Fullstack Production Starter Kit

A production-minded, contributor-friendly monorepo starter for Express (Node.js) + React (Vite) with Postgres (Prisma) and a secure default auth setup (JWT access + rotating refresh tokens).

Features

• Monorepo layout: apps/ + packages/ + infra/ + docs/
• Backend (Express, ES Modules):
  • Clean layering: routes → controllers → services → models
  • JWT auth: register/login/refresh/logout
  • Refresh token rotation (stored hashed in DB, delivered via httpOnly cookie)
  • Role-based access control middleware (admin example endpoint)
  • Zod request validation + global error handler
• Frontend (React + Vite):
  • Login/Register/Dashboard pages
  • Axios API client with refresh-on-401 retry
  • Minimal, clean UI (easy to replace with any design system)
• Shared package: common types + small shared schemas
• Infra: Docker compose for Postgres + dev containers

Tech stack

• Backend: Node.js, Express, Prisma, Zod, JWT
• Frontend: React, Vite, React Router, Axios
• DB: Postgres
• Monorepo: pnpm workspaces

Quick start (local, <5 minutes)

1) Prerequisites

• Node.js 20+
• pnpm (corepack enable)
• Docker Desktop (recommended for Postgres)

2) Create your env file

Copy the example:

• cp .env.example .env (or create .env manually on Windows)

3) Start Postgres + apps (Docker)

From repo root:

docker compose -f infra/docker/docker-compose.yml --env-file .env up --build

Then open:

• Frontend: http://localhost:5173
• Backend: http://localhost:4000

4) Initialize the database (first run)

In another terminal (repo root):

pnpm -C apps/backend prisma:generate
pnpm -C apps/backend prisma:migrate:dev --name init

Local dev (without Docker)

If you want to run apps locally and only run Postgres via Docker:

docker compose -f infra/docker/docker-compose.yml --env-file .env up postgres -d
pnpm install
pnpm dev

Folder structure

apps/
  backend/     # Express API (ESM): routes → controllers → services → models
  frontend/    # React + Vite app
packages/
  shared/      # Shared types and utilities
infra/
  docker/      # docker-compose + Dockerfiles
  aws/         # optional deployment scaffolding
docs/
  architecture.md
  good-first-issues.md
.github/
  ISSUE_TEMPLATE/
  pull_request_template.md

API overview

• GET /health
• POST /auth/register
• POST /auth/login
• POST /auth/refresh (uses httpOnly cookie)
• POST /auth/logout
• GET /users/me (requires access token)
• GET /users/admin (requires admin role)

Contributing

See CONTRIBUTING.md. Good beginner tasks are listed in docs/good-first-issues.md.

Roadmap

• Add JWT refresh token replay detection improvements (token family)
• Add rate limiting + request logging (pino)
• Add testing: unit + integration (supertest) + frontend component tests
• Add OpenAPI docs + API client generation
• Add CI: lint/typecheck/test, Docker build