Operational

NestJS · Drizzle ORM · PostgreSQL

Backend Service Gateway

A production-ready backend for authentication, media management, user administration, system configuration, and CSRF-protected workflows. This page maps every route exposed by the running service.

CSRF Token Profile Health Routes JSON 
# health check
curl http://localhost:8080/health

# get CSRF token
curl http://localhost:8080/csrf

# protected routes
GET  /users
GET  /auth/me
POST /auth/magic-link/request
7
API modules
39
Route handlers
JWT
Auth mechanism
CSRF
Mutation guard

Route Highlights

Common entry points for quick API checks.

GET /
GET /csrf Issue a CSRF token cookie and response value. Public
POST /auth/login Create an authenticated session with email and password. Credentials
GET /auth/me Read the current authenticated user profile. JWT
POST /media Upload and register media assets via Cloudinary. JWT + CSRF
GET /system/settings/public Read public access model and allowed roles. Public
GET /audit-logs List audit log entries with filtering and pagination. Admin JWT
GET /health Database connectivity and memory health checks. Public

Service Domains

Modules wired into the API surface.

Auth

Magic-link login, Google OAuth, password auth, 2FA (TOTP), session management, and profile routes under /auth.

Users

Admin user CRUD, role management, session revocation, and 2FA reset under /users.

Media

File upload via Cloudinary, listing, update, and delete under /media.

Audit Logs

Admin-only activity history for sensitive account and access events under /audit-logs.

System

Application-level access model and role configuration under /system.

Security

Global CSRF protection, JWT guards, role guards, request throttling, and structured error handling.

API Documentation

Module-level docs under docs/api/.

  • Auth Magic links, Google login, sessions, 2FA, and profile routes.
    docs/api/auth.md
  • Users Admin user directory, CRUD, role updates, and session revocation.
    docs/api/users.md
  • Media Upload, listing, update, and deletion of media assets.
    docs/api/media.md
  • Audit Logs Admin activity history with filtering and pagination.
    docs/api/audit-logs.md
  • System Access model and role configuration endpoints.
    docs/api/system.md
  • Health Database and memory health check endpoint.
    docs/api/health.md
  • CSRF Token issuing and unsafe-method protection.
    docs/api/csrf.md