock GitHub Wiki
Source Code Documentation for Timelock
Code Standards and Architecture
Microservice architecture with consistent structure:
- All three services (frontend, auth-service, password-service) follow the same structural pattern with separate
controllers/,routes/,services/andconfig/folders - Unified naming convention: camelCase for JavaScript functions, kebab-case for URL endpoints
- Consistent use of ESLint (Airbnb rules) and Prettier for code formatting
Separation of Concerns:
- Frontend handles only presentation and user interaction
- Auth-service is responsible for user authentication, verification codes and feedback
- Password-service handles secure password storage with encryption and history
Code Quality Principles Implemented
Avoiding bad practices:
- No global variables - all configuration is handled via environment variables
- Constants defined in separate config files instead of hard-coding
DRY principle (Don't Repeat Yourself):
- Common JWT handling in
lib/JsonWebToken.js - Reusable email service for all types of mailings
- Centralized error handling via middleware
Security Aspects in Code
Authentication and authorization:
- JWT-based authentication with middleware protection
- CSRF protection in frontend
- Rate limiting for sensitive endpoints
Data management:
- Password encryption with bcrypt
- Encrypted password entries in password-service
- Input data validation on both client and server side
Testability and Maintainability
Test structure:
- Unit tests with Vitest for all services
- Separate test files per functionality
- Mock objects for database and API calls
- Manual tests for view maintenance
Logging and debugging:
- Winston for application logs
- Morgan for HTTP request logging
- Structured error handling with descriptive error messages
Future Maintainability
Scalability:
- Microservice architecture enables independent scaling
- Database abstraction via Mongoose for easy database migration
- Modular frontend structure for easy feature addition