A scalable todo application built for 10 million users with OAuth authentication, real-time features, and modern React design.
- OAuth Authentication: Google, GitHub, and Microsoft login
- Production-Ready Architecture: Built to handle 10M+ users
- Real-time Updates: Instant synchronization across devices
- Smart Organization: Categories, priorities, and due dates
- Team Collaboration: Share todos and work together
- Offline Support: Works without internet connection
- Modern UI: Clean, responsive design with dark mode
- Enterprise Security: JWT sessions, rate limiting, audit logs
- Frontend: Next.js 15, React 19, TypeScript
- Backend: Next.js API Routes, Prisma ORM
- Database: PostgreSQL with optimized indexing
- Caching: Redis for performance and rate limiting
- Authentication: NextAuth.js with OAuth 2.0
- Styling: Tailwind CSS v4, Radix UI components
- Testing: Vitest, React Testing Library
- DevOps: Docker, GitHub Actions CI/CD
- Node.js 18+
- npm or yarn
- PostgreSQL database
- Redis server (optional - graceful fallback)
- OAuth credentials (Google, GitHub, Microsoft)
# Clone the repository
git clone https://github.com/RidgetopAi/shelldo.git
cd shelldo
# Install dependencies and setup
npm run setupCopy the environment template and configure your settings:
cp .env.example .envEdit .env with your configuration:
# Database
DATABASE_URL="postgresql://username:password@localhost:5432/shelldo"
# JWT Secrets
JWT_SECRET="your-super-secure-jwt-secret-key"
NEXTAUTH_SECRET="your-nextauth-secret"
NEXTAUTH_URL="http://localhost:3000"
# OAuth Providers
GOOGLE_CLIENT_ID="your-google-client-id"
GOOGLE_CLIENT_SECRET="your-google-client-secret"
GITHUB_CLIENT_ID="your-github-client-id"
GITHUB_CLIENT_SECRET="your-github-client-secret"
# Optional: Redis for caching
REDIS_URL="redis://localhost:6379"# Run database migrations
npx prisma migrate dev
# Generate Prisma client
npx prisma generate# Start development server
npm run dev
# Or use the Windows startup script
./startup.batVisit http://localhost:3000 to see the application.
# Setup (install, migrate, generate)
npm run setup
# Development
npm run dev # Start dev server with Turbopack
npm run dev:daemon # Start as daemon, logs to logs.txt
npm run build # Build for production
npm run start # Start production server
# Testing & Quality
npm run test # Run Vitest tests
npm run lint # Run ESLint
# Database
npm run db:reset # Reset database and run migrations- Go to Google Cloud Console
- Create a new project or select existing
- Enable Google+ API
- Create OAuth 2.0 credentials
- Add authorized redirect URI:
http://localhost:3000/api/auth/callback/google
- Go to GitHub Settings > Developer settings > OAuth Apps
- Create new OAuth App
- Set Authorization callback URL:
http://localhost:3000/api/auth/callback/github
- Go to Azure Portal
- Register new application in Azure AD
- Add redirect URI:
http://localhost:3000/api/auth/callback/microsoft
The application uses PostgreSQL with optimized schemas for high performance:
- Connection pooling for efficient database usage
- Indexes on frequently queried columns
- Audit logging for security and compliance
- Soft deletes for data recovery
Redis provides caching and rate limiting. If unavailable, the app gracefully falls back to in-memory alternatives.
# Build and run with Docker Compose
docker-compose up -d
# Scale for high availability
docker-compose up -d --scale app=3# Security
NODE_ENV=production
JWT_SECRET="complex-production-secret"
NEXTAUTH_SECRET="complex-nextauth-secret"
# Database
DATABASE_URL="postgresql://user:pass@db-host:5432/shelldo"
# Redis
REDIS_URL="redis://redis-host:6379"
# OAuth (use production URLs)
NEXTAUTH_URL="https://your-domain.com"- Rate limiting: 100 requests/hour per user
- Caching: Redis-backed response caching
- Database optimization: Proper indexing and query optimization
- CDN ready: Static asset optimization
- Horizontal scaling: Stateless architecture
- Health checks:
/api/healthendpoint - Metrics: OpenTelemetry compatible
- Logging: Structured JSON logs
- Error tracking: Built-in error boundaries
- OAuth 2.0 authentication with major providers
- JWT session management with secure cookies
- Rate limiting to prevent abuse
- CORS protection with allowed origins
- Security headers (HSTS, CSP, etc.)
- Input validation with Zod schemas
- SQL injection protection via Prisma ORM
- Audit logging for all user actions
# Run all tests
npm run test
# Run tests in watch mode
npm run test:watch
# Run tests with coverage
npm run test:coverageTest structure:
- Unit tests: Component and utility testing
- Integration tests: API route testing
- E2E tests: Full user flow testing
shelldo/
βββ src/
β βββ app/ # Next.js App Router
β β βββ api/ # API routes
β β βββ auth/ # Authentication pages
β β βββ dashboard/ # Main app interface
β βββ components/ # React components
β β βββ ui/ # Base UI components
β β βββ todo/ # Todo-specific components
β βββ lib/ # Utilities and configurations
β β βββ hooks/ # Custom React hooks
β β βββ contexts/ # React contexts
β β βββ utils/ # Helper functions
β βββ styles/ # Global styles
βββ prisma/ # Database schema and migrations
βββ __tests__/ # Test files
βββ public/ # Static assets
βββ docs/ # Additional documentation
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Commit changes:
git commit -m 'Add amazing feature' - Push to branch:
git push origin feature/amazing-feature - Open a Pull Request
- Follow TypeScript strict mode
- Use ESLint and Prettier for code formatting
- Write tests for new features
- Update documentation for API changes
- Follow conventional commit messages
This project is licensed under the MIT License - see the LICENSE file for details.
- Documentation: Check the
/docsfolder for detailed guides - Issues: Report bugs on GitHub Issues
- Discussions: Join conversations in GitHub Discussions
- Mobile app development (React Native)
- Advanced analytics dashboard
- AI-powered task suggestions
- Advanced team collaboration features
- Plugin system for extensibility
- Multi-language internationalization
Built with β€οΈ for productivity and scale