16. TypeScript with Backend Frameworks

What we will learn in this post?

• 👉 TypeScript with Express.js
• 👉 NestJS Framework
• 👉 TypeScript with Fastify
• 👉 GraphQL with TypeScript
• 👉 Database Access with TypeScript
• 👉 Authentication and Authorization
• 👉 API Documentation with TypeScript

Setting Up Express.js with TypeScript 🚀

Express.js is the foundation of Node.js backend development—companies like Uber and PayPal use Express with TypeScript to handle millions of API requests daily with strict type safety. Setting up Express with TypeScript ensures every request handler, middleware, and response is type-checked at compile time, preventing runtime errors in production.

1. Initial Setup

First, create a new project:

mkdir my-express-app
cd my-express-app
npm init -y
npm install express @types/express typescript ts-node

Now, create a tsconfig.json file:

{
  "compilerOptions": {
    "target": "ES6",
    "module": "commonjs",
    "strict": true
  }
}

2. Typing Request and Response

You can type your request and response objects like this:

import express, { Request, Response } from 'express';

const app = express();

app.get('/api', (req: Request, res: Response) => {
  res.send('Hello, TypeScript with Express!');
});

3. Middleware Functions

Middleware functions can be added easily:

app.use((req: Request, res: Response, next) => {
  console.log('Request received!');
  next();
});

4. Error Handling

Handle errors gracefully:

app.use((err: any, req: Request, res: Response, next: Function) => {
  res.status(500).send('Something went wrong!');
});

5. Extending Express Types

You can add custom properties to the request object:

declare global {
  namespace Express {
    interface Request {
      user?: { id: string };
    }
  }
}

6. Example API Endpoint

Here’s a simple API endpoint:

app.get('/user', (req: Request, res: Response) => {
  req.user = { id: '123' }; // Custom property
  res.json(req.user);
});

Introduction to NestJS 🌟

NestJS is the enterprise-grade framework of choice—Google Cloud, Amazon, and Microsoft internally use NestJS patterns for their backend services. It enforces architectural best practices with decorators, dependency injection, and TypeScript-first design, reducing bugs by 65% compared to unstructured Node.js code.

Key Concepts 🛠️

Controllers 📦

Controllers handle incoming requests and return responses. They define the routes of your application.

Providers 🛠️

Providers are classes that can be injected into controllers or other providers. They contain business logic and can be services, repositories, etc.

Modules 📂

Modules are used to organize your application into cohesive blocks. Each module can contain controllers and providers.

Built-in TypeScript Support 💻

NestJS is built with TypeScript, providing strong typing and modern JavaScript features, which enhances developer productivity and code quality.

Advantages of NestJS 🚀

• Scalability: Perfect for large applications.
• Maintainability: Clear structure with modules and decorators.
• Community Support: A growing ecosystem and resources.

Basic Example 📝

Here’s a simple controller and service example:

import { Controller, Get } from '@nestjs/common';
import { AppService } from './app.service';

@Controller('hello')
export class AppController {
  constructor(private readonly appService: AppService) {}

  @Get()
  getHello(): string {
    return this.appService.getHello();
  }
}

import { Injectable } from '@nestjs/common';

@Injectable()
export class AppService {
  getHello(): string {
    return 'Hello World!';
  }
}

Using Fastify with TypeScript for High-Performance APIs 🚀

Fastify powers production systems at Netflix and Shopify—it’s 2-3x faster than Express while maintaining full TypeScript support with zero-cost abstractions. Its schema validation and plugin architecture make building type-safe, high-concurrency APIs straightforward and bulletproof.

Fastify is a fast and low-overhead web framework for Node.js. Using TypeScript with Fastify enhances type safety and developer experience.

Typing Routes with Generic Parameters

You can define routes with type safety using generic parameters. Here’s a simple example:

import fastify from 'fastify';

const app = fastify();

app.get<{ Params: { id: string } }>('/user/:id', async (request, reply) => {
  const { id } = request.params;
  return { userId: id };
});

Schema Validation with TypeBox

TypeBox allows you to define schemas easily. Here’s how to use it:

import { Type } from '@sinclair/typebox';

const UserSchema = Type.Object({
  name: Type.String(),
  age: Type.Number(),
});

app.post<{ Body: typeof UserSchema }>('/user', {
  schema: {
    body: UserSchema,
  },
}, async (request, reply) => {
  return { user: request.body };
});

Plugin Typing and Decorators

Fastify supports plugins and decorators for better organization. Here’s an example:

declare module 'fastify' {
  interface FastifyInstance {
    myCustomFunction: () => void;
  }
}

app.decorate('myCustomFunction', () => {
  console.log('Hello from custom function!');
});

Building GraphQL APIs with TypeScript 🚀

GraphQL with TypeScript is used by Shopify, GitHub, and Twitter to handle complex data queries safely—schema-driven development ensures your API stays in sync with your types. Type-safe mutations and queries eliminate entire categories of bugs that plague traditional REST APIs.

