A real-time social networking REST API built with NestJS, TypeORM, PostgreSQL, and Socket.IO, featuring Google OAuth, real-time messaging, and WebRTC-ready video calling infrastructure.
graph TB
subgraph Client["Client Layer"]
WEB["Web Client (Vue.js)"]
SWAGGER["Swagger UI β /api"]
end
subgraph API["API Layer β NestJS"]
GW["WebSocket Gateway (Socket.IO)"]
AUTH["Auth Module"]
USR["User Module"]
POST["Post Module"]
CMT["Comment Module"]
FAV["Favorites Module"]
FRIENDS["Friends Module"]
CHAT["Chat Module"]
MSG["Messages Module"]
NOTIF["Notification Module"]
MEDIA["Media Module"]
CLOUD["Cloudinary Module"]
end
subgraph Data["Data Layer"]
PG["PostgreSQL"]
CDN["Cloudinary CDN"]
end
WEB -->|REST API / WebSocket| API
SWAGGER -->|OpenAPI 3.0| API
AUTH --> PG
USR --> PG
POST --> PG
CMT --> PG
FAV --> PG
FRIENDS --> PG
CHAT --> PG
MSG --> PG
NOTIF --> PG
MEDIA --> CDN
MEDIA --> PG
GW -->|Real-time Events| WEB
| Feature | Details |
|---|---|
| Google OAuth 2.0 | Full flow with google-auth-library β authorization URL generation, token exchange, ID token verification, and automatic user provisioning |
| Email/Password Auth | Registration with bcrypt password hashing (salt rounds) and login with credential verification |
| JWT Tokens | Stateless authentication via Passport.js JWT strategy with configurable expiration |
| Role-Based Access Control | Custom @Role() decorator + RoleGuard supporting Admin/User roles |
| Global Auth Guards | JWT guard applied at controller level, with Swagger Bearer Auth integration |
| Feature | Details |
|---|---|
| Posts | Full CRUD with media attachments (image/video via Cloudinary), language tagging, and pagination |
| Love/Like System | Toggle-based love reactions with optimistic totalLoves counter on posts |
| Comments | Threaded comments on posts with media attachment support and user attribution |
| Favorites | Bookmark/favorite posts for later retrieval |
| Friend System | Send/accept/reject/cancel friend requests with PENDING β ACCEPT/CANCEL state machine |
| Feature | Details |
|---|---|
| WebSocket Gateway | Socket.IO-based gateway with JWT authentication at the adapter level |
| Real-Time Messaging | Direct messaging between users with online presence tracking (onlineUsers map) |
| Typing Indicators | START_TYPING / STOP_TYPING events for real-time feedback |
| Video Calling | WebRTC signaling infrastructure β CALL_OFFER and CALL_ACCEPT events with peer ID exchange |
| Chat Rooms | Dynamic room creation, joining, and leaving for group communication |
| Chat Management | 1-on-1 chat creation with duplicate prevention, paginated chat list with user info |
| Feature | Details |
|---|---|
| Cloudinary Integration | Upload files with auto resource type detection, quality optimization (80%), and organized folder structure |
| Media Entity | Tracks cloudId, format, url, width, height for every uploaded file |
| Profile Pictures | Dedicated profile picture update endpoint with old media cleanup |
| Layer | Technology |
|---|---|
| Runtime | Node.js + TypeScript |
| Framework | NestJS 10 |
| ORM | TypeORM 0.3 with PostgreSQL driver (pg) |
| Auth | Passport.js + JWT (@nestjs/jwt, passport-jwt) + Google OAuth (google-auth-library) |
| Real-Time | Socket.IO via @nestjs/websockets + @nestjs/platform-socket.io |
| Validation | class-validator + class-transformer with global ValidationPipe |
| File Upload | Multer (@nestjs/platform-express) β Cloudinary |
| API Docs | Swagger / OpenAPI 3.0 (@nestjs/swagger) |
| Security | bcrypt password hashing, CORS, request logging (Morgan) |
| Database | PostgreSQL with TypeORM migrations support |
erDiagram
USERS {
int id PK
string name
string email
string password
string picture
string bio
int mediaId FK
enum role
enum provider
string providerId
datetime createdAt
datetime updatedAt
}
POSTS {
int id PK
string content
int mediaId FK
int userId FK
string lang
int totalLoves
datetime createdAt
datetime updatedAt
}
POST_LOVES {
int id PK
int postId FK
int userId FK
}
COMMENTS {
int id PK
string content
int postId FK
int userId FK
int mediaId FK
datetime createdAt
datetime updatedAt
}
FRIEND_SHIP {
int id PK
int senderId FK
int recevierId FK
enum status
datetime createdAt
}
CHATS {
int id PK
int senderId FK
int recevierId FK
datetime createdAt
}
MESSAGES {
int id PK
int senderId FK
int chatId FK
string content
int mediaId FK
datetime sentAt
}
NOTIFICATIONS {
int id PK
string content
int toId FK
datetime createdAt
}
MEDIA {
int id PK
string cloudId
string format
string url
int width
int height
}
USERS ||--o{ POSTS : "creates"
USERS ||--o{ POST_LOVES : "loves"
USERS ||--o{ COMMENTS : "writes"
USERS ||--o| MEDIA : "profile picture"
POSTS ||--o{ POST_LOVES : "has"
POSTS ||--o{ COMMENTS : "has"
POSTS ||--o| MEDIA : "attachment"
COMMENTS ||--o| MEDIA : "attachment"
