A complete, serverless blogging platform built with Next.js 16, PostgreSQL, and JWT authentication. Features SEO optimization, role-based access control, comments, and a full admin dashboard.
- Authentication: JWT-based with secure refresh tokens
- Serverless Backend: All API routes run on edge/serverless
- Database: PostgreSQL with Neon serverless
- Role-Based Access: Admin, Editor, Author, Reader roles
- Blog Features: Posts, comments, likes, categories, tags
- SEO Optimized: Meta tags, OpenGraph, sitemaps, canonical URLs
- Admin Dashboard: User management, post approval, category management
- Responsive Design: Mobile-first design with Tailwind CSS
- Node.js 18+
- PostgreSQL database (Neon recommended)
- Vercel account (optional, for deployment)
- Clone the repository
- Install dependencies:
npm install- Set up environment variables:
cp .env.example .env.local-
Update
.env.localwith your database URL and JWT secrets -
Run the database migration:
# Create tables in your PostgreSQL database using scripts/01-schema.sql- Start development server:
npm run devVisit http://localhost:3000 to see the blog.
vercel- Build:
npm run build - Start:
npm start
POST /api/auth/register- User registrationPOST /api/auth/login- User loginPOST /api/auth/logout- User logoutPOST /api/auth/refresh- Refresh access token
GET /api/posts- Get all published posts (paginated)GET /api/posts/:slug- Get single postPOST /api/posts/create- Create new post (authenticated)PUT /api/posts/:id/update- Update post (authenticated)DELETE /api/posts/:id- Delete post (authenticated)
GET /api/categories- Get all categoriesGET /api/categories/:slug/posts- Get posts by category
GET /api/comments?postId=:postId- Get post commentsPOST /api/comments- Create comment (authenticated)DELETE /api/comments/:id- Delete comment (authenticated)
GET /api/admin/users- Get all usersPUT /api/admin/users/:id/role- Update user roleGET /api/admin/posts- Get all postsPUT /api/admin/posts/:id/publish- Publish post
See scripts/01-schema.sql for the complete schema including:
- Users with roles
- Posts with SEO metadata
- Categories and Tags
- Comments system
- Post likes
- Optimized indexes for performance
- Passwords hashed with bcrypt
- JWT tokens with short expiration (15 min access, 7 day refresh)
- HttpOnly cookies for token storage
- CORS configured for security
- Role-based access control on all protected routes
- Input validation with Zod schemas
- ISR (Incremental Static Regeneration) for blog pages
- Database connection pooling via Neon
- Optimized SQL queries with indexes
- Image optimization with Next.js Image component
- Minified CSS/JS with Tailwind v4 and esbuild
MIT