🏆 Projet Final ⭐⭐⭐⭐ Expert ~20h NestJS 10 + TS 5

🌐 Social API — Backend Complet

Construire une API sociale production-ready qui combine tous les concepts de la formation : authentification JWT, CRUD avec TypeORM, WebSockets temps réel, queues BullMQ, tests complets et déploiement Docker/CI-CD.

NestJS 10 TypeScript 5 TypeORM 0.3 PostgreSQL Socket.io BullMQ Redis Jest 85%+ Docker GitHub Actions

🏗️ Architecture de l'Application

social-api/
├── src/
│   ├── app.module.ts
│   ├── main.ts
│   ├── auth/
│   │   ├── auth.module.ts
│   │   ├── auth.controller.ts        ← /auth/register, login, refresh, logout, me
│   │   ├── auth.service.ts
│   │   ├── strategies/
│   │   │   ├── local.strategy.ts
│   │   │   ├── jwt.strategy.ts
│   │   │   └── jwt-refresh.strategy.ts
│   │   └── guards/
│   │       ├── jwt-auth.guard.ts     ← global (+ @Public())
│   │       ├── roles.guard.ts
│   │       └── resource-owner.guard.ts
│   ├── users/
│   │   ├── users.module.ts
│   │   ├── users.controller.ts       ← GET /users/:id, PUT /users/:id, follow/unfollow
│   │   ├── users.service.ts
│   │   ├── entities/user.entity.ts
│   │   └── dto/
│   │       ├── create-user.dto.ts
│   │       └── update-user.dto.ts
│   ├── posts/
│   │   ├── posts.module.ts
│   │   ├── posts.controller.ts       ← CRUD + feed + timeline
│   │   ├── posts.service.ts
│   │   ├── entities/post.entity.ts
│   │   └── dto/
│   │       ├── create-post.dto.ts
│   │       └── update-post.dto.ts
│   ├── likes/
│   │   ├── likes.module.ts
│   │   ├── likes.controller.ts       ← POST /posts/:id/like, DELETE /posts/:id/like
│   │   ├── likes.service.ts
│   │   └── entities/like.entity.ts
│   ├── comments/
│   │   ├── comments.module.ts
│   │   ├── comments.controller.ts    ← CRUD + nested replies
│   │   ├── comments.service.ts
│   │   └── entities/comment.entity.ts
│   ├── notifications/
│   │   ├── notifications.module.ts
│   │   ├── notifications.gateway.ts  ← WebSocket temps réel
│   │   ├── notifications.service.ts
│   │   └── entities/notification.entity.ts
│   ├── mail/
│   │   ├── mail.module.ts            ← dynamic module
│   │   ├── mail.service.ts
│   │   └── processors/mail.processor.ts ← BullMQ
│   ├── common/
│   │   ├── decorators/
│   │   │   ├── current-user.decorator.ts
│   │   │   ├── public.decorator.ts
│   │   │   └── roles.decorator.ts
│   │   ├── interceptors/
│   │   │   ├── transform.interceptor.ts
│   │   │   ├── logging.interceptor.ts
│   │   │   └── timeout.interceptor.ts
│   │   ├── filters/
│   │   │   └── all-exceptions.filter.ts
│   │   ├── middleware/
│   │   │   └── logger.middleware.ts
│   │   └── pipes/
│   │       └── parse-positive-int.pipe.ts
│   └── health/
│       └── health.controller.ts
├── test/
│   ├── auth.e2e-spec.ts
│   └── posts.e2e-spec.ts
├── Dockerfile
├── docker-compose.yml
├── docker-compose.prod.yml
├── .env.example
└── .github/
    └── workflows/
        ├── ci.yml
        └── deploy.yml

🗃️ Entités TypeORM

// user.entity.ts
@Entity('users')
export class User {
  @PrimaryGeneratedColumn('uuid') id: string;

  @Column({ unique: true }) email: string;
  @Column({ unique: true }) username: string;
  @Column({ select: false }) passwordHash: string;
  @Column({ nullable: true }) bio: string;
  @Column({ nullable: true }) avatarUrl: string;
  @Column({ type: 'enum', enum: Role, default: Role.USER }) role: Role;
  @Column({ nullable: true, select: false }) refreshTokenHash: string;

  @OneToMany(() => Post, post => post.author) posts: Post[];
  @OneToMany(() => Like, like => like.user) likes: Like[];
  @OneToMany(() => Notification, n => n.recipient) notifications: Notification[];