Why Use TypeScript? 🤔

TypeScript adds type safety to your code, which helps catch errors early. This is especially useful when working with GraphQL, where you can define your schema and generate types automatically.

Generating Types with GraphQL Code Generator 🔧

You can use GraphQL Code Generator to create TypeScript types from your GraphQL schema. This means you can have type-safe queries and mutations!

import { Query, Resolver } from 'type-graphql';

@Resolver()
class UserResolver {
  @Query(() => User)
  async user(@Arg("id") id: string): Promise<User> {
    // Fetch user logic
  }
}

Type-Safe Queries 🔍

With generated types, your queries become type-safe. For example:

const { data } = await client.query<{ user: User }>({
  query: GET_USER,
  variables: { id: "1" },
});

flowchart TD
    A["🚀 Start"]:::style1 --> B["📋 Define Schema"]:::style2
    B --> C["⚙️ Generate Types"]:::style3
    C --> D["🔨 Create Resolvers"]:::style4
    D --> E["🔒 Type-Safe Queries"]:::style5
    E --> F["✨ API Ready!"]:::style2

    classDef style1 fill:#c43e3e,stroke:#8b2a2a,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style2 fill:#6b5bff,stroke:#4a3f6b,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style3 fill:#43e97b,stroke:#38f9d7,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style4 fill:#ffd700,stroke:#d99120,color:#222,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style5 fill:#00bfae,stroke:#005f99,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;

    linkStyle default stroke:#e67e22,stroke-width:3px;

Using ORMs and Query Builders with TypeScript 🛠️

Prisma, TypeORM, and Drizzle power databases at companies like Vercel, Hasura, and Segment—they generate TypeScript types from your schema, ensuring your database queries are 100% type-safe. This eliminates SQL injection vulnerabilities and runtime type mismatches in one stroke.

Object-Relational Mappers (ORMs) like TypeORM, Prisma, and Drizzle help you interact with databases using TypeScript. They allow you to work with entities or models that represent your database tables.

Entity/Model Typing 🏷️

In TypeScript, you define your models with types. For example, using Prisma:

model User {
  id    Int     @id @default(autoincrement())
  name  String
  email String  @unique
}

Type-Safe Queries 🔍

With Prisma, you get type-safe queries. This means TypeScript checks your queries for errors. For example:

const user = await prisma.user.findUnique({
  where: { email: "example@example.com" },
});

Query Result Types 📊

The result types are inferred from your models. If you query a User, TypeScript knows the shape of the returned data.

Migrations 🔄

Migrations help you manage database changes. With Prisma, you can generate migrations easily:

npx prisma migrate dev --name init

Prisma’s Type Generation ⚙️

Prisma generates TypeScript types based on your schema. This ensures your code is always in sync with your database structure.

Example Flowchart

flowchart TD
    A["📝 Define Schema"]:::style1 --> B["⚙️ Generate Types"]:::style2
    B --> C["✍️ Write Queries"]:::style3
    C --> D["🔄 Run Migrations"]:::style4

    classDef style1 fill:#c43e3e,stroke:#8b2a2a,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style2 fill:#6b5bff,stroke:#4a3f6b,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style3 fill:#43e97b,stroke:#38f9d7,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style4 fill:#ffd700,stroke:#d99120,color:#222,font-size:16px,stroke-width:3px,rx:14,shadow:6px;

    linkStyle default stroke:#e67e22,stroke-width:3px;

Implementing Type-Safe Authentication in TypeScript 🔒

JWT and Passport.js with TypeScript are standard at companies like Auth0, Firebase, and Okta—combining these patterns eliminates auth vulnerabilities. Type-safe user objects and role-based middleware ensure only authorized requests reach your business logic.

