Loading project...
Loading project...
Production-grade YouTube-style API backend with full OpenAPI documentation
A concise look at the project, its purpose, and its value.
BilalTube is a production-grade REST API backend for a video streaming platform. It covers the full feature set: user authentication, video management, comments, likes, subscriptions, and playlists — all documented with live, explorable OpenAPI documentation.
Frontend developers building video platforms, mobile app developers needing a video backend, or anyone learning how to architect complex REST APIs following industry best practices.
A fully functional video platform API that can be used as a backend for any frontend client. Live Swagger documentation lets developers explore and test every endpoint without needing to read additional documentation.
I wanted to demonstrate my ability to architect and implement complex, real-world API systems. Video platforms have uniquely challenging requirements — file uploads, hierarchical comments, like/unlike toggles, subscription feeds — that test API design skills beyond simple CRUD.
Video platforms require sophisticated backend logic beyond standard CRUD: large file uploads with progress tracking, hierarchical comment threads, real-time like/unlike toggles, subscription-based content feeds, and playlist management with ordering. Most tutorial APIs oversimplify these challenges.
The impact: Teams building video platforms often underestimate the backend complexity. File upload handling, data modeling for nested comments, and subscription feed queries require careful architecture. Poor design leads to performance issues, data integrity problems, and difficult maintenance.
BilalTube implements a modular Express API following the MVC pattern with clear separation of routes, controllers, services, and models. Every endpoint is documented with OpenAPI/Swagger. File uploads use Cloudinary with transformation pipelines. Authentication uses JWT with refresh token rotation.
What this project can do
Register, login, logout with JWT access/refresh tokens. Profile management with avatar upload via Cloudinary.
Upload, update, delete videos with Cloudinary integration. Thumbnail generation, video streaming, and metadata management.
Hierarchical comment threads on videos with pagination. Reply to comments, edit, and delete with ownership checks.
Toggle like/unlike on videos and comments. Each user can only have one vote per item. Real-time count updates.
Create, update, delete playlists with ordered video entries. Public/private visibility settings.
Direct upload to Cloudinary with automatic transcoding, thumbnail generation, and CDN delivery.
Search videos by title, description, and tags. Filter by upload date, popularity, and category.
Subscribe/unsubscribe to channels. Get a feed of videos from subscribed channels.
Visual walkthrough of the project
How the system is designed and how components interact
BilalTube follows a layered MVC architecture. Routes define the API surface, controllers handle HTTP request/response, services contain business logic, and models define MongoDB schemas. Authentication middleware protects routes. Cloudinary handles media processing. Swagger documentation is auto-generated from JSDoc comments.
Visual overview of system design, data flow, and key processes
Complete flow from video upload through Cloudinary transcoding to final delivery with captions.
The technologies used to build this project
The hard problems that needed solving
How the system is designed for speed and scale
Video feeds, subscription feeds, and search results use MongoDB aggregation pipelines with proper indexing for sub-100ms query times even with thousands of documents.
All video and image media is served through Cloudinary's global CDN. Automatic quality optimization based on device and network conditions. No direct media serving from the application server.
All list endpoints use cursor-based pagination to avoid the performance degradation of offset-based pagination at scale. Page size is configurable per endpoint.
Access tokens are short-lived (15 minutes) to minimize security risk without requiring database lookups on every request. Refresh tokens use a rotation strategy for additional security.
How the system is protected
Dual-token strategy: short-lived access tokens (15min) and rotating refresh tokens. Refresh tokens are invalidated after use to prevent replay attacks.
Every endpoint validates request body, query parameters, and URL parameters against Zod schemas. Invalid inputs return structured error responses.
Users can only modify their own resources (videos, comments, playlists). Delete and update operations verify ownership before proceeding.
Passwords hashed with bcryptjs with configurable salt rounds. Never stored in plaintext or logged.
All secrets and configuration through environment variables. Different configs for development, staging, and production environments.
What I learned building this project and what I'd do differently
Writing OpenAPI specs alongside route definitions (via JSDoc) forced me to think about the API contract before implementation. This caught design inconsistencies early and made the API more coherent.
The MongoDB aggregation pipeline is incredibly capable but the learning curve is steep. Complex pipelines with $lookup, $unwind, and $group require careful testing. The payoff is worth it — single-pipeline queries replaced what would have been multiple application-level joins.
Video upload seems simple until you handle progress tracking, error recovery, format validation, size limits, and concurrent uploads. Using Cloudinary eliminated most of these concerns but introduced its own complexity with webhooks and transformation pipelines.
I'd add real-time notifications via WebSockets for new subscribers, comments, and likes. I'd also implement a recommendation engine using collaborative filtering and add admin analytics dashboards.
Other projects you might find interesting
I design and build production-grade APIs. Let's discuss your project requirements.
