Context: BasicServerSetup is my sandbox for REST patterns. Backend (Node/Express) runs on a Heroku hobby dyno; frontend (Tailwind/Vanilla JS) lives on GitHub Pages. No customers rely on it.
AI assist: ChatGPT/Copilot drafted some controller and README boilerplate; I annotated everything and logged prompts in docs/ai-prompts.md.
Status: Demo works, but auth is mocked, data lives in memory, and automated tests are still on the backlog.

Reality snapshot

  • API handles /register, /login, /clockin, /clockout, /timesheet. Data is in-memory today, but controllers are ready for Mongo/Postgres once I wire them up.
  • Frontend displays current status, basic charts, and toast notifications. Built as a static bundle so I can host it anywhere.
  • Deployment split (Heroku + GitHub Pages) forces me to treat front/back deploys separately, like a mini production flow.

Architecture

BasicServerSetup/
├── app/
│   ├── controllers/
│   ├── models/
│   ├── routes/
│   └── utils/
├── tests/
│   └── postman-collection.json
└── frontend/
    └── index.html
  • authMiddleware.js injects a lightweight token check (mocked JWT).
  • timeController.js coordinates clock-ins/outs and calculates durations.
  • frontend/ uses Fetch to call the API, shows skeletons, and displays errors via toasts.

Deployment flow

LayerPlatformNotes
APIHeroku hobby dynoGitHub integration auto-deploys main. ENV vars stored in Config Vars. /healthz used for smoke tests.
FrontendGitHub PagesActions workflow builds + deploys on merge. config.js stores API base URL.
CIGitHub ActionsRuns npm run lint + npm run test (placeholder until I add Jest).

Docs & testing

  • README + docs/runbook.md explain start/stop steps, env vars, and TODOs.
  • Postman collection covers CRUD flows; I run it manually after deploys until automated tests exist.
  • Smoke script (scripts/smoke.sh) pings /healthz, /timesheet, and verifies response codes.

Lessons so far

  • Separation of concerns: Controllers stay thin; models handle business logic. Swapping data stores later will be straightforward.
  • Docs first: Writing the runbook forced me to think about failure modes before they happened.
  • Independent deploys: Shipping UI tweaks without touching the API (and vice versa) keeps iteration fast.
  • TODOs remain: JWT auth, persistent DB, integration tests, and structured logging are still in progress. READMEs list each gap so nobody assumes it’s production-ready.

Next steps

  • Wire up MongoDB Atlas (or Postgres) + Mongoose.
  • Replace mock auth with real JWTs.
  • Add Jest + Supertest coverage, then automate the Postman collection in CI.
  • Move deployment from Heroku to Render or Fly.io for more control (and to align with other projects).
  • Publish the repo once secrets + docs are cleaned up.

Repo