← Back to Portfolio

MERN Thinkboard

Full-stack note-taking app built with MongoDB, Express, React, and Node.js — JWT auth, Redis-backed rate limiting, and cloud deployment.

Full-Stack Secure Production-Ready
Live Demo Watch Demo View Code

Jump to Section

Demo Video Project Overview Technology Stack Key Features Architecture & Security
2K+
Lines of Code
8+
REST Endpoints
JWT
Stateless Auth
Redis
Rate Limiting
Demo Video
Project Overview

A production-ready note-taking application showcasing the full MERN stack with authentication, secure API design, and cloud deployment. Each user's notes are isolated server-side via owner checks on every CRUD operation.

  • Backend: Express REST API, JWT auth, middleware pipeline
  • Database: MongoDB Atlas with Mongoose schema validation
  • Frontend: React 18 with hooks, protected routes, Axios interceptors
  • Security: bcrypt hashing, JWT, Upstash Redis rate limiting
  • Deployment: Render + MongoDB Atlas
Technology Stack

MongoDB

NoSQL document store via Atlas + Mongoose

Express.js

RESTful API framework on Node.js

React 18

Hooks, protected routes, Vite build

JWT + bcrypt

Stateless auth with hashed passwords

Upstash Redis

Cloud Redis for rate limiting

TailwindCSS + DaisyUI

Utility-first responsive styling

Key Features

JWT Authentication

Stateless 7-day tokens with bcrypt-hashed passwords and protected frontend/backend routes.

User Data Isolation

Every CRUD operation verifies ownership before reading or mutating notes.

Rate Limiting

Dual-layer Redis limits — IP-based on auth, user-based on API — to deter brute force and abuse.

Search & Sort

Real-time search by title/content and sort by date or alphabetical order.

RESTful API

Semantic HTTP methods, proper status codes, consistent JSON responses.

Responsive UI

Mobile-first design with TailwindCSS + DaisyUI components.

Architecture & Security
  • MVC structure: Controllers, routes, models, and middleware are cleanly separated
  • Axios interceptors: Inject JWT into request headers automatically
  • Mongoose schemas: Enforce data integrity at the database layer
  • Centralised error handling: Meaningful, user-facing error messages
  • Environment-based config: Secrets and connection strings never committed
  • CORS + input validation: Email/password/username checks on client and server

See It in Action

Try the live demo or browse the source code on GitHub.

Live Demo Watch Demo GitHub Back to Portfolio