The backend API for the Typelets Application - a secure, encrypted notes management system built with TypeScript, Hono, and PostgreSQL. Features end-to-end encryption support, file attachments, and folder organization.
- 🔐 Secure Authentication via Clerk
- 📝 Encrypted Notes with client-side encryption support
- 📁 Folder Organization with nested folder support
- 📎 File Attachments with encrypted storage
- 🏷️ Tags & Search for easy note discovery
- 🗑️ Trash & Archive functionality
- ⚡ Fast & Type-Safe with TypeScript and Hono
- 🐘 PostgreSQL with Drizzle ORM
- Runtime: Node.js 20+ (LTS recommended)
- Framework: Hono - Fast, lightweight web framework
- Database: PostgreSQL with Drizzle ORM
- Authentication: Clerk
- Validation: Zod
- TypeScript: Strict mode enabled for type safety
- Node.js 20+ (LTS recommended)
- pnpm 9.15.0+
- PostgreSQL database (local installation or Docker)
- Clerk account for authentication (sign up here)
Recommended approach for development: PostgreSQL in Docker + API with npm for hot reload and easy debugging
- Clone and install dependencies:
git clone https://github.com/typelets/typelets-api.git
cd typelets-api
pnpm install- Start PostgreSQL with Docker:
# Start PostgreSQL database for local development
docker run --name typelets-postgres \
-e POSTGRES_PASSWORD=devpassword \
-e POSTGRES_DB=typelets_local \
-p 5432:5432 -d postgres:15- Set up environment variables:
cp .env.example .env-
Configure environment variables:
- Create a free account at Clerk Dashboard
- Create a new application
- Update
.envwith your settings:
CLERK_SECRET_KEY=sk_test_your_actual_clerk_secret_key_from_dashboard CORS_ORIGINS=http://localhost:5173,http://localhost:3000
-
Set up database schema:
pnpm run db:push- Start development server:
pnpm run dev🎉 Your API is now running at http://localhost:3000
The development server will automatically restart when you make changes to any TypeScript files.
✅ PostgreSQL in Docker: Easy to start/stop, no local PostgreSQL installation needed
✅ API with pnpm: Hot reload, easy debugging, faster development cycle
✅ Clean separation: Matches production architecture (API + external database)
# Start/stop database
docker start typelets-postgres # Start existing container
docker stop typelets-postgres # Stop when done
# API development
pnpm run dev # Auto-restart development server
pnpm run build # Test production build
pnpm run lint # Check code qualityDevelopment Features:
- ⚡ Auto-restart: Server automatically restarts when you save TypeScript files
- 📝 Terminal history preserved: See all your logs and errors
- 🚀 Fast compilation: Uses tsx with esbuild for quick rebuilds
# 1. Start PostgreSQL
docker run --name typelets-postgres -e POSTGRES_PASSWORD=devpassword -e POSTGRES_DB=typelets_local -p 5432:5432 -d postgres:15
# 2. Build and run API in Docker
docker build -t typelets-api .
docker run -p 3000:3000 --env-file .env typelets-apiIf you prefer to install PostgreSQL locally instead of Docker:
- Install PostgreSQL on your machine
- Create database:
createdb typelets_local - Update
.env:DATABASE_URL=postgresql://postgres:your_password@localhost:5432/typelets_local
pnpm run dev- Start development server with auto-restartpnpm run build- Build for productionpnpm start- Start production serverpnpm run lint- Run ESLintpnpm run format- Format code with Prettierpnpm run db:generate- Generate database migrationspnpm run db:push- Apply database schema changespnpm run db:studio- Open Drizzle Studio for database management
GET /- API information and health statusGET /health- Health check endpoint
All /api/* endpoints require authentication via Bearer token in the Authorization header.
