Day-5 of learning WebDev #Backend_Engineering Day-5 In the past 3 days, what I have learned and practised: MongoDB & Mongoose →understood MongoDB basics: a NoSQL database that stores data as JSON-like documents. → Learned CRUD operations: Create, Read, Update, Delete. → Realized updates can be full replacement or partial. → Learned filters in updates (_id + userId) to make sure only the intended document is changed. → Practiced using Mongoose to connect, define schemas, and create models (UserModel, TodoModel). → Learned ObjectId usage for uniquely identifying documents and linking todos to users Password Security with bcrypt → Problem: Storing plain-text passwords is dangerous what if the DB leaks, attackers can use them. → Solution: Hash passwords before storing. Hashing is one-way, we can’t reverse it. → New issue: Same passwords give same hash → rainbow table attacks. → Fix: Salt the password before hashing (hash(password + salt)), so identical passwords produce different hashes. → Why bcrypt: 1)Automatically salts passwords 2)Intentionally slow → slows brute-force attacks Zod Validation → Used zod library for request validation. → Validated user signup fields: email format, name, password complexity (uppercase, lowercase, number, special char). → Learned that safeParse gives clear errors when validation fails, improving backend security and reliability. Express.js & Todo App Project → Built a full backend for a todo app using Express.js. → Learned RESTful principles: POST to create, GET to read, PATCH to update partially. → Routes created: Signup: /signup it validates input, hashes password, stores user. Signin: /signin it verifies user credentials, returns JWT token. Create Todo: /todo authenticated route, saves todo linked to userId. Update Todo: /update/:todoId it uses PATCH and $set to change only title.Ensures userId matches, preventing unauthorized changes. Mark Todo as Done: /markasDone/:todoId it uses PATCH and $set to update done boolean

Learning by building projects Day-01 1. The Real-World Problem In local spots like clinics, labs, and barber shops, waiting in line is broken. The Cause: Customers have no idea when their turn is actually coming unless they are physically standing in the room. The Effect: People waste hours sitting in crowded waiting areas just to defend their spot. It is frustrating for the customer and chaotic for the business owner. 2. The Solution I am not building a basic calendar app where you pick a time for next week. I am building a live, real-time queue. A customer takes a digital token on their phone, watches the line move live, and walks in exactly when the admin clicks "Next" for their number. It puts the physical waiting room into their pocket. 3. Why I'm Building this: I have already built basic CRUD apps, but standard tutorials are a trap. They don't teach you how real systems break under pressure. I chose this project to push my backend skills forward by solving three specific engineering problems: Race Conditions: What happens when 50 people click "Get Token" at the exact same millisecond? I am learning how to handle database concurrency so two people don't get Token #5. WebSockets (Real-Time Data): Standard APIs require the user to refresh the page to see updates. I am implementing WebSockets so the queue updates instantly on everyone's phone without reloading. Multi-Tenancy: Instead of hardcoding this for one specific Business, I am architecting the database so multiple different businesses can share the exact same backend securely, without ever seeing each other's data. 4. The Methodology I am not following a step-by-step tutorial. I am employing Question-Driven Development. I am using LLMs strictly as senior architectural mentors. I do not use AI to write my application code or spoon-feed me syntax. I use it to test my database schemas, validate my finite state machines, and expose the edge cases in my system design before I write a single line of code.

Alhamdulillah! I am incredibly honored for receiving a laptop under the Prime Minister’s Youth Laptop Scheme. It is truly rewarding to see academic dedication recognized through such initiatives. My sincere thanks to the HEC and the PM Youth Program for empowering students.

Today’s progress Today I worked on the Queue module of my project. Created APIs to create a queue Fetch queues for a business Update queue status (open / paused / locked / closed) Assign and remove queue managers Added request validation and basic structure (routes, controllers, services) Raw endpoints are working now #SaaSArchitecture #DatabaseDesign #QueueManagement #RBAC #StaffManagement #LearningByBuilding #Phase0 #FirstPrinciples #BackendEngineering #RealWorldLogic #MentalModels

Project Progress Summary Authentication & Security Implemented signup & signin with hashed passwords using bcryptjs. Added JWT verification to secure routes and verify users. Users now can safely log in, and sensitive info like passwords is never exposed. Business Management Authenticated Users (owners) can create a business. Users can fetch various public business details by ID, including business name creation date owner’s name via relation etc etc as per need. Routing & Controllers Created routes for /signup, /signin, /business/:id etc Controllers use asyncHandler for clean error catching Proper JSON responses with success/failure messages.