A robust backend system for monitoring failed POST requests, tracking IP-based request patterns, and sending alerts when suspicious activity is detected.
- Request Monitoring: Tracks failed POST requests due to invalid headers or incorrect access tokens
- IP Tracking: Monitors and logs requests from each IP address within configurable time windows
- Alert System: Sends email notifications when failed attempts exceed thresholds
- Metrics Collection: Stores and exposes detailed metrics for analysis
- Rate Limiting: Protects against excessive requests
- Scalable Architecture: Designed to handle high traffic volumes (~500 requests/second)
- Backend: Node.js with Express
- Database: MongoDB
- Email: Gmail SMTP Server
- Logging: Winston Logger
- Security: Helmet middleware
- Testing: Jest
- Node.js (>=14.0.0)
- MongoDB
- Gmail account for sending alerts
- Git (for version control)
# Clone the repository
git clone <repository-url>
# Navigate to project directory
cd API-Failure-Logger
# Install dependencies
npm installCreate a .env file in the root directory:
NODE_ENV=development
PORT=3000
MONGODB_URI=mongodb+srv://<username>:<password>@<cluster>.mongodb.net/<database>
SMTP_USER=[email protected]
SMTP_PASS=your-gmail-app-password
ADMIN_EMAIL=[email protected]
ALERT_THRESHOLD=5
TIME_WINDOW_MINUTES=10
LOG_LEVEL=debug- Go to Google Account Settings
- Enable 2-Factor Authentication
- Navigate to Security → App passwords
- Generate new app password
- Use the generated password in
SMTP_PASSenvironment variable
# Development mode with auto-reload
npm run dev
# Production mode
npm startMain endpoint for request monitoring
Headers Required:
Authorization: Bearer tokenContent-Type: Application typeUser-Agent: Client identifier
Fetch general metrics with pagination and time range filtering
Query Parameters:
timeRange: '1h', '24h', '7d', '30d' (default: '24h')page: Page number (default: 1)limit: Items per page (default: 10)
Fetch metrics for specific IP address
Query Parameters:
timeRange: Time window for metrics
Get summary statistics of failed requests
Query Parameters:
timeRange: Time window for statistics
# Run all tests
npm test
# Watch mode
npm run test:watch
# Coverage report
npm run test:coverageTest invalid requests:
# Missing authentication
curl -X POST http://localhost:3000/api/submit
# Invalid token
curl -X POST http://localhost:3000/api/submit \
-H "Authorization: Bearer invalid-token"Test metrics:
# Get general metrics
curl http://localhost:3000/api/metrics
# Get IP-specific metrics
curl http://localhost:3000/api/metrics/127.0.0.1- Logs: Check
logs/directoryerror.log: Error-level logscombined.log: All logs
- MongoDB: Monitor collections for failed requests
- Email Alerts: Check configured admin email
src/
├── app.js # Application entry point
├── config/ # Configuration files
├── database/ # Database connection
├── middleware/ # Express middleware
├── models/ # MongoDB models
├── routes/ # API routes
├── services/ # Business logic
└── utils/ # Utility functions
- Rate limiting
- Request validation
- Security headers (Helmet)
- Token validation
- IP tracking
- Alert system
- MongoDB connection pooling
- Request compression
- Efficient indexing
- Cache implementation
- Rate limiting
Common issues and solutions:
-
MongoDB Connection Issues
- Verify MONGODB_URI
- Check network connectivity
- Verify MongoDB service status
-
Email Alert Issues
- Verify SMTP credentials
- Check Gmail settings
- Verify no rate limits
-
Rate Limiting
- Check logs for blocked requests
- Verify rate limit configuration
- Horizontal scaling capability
- Load balancer ready
- Database indexing
- Connection pooling
- Rate limiting by IP
- Fork the repository
- Create feature branch
- Commit changes
- Push to branch
- Create Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
For any issues, email [email protected] or create an issue in the repository.