Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/desarrolladorandres2026-gif/Native-tailwind/llms.txt

Use this file to discover all available pages before exploring further.

The Debuta backend is an Express.js HTTP server with Socket.io mounted on the same Node.js http.Server instance. It connects to MongoDB Atlas via Mongoose, offloads all photo storage to Cloudinary, and sends transactional emails (password resets) through Nodemailer over Gmail SMTP. A static admin panel is also served directly from the same process at the /admin path.

Prerequisites

Before running the server, make sure the following are in place:

Node.js 18+

The server targets the Node.js 18 LTS runtime or newer. Check your version with node -v.

MongoDB Atlas (or local)

You need a MongoDB connection string. MongoDB Atlas free tier works fine for local development.

Cloudinary Account

A free Cloudinary account provides the CLOUDINARY_CLOUD_NAME, CLOUDINARY_API_KEY, and CLOUDINARY_API_SECRET values.

Gmail App Password

A Gmail address with a 16-character app password (not your regular Gmail password) is required for Nodemailer to send emails.

Installation

1

Navigate to the backend directory

cd backend
2

Install dependencies

npm install
This installs all production and development dependencies declared in package.json, including Express, Socket.io, Mongoose, Cloudinary, Multer, Nodemailer, bcryptjs, jsonwebtoken, google-auth-library, and nodemon.
3

Create your environment file

Copy the provided example and fill in your own values:
cp .env.example .env
See the Configuration page for a full description of every variable.
4

Start the server

Use the development script to start with automatic restarts:
npm run dev
Or start in production mode:
npm start

npm Scripts

ScriptCommandDescription
npm run devnodemon server.jsStarts the server with nodemon for automatic restarts on file changes. Runs auto-whitelist.js first via the predev hook.
npm startnode server.jsProduction start. Runs auto-whitelist.js first via the prestart hook before launching the server.
npm run whitelistnode scripts/auto-whitelist.jsAdds the machine’s current public IP to the MongoDB Atlas IP access list. Useful when your IP changes.
Both npm run dev and npm start automatically run scripts/auto-whitelist.js before the server starts via npm’s predev and prestart lifecycle hooks. If the Atlas Admin API keys (ATLAS_PUBLIC_KEY, ATLAS_PRIVATE_KEY, ATLAS_PROJECT_ID) are not set in .env, the whitelist script exits silently without error so the server still starts.

How the Server Starts

server.js is the entry point. It loads the environment with dotenv, creates a Node.js http.Server from the Express app, initialises Socket.io on that server, then connects to MongoDB with a linear-backoff retry loop (up to 5 attempts: 3 s, 6 s, 9 s, 12 s, 15 s). The HTTP server begins listening only after the MongoDB connection is established. 
const http = require('http');
const app = require('./src/app');
const { initSocket } = require('./src/socket');

const PORT = process.env.PORT || 3000;
const server = http.createServer(app);
initSocket(server); // Socket.io shares the same HTTP server

// connectWithRetry implements a linear backoff: 3 s, 6 s, 9 s, 12 s, 15 s
await connectWithRetry(); // connects to MongoDB, then calls server.listen()

Directory Structure

backend/
├── server.js                  # Entry point — HTTP server, MongoDB connection
├── scripts/
│   └── auto-whitelist.js      # Adds current IP to MongoDB Atlas whitelist
└── src/
    ├── app.js                 # Express app — CORS, routes, static admin panel
    ├── socket.js              # Socket.io initialisation and event handlers
    ├── controllers/           # Route handler logic (auth, users, matches, …)
    ├── routes/                # Express Router definitions
    ├── models/                # Mongoose schema/model definitions
    ├── middlewares/           # Auth guards and other middleware
    └── helpers/               # Cloudinary, Nodemailer, serialiser utilities

API Routes

app.js mounts the following route groups under /api:
PrefixModulePurpose
/apiauth.routesLogin, registration, GET /api/me
/api/usersuser.routesProfile reads and updates
/api/matchesmatch.routesSwipe decisions and match retrieval
/api/chatchat.routesChat history
/api/settingssettings.routesDiscovery filter preferences
/api/likeslikes.routesWho liked me
/api/reportreport.routesReport a user
/api/facialfacial.routesFacial recognition
/api/postspost.routesUser wall posts
/api/adminadmin.routesAdmin-only management endpoints
/api/asociadoasociado.routesRestaurant partner endpoints
/api/authsocial.routesGoogle and Facebook OAuth
/api/passwordpassword.routesPassword reset flow
/api/soportesoporte.routesSupport tickets

Admin Panel

The static admin panel (a separate frontend build) is served from the admin/ directory at the root of the repository. Express maps it to the /admin path: 
GET /admin        → admin/index.html
GET /admin/*      → admin/index.html  (client-side routing fallback)

Health Check

A lightweight health check endpoint is available without authentication: 
GET /health
Response: 
{
  "status": "ok",
  "timestamp": "2024-11-15T14:32:00.000Z"
}
Use this endpoint to verify the server is running in CI pipelines, load balancers, or uptime monitors.

CORS Behaviour

CORS handling differs by environment:
  • development — all origins are allowed (cors() with no restrictions).
  • production — only origins listed in ALLOWED_ORIGINS (comma-separated) are permitted. Requests from unlisted origins receive a CORS error. Socket.io applies the same policy.
// app.js — production CORS guard
const allowedOrigins = process.env.ALLOWED_ORIGINS
  ? process.env.ALLOWED_ORIGINS.split(',').map(o => o.trim())
  : [];

app.use(cors({
  origin: (origin, cb) => {
    if (!origin || allowedOrigins.includes(origin)) return cb(null, true);
    cb(new Error(`CORS bloqueado: ${origin}`));
  },
  credentials: true,
}));

Build docs developers (and LLMs) love

Get started for freeTalk to us