zanewalker/EmployeeManagementSystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
00f9ed128ba7b40d323d89e24c83dc2354fae2ab
EmployeeManagementSystem/backend-deno/README.md
bereck-work 00f9ed128b (Feat): Initial Commit
2025-11-27 22:50:08 +00:00

5.8 KiB
Raw Blame History

Work Allocation Backend - Deno TypeScript

A secure, type-safe backend for the Work Allocation System built with Deno and TypeScript.

Features

Security Improvements

  • Strong Password Hashing: bcrypt with configurable rounds (default: 12)
  • JWT Authentication: Secure token-based authentication with HMAC-SHA256
  • Rate Limiting: Configurable request rate limiting to prevent abuse
  • CORS Protection: Configurable cross-origin resource sharing
  • Security Headers: X-Frame-Options, X-Content-Type-Options, XSS protection
  • Input Sanitization: Protection against XSS and injection attacks
  • Strict TypeScript: Full type safety with strict compiler options

Technical Stack

  • Runtime: Deno 2.x
  • Framework: Oak (Deno's Express-like framework)
  • Database: MySQL 8.0 with mysql2 driver
  • Authentication: JWT with djwt library
  • Password Hashing: bcrypt

Prerequisites

  • Deno 2.0 or higher
  • MySQL 8.0 (via Docker or local installation)

Installation

  1. Install Deno (if not already installed):

    curl -fsSL https://deno.land/install.sh | sh

  2. Configure environment:

    cp .env.example .env
# Edit .env with your database credentials

  3. Start the database (if using Docker):

    cd .. && docker-compose up -d

Running the Server

Development Mode (with auto-reload)

deno task dev

Production Mode

deno task start

Seed the Database

deno task seed

API Endpoints

Authentication

  • POST /api/auth/login - User login
  • GET /api/auth/me - Get current user
  • POST /api/auth/change-password - Change password

Users

  • GET /api/users - List users (filtered by role)
  • GET /api/users/:id - Get user by ID
  • POST /api/users - Create user (Admin/Supervisor)
  • PUT /api/users/:id - Update user (Admin/Supervisor)
  • DELETE /api/users/:id - Delete user (Admin/Supervisor)

Departments

  • GET /api/departments - List departments
  • GET /api/departments/:id - Get department
  • GET /api/departments/:id/sub-departments - Get sub-departments
  • POST /api/departments - Create department (SuperAdmin)
  • POST /api/departments/:id/sub-departments - Create sub-department (SuperAdmin)

Work Allocations

  • GET /api/work-allocations - List allocations (role-filtered)
  • GET /api/work-allocations/:id - Get allocation
  • POST /api/work-allocations - Create allocation (Supervisor/Admin)
  • PUT /api/work-allocations/:id/status - Update status (Supervisor/Admin)
  • DELETE /api/work-allocations/:id - Delete allocation (Supervisor/Admin)

Attendance

  • GET /api/attendance - List attendance records
  • GET /api/attendance/:id - Get attendance record
  • POST /api/attendance/check-in - Check in employee (Supervisor/Admin)
  • POST /api/attendance/check-out - Check out employee (Supervisor/Admin)
  • GET /api/attendance/summary/stats - Get attendance summary

Contractor Rates

  • GET /api/contractor-rates - List rates
  • GET /api/contractor-rates/contractor/:id/current - Get current rate
  • POST /api/contractor-rates - Set rate (Supervisor/Admin)
  • PUT /api/contractor-rates/:id - Update rate (Supervisor/Admin)
  • DELETE /api/contractor-rates/:id - Delete rate (Supervisor/Admin)

Health Check

  • GET /health - Server health status

Environment Variables

Variable Description Default
PORT Server port 3000
DB_HOST Database host localhost
DB_USER Database user root
DB_PASSWORD Database password admin123
DB_NAME Database name work_allocation
DB_PORT Database port 3306
JWT_SECRET JWT signing secret (change in production!)
JWT_EXPIRES_IN Token expiration 7d
BCRYPT_ROUNDS Password hash rounds 12
RATE_LIMIT_WINDOW_MS Rate limit window 900000 (15 min)
RATE_LIMIT_MAX_REQUESTS Max requests per window 100
CORS_ORIGIN Allowed CORS origins http://localhost:5173
NODE_ENV Environment development

Security Best Practices

For Production

  1. Change JWT Secret: Use a strong, random secret

    JWT_SECRET=$(openssl rand -base64 64)

  2. Enable HTTPS: Use a reverse proxy (nginx) with SSL

  3. Set Production Environment:

    NODE_ENV=production

  4. Increase bcrypt rounds (if performance allows):

    BCRYPT_ROUNDS=14

  5. Configure CORS for your domain:

    CORS_ORIGIN=https://yourdomain.com

Project Structure

backend-deno/
├── config/
│   ├── database.ts    # Database connection pool
│   └── env.ts         # Environment configuration
├── middleware/
│   ├── auth.ts        # JWT authentication & authorization
│   └── security.ts    # Security middleware (CORS, rate limit, etc.)
├── routes/
│   ├── auth.ts        # Authentication routes
│   ├── users.ts       # User management routes
│   ├── departments.ts # Department routes
│   ├── work-allocations.ts
│   ├── attendance.ts
│   └── contractor-rates.ts
├── scripts/
│   └── seed.ts        # Database seeding script
├── types/
│   └── index.ts       # TypeScript type definitions
├── main.ts            # Application entry point
├── deno.json          # Deno configuration
└── .env               # Environment variables

Differences from Node.js Backend

Feature Node.js Deno
Runtime Node.js Deno
Package Manager npm Built-in (JSR/npm)
TypeScript Requires compilation Native support
Security Manual setup Secure by default
Permissions Full access Explicit permissions
Framework Express Oak

License

MIT

Reference in New Issue View Git Blame Copy Permalink