Production-grade backend for AidLink - a blockchain-powered humanitarian aid platform built on Soroban/Stellar.
- Runtime: Node.js 18+
- Language: TypeScript
- Framework: Express.js
- Database: PostgreSQL with Prisma ORM
- Cache/Queue: Redis with BullMQ
- Real-time: WebSockets (Socket.io)
- Blockchain: Soroban/Stellar
- Containerization: Docker & Docker Compose
- JWT-based authentication
- Wallet-based authentication (Stellar/Soroban)
- Role-based access control (RBAC)
- Session management with Redis
- Campaign creation and management
- Real-time fund tracking
- Beneficiary assignment
- Distribution tracking and verification
- KYC workflow integration
- Fraud detection algorithms
- Verification queue with BullMQ
- Document verification
- Risk score calculation
- Soroban event listeners
- Transaction indexing
- Contract synchronization
- Real-time blockchain monitoring
- Email notifications (Nodemailer)
- Real-time alerts (WebSockets)
- Push notification support
- Notification preferences
- Campaign analytics and performance metrics
- Donor analytics and donation trends
- Organization analytics
- Platform-wide statistics
- Custom report generation
- Global search across all entities
- Campaign search with filtering
- Donation search with filtering
- Beneficiary search with filtering
- Date range and amount range filters
- Sorting and pagination
- Platform statistics overview
- User management
- Audit log viewing
- System health monitoring
- Real-time activity tracking
aidlink-backend/
├── src/
│ ├── config/ # Configuration files
│ ├── controllers/ # Route controllers
│ ├── services/ # Business logic
│ ├── middleware/ # Express middleware
│ ├── models/ # Data models
│ ├── routes/ # API routes
│ ├── utils/ # Utility functions
│ ├── types/ # TypeScript types
│ ├── workers/ # Background job workers
│ ├── websocket/ # WebSocket handlers
│ ├── blockchain/ # Blockchain integration
│ └── index.ts # Application entry point
├── prisma/
│ ├── schema.prisma # Database schema
│ └── seed.ts # Database seeder
├── tests/
│ ├── unit/ # Unit tests
│ ├── integration/ # Integration tests
│ └── load/ # Load tests
├── docker/
│ └── Dockerfile
├── docs/ # Documentation
└── .env.example # Environment variables template
- Node.js 18+
- PostgreSQL 14+
- Redis 7+
- Docker & Docker Compose (optional)
# Install dependencies
npm install
# Copy environment variables
cp .env.example .env
# Generate Prisma client
npm run prisma:generate
# Run database migrations
npm run prisma:migrate
# Seed database (optional)
npm run prisma:seed# Start development server
npm run dev
# Start with Docker
npm run docker:up# Build the project
npm run build
# Start production server
npm startInteractive Swagger UI is served at /api-docs when the server is running.
The raw OpenAPI 3.x spec is available at /openapi.yaml.
| Section | Coverage |
|---|---|
| REST endpoints | 99 routes across 11 route groups |
| Request/response schemas | Full JSON schemas with examples |
| Error responses | Consistent error envelope on every endpoint |
| Authentication | Bearer JWT — all secured endpoints annotated |
| Rate limits | Documented per-endpoint in descriptions |
| Webhooks | 6 events with HMAC verification example |
| WebSocket events | 8 server-push events with payload examples |
| Blockchain formats | Stellar payment tx, Soroban contract call formats |
# Start server (spec served at /openapi.yaml, UI at /api-docs)
npm run dev# Lint openapi.yaml with Spectral (must pass before merging)
npm run docs:validate
# Build openapi.json from openapi.yaml (for tooling that requires JSON)
npm run docs:buildnpm test -- --testPathPattern=tests/docs.spec.tsThe canonical spec lives in openapi.yaml at the repo root. Do not edit
/api/docs swagger JSDoc comments for new endpoints — use openapi.yaml directly.
