DEV Community: Carter The latest articles on DEV Community by Carter (@carter254g). https://dev.to/carter254g https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3908168%2F191abc94-a677-4fae-b422-0512f3da58f9.png DEV Community: Carter https://dev.to/carter254g en I Built a Full-Stack Invoice App from Scratch. Here's the Complete Breakdown Carter Fri, 01 May 2026 21:47:41 +0000 https://dev.to/carter254g/i-built-a-full-stack-invoice-app-from-scratch-heres-the-complete-breakdown-2mmb https://dev.to/carter254g/i-built-a-full-stack-invoice-app-from-scratch-heres-the-complete-breakdown-2mmb <p>Most invoice tools are either too expensive or too complicated. I built my own in one week and deployed it live. Here is every technical decision I made and what I learned.</p> <p>Live demo: <a href="https://invoxa-eta.vercel.app" rel="noopener noreferrer">https://invoxa-eta.vercel.app</a><br> GitHub: <a href="https://github.com/Carter254g/invoxa" rel="noopener noreferrer">https://github.com/Carter254g/invoxa</a></p> <h2> What It Does </h2> <p>Invoxa lets you create clients, generate invoices with line items, track payment status, and see your revenue on a dashboard. Multi-currency support included.</p> <h2> The Stack </h2> <p>React on the frontend. Node.js and Express on the backend. PostgreSQL for the database. Deployed on Vercel and Render.</p> <p>Simple. No unnecessary complexity.</p> <h2> The Part Most Tutorials Skip — Auth Middleware </h2> <p>Every protected route in the API runs through this middleware before the controller even sees the request:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">auth</span> <span class="o">=</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">authHeader</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">authorization</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">authHeader</span> <span class="o">||</span> <span class="o">!</span><span class="nx">authHeader</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">Bearer </span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">No token provided</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">authHeader</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">];</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">decoded</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">);</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="o">=</span> <span class="nx">decoded</span><span class="p">;</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Invalid or expired token</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>Clean. Reusable. One function protects every route.</p> <h2> Database Migrations on Startup </h2> <p>Instead of manually creating tables, the server runs migrations automatically on startup:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">migrate</span><span class="p">.</span><span class="nf">createTables</span><span class="p">().</span><span class="nf">then</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">PORT</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Server running on port </span><span class="p">${</span><span class="nx">PORT</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>Anyone who clones the repo gets a working database in seconds.</p> <h2> The Axios Interceptor That Saved Me Hours </h2> <p>Instead of attaching the JWT token to every API call manually, one interceptor handles it globally:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">api</span><span class="p">.</span><span class="nx">interceptors</span><span class="p">.</span><span class="nx">request</span><span class="p">.</span><span class="nf">use</span><span class="p">((</span><span class="nx">config</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="nx">config</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">Authorization</span> <span class="o">=</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">config</span><span class="p">;</span> <span class="p">});</span> </code></pre> </div> <p>Write it once. Forget about it.</p> <h2> What Broke in Production </h2> <p>Three things hit me during deployment:</p> <ol> <li><p>Render requires SSL for PostgreSQL connections. Add rejectUnauthorized: false to your pg Pool config in production or nothing works.</p></li> <li><p>CORS needs to explicitly list your Vercel domain. A wildcard does not work with credentials.</p></li> <li><p>JWT expiry values from environment variables need to be strings. When the value comes back undefined from the env, jwt.sign throws a silent error. Hardcode the fallback.</p></li> </ol> <p>These cost me two hours. Now they cost you nothing.</p> <h2> The Dashboard Pulls Real Data </h2> <p>The dashboard shows total invoices, total clients, revenue collected, and outstanding balance — all calculated from live database queries on every load.</p> <p>No fake data. No hardcoded numbers.</p> <h2> What is Next </h2> <ul> <li>PDF export for invoices</li> <li>Email delivery via Nodemailer</li> <li>Recurring invoices</li> <li>Payment gateway integration</li> </ul> <h2> Try It and Star the Repo </h2> <p>Live app: <a href="https://invoxa-eta.vercel.app" rel="noopener noreferrer">https://invoxa-eta.vercel.app</a></p> <p>If this helped you, star the repo on GitHub and drop a comment below<br> GitHub: <a href="https://github.com/Carter254g/invoxa" rel="noopener noreferrer">https://github.com/Carter254g/invoxa</a><br> javascript<br> node<br> react<br> webdev</p> node react showdev webdev