Full-stack flashcard app: PERN stack, monorepo with shared schema, dual-token JWT auth, and runtime + compile-time validation via Zod and TypeScript.
ENGINEERING
Key Technical Decisions
01 – ARCHITECTURE
Monorepo with shared schema package
Used Turborepo + pnpm workspaces with a shared packages / schema-db imported by both the API and React client. One source of truth, no type drift between frontend & backend when the DB changes.
02 – AUTH
Dual-token JWT: access + refresh
Short-lived access token + separate refresh token. If the access token is intercepted, exposure window is narrow. Refresh token silently renews the session, no “please log in again” interruptions.
03 – VALIDATION
Zod + TypeScript: two layers
TypeScript catches errors at compile time. Zod validates at the API boundary at runtime, a malformed request fails fast with a clear error instead of silently corrupting the database.
04 – ORM
Drizzle over Prisma
Drizzle stays closer to SQL, has better TypeScript inference, and has no migration magic to debug. Better fit for a project I wanted to understand completely end-to-end.
ROADMAP
What’s Next
- Spaced repetition (SM-2 algorithm) – cards you miss reappear sooner, optimizing review timing based on accuracy.
- AI-generated started Sets – feed a topic, get a deck; removes blank-slate friction for new users.
- Password reset flow – currently the biggest gap in the auth experience; scoped out of v1 to ship faster.