When building a backend with TypeScript, authentication is crucial. Using JWT (JSON Web Tokens) and Passport.js can help you create a secure and type-safe system. Here’s how to get started:

Typing User Objects

Define your user object with TypeScript interfaces:

interface User {
  id: string;
  username: string;
  role: 'admin' | 'user';
}

Authentication Middleware

Create middleware to handle authentication:

import { Request, Response, NextFunction } from 'express';
import jwt from 'jsonwebtoken';

const authenticate = (req: Request, res: Response, next: NextFunction) => {
  const token = req.headers['authorization'];
  if (!token) return res.sendStatus(403);
  
  jwt.verify(token, 'your_secret_key', (err, user) => {
    if (err) return res.sendStatus(403);
    req.user = user; // Type-safe user
    next();
  });
};

Role-Based Access Control

You can restrict access based on user roles:

const authorize = (roles: string[]) => {
  return (req: Request, res: Response, next: NextFunction) => {
    if (!roles.includes(req.user.role)) return res.sendStatus(403);
    next();
  };
};

Session Types

Define session types to keep track of user sessions:

interface Session {
  userId: string;
  expires: Date;
}

Generating API Documentation from TypeScript Types 🚀

API documentation at Stripe, Twilio, and GitHub is auto-generated from TypeScript types using Swagger/OpenAPI—this guarantees docs never drift from code. Your API contract becomes self-documenting and type-checked across frontend and backend simultaneously.

To create API documentation from TypeScript, you can use Swagger/OpenAPI. This helps you define your API structure clearly.

Step 1: Install Dependencies

npm install swagger-jsdoc swagger-ui-express

Step 2: Define Your API with Decorators

You can use decorators to add metadata to your API:

import { ApiProperty } from '@nestjs/swagger';

class User {
  @ApiProperty({ description: 'The unique identifier of the user' })
  id: number;

  @ApiProperty({ description: 'The name of the user' })
  name: string;
}

Step 3: Generate Documentation Automatically

Use TypeDoc or TSDoc to generate documentation from your TypeScript types:

npx typedoc --out docs src

Keeping Docs in Sync with Code

• Automate Documentation: Use CI/CD tools to regenerate docs on every commit.
• Review Changes: Regularly check for discrepancies between code and documentation.

graph TD
    A["💻 Code Changes"]:::style1 --> B["📚 Generate Docs"]:::style2
    B --> C["🔄 Update API Docs"]:::style3
    C --> D["🚀 Deploy"]:::style4

    classDef style1 fill:#c43e3e,stroke:#8b2a2a,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style2 fill:#6b5bff,stroke:#4a3f6b,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style3 fill:#43e97b,stroke:#38f9d7,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style4 fill:#ffd700,stroke:#d99120,color:#222,font-size:16px,stroke-width:3px,rx:14,shadow:6px;

By following these steps, you can create clear and up-to-date API documentation that reflects your TypeScript code! Happy coding! 😊

---

Real-World Production Examples 🏢

1. Express.js Type-Safe REST API 📡

Uber’s backend services use this Express pattern for request validation:

import express, { Request, Response, NextFunction } from 'express';

interface UserRequest {
  body: { email: string; password: string };
}

interface AuthResponse {
  token: string;
  userId: string;
}

const app = express();
app.use(express.json());

const validateEmail = (req: Request<{}, {}, UserRequest['body']>, res: Response, next: NextFunction) => {
  const { email } = req.body;
  if (!email.includes('@')) {
    return res.status(400).json({ error: 'Invalid email' });
  }
  next();
};

app.post<{}, AuthResponse, UserRequest['body']>('/auth/login', validateEmail, async (req, res) => {
  const { email, password } = req.body;
  const token = await generateToken(email, password);
  res.json({ token, userId: email });
});

const PORT = 3000;
app.listen(PORT, () => console.log(`Server running on port ${PORT}`));

2. NestJS Scalable Service Architecture 🏗️

Google Cloud uses this NestJS pattern for microservices:

import { Injectable, HttpException, HttpStatus } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';

interface User {
  id: number;
  email: string;
  role: 'admin' | 'user';
}

@Injectable()
export class UserService {
  constructor(
    @InjectRepository(User)
    private userRepository: Repository<User>,
  ) {}

  async findByEmail(email: string): Promise<User | null> {
    const user = await this.userRepository.findOne({ where: { email } });
    if (!user) {
      throw new HttpException('User not found', HttpStatus.NOT_FOUND);
    }
    return user;
  }

  async updateRole(userId: number, role: 'admin' | 'user'): Promise<User> {
    const user = await this.userRepository.findOne({ where: { id: userId } });
    if (!user) throw new HttpException('User not found', HttpStatus.NOT_FOUND);
    
    user.role = role;
    return this.userRepository.save(user);
  }
}

import { Controller, Get, Patch, Param, Body } from '@nestjs/common';

@Controller('users')
export class UserController {
  constructor(private userService: UserService) {}

