Upload, Stream, Engage, and Build Your Community
Features β’ Tech Stack β’ Architecture β’ Getting Started β’ API Docs
VidNest is a full-featured, enterprise-grade video sharing platform similar to YouTube, built from the ground up using modern web technologies. This project demonstrates advanced full-stack development practices with a production-ready backend architecture, comprehensive API design, real-time notifications, and a polished React frontend.
- Complete Video Platform: Upload, stream, edit, and manage video content with cloud storage
- Social Features: Comments, likes, subscriptions, and real-time notifications
- Content Organization: Custom playlists, watch history, and content discovery
- Creator Dashboard: Analytics, video management, and channel statistics
- Photo Posts (Tweets): Share images with captions alongside video content
- Advanced Search: Filter and discover content with sophisticated search algorithms
- Security First: JWT authentication, bcrypt password hashing, rate limiting, and CORS protection
- Features
- System Architecture
- Tech Stack
- Project Structure
- Getting Started
- API Documentation
- Authentication & Security
- License & Contact
- Multi-file upload with Multer middleware
- Cloud storage via Cloudinary CDN
- Responsive video player with React Player
- Watch history tracking and view count analytics
- Like/dislike system with real-time updates
- Video management dashboard with analytics
- JWT-based token authentication (access + refresh tokens)
- HTTP-only secure cookies for token storage
- Bcrypt password hashing
- Email verification and password reset
- Customizable user profiles and channel pages
- Comment system on videos and tweets
- Like/unlike videos, tweets, and comments
- Subscribe/unsubscribe to channels
- Real-time notifications system
- User activity feed
- Real-time notifications for likes, comments, and subscriptions
- Unread notification badge counter
- Mark as read/delete functionality
- Notification history with pagination
- Upload photos with captions
- Like and comment on tweets
- User tweet feed and detail pages
- Create and manage custom playlists
- Add/remove videos from playlists
- Public/private playlist settings
- Channel analytics and statistics
- Video and content management
- Comment management
- Full-text search across videos
- Filter and sort options
- Optimized MongoDB text indexes
- Responsive design with Tailwind CSS
- Dark theme interface
- Toast notifications
- Loading states and skeleton screens
- Form validation
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CLIENT (Browser) β
β React 19 + Vite + Tailwind CSS + Redux Toolkit β
ββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββ
β HTTP/HTTPS
β
ββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββ
β API GATEWAY LAYER β
β Express.js + CORS + Rate Limiting + Cookie Parser β
ββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββ
β
βββββββββ΄ββββββββ
β β
ββββββΌββββββ βββββββΌβββββββ
β Auth β β Business β
β Layer β β Logic β
β JWT β β Controllersβ
ββββββ¬ββββββ βββββββ¬βββββββ
β β
βββββββββ¬ββββββββ
β
ββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββ
β DATA ACCESS LAYER β
β Mongoose ODM + MongoDB Aggregation Pipelines β
ββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββ
β
βββββββββ΄βββββββββ¬ββββββββββββββ
β β β
ββββββΌββββββ ββββββββΌβββββββ βββββΌββββββ
β MongoDB β β Cloudinary β β Email β
β Database β β CDN Storage β β Service β
ββββββββββββ βββββββββββββββ βββββββββββ
| Technology | Version | Purpose |
|---|---|---|
| React | 19.2.0 | Core UI library |
| Vite | 7.2.4 | Build tool and dev server |
| Redux Toolkit | 2.11.0 | State management |
| React Router | 7.10.0 | Client-side routing |
| Axios | 1.13.2 | HTTP client |
| Tailwind CSS | 3.4.17 | CSS framework |
| Lucide React | 0.556.0 | Icon library |
| React Hot Toast | 2.6.0 | Toast notifications |