  // Self-referential ManyToMany for follows
  @ManyToMany(() => User, user => user.following)
  @JoinTable({ name: 'user_follows', joinColumn: { name: 'follower_id' }, inverseJoinColumn: { name: 'following_id' } })
  followers: User[];

  @ManyToMany(() => User, user => user.followers)
  following: User[];

  @CreateDateColumn() createdAt: Date;
  @UpdateDateColumn() updatedAt: Date;
}

// post.entity.ts
@Entity('posts')
export class Post {
  @PrimaryGeneratedColumn('uuid') id: string;
  @Column({ type: 'text' }) content: string;
  @Column({ nullable: true }) imageUrl: string;
  @Column({ type: 'simple-array', default: '' }) tags: string[];

  @ManyToOne(() => User, user => user.posts, { eager: true, onDelete: 'CASCADE' })
  author: User;

  @OneToMany(() => Like, like => like.post) likes: Like[];
  @OneToMany(() => Comment, comment => comment.post) comments: Comment[];

  @Column({ default: 0 }) likesCount: number;
  @Column({ default: 0 }) commentsCount: number;

  @CreateDateColumn() createdAt: Date;
  @UpdateDateColumn() updatedAt: Date;
  @DeleteDateColumn() deletedAt: Date;  // soft delete
}

// like.entity.ts
@Entity('likes')
@Unique(['user', 'post'])   // empêche les doublons
export class Like {
  @PrimaryGeneratedColumn('uuid') id: string;
  @ManyToOne(() => User, user => user.likes, { onDelete: 'CASCADE' }) user: User;
  @ManyToOne(() => Post, post => post.likes, { onDelete: 'CASCADE' }) post: Post;
  @CreateDateColumn() createdAt: Date;
}

// notification.entity.ts
@Entity('notifications')
export class Notification {
  @PrimaryGeneratedColumn('uuid') id: string;
  @Column({ type: 'enum', enum: NotificationType }) type: NotificationType;
  @Column({ type: 'jsonb' }) payload: Record<string, any>;
  @Column({ default: false }) read: boolean;
  @ManyToOne(() => User, user => user.notifications, { onDelete: 'CASCADE' })
  recipient: User;
  @Column({ nullable: true }) actorId: string;
  @CreateDateColumn() createdAt: Date;
}

📡 Endpoints REST

Méthode	Route	Description	Auth
`POST`	`/auth/register`	Inscription + email de bienvenue (BullMQ)	Public
`POST`	`/auth/login`	Login → accessToken (15m) + refreshToken (7j)	Public
`POST`	`/auth/refresh`	Rotation des tokens (détecte réutilisation)	Refresh JWT
`POST`	`/auth/logout`	Invalider refreshToken en DB	JWT
`GET`	`/auth/me`	Profil courant (serialisé sans hash)	JWT
`GET`	`/users/:id`	Profil public + stats (followers, following, posts)	JWT
`PUT`	`/users/:id`	Modifier profil (ResourceOwnerGuard)	JWT + Owner
`POST`	`/users/:id/follow`	S'abonner + notif WebSocket	JWT
`DELETE`	`/users/:id/follow`	Se désabonner	JWT
`GET`	`/posts`	Feed global paginé (cursor-based)	JWT
`GET`	`/posts/timeline`	Timeline des utilisateurs suivis	JWT
`POST`	`/posts`	Créer post + notifier followers via WebSocket	JWT
`PATCH`	`/posts/:id`	Modifier post (auteur seulement)	JWT + Owner
`DELETE`	`/posts/:id`	Soft delete (auteur ou admin)	JWT + Owner/Admin
`POST`	`/posts/:id/like`	Liker + notif WebSocket à l'auteur	JWT
`DELETE`	`/posts/:id/like`	Retirer le like	JWT
`GET`	`/posts/:id/comments`	Commentaires paginés + replies	JWT
`POST`	`/posts/:id/comments`	Commenter + notif à l'auteur du post	JWT
`GET`	`/notifications`	Notifs de l'utilisateur courant (non lues en premier)	JWT
`GET`	`/health`	Status DB + Redis + mémoire + disque	Public

⚡ WebSocket — Notifications Temps Réel

// notifications.gateway.ts
@WebSocketGateway({ namespace: '/notifications', cors: { origin: '*' } })
export class NotificationsGateway implements OnGatewayConnection, OnGatewayDisconnect {
  @WebSocketServer() server: Server;

  async handleConnection(client: Socket) {
    const user = await this.authService.validateWsToken(client.handshake.auth.token);
    if (!user) return client.disconnect();
    client.join(`user:${user.id}`);   // salle privée par userId
    await this.notificationsService.markSocketConnected(user.id, client.id);
  }