USERS ||--o{ FRIEND_SHIP : "sends"
USERS ||--o{ FRIEND_SHIP : "receives"
USERS ||--o{ CHATS : "initiates"
CHATS ||--o{ MESSAGES : "contains"
USERS ||--o{ NOTIFICATIONS : "receives"
MESSAGES ||--o| MEDIA : "attachment"
| Method | Endpoint | Description |
|---|---|---|
GET |
/google |
Get Google OAuth authorization URL |
GET |
/google/callback |
Google OAuth callback β exchanges code for JWT |
POST |
/register |
Register with email & password |
POST |
/login |
Login with email & password β returns JWT |
| Method | Endpoint | Description |
|---|---|---|
GET |
/me |
Get authenticated user profile |
PATCH |
/me/pic |
Update profile picture (multipart) |
GET |
/:userId |
Get user by ID |
DELETE |
/ |
Delete own account |
| Method | Endpoint | Description |
|---|---|---|
POST |
/ |
Create post with optional media |
GET |
/ |
Get all posts (paginated) |
GET |
/:id |
Get single post |
POST |
/love |
Toggle love on a post |
PATCH |
/:id |
Update post |
DELETE |
/:id |
Delete post |
| Method | Endpoint | Description |
|---|---|---|
POST |
/ |
Create comment with optional media |
GET |
/ |
Get comments for a post (paginated) |
PATCH |
/:id |
Update comment |
DELETE |
/:id |
Delete comment |
| Method | Endpoint | Description |
|---|---|---|
POST |
/ |
Send friend request |
GET |
/ |
Get friend list |
GET |
/requests |
Get pending friend requests |
POST |
/accept-or-cancel/:id |
Accept or reject a friend request |
DELETE |
/:id |
Remove friend |
| Method | Endpoint | Description |
|---|---|---|
POST |
/ |
Create new chat |
GET |
/ |
Get all chats (paginated) |
GET |
/:id |
Get chat by ID |
| Method | Endpoint | Description |
|---|---|---|
POST |
/ |
Send message with optional media |
GET |
/:chatId |
Get messages in a chat (paginated) |
PATCH |
/:id |
Update message |
DELETE |
/:id |
Delete message |
| Method | Endpoint | Description |
|---|---|---|
GET |
/ |
Get all notifications (paginated) |
DELETE |
/:id |
Delete notification |
| Event | Direction | Description |
|---|---|---|
send-msg |
Client β Server β Client | Direct message between users |
start-typing |
Client β Server β Client | Typing indicator start |
stop-typing |
Client β Server β Client | Typing indicator stop |
call-offer |
Client β Server β Client | Initiate WebRTC call |
call-accept |
Client β Server β Client | Accept incoming call |
create-room |
Client β Server | Create chat room |
join-room |
Client β Server | Join existing room |
left-room |
Client β Server | Leave room |
social-app/
βββ src/
β βββ main.ts # Bootstrap β Swagger, CORS, WebSocket adapter, global pipes
β βββ app.module.ts # Root module β imports all feature modules
β βββ decorators/ # Custom decorators (@Role) and enums
β βββ middlewares/ # Morgan HTTP request logging
β βββ utils/ # Pagination helper, auth types (AuthRequest, AuthSocket)
β βββ socket/
β β βββ events.gateway.ts # WebSocket gateway β messaging, typing, calls, rooms
β β βββ socket.adapter.ts # Custom WS adapter with JWT authentication
β β βββ dtos/ # Socket event validation DTOs
β β βββ enums/ # Event name enums (ChatEvents, CallEvents, RoomEvents)
β β βββ filters/ # WS exception & validation filters
β β βββ interfaces/ # OnlineUser interface
β βββ modules/
β βββ DB/ # TypeORM DataSource config + migrations
β βββ auth/ # JWT + Google OAuth strategies, guards, login/register
β βββ user/ # User CRUD, profile picture management
β βββ post/ # Posts with media, love/like system
β βββ comment/ # Comments on posts with media
β βββ favorites/ # Post bookmarking
β βββ friends/ # Friend request lifecycle
β βββ chat/ # 1-on-1 chat management
β βββ msgs/ # Messages within chats
β βββ notification/ # In-app notifications
β βββ media/ # Media entity management
β βββ cloudinary/ # Cloudinary upload/delete service
βββ .env.dev # Environment configuration
βββ nest-cli.json # NestJS CLI config
βββ tsconfig.json # TypeScript configuration
βββ package.json # Dependencies & scripts
- Modular Architecture β 12 decoupled feature modules following NestJS best practices (single responsibility, dependency injection)
- Custom WebSocket Adapter β JWT-authenticated Socket.IO connections with user context injection at the adapter level
- Reusable Pagination β Generic
pagination()utility working with TypeORMQueryBuilderinstances, returning{ data, total, page, limit } - Media Pipeline β Unified file upload flow:
Multer β Cloudinary (CDN) β Media entity (DB), reused across posts, comments, messages, and profile pictures - Class Serialization β
ClassSerializerInterceptor+@Exclude()decorator to strip sensitive fields (passwords) from API responses - Online Presence β In-memory
Maptracking connected users for real-time direct messaging and call routing - OpenAPI Documentation β Auto-generated Swagger docs with Bearer Auth scheme at
/api