Serverless API for the Firewall Cafe project, providing search, analytics, voting, and image management endpoints.
Production: https://firewall-api.vercel.app GitHub: https://github.com/FIREWALL-cafe/firewall-api
npm installThe project uses dotenv-flow for environment-specific configuration. Create the appropriate .env files:
# .env.local (local overrides, gitignored)
POSTGRES_URL=postgresql://user:pass@host:5432/firewall
POSTGRES_URL_NON_POOLING=postgresql://user:pass@host:5432/firewall
API_SECRET=your_secret_key_here
DO_SPACES_ENDPOINT=nyc3.digitaloceanspaces.com
DO_SPACES_KEY=your_do_key
DO_SPACES_SECRET=your_do_secret
DO_SPACES_BUCKET=your_bucket_nameEnvironment file loading order:
.env(default, committed).env.local(local overrides, gitignored).env.development(dev-specific).env.development.local(dev local overrides)
npm run devThis starts the local development server at http://localhost:3001
# Health check
curl http://localhost:3001/api/health
# Basic info
curl http://localhost:3001/api
# Dashboard data
curl http://localhost:3001/api/dashboard
# Searches (paginated)
curl "http://localhost:3001/api/searches?page=1&page_size=10"
# Search locations
curl http://localhost:3001/api/searches/search-locationsThe API is deployed on Vercel and connected to the GitHub repository. Pushes to main automatically deploy to production.
vercel --prodSet these in the Vercel dashboard (Settings → Environment Variables):
POSTGRES_URL- Vercel Postgres connection URL (pooling)POSTGRES_URL_NON_POOLING- Direct connection URLAPI_SECRET- Secret key for authenticated endpointsDO_SPACES_ENDPOINT- Digital Ocean Spaces endpointDO_SPACES_KEY- Digital Ocean Spaces access keyDO_SPACES_SECRET- Digital Ocean Spaces secret keyDO_SPACES_BUCKET- Bucket name for image storage
GET /api- Basic API information and statusGET /api/health- Health check with database connectivity testGET /api/dashboard- Dashboard statistics and overview
GET /api/searches?page=1&page_size=10- Get all searches (paginated)GET /api/searches/search-locations- Get list of search locations with countsGET /api/searches/filter- Filter searches by various criteriaPOST /api/create-searchor/api/createSearch- Create new search (requires API_SECRET)POST /api/delete-searchor/api/deleteSearch- Delete search (requires API_SECRET)
GET /api/analytics/geographic- Geographic distribution of searchesGET /api/analytics/us-states- US state-level analyticsGET /api/analytics/countries- Country-level analyticsGET /api/analytics/search-analytics- Search trends and patternsGET /api/analytics/vote-analytics- Voting statisticsGET /api/analytics/recent-activity- Recent search and vote activity
GET /api/images- Get all images (paginated)GET /api/images/by-search-id?search_id=123- Get images for specific searchPOST /api/process-images- Process and download images (requires API_SECRET)POST /api/delete-imageor/api/deleteImage- Delete image (requires API_SECRET)PUT /api/update-imageor/api/updateImage- Update image metadata (requires API_SECRET)
GET /api/votes- Get all votes (paginated)GET /api/votes/by-search-id?search_id=123- Get votes for specific searchGET /api/votes/by-vote-id?vote_id=1- Get votes by vote categoryPOST /api/voteor/api/create-vote- Create new vote (requires API_SECRET)
- All read endpoints fully functional
- All write endpoints implemented
- Authentication via API_SECRET
- CORS properly configured
- Database connection pooling optimized
- Image processing with Digital Ocean Spaces
- Geographic analytics with IP geolocation
- Pagination support across all list endpoints
- Comprehensive filtering system
- Deployed to Vercel at https://firewall-api.vercel.app
- Connected to GitHub repository for auto-deployment
- Environment-specific configuration with dotenv-flow
Each API endpoint is a separate serverless function in the /api directory, optimized for Vercel's edge network.
- Vercel Postgres with connection pooling for serverless environments
- Optimized queries with proper indexing
- Separate pooling and non-pooling connection URLs
- Digital Ocean Spaces for image storage
- Asynchronous image processing to avoid function timeouts
- CDN-enabled delivery for optimal performance
Protected endpoints require API_SECRET header for write operations.
- Local server runs on port 3001 (not 3000)
- Uses
dotenv-flowfor environment-specific configuration - Each serverless function has a 10-second timeout (configurable on Pro plan)
- CORS handled via middleware wrapper functions
- Image processing is asynchronous to handle large batches
- Verify
POSTGRES_URLenvironment variable is set - Check that database accepts connections from Vercel IPs
- Ensure SSL is properly configured
- Test with
npm startto run database connection test
- Make sure port 3001 is not in use
- Verify
.env.localfile exists with all required variables - Check that
node_modulesis installed (npm install) - Restart dev server after environment variable changes
- Check
vercel.jsonheaders configuration - Verify middleware is applied via
allowCors()wrapper - Test with different origins and request methods
- Check browser console for specific CORS errors
firewall-api/
├── api/ # Serverless functions
│ ├── analytics/ # Analytics endpoints
│ ├── images/ # Image management
│ ├── searches/ # Search endpoints
│ ├── votes/ # Voting endpoints
│ ├── create-search.js # Create search
│ ├── create-vote.js # Create vote
│ ├── dashboard/ # Dashboard data
│ └── ...
├── lib/ # Shared utilities
│ ├── db.js # Database connection
│ ├── cors.js # CORS middleware
│ ├── auth.js # Authentication
│ ├── pagination.js # Pagination helper
│ ├── filter-builder.js # Query builder
│ └── ...
├── scripts/ # Migration and utility scripts
├── local-server.js # Local development server
└── vercel.json # Vercel configuration