  // Envoyer une notif en temps réel
  sendToUser(userId: string, notification: NotificationDto) {
    this.server.to(`user:${userId}`).emit('notification:new', notification);
  }

  // Marquer comme lu côté client
  @SubscribeMessage('notification:read')
  async markRead(@ConnectedSocket() client: Socket, @MessageBody() id: string) {
    const user = this.getUser(client);
    return this.notificationsService.markAsRead(user.id, id);
  }
}

// Types de notifications émises
// → 'notification:new'  { type, message, actorUsername, link, createdAt }
// → 'post:liked'        quand un post de l'user reçoit un like
// → 'post:commented'    quand un post de l'user reçoit un commentaire
// → 'user:followed'     quand un user suit l'utilisateur courant

📬 Queue BullMQ — Emails

// Types de jobs dans la queue 'mail'
type MailJob =
  | { type: 'welcome';      to: string; username: string }
  | { type: 'notification'; to: string; subject: string; items: string[] }
  | { type: 'digest';       to: string; username: string; unreadCount: number };

// mail.processor.ts
@Processor('mail')
export class MailProcessor {
  @Process('welcome')
  async sendWelcome(job: Job<WelcomeJobData>) {
    await this.mailService.send({ to: job.data.to, subject: 'Bienvenue sur Social API', ... });
  }

  @Process('notification')
  async sendNotification(job: Job<NotifJobData>) {
    await this.mailService.send({ to: job.data.to, subject: job.data.subject, ... });
  }
}

// Jobs déclenchés automatiquement
// register → 'welcome' job (délai 0s)
// like/comment/follow → 'notification' job si user offline (délai 30s)
// daily digest cron → 'digest' jobs pour users avec notifs non lues

🧪 Suite de Tests Attendue

src/
├── auth/
│   └── auth.service.spec.ts        ← register, login, refresh, reuse detection
├── posts/
│   ├── posts.service.spec.ts       ← CRUD, timeline, soft delete
│   └── posts.controller.spec.ts    ← routes, guards, transformations
├── likes/
│   └── likes.service.spec.ts       ← toggle like, doublon @Unique
├── notifications/
│   └── notifications.gateway.spec.ts ← WS connect/disconnect, emit
└── common/
    ├── interceptors/transform.interceptor.spec.ts
    └── filters/all-exceptions.filter.spec.ts
test/
├── auth.e2e-spec.ts     ← register → login → refresh → logout
└── posts.e2e-spec.ts    ← create → like → comment → delete

85%

Statements

80%

Branches

90%

Functions

85%

Lines

🐳 Déploiement

# docker-compose.yml (dev)
services:
  api:
    build: .
    ports: ["3000:3000"]
    env_file: .env
    depends_on:
      postgres: { condition: service_healthy }
      redis:    { condition: service_started }

  postgres:
    image: postgres:16-alpine
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER"]
      interval: 5s

  redis:
    image: redis:7-alpine
    command: redis-server --requirepass $$REDIS_PASSWORD

  pgadmin:
    image: dpage/pgadmin4:latest
    ports: ["5050:80"]

# Pipeline CI/CD (GitHub Actions)
# ┌──────────┐     ┌──────────────────┐     ┌──────────────┐
# │  ci.yml  │────▶│  build-push.yml  │────▶│  deploy.yml  │
# │ lint+test│     │ Docker → GHCR    │     │  SSH + pull  │
# └──────────┘     └──────────────────┘     └──────────────┘

✅ Critères de Validation

Core

Register + login + refresh + logout fonctionnels
Refresh token rotation (détection réutilisation)
CRUD posts avec pagination cursor-based
Timeline des utilisateurs suivis
Like/unlike avec contrainte d'unicité
Commentaires imbriqués (post → replies)
Follow/unfollow self-referential

Production

Notifications WebSocket en temps réel
Emails via BullMQ (welcome + digest)
Coverage ≥ 85% toutes métriques
Dockerfile multi-stage < 200MB
CI lint+test vert sur chaque PR
Health check DB + Redis + memory
Joi validation des variables d'env

Bonus : Ajoutez une recherche full-text sur les posts avec tsquery PostgreSQL via TypeORM QueryBuilder. Ou implémentez un système de hashtags avec pages dédiées (#tag → liste des posts).

Important : Le projet final est noté sur la qualité globale — code TypeScript strict (pas de any), gestion d'erreurs cohérente, tests significatifs (pas de tests triviaux), et architecture modulaire propre.

← Module 10 Mini-projet 10 🧠 QCM Final 🏠 Accueil Formation