- Add the path + HTTP method under
paths:inopenapi.yaml. - Set a unique
operationId(camelCase, verb + noun, e.g.createCampaign). - Assign at least one
tagsentry. - Document
security: [{bearerAuth: []}]if the route callsauthenticate. - Add
requestBodywith a concreteexample. - Document all success responses and common errors (401, 403, 404, 422, 429).
- If the endpoint emits a WebSocket event or webhook, add/update the
x-websocket-eventsorx-webhookssection. - Run
npm run docs:validateand fix any Spectral errors before opening a PR.
- Keep descriptions concise — one sentence of purpose, one of auth, one of rate limit.
- Use
$ref: '#/components/schemas/ErrorResponse'for all error responses. - Amounts are
type: string(decimal string) to preserve precision. - Dates are
type: string, format: date-time(ISO 8601).
POST /register- Register a new userPOST /login- User loginPOST /wallet-auth- Wallet-based authenticationPOST /refresh- Refresh access tokenPOST /logout- User logoutGET /profile- Get user profile
POST /- Create a new campaignGET /- Get all campaignsGET /:id- Get campaign by IDPUT /:id- Update campaignDELETE /:id- Delete campaignPATCH /:id/status- Update campaign statusPOST /:id/milestones- Add milestone to campaign
POST /- Create a beneficiary profileGET /- Get all beneficiariesGET /my-profile- Get current user's beneficiary profileGET /:id- Get beneficiary by IDPUT /:id- Update beneficiary profilePATCH /:id/status- Update beneficiary statusPOST /:id/risk-score- Calculate risk scorePOST /:id/kyc- Submit KYC documentsPATCH /kyc/:submissionId/review- Review KYC submission
POST /- Create a new donationGET /- Get all donationsGET /my-donations- Get current user's donationsGET /campaign/:campaignId- Get donations for a campaignGET /:id- Get donation by IDPOST /:id/confirm- Confirm donation with blockchainPOST /:id/refund- Refund a donation
POST /- Create a new distributionGET /- Get all distributionsGET /campaign/:campaignId- Get distributions for a campaignGET /beneficiary/:beneficiaryId- Get distributions for a beneficiaryPOST /:id/confirm- Confirm distribution with blockchainPATCH /:id/status- Update distribution statusPOST /:id/proof- Add proof document
POST /- Create a notificationGET /- Get user notificationsGET /unread-count- Get unread notification countPATCH /:id/read- Mark notification as readPATCH /read-all- Mark all notifications as readDELETE /:id- Delete notificationPOST /donation- Send donation notificationPOST /campaign-update- Send campaign update notificationPOST /distribution- Send distribution notification
GET /dashboard- Get dashboard statisticsGET /activity- Get recent activityGET /users- Get all usersPATCH /users/:id/status- Update user statusPATCH /users/:id/role- Update user roleGET /audit-logs- Get audit logsGET /health- Get system health
GET /campaign/:campaignId- Get campaign analyticsGET /donor- Get donor analyticsGET /organization/:organizationId- Get organization analyticsGET /platform- Get platform analyticsPOST /report/:reportType- Generate a report
GET /campaigns- Search campaignsGET /donations- Search donationsGET /beneficiaries- Search beneficiariesGET /global- Global searchGET /advanced- Advanced search with filters
# Run all tests
npm test
# Run unit tests
npm run test:unit
# Run integration tests
npm run test:integration
# Run load tests
npm run test:load# Build Docker images
npm run docker:build
# Start all services
npm run docker:up
# View logs
npm run docker:logs
# Stop services
npm run docker:downSee .env.example for all required environment variables.
- Helmet.js for security headers
- CORS configuration
- Global rate limiting
- Per-endpoint rate limiting (donations, campaigns, search, analytics, distributions, notifications)
- Request validation with Zod
- JWT authentication
- Audit logging
- Request logging middleware
- Secure environment management
- WebSocket authentication
- Health check endpoint at
/health - Structured logging with Winston
- Performance metrics
- Error tracking
MIT