A production-grade fullstack boilerplate built with SERN (Sequelize, Express, React, Node.js) following modern backend architecture, security best practices, and scalable design patterns.
This project is structured for real-world applications, focusing on maintainability, security, logging, and extensibility.
- JWT Authentication (stored in HTTP-only cookies)
- Secure login & logout flow
- Role-Based Access Control (RBAC)
- Permission-based authorization middleware
- Protected routes with layered security
-
Strong password validation using RegEx
-
Bcrypt hashing with configurable salt rounds
-
Sequelize hooks:
beforeCreatebeforeUpdatebeforeBulkUpdate
-
Password excluded from responses (
toJSONoverride) -
Secure login flow (no user enumeration leaks)
helmet()for HTTP security headerscompression()for optimized responses- Rate limiting (Login & Signup protection)
- HTTP-only cookies (XSS protection)
- SameSite cookies (CSRF mitigation)
-
Structured JSON logs
-
Log files:
combined.logβ all logserror.logβ only errors
-
Environment-aware logging
-
Console logs (development only)
- Tracks incoming HTTP requests
- Helps debug API usage and performance
- Tracks critical user/system actions
- Useful for debugging + compliance
- MVC + Service + Repository pattern
- Clean separation of concerns
- Middleware-based flow
- Centralized error handling (
ApiError,ApiResponse) - Async error wrapper (
asyncHandler)
- ORM-based modeling
- Validation at model level
- Lifecycle hooks
- Environment-based sync strategies
- Versioned routes:
/api/v1 - Future-ready for backward compatibility
| Method | Endpoint | Description |
|---|---|---|
| GET | / |
Server test route |
| GET | /api/v1/health |
Health check API |
| POST | /api/v1/auth/register |
Register user |
| POST | /api/v1/auth/login |
Login user |
| POST | /api/v1/auth/logout |
Logout user |
| GET | /api/v1/users/profile |
Get user profile |
| GET | /api/v1/users/admin |
Admin-only route |
- Separate
client/folder - Ready for API integration
- Authentication-ready structure
- Scalable component-based architecture
root/
β
βββ client/ # React frontend
β
βββ server/
β βββ src/
β β βββ config/ # Logger, roles, configs
β β βββ constants/ # App constants
β β βββ controllers/ # Route handlers
β β βββ logs/ # Log files (Winston)
β β βββ middlewares/ # Auth, rate limit, error
β β βββ models/ # Sequelize models
β β βββ repositories/ # DB abstraction layer
β β βββ routes/ # API routes (v1)
β β βββ services/ # Business logic
β β βββ utils/ # Helpers (ApiError, etc.)
β β βββ validations/ # Input validation logic
β β βββ app.js # Express app config
β β βββ index.js # Entry point
β β
β βββ .env
β
βββ README.md
git clone https://github.com/Sengrar/sern-fullstack-template.git
cd sern-fullstack-templatecd server
npm installCreate .env:
PORT=5000
NODE_ENV=development
DB_NAME=your_db
DB_USER=root
DB_PASSWORD=your_password
DB_HOST=localhost
JWT_SECRET=your_secret
BCRYPT_ROUNDS=10Run server:
npm run devcd client
npm install
npm run dev- Service Layer Pattern
- Repository Pattern
- Middleware Architecture
- API Versioning Strategy
- Secure Cookie-Based Authentication
- Structured Logging & Monitoring
- Role & Permission-based Access Control
- Clean architecture (scalable & maintainable)
- Strong security practices
- Advanced logging (request + audit + error)
- Versioned API design
- Modular codebase (easy to extend)
- Refresh tokens
- Email verification (OTP)
- Forgot/reset password
- ELK stack integration
- Sentry error tracking
- Redis caching
- Query optimization
- Docker setup
- CI/CD pipelines
- Deployment configs
- Swagger documentation
- Pagination, filtering, sorting
- State management (Redux/Zustand)
- UI library integration
Pull requests are welcome. For major changes, open an issue first.
MIT License
If you like this project, give it a β on GitHub!