A modern, secure blog platform template built with TypeScript, React, and Node.js. Features a robust backend with role-based access control, secure admin management, and a clean API design. Includes Docker containerization for easy development and deployment.
🎮 Visit www.msdevsec.com to see the blog platform in action with all premium features enabled.
🎥 Watch Demo: Coming soon... (Premium version showcase)
- 🔐 JWT-based authentication
- 👥 Role-based access control (USER/ADMIN)
- 🔑 Password hashing with bcrypt
- ✅ Input validation and sanitization
- 🚫 Protected admin routes
- 👤 Secure admin creation (database-only)
# Clone the repository
git clone https://github.com/msdevsec/msdevsec-typescript-react-cybersecurity-blog-template.git
cd msdevsec-typescript-react-cybersecurity-blog-template- Get your free TinyMCE API key from https://www.tiny.cloud/auth/signup/
- You'll need this API key for the rich text editor in the blog
# Set up environment files
cp backend/.env.example backend/.env
cp frontend/.env.example frontend/.env
# Add your TinyMCE API key to frontend/.env
# VITE_TINYMCE_API_KEY=your-api-key-here# Terminal 1: Start backend containers
cd backend
docker-compose up# Terminal 2: Initialize database
cd backend
docker-compose exec backend npx prisma generate
docker-compose exec backend npx prisma migrate deploy
docker-compose restart backend
# Optional: View database with Prisma Studio
docker-compose exec backend npx prisma studio# Terminal 3: Start frontend
cd frontend
docker-compose upThe application will be available at:
- 🌐 Frontend: http://localhost:3000
- 🔌 Backend API: http://localhost:4000
- 🗄️ Prisma Studio: http://localhost:5555 (if launched)
For security reasons, admin account creation is disabled through the API. Instead, follow these steps to create an admin account:
- Generate a password hash:
docker-compose exec backend node -e "const bcrypt = require('bcryptjs'); bcrypt.hash('YOUR_ADMIN_PASSWORD', 10).then(hash => console.log(hash));"
# Example:
docker-compose exec backend node -e "const bcrypt = require('bcryptjs'); bcrypt.hash('Admin123456', 10).then(hash => console.log(hash));"
# Output: $2a$10$2G6IgUGEXfFyGX6.ENbxQ.wuP2ceG2fOliU0BeDgrA9hgKeajGqlq- Open Prisma Studio:
docker-compose exec backend npx prisma studio-
Create admin user in Prisma Studio (http://localhost:5555):
- Click on "User" model
- Click "Add record"
- Fill in the fields:
- email: [email protected]
- firstName: MSDEVSEC
- lastName: (leave empty)
- password: (paste the hashed password from step 1)
- role: "ADMIN"
- isPremium: false
- createdAt and updatedAt will be auto-filled
-
Verify admin login:
curl -X POST http://localhost:4000/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"password": "Admin123456"
}'- 🔐 User authentication and registration
- 📝 Blog post creation and management
- ✍️ TinyMCE rich text editor with code highlighting
- 💬 Comment system
- 📊 Basic admin dashboard
- 🐳 Docker containerization
- 👥 Role-based access control
- 🔒 Secure password handling
- ✅ Input validation
- 📤 File upload system
- 📱 Responsive design
- 📚 API Documentation
The premium version includes all features from the free version plus:
- 💳 Stripe/PayPal payment integration
- 🎁 Donation system
- 🔑 Password recovery system
- 📧 Email notifications
- 📬 Contact form functionality
- ⚡ Production optimization
- 🛡️ Advanced security features:
- 🌐 Cloudflare DDoS protection
- 🚦 Request rate limiting
- 🔍 Advanced threat detection
- 🛑 IP blocking and filtering
- 🔒 SSL/TLS configuration
- 👑 Enhanced admin controls
- 💎 Premium content management
- 📊 Advanced analytics
- 💾 Automated backup system
- 🚀 Performance optimizations
- 📖 Deployment DevOps Guide
- 🔍 SEO optimization
Complete API reference with example usage. Set your tokens as environment variables:
Admin token ADMIN_TOKEN="insert your admin token here"
User token USER_TOKEN="insert your user token here"
# Register a new user (always registers as normal user)
curl -X POST http://localhost:4000/api/auth/register \
-H "Content-Type: application/json" \
-d '{
"firstName": "Test",
"lastName": "User",
"email": "[email protected]",
"username": "testuser",
"password": "User123456",
"confirmPassword": "User123456"
}'
# Login
curl -X POST http://localhost:4000/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"password": "User123456"
}'# Get all users
curl -X GET "http://localhost:4000/api/users" \
-H "Authorization: Bearer $ADMIN_TOKEN"
# Get specific user
curl -X GET "http://localhost:4000/api/users/{user_id}" \
-H "Authorization: Bearer $ADMIN_TOKEN"
# Update user role/premium status
curl -X PUT "http://localhost:4000/api/users/{user_id}" \
-H "Authorization: Bearer $ADMIN_TOKEN" \
-H "Content-Type: application/json" \
-d '{"role": "USER", "isPremium": true}'
# Delete user
curl -X DELETE "http://localhost:4000/api/users/{user_id}" \
-H "Authorization: Bearer $ADMIN_TOKEN"# Get all posts (including drafts)
curl -X GET "http://localhost:4000/api/posts/admin/all" \
-H "Authorization: Bearer $ADMIN_TOKEN"
# Create post
curl -X POST "http://localhost:4000/api/posts/admin" \
-H "Authorization: Bearer $ADMIN_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"title": "Test Post",
"content": "Content here",
"category": "CODE_TUTORIAL",
"excerpt": "Optional excerpt",
"isPublished": true
}'
# Update post
curl -X PUT "http://localhost:4000/api/posts/admin/{post_id}" \
-H "Authorization: Bearer $ADMIN_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"title": "Updated Title",
"content": "Updated content",
"category": "PENTESTING",
"excerpt": "Updated excerpt",
"isPublished": false
}'
# Delete post
curl -X DELETE "http://localhost:4000/api/posts/admin/{post_id}" \
-H "Authorization: Bearer $ADMIN_TOKEN"Normal users can create comments on published posts and delete their own comments. Admins can manage all comments.
# Create comment (any authenticated user)
curl -X POST http://localhost:4000/api/comments \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $USER_TOKEN" \
-d '{
"content": "This is a test comment",
"postId": "post_id"
}'
# Get all comments (admin only)
curl -X GET "http://localhost:4000/api/comments/all" \
-H "Authorization: Bearer $ADMIN_TOKEN"
# Update comment (admin only)
curl -X PUT "http://localhost:4000/api/comments/{comment_id}" \
-H "Authorization: Bearer $ADMIN_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"content": "Updated comment content"
}'
# Delete comment (admin or comment owner)
curl -X DELETE "http://localhost:4000/api/comments/{comment_id}" \
-H "Authorization: Bearer $USER_TOKEN"# Upload file
curl -X POST http://localhost:4000/api/upload \
-H "Authorization: Bearer $ADMIN_TOKEN" \
-F "file=@path/to/file.pdf"
# Response:
{
"url": "/uploads/timestamp-random.pdf",
"name": "file.pdf"
}
# Create post with file (after uploading)
curl -X POST http://localhost:4000/api/posts/admin \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $ADMIN_TOKEN" \
-d '{
"title": "Post with File",
"content": "Content here",
"category": "CODE_TUTORIAL",
"files": [
{
"name": "file.pdf",
"url": "/uploads/timestamp-random.pdf"
}
]
}'# Success Response
{
"success": true,
"data": {
// Response data here
}
}
# Error Response
{
"success": false,
"error": {
"code": "ERROR_CODE",
"message": "Error description"
}
}- Access to premium content endpoints
- Priority API support
For pricing, customization options, and access to the complete commercial source code with all premium features, contact us at (https://msdevsec.com) or [email protected].