A full-stack task management solution built with modern web technologies. Features role-based access control, real-time analytics, and secure file management.
Frontend:
- HTML5, CSS3, Vanilla JavaScript
- Chart.js for analytics
- Font Awesome icons
- Inter font family
Backend:
- Node.js + Express.js
- SQLite3 database
- JWT authentication
- bcryptjs password hashing
- Multer for file uploads
Security:
- Helmet.js security headers
- Rate limiting
- CORS protection
- Input validation & sanitization
# Clone repository git clone <repository-url> cd taskflow-enterprise # Install dependencies npm install # Start server npm start # Access application # http://localhost:3000
Default Admin Account:
- Email:
admin@taskflow.com - Password:
Admin123!
taskflow-enterprise/
├── index.html # Main application
├── styles.css # Complete styling
├── app.js # Frontend logic
├── server.js # Express server
├── package.json # Dependencies
└── uploads/ # File storage
- JWT-based authentication
- Role-based access (Admin/Manager/Employee)
- Session management with automatic logout
- Secure password hashing (bcrypt, 12 rounds)
{ id: number, title: string, description: string, priority: 'low' | 'medium' | 'high', status: 'pending' | 'in-progress' | 'completed', due_date: string, assignee_id: number, estimated_hours: number, actual_hours: number }
- Multi-role system with granular permissions
- Department and position tracking
- Active/inactive user status
- Profile management with avatars
- Secure file uploads (50MB max)
- File type validation
- Permission-based access control
- Download tracking
- Real-time dashboard metrics
- Task completion charts
- Team performance tracking
- Custom report periods
CREATE TABLE users ( id INTEGER PRIMARY KEY, email VARCHAR(255) UNIQUE, password_hash TEXT, name VARCHAR(255), role VARCHAR(50), department VARCHAR(100), position VARCHAR(100), avatar_url TEXT, is_active BOOLEAN DEFAULT 1, created_at DATETIME DEFAULT CURRENT_TIMESTAMP );
CREATE TABLE tasks ( id INTEGER PRIMARY KEY, title VARCHAR(500), description TEXT, priority VARCHAR(20), status VARCHAR(20), due_date DATE, assignee_id INTEGER, created_by INTEGER, estimated_hours DECIMAL(5,2), actual_hours DECIMAL(5,2), created_at DATETIME DEFAULT CURRENT_TIMESTAMP );
activity_logs- Audit trailfiles- File metadatarole_permissions- Permission configurationsuser_sessions- Active sessions
POST /api/auth/login // User login POST /api/auth/logout // User logout
GET /api/tasks // List tasks POST /api/tasks // Create task PUT /api/tasks/:id // Update task DELETE /api/tasks/:id // Delete task
GET /api/users // List users (Admin only) POST /api/users // Create user (Admin only) PUT /api/users/:id // Update user (Admin only)
GET /api/files // List files POST /api/files/upload // Upload file GET /api/files/:id/download // Download file DELETE /api/files/:id // Delete file
GET /api/dashboard/stats // Dashboard metrics GET /api/reports // Analytics data GET /api/activities // Activity logs
class TaskFlowEnterprise { constructor() { this.currentUser = null; this.token = null; this.users = []; this.tasks = []; this.files = []; } // Core methods initializeApp() handleLogin() loadTasks() loadUsers() loadDashboard() // ... more methods }
const PORT = process.env.PORT || 3000; const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key'; app.use(helmet()); app.use(cors()); app.use(rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 100 // limit each IP to 100 requests per windowMs })); ## Security Implementation ### Authentication Middleware ```javascript const authenticateToken = async (req, res, next) => { const token = req.headers['authorization']?.split(' ')[1]; if (!token) return res.status(401).json({ error: 'Access token required' }); try { const decoded = jwt.verify(token, JWT_SECRET); const user = await dbGet('SELECT * FROM users WHERE id = ?', [decoded.userId]); if (!user) return res.status(401).json({ error: 'Invalid token' }); req.user = user; next(); } catch (error) { return res.status(403).json({ error: 'Invalid token' }); } };
const passwordHash = await bcrypt.hash(password, 12); const validPassword = await bcrypt.compare(password, user.password_hash);
# Set environment variables export JWT_SECRET=your-production-secret export NODE_ENV=production # Start application npm start
- Automatic SQLite database creation
- Schema versioning included
- Backup procedures recommended for production
- Extend database schema if needed
- Create API endpoints
- Implement frontend components
- Add permission checks
- Update activity logging
- ES6+ JavaScript features
- Modular function organization
- Comprehensive error handling
- Security-first implementation
- SQLite optimized with proper indexing
- Frontend uses efficient DOM updates
- File uploads streamed to disk
- JWT tokens for stateless authentication
- Rate limiting prevents abuse
- Database locks: Ensure proper connection handling
- File upload fails: Check uploads directory permissions
- JWT errors: Verify secret key consistency
- CORS issues: Review frontend-backend URL alignment
- Activity logs track all user actions
- Error logging to console
- Performance metrics available