A full-stack social media platform for financial discussions, featuring real-time stock tracking, AI-powered smart search, Google OAuth, and an automated CI/CD pipeline with Docker deployment.
Live at: https://node65.cs.colman.ac.il
| Feature | Description |
|---|---|
| User Authentication | JWT-based auth with access + refresh tokens, Google OAuth 2.0 |
| Social Feed | Create, read, update, delete posts with image uploads |
| Comments & Likes | Full CRUD comments, like/unlike with duplicate prevention |
| User Profiles | Profile management with avatar upload |
| Stock Watchlist | Track stocks and monitor price changes |
| Price Alerts | Set target price alerts with real-time status |
| AI Smart Search | Google Gemini-powered financial analysis and intelligent search |
| Responsive Frontend | React + Vite SPA with Bootstrap UI |
- JWT access + refresh token rotation
- Password hashing with bcrypt
- Ownership validation on all protected operations
- File upload restrictions (images only, 5MB limit)
- Helmet security headers & rate limiting
- HTTPS with SSL/TLS (Nginx reverse proxy)
| Layer | Technology |
|---|---|
| Frontend | React 18, TypeScript, Vite, Bootstrap |
| Backend | Node.js, Express.js, TypeScript |
| Database | MongoDB with Mongoose ODM |
| AI | Google Gemini API |
| Auth | JWT + Passport.js (Google OAuth 2.0) |
| Testing | Jest + Supertest |
| DevOps | Docker, Docker Compose, GitHub Actions, Nginx |
| Server | Ubuntu 24.04 LTS (Self-hosted runner on college server) |
- Node.js v20+
- Docker & Docker Compose
- MongoDB (local or Docker)
- Google Gemini API key
# 1. Clone
git clone https://github.com/ShimiManashirov/MarketWatchWeb.git
cd MarketWatchWeb
# 2. Install dependencies
npm install
cd client && npm install && cd ..
# 3. Configure environment
cp .env.example .env # Edit with your values
# 4. Start with Docker
docker compose up --build -d
# 5. Or start without Docker
npm run dev # Backend on :3000
cd client && npm run dev # Frontend on :5173| Variable | Description | Required |
|---|---|---|
MONGO_URI |
MongoDB connection string | β |
JWT_SECRET |
Secret for access tokens | β |
REFRESH_TOKEN_SECRET |
Secret for refresh tokens | β |
GEMINI_API_KEY |
Google Gemini API key | β |
GOOGLE_CLIENT_ID |
Google OAuth client ID | β |
GOOGLE_CLIENT_SECRET |
Google OAuth client secret | β |
GOOGLE_CALLBACK_URL |
Google OAuth callback URL | β |
CLIENT_URL |
Frontend URL for CORS & redirects | β |
PORT |
Server port (default: 3000) | β |
# Run all tests (46 tests)
npm test
# Run specific suites
npm test -- auth.test.ts # 7 auth tests
npm test -- user.test.ts # 4 user profile tests
npm test -- post.test.ts # 19 post + like tests
npm test -- comment.test.ts # 13 comment tests
npm test -- ai.test.ts # 3 AI testsSwagger UI is available at /api-docs when the server is running.
| Route | Methods | Description |
|---|---|---|
/auth/register |
POST | Register new user |
/auth/login |
POST | Login, returns JWT tokens |
/auth/logout |
POST | Invalidate refresh token |
/auth/refresh |
POST | Refresh access token |
/auth/google |
GET | Initiate Google OAuth |
/auth/google/callback |
GET | Google OAuth callback |
/user/profile |
GET | Get current user profile |
/user/update |
PUT | Update profile |
/posts |
GET, POST | List/create posts |
/posts/:id |
GET, PUT, DELETE | Read/update/delete post |
/posts/:id/like |
POST, DELETE | Like/unlike post |
/posts/:postId/comments |
GET, POST | List/create comments |
/comments/:id |
PUT, DELETE | Update/delete comment |
/ai/analyze |
POST | AI financial analysis |
/ai/search |
POST | Smart search with keyword extraction |
/stocks/search |
GET | Search stocks |
/watchlist |
GET, POST, DELETE | Manage watchlist |
We use a Lean Deployment Strategy designed for a resource-constrained college server. Heavy CI runs in the GitHub Cloud; only deployment runs on the server.