GET /api/users/me- Get current user profileDELETE /api/users/me- Delete user account
GET /api/folders- List all foldersPOST /api/folders- Create new folderGET /api/folders/:id- Get folder detailsPUT /api/folders/:id- Update folderDELETE /api/folders/:id- Delete folderPOST /api/folders/:id/reorder- Reorder folder position
GET /api/notes- List notes (with pagination and filtering)POST /api/notes- Create new noteGET /api/notes/:id- Get note detailsPUT /api/notes/:id- Update noteDELETE /api/notes/:id- Delete note (move to trash)DELETE /api/notes/empty-trash- Permanently delete trashed notesPOST /api/notes/:id/star- Star/unstar a notePOST /api/notes/:id/restore- Restore note from trashPOST /api/notes/:id/hide- Hide a notePOST /api/notes/:id/unhide- Unhide a note
POST /api/notes/:noteId/files- Upload file attachmentGET /api/notes/:noteId/files- List note attachmentsGET /api/files/:id- Get file detailsDELETE /api/files/:id- Delete file attachment
The application uses the following main tables:
users- User profiles synced from Clerkfolders- Hierarchical folder organizationnotes- Encrypted notes with metadatafile_attachments- Encrypted file attachments
- Authentication: All endpoints protected with Clerk JWT verification
- Encryption Ready: Schema supports client-side encryption for notes and files
- Input Validation: Comprehensive Zod schemas for all inputs
- SQL Injection Protection: Parameterized queries via Drizzle ORM
- CORS Configuration: Configurable allowed origins
- Rate Limiting: Configurable file size limits (default: 50MB per file, 1GB total per note)
| Variable | Description | Required | Default |
|---|---|---|---|
DATABASE_URL |
PostgreSQL connection string | Yes | - |
CLERK_SECRET_KEY |
Clerk secret key for JWT verification | Yes | - |
CORS_ORIGINS |
Comma-separated list of allowed CORS origins | Yes | - |
PORT |
Server port | No | 3000 |
NODE_ENV |
Environment (development/production) | No | development |
MAX_FILE_SIZE_MB |
Maximum size per file in MB | No | 50 |
MAX_NOTE_SIZE_MB |
Maximum total attachments per note in MB | No | 1024 (1GB) |
FREE_TIER_STORAGE_GB |
Free tier storage limit in GB | No | 1 |
FREE_TIER_NOTE_LIMIT |
Free tier note count limit | No | 100 |
DEBUG |
Enable debug logging in production | No | false |
src/
├── db/
│ ├── index.ts # Database connection
│ └── schema.ts # Database schema definitions
├── lib/
│ └── validation.ts # Zod validation schemas
├── middleware/
│ └── auth.ts # Authentication middleware
├── routes/
│ ├── files.ts # File attachment routes
│ ├── folders.ts # Folder management routes
│ ├── notes.ts # Note management routes
│ └── users.ts # User profile routes
├── types/
│ └── index.ts # TypeScript type definitions
└── server.ts # Application entry point
This project uses TypeScript in strict mode with comprehensive type definitions. All database operations, API inputs, and responses are fully typed.
The API can be run in Docker containers for local testing. The architecture separates the API from the database:
# 1. Start PostgreSQL container for local testing
docker run --name typelets-postgres -e POSTGRES_PASSWORD=devpassword -e POSTGRES_DB=typelets_local -p 5432:5432 -d postgres:15
# 2. Build your API container
docker build -t typelets-api .
# 3. Run API container for local testing
docker run -p 3000:3000 --env-file .env typelets-apiThis Docker setup is for local development and testing only.
| Environment | API | Database | Configuration |
|---|---|---|---|
| Local Testing | Docker container OR npm dev | Docker PostgreSQL container | .env file |
| Production | ECS container | AWS RDS PostgreSQL | ECS task definition |
This application is designed for production deployment using AWS ECS (Elastic Container Service):
- API: ECS containers running in AWS
- Database: AWS RDS PostgreSQL (not Docker containers)
- Environment Variables: ECS task definitions (not
.envfiles) - Secrets: AWS Parameter Store or Secrets Manager
- Container Registry: Amazon ECR
- Local: Uses
.envfiles and Docker containers for testing - Production: Uses ECS task definitions and AWS RDS for real deployment
- Never use: Local testing setup in production
For production deployment, configure the same environment variables in your ECS task definition that you use locally in .env.
We welcome contributions from the community!
- Fork the repository on GitHub
- Clone your fork locally:
git clone https://github.com/your-username/typelets-api.git cd typelets-api - Install dependencies:
pnpm install - Set up environment:
cp .env.example .env - Start PostgreSQL:
docker run --name typelets-postgres \ -e POSTGRES_PASSWORD=devpassword \ -e POSTGRES_DB=typelets_local \ -p 5432:5432 -d postgres:15
- Apply database schema:
pnpm run db:push - Start development:
pnpm run dev
We use Conventional Commits for automatic versioning and changelog generation:
feat:New feature (minor version bump)fix:Bug fix (patch version bump)docs:Documentation changesstyle:Code style changes (formatting, etc.)refactor:Code refactoringperf:Performance improvementstest:Adding or updating testschore:Maintenance tasksci:CI/CD changes
Examples:
feat(auth): add refresh token rotation
fix(files): resolve file upload size validation
feat(api)!: change authentication header format- Create a feature branch:
git checkout -b feature/your-feature-name - Make your changes and commit using conventional commits
- Run linting and tests:
pnpm run lint && pnpm run build - Push to your fork and create a Pull Request
- Ensure all CI checks pass
- Wait for review and address any feedback
When reporting bugs, please include:
- Clear description of the issue
- Steps to reproduce
- Expected vs actual behavior
- Environment details (OS, Node version)
- Error messages or logs if applicable
DO NOT report security vulnerabilities through public GitHub issues. Please use GitHub's private vulnerability reporting feature or contact the maintainers directly.
This project is licensed under the MIT License - see the LICENSE file for details.
- Hono for the excellent web framework
- Drizzle ORM for type-safe database operations
- Clerk for authentication services