The MyFlix app is a full-stack application designed to manage and catalog movie data while providing user authentication and data persistence. This case study focuses on the backend architecture that powers the app’s functionality and security.
Challenges Solved by the Backend
Data Persistence: Needed a reliable and scalable way to store movies and user profiles.
User Authentication: Required a secure login system without relying on traditional session storage.
RESTful API: Needed a structured, scalable API to support frontend operations and external integrations.
Backend Architecture
Node.js & Express: REST API built with Express for handling routes, middleware, and controllers.
MongoDB & Mongoose: Flexible NoSQL database schema for storing user and movie data with Mongoose ODM.
JWT (JSON Web Tokens): Stateless, secure authentication for login and protected routes.
CORS: Configured for secure cross-origin API access.
Data Validation: Input validation using `express-validator` to prevent malformed requests.
REST API Endpoints
The backend exposes a variety of endpoints to perform CRUD operations:
POST /users – Register new user
POST /login – Authenticate user and return JWT
GET /movies – Return full list of movies
GET /movies/:title – Return data about a specific movie
POST /users/:username/movies/:movieId – Add a movie to a user’s favorites
DELETE /users/:username/movies/:movieId – Remove movie from favorites
PUT /users/:username – Update user info
DELETE /users/:username – Deregister user
Security Considerations
Password Hashing: Uses bcrypt to hash passwords before storing in MongoDB.
Token Expiry: JWT tokens have an expiration to prevent abuse.
Input Validation: Prevents SQL injection or malformed request bodies.
Authorization: Middleware ensures users can only access or modify their own data.
Technologies Used
Node.js – JavaScript runtime for scalable server-side applications
Express – Lightweight web framework for routing and middleware
MongoDB + Mongoose – NoSQL database with schema-based modeling
JWT – Token-based authentication system
Bcrypt – Library for secure password hashing
Postman – Used for testing and documenting API endpoints
Challenges & Solutions
Asynchronous Handling: Used `async/await` and proper error handling to deal with async operations.
Scalability: MongoDB’s flexibility allowed schema expansion without breaking the app.
Authentication Logic: Fine-tuned JWT token issuance and role-based access for future admin features.
Conclusion
The MyFlix backend serves as a robust foundation for a full-stack movie application, offering secure, scalable, and maintainable RESTful APIs. It highlights best practices in authentication, data modeling, and API design using modern JavaScript and Node.js tools.
Future plans include expanding the API to support admin roles, integrate third-party movie APIs (e.g., TMDB), and implement rate limiting for security.