| Branch | Purpose | Trigger |
|---|---|---|
main |
Development & CI | PRs trigger test suite |
production |
Live deployment | Push triggers Docker deploy |
feature/* |
New features | PR to main |
fix/* |
Bug fixes | PR to main |
graph TD
A[Developer Push] -->|PR| B(main branch)
B -->|GitHub Actions| C{CI: Tests & Build}
C -->|β
Pass| D[Auto PR: main β production]
C -->|β Fail| E[Fix & Re-push]
D -->|Human Review| F[Merge to production]
F -->|Self-Hosted Runner| G[NODE65 Server]
G --> H[Docker Compose Build]
H --> I[App + MongoDB Live]
J[Hotfix on production] -->|Auto Sync| K[PR: production β main]
subgraph "βοΈ GitHub Cloud"
B
C
D
K
end
subgraph "π« College Server (node65)"
G
H
I
end
| File | Trigger | Runs On | Purpose |
|---|---|---|---|
ci.yml |
PR to main |
ubuntu-latest |
Run tests & build verification |
main-to-prod-pr.yml |
Push to main |
ubuntu-latest |
Auto-create PR to production |
deploy-prod.yml |
Push to production |
self-hosted (NODE65) |
Docker build & deploy |
sync-main.yml |
Push to production |
ubuntu-latest |
Sync hotfixes back to main via PR |
ββββββββββββββββββββββββββββββββββββ
β College Server (NODE65) β
β Ubuntu 24.04 LTS β
β β
HTTPS (443) ββββββΊβ Nginx (Reverse Proxy + SSL) β
β β β
β βΌ β
β Docker Compose β
β βββββββββββββββββββββββββββββββ β
β β market_watch_app (:3000) β β
β β Node.js + Express + React β β
β ββββββββββββ¬βββββββββββββββββββ β
β β β
β ββββββββββββΌβββββββββββββββββββ β
β β market_watch_db (:27017) β β
β β MongoDB (with named volume) β β
β βββββββββββββββββββββββββββββββ β
β β
β GitHub Actions Runner (service) β
ββββββββββββββββββββββββββββββββββββ
-
Cloud-First Testing β All 46 tests run on GitHub's infrastructure, not the college server. This saves server resources for the live application.
-
Self-Hosted Runner as Service β Installed via
systemd, the runner starts automatically on server reboot. No manual intervention needed. -
Named Docker Volumes β MongoDB data persists in
mongo_datavolume.docker compose downdoes NOT delete volumes, so data survives redeployments. -
Hotfix Loop Protection β The sync workflow detects when a push to
productionoriginated frommainand skips the reverse sync, preventing infinite PR loops. -
Manual Merge Gate β All production deployments require a human to merge the PR, providing total control for demos and presentations.
MarketWatchWeb/
βββ .github/workflows/ # CI/CD pipeline definitions
β βββ ci.yml # Test & build on PR
β βββ deploy-prod.yml # Docker deploy on production push
β βββ main-to-prod-pr.yml # Auto PR main β production
β βββ sync-main.yml # Hotfix sync production β main
βββ client/ # React frontend (Vite)
β βββ src/
β β βββ components/ # React components
β β βββ pages/ # Page components
β β βββ services/ # API service layer
β βββ dist/ # Production build output
βββ src/ # Express backend
β βββ controllers/ # Request handlers
β βββ models/ # Mongoose schemas
β βββ routes/ # API route definitions
β βββ middleware/ # Auth & file upload middleware
β βββ services/ # Business logic (Gemini AI, Cron)
β βββ config/ # Passport OAuth config
β βββ tests/ # Jest test suites
β βββ app.ts # Express app setup
β βββ server.ts # Server entry point
βββ nginx/ # Nginx reverse proxy config
βββ Dockerfile # Multi-stage Docker build
βββ docker-compose.yml # Container orchestration
βββ setup_runner.sh # Server runner installation script
βββ .env # Environment variables (not in git)
- Shimi Manashirov β @ShimiManashirov
- Tamir Shoval β @Tamir26
- Google Gemini AI for intelligent search capabilities
- College of Management (Colman) β CS Faculty for server infrastructure
- Express.js & React communities
Built with β€οΈ for financial discussions | Colman CS β Internet Systems Development