Just wrapped up the core setup for my e-commerce API (Impextech): Auth, Products, and Users. Everything is running on Node.js, Express, and TypeScript. Instead of just getting it to work, I spent this week focusing on security, keeping the code clean, and fixing some annoyances in my dev environment. Here’s a breakdown of what I built and a few "gotchas" I learned along the way. 1. Clean Architecture (Separation of Concerns) I split everything into Models, Services, and Controllers. It takes a little more time to set up initially, but it makes the route files way easier to read and keeps all the database logic safely in one place. My folder structure looks like this now: src/ ├── controllers/ ├── middleware/ ├── models/ ├── routes/ └── services/ Enter fullscreen mode Exit fullscreen mode 2. Route-Specific Middleware I set up custom middleware using express-jwt . Instead of applying global rules in my main app file, I passed requireLogin and isAdmin directly into specific routes.…