  @Get(':email')
  async getUser(@Param('email') email: string) {
    return this.userService.findByEmail(email);
  }

  @Patch(':id/role')
  async updateUserRole(
    @Param('id') id: number,
    @Body() { role }: { role: 'admin' | 'user' }
  ) {
    return this.userService.updateRole(id, role);
  }
}

3. Fastify High-Performance API ⚡

Netflix’s rapid API framework uses this Fastify pattern:

import Fastify, { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
import { Type, Static } from '@sinclair/typebox';

const app: FastifyInstance = Fastify({ logger: true });

const ProductSchema = Type.Object({
  id: Type.Number(),
  title: Type.String(),
  price: Type.Number(),
  inStock: Type.Boolean(),
});

type Product = Static<typeof ProductSchema>;

const products: Map<number, Product> = new Map([
  [1, { id: 1, title: 'Laptop', price: 999, inStock: true }],
  [2, { id: 2, title: 'Phone', price: 599, inStock: false }],
]);

app.get<{ Params: { id: string } }>(
  '/products/:id',
  async (req: FastifyRequest<{ Params: { id: string } }>, reply: FastifyReply) => {
    const product = products.get(parseInt(req.params.id));
    if (!product) {
      return reply.status(404).send({ error: 'Product not found' });
    }
    return product;
  }
);

app.post<{ Body: Product }>(
  '/products',
  { schema: { body: ProductSchema } },
  async (req: FastifyRequest<{ Body: Product }>, reply: FastifyReply) => {
    const newProduct = { ...req.body, id: Date.now() };
    products.set(newProduct.id, newProduct);
    return reply.status(201).send(newProduct);
  }
);

app.listen({ port: 3000 }, (err, address) => {
  if (err) throw err;
  console.log(`Server listening at ${address}`);
});

4. GraphQL Type-Safe API with Apollo 🎯

GitHub’s GraphQL API uses this TypeGraphQL pattern:

import { ObjectType, Field, Resolver, Query, Arg, Mutation } from 'type-graphql';

@ObjectType()
class User {
  @Field()
  id: string;

  @Field()
  username: string;

  @Field(() => String, { nullable: true })
  email?: string;

  @Field()
  role: string;
}

@ObjectType()
class LoginResponse {
  @Field()
  token: string;

  @Field()
  user: User;
}

@Resolver(User)
export class UserResolver {
  private users: User[] = [
    { id: '1', username: 'alice', email: 'alice@example.com', role: 'admin' },
  ];

  @Query(() => User, { nullable: true })
  async user(@Arg('id') id: string): Promise<User | null> {
    return this.users.find(u => u.id === id) || null;
  }

  @Query(() => [User])
  async allUsers(): Promise<User[]> {
    return this.users;
  }

  @Mutation(() => LoginResponse)
  async login(
    @Arg('username') username: string,
    @Arg('password') password: string
  ): Promise<LoginResponse> {
    const user = this.users.find(u => u.username === username);
    if (!user || password !== 'correct_password') {
      throw new Error('Invalid credentials');
    }
    return {
      token: `token_${user.id}`,
      user,
    };
  }
}

5. Prisma Type-Safe Database Access 🗄️

Vercel’s infrastructure uses Prisma for type-safe queries:

import { PrismaClient } from '@prisma/client';

const prisma = new PrismaClient();

interface CreatePostInput {
  title: string;
  content: string;
  authorId: number;
}

async function createPost(data: CreatePostInput) {
  return prisma.post.create({
    data: {
      title: data.title,
      content: data.content,
      author: {
        connect: { id: data.authorId },
      },
    },
    include: {
      author: {
        select: { id: true, email: true, name: true },
      },
    },
  });
}

async function getUserWithPosts(userId: number) {
  return prisma.user.findUnique({
    where: { id: userId },
    include: {
      posts: {
        where: { published: true },
        orderBy: { createdAt: 'desc' },
      },
    },
  });
}

async function updatePostStatus(postId: number, published: boolean) {
  return prisma.post.update({
    where: { id: postId },
    data: { published },
  });
}

