Application Name: SocialSphere
Purpose: A public, scalable social content platform where users can register, create posts, like/comment, follow other users, and consume a personalized feed. The system is designed with scalability, performance, and security in mind so it can support real-world public traffic.
Target Users:
- General public
- Content creators
- Students & developers (as a portfolio-grade project)
Client (React.js)
↓ HTTP / HTTPS
API Gateway / Load Balancer
↓
Backend Services (Node.js + Express)
↓
Database (MongoDB)
↓
Cache & Rate Limit Store (Redis) //not in use now but use in future
- Client–Server Architecture
- RESTful APIs
- Horizontally scalable backend
- React.js (Next)
- Tailwind CSS
- Framer Motion // use no motion because of performance issue's
- Node.js
- Express.js
- JWT Authentication
- Resend (For Email verification)
- Bcrypt (password hashing)
- MongoDB (primary data store)
- Redis (caching + rate limiting)//not in use
- Cloudinary (in use) / AWS S3 (image storage)
- Vercel (frontend)
- Render / Fly.io (backend)
- MongoDB Atlas
- Redis Cloud
- Nginx (reverse proxy) //work on it
- User registration
- Login with JWT
- verify useing resend
- Refresh tokens
- Protected routes
- Profile creation
- Public profile pages
- Create, edit, delete posts
- Like & (comment added soon ) on posts
- Infinite scrolling feed
- Rate limiting (Redis-based)
- Input validation
- Caching for feeds
- API pagination
- id
- username (unique)
- email (unique)
- passwordHash
- bio
- createdAt
- id
- authorId
- content
- images[]
- likes[]
- createdAt
- id
- postId
- authorId
- text
- createdAt
- POST /api/auth/register
- POST /api/auth/login
- POST /api/auth/verify-code
- GET /api/auth/forget
- GET /api/auth/google-login
- GET /api/users/:id
- GET /api/user
- POST /api/user/update
- POST /api/users/follow //(under development)
- POST /api/posts //(under development)
- GET /api/posts/feed //(under development)
- POST /api/posts/:id/like //(under development)
- POST /api/posts/:id/comment //(under development)
- Prevent abuse & DDoS
- Protect login endpoints
- Maintain server stability
- Redis-based global counters
- Shared across all backend instances
// change the req limit and time limit soon
| Route | Limit |
|---|---|
| Login | 15 req/min |
| Register | 15 req/min |
| Posts Feed | 15 req/min |
- Cache public feeds
- Cache user profiles
- Reduce database load
- On new post creation
- On follow/unfollow actions
- Password hashing with bcrypt
- JWT-based auth
- Rate limiting
- CORS protection
- Input sanitization
- Multiple backend instances
- Stateless APIs
- Indexed queries
- Read replicas
- Sharding (future)
- Static assets served via CDN
- Frontend deployed on Vercel
- Backend deployed on Render/Fly.io
- MongoDB Atlas connected
- Redis Cloud enabled
- Environment variables configured
- Request logs
- Error tracking
- Redis & DB metrics
- Real-time chat (WebSockets)
- Notifications service
- AI-based recommendations
- Mobile app (React Native)
This application demonstrates a production-ready, scalable full-stack system suitable for public usage. It showcases real-world backend architecture, frontend integration, performance optimization, and security best practices.
📌 This document can be used as:
- Project documentation
- Portfolio explanation
- College submission
- Interview discussion material