| React Hook Form | 7.68.0 | Form validation |
| React Player | 3.4.0 | Video player |
| Recharts | 3.6.0 | Data visualization |
| Technology | Version | Purpose |
|---|---|---|
| Node.js | 18+ | JavaScript runtime |
| Express.js | 5.1.0 | Web framework |
| MongoDB | 8.19.0 | NoSQL database |
| Mongoose | 8.19.0 | MongoDB ODM |
| JWT | 9.0.2 | Authentication |
| Bcrypt | 6.0.0 | Password hashing |
| Multer | 2.0.2 | File upload handling |
| Cloudinary | 2.7.0 | Cloud media storage |
| Nodemailer | 7.0.12 | Email service |
| CORS | 2.8.5 | Cross-Origin Resource Sharing |
- Node.js (v18.0.0 or higher)
- MongoDB (v6.0+) - Local or MongoDB Atlas
- Git
- Cloudinary Account (free tier)
- Gmail Account (for email service)
git clone https://github.com/Prajjwal2051/VidNest.git
cd VidNest# Install backend dependencies
npm install
# Create environment variables file
cp .env.example .envConfigure .env file:
# Server Configuration
PORT=8000
# Database Configuration
MONGODB_URI=mongodb://localhost:27017/VidNest
# CORS Configuration
CORS_ORIGIN=http://localhost:5173
# JWT Secrets (Generate random strings)
ACCESS_TOKEN_SECRET=your_super_secret_access_token_here_min_32_chars
ACCESS_TOKEN_EXPIRY=1d
REFRESH_TOKEN_SECRET=your_super_secret_refresh_token_here_min_32_chars
REFRESH_TOKEN_EXPIRY=10d
# Cloudinary Configuration
CLOUDINARY_CLOUD_NAME=your_cloud_name
CLOUDINARY_API_KEY=your_api_key
CLOUDINARY_API_SECRET=your_api_secret
# Email Configuration (Gmail)
EMAIL_HOST=smtp.gmail.com
EMAIL_PORT=587
EMAIL_USER=[email protected]
EMAIL_PASSWORD=your-gmail-app-password
EMAIL_FROM=[email protected]Generate Secure Secrets:
node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"cd frontend/VideNestFrontEnd
npm install
# Create frontend environment file
echo 'VITE_API_BASE_URL=http://localhost:8000/api/v1' > .env# Terminal 1: Start Backend (from project root)
npm run dev
# Backend runs on http://localhost:8000
# Terminal 2: Start Frontend (from frontend/VideNestFrontEnd)
cd frontend/VideNestFrontEnd
npm run dev
# Frontend runs on http://localhost:5173- Frontend: http://localhost:5173
- Backend API: http://localhost:8000/api/v1
- Health Check: http://localhost:8000/api/v1/users/health
VidNest/
β
βββ π src/ # Backend source code
β βββ π controllers/ # Request handlers
β βββ π models/ # MongoDB Schemas
β βββ π routes/ # API route definitions
β βββ π middlewares/ # Custom middleware
β βββ π utils/ # Helper functions
β βββ π db/ # Database connection
β βββ app.js # Express app configuration
β βββ index.js # Server entry point
β βββ constants.js # App constants
β
βββ π frontend/VideNestFrontEnd/ # React frontend
β βββ π src/
β β βββ π api/ # API client functions
β β βββ π components/ # React components
β β βββ π pages/ # Route pages (22 pages)
β β βββ π store/ # Redux state management
β β βββ π context/ # React Context
β β βββ π hooks/ # Custom React hooks
β β βββ App.jsx # Root component
β βββ package.json # Frontend dependencies
β
βββ π public/ # Static files
βββ .env.example # Environment template
βββ package.json # Backend dependencies
βββ README.md # Documentation
1. User Login (email + password)
2. Backend verifies credentials with bcrypt
3. Generate JWT tokens (access + refresh)
4. Set HTTP-only cookies (secure, sameSite)
5. Client authenticated with tokens
- Password Security: Bcrypt hashing with 10 salt rounds
- JWT Authentication: Access + refresh token pattern
- HTTP-Only Cookies: Protection against XSS attacks
- CORS Protection: Strict origin validation
- Rate Limiting: Prevent API abuse
- Input Validation: MongoDB injection prevention
- File Upload Security: Type and size validation
// verifyJWT middleware
export const verifyJWT = asyncHandler(async (req, res, next) => {
const token = req.cookies?.accessToken ||
req.header("Authorization")?.replace("Bearer ", "")
if (!token) {
throw new ApiError(401, "Unauthorized request")
}
