StudentSathi is a comprehensive Learning Management System (LMS) with student engagement tracking, attendance management, performance analytics, and third-party integrations.
- Backend: Node.js + Express + TypeScript + Prisma + PostgreSQL
- Frontend: React + TypeScript + Vite + shadcn/ui + TailwindCSS
- Authentication: JWT with refresh tokens + HttpOnly cookies
- Database: PostgreSQL with Prisma ORM
- Node.js >= 18.x
- PostgreSQL >= 14.x
- npm or yarn
- Git
git clone https://github.com/naman-agarwal-16/StudentSathi.git
cd StudentSathicd backend
# Install dependencies
npm install
# Copy environment file
cp .env.example .env
# Edit .env with your configuration
nano .env # or use your preferred editor# Environment
NODE_ENV=development
PORT=3001
# Database
DATABASE_URL="postgresql://postgres:yourpassword@localhost:5432/studentsathi?schema=public"
# Frontend
FRONTEND_URL=http://localhost:8080
# Security (REQUIRED - Generate strong secrets in production)
JWT_SECRET=your-secret-key-min-32-characters-long
ENCRYPTION_KEY=your-encryption-key-32-chars-long
CORS_ORIGIN=http://localhost:8080
# Rate Limiting
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100
# Email / SMTP (optional - for password reset)
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER=[email protected]
SMTP_PASS=your-app-password
SMTP_FROM=[email protected]# Run Prisma migrations
npx prisma migrate dev
# Generate Prisma client
npx prisma generate
# (Optional) Seed database with sample data
npx prisma db seed# Development mode with hot reload
npm run dev
# Production build
npm run build
npm startBackend will be available at http://localhost:3001
cd ../ # Back to root directory
# Install dependencies
npm install
# Create .env file for frontend
echo "VITE_API_URL=http://localhost:3001/api" > .env.local# Development mode with hot reload
npm run dev
# Production build
npm run build
npm run previewFrontend will be available at http://localhost:8080
POST /api/auth/register- Register new userPOST /api/auth/login- Login userPOST /api/auth/logout- Logout userPOST /api/auth/refresh- Refresh access tokenPOST /api/auth/forgot-password- Request password resetPOST /api/auth/reset-password- Reset password with tokenGET /api/auth/me- Get current user
GET /api/students- List students (with pagination & search)POST /api/students- Create studentGET /api/students/:id- Get student detailsPUT /api/students/:id- Update studentDELETE /api/students/:id- Delete student
GET /api/alerts- List alerts (with filters)GET /api/alerts/unread- Get unread countPOST /api/alerts- Create alertPATCH /api/alerts/:id/read- Mark alert as readPATCH /api/alerts/read-all- Mark all alerts as read
POST /api/attendance/bulk- Bulk create attendance recordsGET /api/attendance/by-date- Get attendance by dateGET /api/attendance/student/:studentId- Get student attendance historyGET /api/attendance/student/:studentId/stats- Get attendance statistics
POST /api/performance- Create performance recordGET /api/performance/student/:studentId- Get student performance historyGET /api/performance/student/:studentId/gpa- Get student GPA
GET /api/analytics/summary- Get dashboard summary (with date filter)GET /api/analytics/engagement/timeseries- Get engagement time series
POST /api/integrations/lms/config- Create/update LMS configurationGET /api/integrations/lms/config- Get LMS configurationsPOST /api/integrations/webhooks- Create webhookGET /api/integrations/webhooks/:provider- List webhooks
- Registration: User registers with email, password, and name
- Login: User logs in, receives access token (15min) and refresh token (7 days)
- Access Token: Stored in localStorage, sent with every API request
- Refresh Token: Stored in HttpOnly cookie, used to get new access token
- Token Refresh: Automatic when access token expires
- Logout: Clears tokens and redirects to login
- Passwords hashed with bcrypt (10 rounds)
- JWT tokens with expiration
- HttpOnly cookies for refresh tokens
- CORS configured
- Rate limiting on API endpoints
- Helmet.js security headers
- Input validation with Zod
- SQL injection protection (Prisma ORM)
- Role-based authorization
For password reset functionality, configure SMTP settings:
- Enable 2-Factor Authentication on your Google account
- Generate an App Password: https://myaccount.google.com/apppasswords
- Use the app password in .env:
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER=[email protected]
SMTP_PASS=your-16-character-app-passwordSMTP_HOST=smtp.sendgrid.net
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER=apikey
SMTP_PASS=your-sendgrid-api-key
SMTP_FROM=[email protected]cd backend
# Run all tests
npm test
# Run tests with coverage
npm run test:coverage
# Run tests in watch mode
npm run test:watch# Backend
cd backend
npm run lint
npm run lint:fix
# Frontend
cd ../
npm run lintEnsure all production environment variables are set:
- Generate strong secrets:
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"- Update .env:
- Set
NODE_ENV=production - Use strong
JWT_SECRETandENCRYPTION_KEY - Configure production database URL
- Set production
CORS_ORIGINandFRONTEND_URL - Configure production SMTP settings
cd backend
npx prisma migrate deploy# Backend
cd backend
npm run build
# Frontend
cd ../
npm run buildUse PM2 or similar:
npm install -g pm2
# Start backend
cd backend
pm2 start dist/server.js --name studentsathi-backend
# Serve frontend with nginx or similar- Verify PostgreSQL is running
- Check DATABASE_URL format
- Ensure database exists
- Check user permissions
- Verify JWT_SECRET is set
- Check token expiration times
- Clear browser cookies/localStorage
- Check CORS configuration
- Verify SMTP credentials
- Check firewall/port access
- Enable "Less secure app access" or use app passwords
- Check SMTP logs
For issues and questions:
- GitHub Issues: https://github.com/naman-agarwal-16/StudentSathi/issues
- Documentation: Check README.md files
MIT License - See LICENSE file for details