VideoHub’s backend is a standard Node.js application — no special toolchain required. By the end of this guide you will have the API running locally, a user account registered, and a valid JWT access token ready to use against any protected endpoint.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/barcode8/VideoHub/llms.txt
Use this file to discover all available pages before exploring further.
Prerequisites
Before you begin, make sure you have:- Node.js 18 or higher — the backend uses ES Modules (
"type": "module") and modern async patterns - MongoDB — a MongoDB Atlas free-tier cluster or a local
mongodinstance on port 27017 - Cloudinary account — a free account at cloudinary.com to obtain your cloud name, API key, and API secret
Setup Steps
Install dependencies
Install all production and development dependencies with npm:This installs Express 5, Mongoose, Cloudinary SDK, Multer, bcrypt, jsonwebtoken, cookie-parser, and the rest of the packages listed in
package.json.Configure your environment
Copy the sample environment file and fill in your credentials:Open
.env and set every variable:Generate strong secrets with
openssl rand -hex 64. Never reuse the same value for ACCESS_TOKEN_SECRET and REFRESH_TOKEN_SECRET.Start the development server
Launch the server with nodemon so it restarts automatically on file changes:You should see output similar to:The server binds to the
PORT defined in your .env file (default 5000) and connects to MongoDB before accepting traffic. If the database connection fails, the process exits with a non-zero code.Register Your First User
The registration endpoint acceptsmultipart/form-data (the route uses Multer middleware), but avatar and cover-image file uploads are not currently processed server-side. Only the text fields are required: username, email, and password. fullName is optional — the server falls back to the username value if it is omitted.
Log In and Receive Tokens
accessToken and refreshToken in two places simultaneously:
- HTTP-only cookies (
accessTokenandrefreshToken) — set withhttpOnly: true, secure: false, sameSite: "Lax"and consumed automatically by browsers - JSON body — available for non-browser clients (mobile apps, CLI tools)
ACCESS_TOKEN_EXPIRY (default 1d). Use the refresh token against /api/v1/users/refresh-token to obtain a new access token without requiring the user to log in again.
Make an Authenticated Request
Pass the access token in theAuthorization header as a Bearer token. The example below fetches the current user’s channel profile:
Almost every endpoint beyond
/healthcheck and /users/login//users/register requires a valid JWT access token. Send it either as the Authorization: Bearer <token> header or let the browser send the accessToken cookie automatically. Missing or expired tokens return a 401 Unauthorized response.