BidOS › Projects › E2E Final Verify

E2E Final Verify

Build Failed
#13 Created May 30, 2026
Status History
May 30, 10:35 PM Pending
May 30, 10:35 PM In Progress
Intake Form
budget small
timeline 1 week
description A simple task tracker with Express.js and PostgreSQL. Users create projects, add tasks with due dates, and mark them complete. REST API with JWT auth and role-based permissions.
Technical Specification
Frontend
None (REST API only)
Backend
Express.js REST API (Node.js)
Database
PostgreSQL via Neon (serverless)
Hosting
Render (Node.js free tier)
Summary

A lightweight REST API task tracker built with Express.js and PostgreSQL that allows users to organize work into projects and manage tasks with due dates and completion tracking. The API uses JWT authentication with role-based permissions distinguishing admins (full system access) from members (own-resource access only). Its simplicity and clean separation of concerns make it an ideal foundation for a frontend client or mobile app to be built on top of.

File Structure
server.js Entry point: initializes Express app, middleware, routes, and starts HTTP server
config/db.js PostgreSQL connection pool setup using pg library with Neon connection string
config/env.js Validates and exports environment variables (DATABASE_URL, JWT_SECRET, PORT)
middleware/auth.js JWT verification middleware that attaches decoded user payload to req.user
middleware/roles.js Role-based access control middleware factory: requireRole('admin') etc.
middleware/errorHandler.js Global error handling middleware that formats and returns consistent error responses
routes/auth.js POST /auth/register and POST /auth/login endpoints for user registration and JWT issuance
routes/projects.js CRUD endpoints for projects: GET, POST, PUT, DELETE /projects and /projects/:id
routes/tasks.js CRUD endpoints for tasks nested under projects: /projects/:projectId/tasks and /tasks/:id
routes/users.js Admin-only user management endpoints: list users, update roles, delete users
controllers/authController.js Business logic for register and login: password hashing, JWT signing, user creation
controllers/projectController.js Business logic for project CRUD with ownership checks and member validation
controllers/taskController.js Business logic for task CRUD including due date handling and completion toggling
controllers/userController.js Business logic for admin user management operations
models/userModel.js SQL query functions for users table: findById, findByEmail, create, updateRole, delete
models/projectModel.js SQL query functions for projects table: findAll (by owner), findById, create, update, delete
models/taskModel.js SQL query functions for tasks table: findByProject, findById, create, update, markComplete, delete
db/migrations/001_create_users.sql Creates users table with id, email, password_hash, role, created_at columns
db/migrations/002_create_projects.sql Creates projects table with id, name, description, owner_id (FK), created_at columns
db/migrations/003_create_tasks.sql Creates tasks table with id, project_id (FK), title, description, due_date, completed, created_at columns
db/seed.js Optional seed script to insert a default admin user and sample project/tasks for testing
utils/jwt.js Helper functions for signing and verifying JWTs with configurable expiry
utils/validate.js Input validation helpers using simple checks or a lightweight schema validator
.env.example Template for required environment variables: DATABASE_URL, JWT_SECRET, PORT, NODE_ENV
package.json Project metadata, npm scripts (start, dev, migrate, seed), and dependencies
README.md API documentation with endpoint list, auth flow, setup instructions, and example requests
Features (5)
User Registration & Authentication P1
Users can register with email/password and receive a JWT token for subsequent authenticated requests.
  • POST /auth/register accepts email and password, hashes password with bcrypt (min 10 rounds), stores user with default role 'member'
  • POST /auth/login validates credentials and returns a signed JWT with userId, email, and role in payload
  • JWT tokens expire after 24 hours
  • Duplicate email registration returns 409 Conflict
  • Missing or invalid fields return 400 Bad Request with descriptive message
  • Passwords must be at least 8 characters
Role-Based Access Control P2
Two roles (admin and member) gate access to certain endpoints, with admins having full system access.
  • Users are assigned 'member' role by default on registration
  • Admin role can be assigned only by an existing admin via PUT /users/:id/role
  • Admin users can view, edit, and delete any project or task
  • Member users can only view, edit, and delete their own projects and tasks
  • Requests to admin-only routes by non-admins return 403 Forbidden
  • Unauthenticated requests to protected routes return 401 Unauthorized
Project Management P3
Authenticated users can create and manage projects that serve as containers for tasks.
  • POST /projects creates a new project with name (required) and optional description, owned by the requesting user
  • GET /projects returns all projects owned by the current user (admins see all projects)
  • GET /projects/:id returns a single project if the user is the owner or an admin
  • PUT /projects/:id updates project name or description for owner or admin
  • DELETE /projects/:id deletes the project and all associated tasks (cascade) for owner or admin
  • Project name must be between 1 and 100 characters
Task Management P4
Users can add tasks with due dates to their projects and manage their lifecycle.
  • POST /projects/:projectId/tasks creates a task with title (required), optional description, and optional due_date (ISO 8601 format)
  • GET /projects/:projectId/tasks returns all tasks for a project the user has access to
  • GET /tasks/:id returns a single task if the user owns the parent project or is admin
  • PUT /tasks/:id updates title, description, or due_date
  • DELETE /tasks/:id removes the task
  • PATCH /tasks/:id/complete toggles the completed boolean and records completion timestamp
  • due_date must be a valid future date if provided
  • Tasks are returned sorted by due_date ascending, with null due dates last
Admin User Management P5
Admin users can list all users, update their roles, and remove users from the system.
  • GET /users returns paginated list of all users (admin only), excluding password_hash
  • PUT /users/:id/role updates a user's role to 'admin' or 'member' (admin only)
  • DELETE /users/:id removes a user and all their owned projects and tasks (admin only)
  • An admin cannot demote or delete themselves
  • All user management endpoints return 403 for non-admin callers
Build Log
scoping Starting AI-powered tech spec generation
scoping Starting AI-powered tech spec generation
scoping Tech spec generated successfully
start Build orchestration started for project 13
attempt Build attempt 1/3
scoping Tech spec generated successfully
start Build orchestration started for project 13
attempt Build attempt 1/3
generate Generated 27 files success
build Attempt 1 failed: added 157 packages, and audited 158 packages in 19s 20 packages are looking for funding run `npm fund` for details 3 high severity vulnerabilities To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. npm error Missing script: "build" npm error npm error To see a list of scripts, run: npm error npm run npm error A complete log of this run can be found in: /opt/render/.cache/_logs/2026-05-30T22_46_58_731Z-debug-0.log failed
retry Retrying (2/3)...
attempt Build attempt 2/3
generate Attempt 2 failed: AI generation failed: 429 Daily token limit reached (100,000 tokens). Resets at midnight UTC. failed
retry Retrying (3/3)...
attempt Build attempt 3/3
generate Attempt 3 failed: AI generation failed: 429 Daily token limit reached (100,000 tokens). Resets at midnight UTC. failed
complete Build failed after 3 attempts failed
status Project status updated to Build Failed
Deliverables
📦

Deliverables become available once project reaches Review status.