const decodedToken = jwt.verify(token, process.env.ACCESS_TOKEN_SECRET)
const user = await User.findById(decodedToken?._id).select("-password -refreshToken")
if (!user) {
throw new ApiError(401, "Invalid access token")
}
req.user = user
next()
})Development: http://localhost:8000/api/v1
Production: https://your-domain.com/api/v1
POST /api/v1/users/register # Register new user
POST /api/v1/users/login # User login
POST /api/v1/users/logout # Logout
POST /api/v1/users/refresh-token # Refresh access token
POST /api/v1/users/forgot-password # Request password reset
POST /api/v1/users/reset-password/:token # Reset password
GET /api/v1/users/current-user # Get current user
POST /api/v1/users/change-password # Change password
PATCH /api/v1/users/update-account # Update account details
PATCH /api/v1/users/avatar # Update avatar
PATCH /api/v1/users/cover-image # Update cover image
GET /api/v1/users/c/:username # Get channel profile
GET /api/v1/users/watch-history # Get watch historyGET /api/v1/videos # Get all videos (paginated)
GET /api/v1/videos/:videoId # Get video by ID
POST /api/v1/videos # Upload video
PATCH /api/v1/videos/:videoId # Update video
DELETE /api/v1/videos/:videoId # Delete video
PATCH /api/v1/videos/toggle/publish/:videoId # Toggle publish status
PATCH /api/v1/videos/:videoId/view # Increment view countGET /api/v1/comments/:videoId # Get video comments
GET /api/v1/comments/t/:tweetId # Get tweet comments
GET /api/v1/comments/user/me # Get user's comments
POST /api/v1/comments # Add comment
PATCH /api/v1/comments/:commentId # Update comment
DELETE /api/v1/comments/:commentId # Delete commentPOST /api/v1/like/video/:videoId # Toggle video like
POST /api/v1/like/comment/:commentId # Toggle comment like
POST /api/v1/like/tweet/:tweetId # Toggle tweet like
GET /api/v1/like/status/video/:videoId # Get like status
GET /api/v1/like/videos # Get liked videos
GET /api/v1/like/tweets # Get liked tweets
GET /api/v1/like/comments # Get liked commentsPOST /api/v1/subscription/c/:channelId # Toggle subscription
GET /api/v1/subscription/c/:channelId/subscribers # Get subscribers
GET /api/v1/subscription/u/:userId/subscribed # Get subscribed channelsGET /api/v1/notifications # Get all notifications
PATCH /api/v1/notifications/:notificationId/read # Mark as read
PATCH /api/v1/notifications/read-all # Mark all as read
DELETE /api/v1/notifications/:notificationId # Delete notificationPOST /api/v1/playlists # Create playlist
GET /api/v1/playlists/user/:userId # Get user playlists
GET /api/v1/playlists/:playlistId # Get playlist by ID
PATCH /api/v1/playlists/:playlistId # Update playlist
DELETE /api/v1/playlists/:playlistId # Delete playlist
PATCH /api/v1/playlists/add/:playlistId/:videoId # Add video
PATCH /api/v1/playlists/remove/:playlistId/:videoId # Remove videoGET /api/v1/tweets # Get all tweets
GET /api/v1/tweets/:tweetId # Get tweet by ID
GET /api/v1/tweets/user/:userId # Get user tweets
POST /api/v1/tweets # Create tweet
PATCH /api/v1/tweets/:tweetId # Update tweet
DELETE /api/v1/tweets/:tweetId # Delete tweetGET /api/v1/dashboard/stats/:channelId # Get channel statistics
GET /api/v1/dashboard/videos/:channelId # Get channel videosGET /api/v1/search?query=keyword # Search videosSuccess Response:
{
"statusCode": 200,
"data": { ... },
"message": "Operation successful",
"success": true
}Error Response:
{
"statusCode": 400,
"data": null,
"message": "Error message",
"success": false,
"errors": []
}Copyright Β© 2026 Prajjwal. All Rights Reserved.
VidNest - Video Sharing Platform
UNAUTHORIZED USE, REPRODUCTION, OR DISTRIBUTION IS STRICTLY PROHIBITED.
For licensing inquiries, please contact the author.
Prajjwal - Full-Stack Developer | MERN Stack Specialist
- GitHub: @Prajjwal2051
- Repository: github.com/Prajjwal2051/VidNest
If you discover a security vulnerability, email the author directly. Do not create public GitHub issues for security vulnerabilities.