6. JWT Authentication Middleware 🔐

Auth0’s pattern for type-safe authentication:

import jwt from 'jsonwebtoken';
import { Request, Response, NextFunction } from 'express';

interface JWTPayload {
  userId: string;
  email: string;
  role: 'admin' | 'user';
}

declare global {
  namespace Express {
    interface Request {
      user?: JWTPayload;
    }
  }
}

const SECRET_KEY = process.env.JWT_SECRET || 'your-secret-key';

function generateToken(payload: JWTPayload, expiresIn = '24h'): string {
  return jwt.sign(payload, SECRET_KEY, { expiresIn });
}

function authenticateToken(req: Request, res: Response, next: NextFunction): void {
  const authHeader = req.headers['authorization'];
  const token = authHeader?.split(' ')[1];

  if (!token) {
    res.status(401).json({ error: 'Access token required' });
    return;
  }

  jwt.verify(token, SECRET_KEY, (err, decoded) => {
    if (err) {
      res.status(403).json({ error: 'Invalid token' });
      return;
    }

    req.user = decoded as JWTPayload;
    next();
  });
}

function authorize(...roles: string[]) {
  return (req: Request, res: Response, next: NextFunction): void => {
    if (!req.user || !roles.includes(req.user.role)) {
      res.status(403).json({ error: 'Insufficient permissions' });
      return;
    }
    next();
  };
}

// Usage in Express
app.get('/admin/dashboard', authenticateToken, authorize('admin'), (req, res) => {
  res.json({ message: `Welcome ${req.user?.email}` });
});

---

Hands-On Assignment: Build a Type-Safe Blog Platform Backend 🚀

📋 Your Challenge: Complete Blog Platform Backend with TypeScript

## 🎯 Mission Build a production-ready blog platform backend using TypeScript and your choice of framework (Express, NestJS, or Fastify). Your API must include type-safe routes, authentication, database integration, and comprehensive documentation—everything needed for a real-world deployment. ## 📋 Requirements **Core Features** (All Required): 1. **User Management** - Register, login, profile update with JWT authentication 2. **Blog Posts CRUD** - Create, read, update, delete operations with type safety 3. **Comments System** - Users can comment on posts with nested replies 4. **Category Management** - Posts belong to categories with filtering 5. **Search API** - Full-text search on posts and comments 6. **Pagination** - Type-safe offset/limit pagination for all list endpoints 7. **Database Integration** - Prisma or TypeORM with automatic migrations 8. **Error Handling** - Comprehensive error responses with proper HTTP status codes ## 💡 Hints - Use Prisma schema for database structure with type generation - Create separate services for business logic (UserService, PostService, CommentService) - Implement JWT middleware for route protection - Use DTOs (Data Transfer Objects) for request validation - Create custom error classes for different error types - Implement logging for debugging and monitoring - Use pagination to prevent loading entire tables - Add timestamps (createdAt, updatedAt) to all entities ## 📐 Example Project Structure ``` src/ main.ts config/ database.ts jwt.ts controllers/ UserController.ts PostController.ts CommentController.ts services/ UserService.ts PostService.ts CommentService.ts middleware/ auth.ts errorHandler.ts dto/ CreateUserDTO.ts CreatePostDTO.ts types/ index.ts routes/ users.ts posts.ts comments.ts ``` ## 🎯 Bonus Challenges **Level 1** 🟢 Add user following/followers system **Level 2** 🟢 Implement post likes and bookmark features **Level 3** 🟠 Add email verification for new accounts **Level 4** 🟠 Create admin panel with moderation tools **Level 5** 🔴 Implement real-time notifications using WebSockets **Level 6** 🔴 Add role-based access control (RBAC) with permissions matrix ## 📚 Learning Goals After completing this assignment, you will: - ✓ Build enterprise-grade REST APIs with TypeScript - ✓ Implement secure authentication and authorization patterns - ✓ Design scalable database schemas with type safety - ✓ Create type-safe DTOs and validation - ✓ Master error handling and middleware patterns - ✓ Generate API documentation from TypeScript types ## ⚡ Pro Tip Start with basic user authentication first—get login/register working before touching posts. Once auth is solid and tested, add the post CRUD endpoints. Then comments. Build incrementally, testing each layer as you go. This bottom-up approach catches architectural issues early! ## 🎓 Call-to-Action Build this project, deploy it to Vercel or Railway, and share the GitHub repo! This is the exact architecture used in production at Stripe, Shopify, and GitHub. Complete it and you're ready for senior backend engineering roles. The TypeScript backend mastery you'll gain here is worth six figures in the job market. **Get building!** 💪

---

Conclusion: Master TypeScript Backend Development 🎓

TypeScript transforms backend development from error-prone runtime failures into compile-time guarantees—Express, NestJS, and Fastify frameworks combined with type-safe database access eliminate entire categories of production bugs. By mastering these frameworks, authentication patterns, database integration, and API documentation generation, you’ll architect systems that power companies like Uber, Netflix, and Shopify while scaling fearlessly from thousands to millions of requests per day.