Sunanda M.

PagePal-Postgres

Timeframe

Github

Code

Objective

A Node.js book review & recommendation API with advanced Prisma ORM and PostgreSQL integration.

Technologies

Node.jsTypeScriptExpressPrisma ORMPostgreSQLJWT

Features

Secure JWT-based authentication with refresh token rotation

Multi-tier Role-Based Access Control (USER, AUTHOR, ADMIN)

Book CRUD with metadata (genre, ISBN, published year)

Ratings and detailed review system (1-5 stars)

User collections and sharing interactions

Cursor-based pagination for efficient result sets

Server-side rate limiting and input validation

Audit logging capturing model operation history

Personalized recommendation engine based on ratings and genre preferences

Architecture Database schema includes many-to-many and one-to-many relations, enum fields for RBAC, soft delete fields, and strategic indexing for query performance.

Backend

The backend API uses Express.js to define RESTful endpoints. Prisma ORM manages all database interactions with PostgreSQL using a type-safe client. Auth middleware handles JWT access and refresh token flows. Audit logging and RBAC enforcement are implemented as Prisma middleware layers.

Database

PostgreSQL (Relational DBMS with JSON support)

Insights

Securely managing user permissions and access across multiple roles

Implemented RBAC using Prisma enums and middleware to check authorization rules on protected routes and actions, preventing unauthorized reads or updates.

Maintaining data integrity while supporting advanced query patterns

Used Prisma transactions and strategic indexing to ensure referential consistency and high performance across filter, sort, and pagination operations.

Capturing audit trails for all user and review activity

Built Prisma middleware that logs before and after states of model changes, creating a detailed audit log without polluting business logic code.

Learnings

Mastering Prisma ORM for type-safe, performant database access

Designing relational database schemas with enums, soft deletes and JSON fields

Implementing robust RBAC and JWT auth in backend APIs

Using middleware patterns for cross-cutting concerns like audit logging and rate limiting

Mistakes

Initial schema design required revisions to support efficient pagination and indexing.

Some middleware logic had to be refactored for better separation of concerns.

Why PagePal-Postgres?

The project was created to demonstrate how a backend API can leverage modern database and ORM features to handle complex relationships, permission systems, and optimized query performance, all within a scalable TypeScript + Express ecosystem.

Future Improvements

Add full-text search (e.g., PostgreSQL `tsvector`) for books and reviews

Integrate AI-based recommendation models

Expose GraphQL API alongside REST endpoints

Add test coverage with automated CI pipelines

Next Project

Advanced Express CRUD