Template Newspaper

A production-ready, full-stack newspaper & news publishing system built with Next.js 16, React 19, MongoDB, and Cloudinary. Ships with a polished public news portal, an admin dashboard, and an author workflow — all out of the box.

📅 Version 1.0.0 🏗️ Next.js 16 + React 19 🗄️ MongoDB + Mongoose ☁️ Cloudinary

Overview

Template Newspaper is a complete news publishing platform that covers every layer of a modern media website. It ships with everything you need out of the box:

A beautifully designed public news portal with Classic and Modern homepage layouts, category pages, breaking news, and social sharing.
A feature-rich Admin Dashboard for managing articles, categories, authors, contacts, newsletter subscribers, and all site settings.
An Author Dashboard with a review-gated content workflow — authors submit, admins approve.
A robust REST API with JWT-based authentication, Zod validation, and a consistent response format.
Cloudinary integration for all image and media management, configured entirely from the admin panel.
MongoDB as the database with Mongoose ODM, soft-deletion, and compound indexing.

Features

Public Portal

Two Homepage Layouts

Classic and Modern layout variants, switchable from admin settings without a rebuild.

Category Pages

Dynamic category and subcategory pages with pagination and subcategory navigation.

Breaking & Latest News

Dedicated breaking news ticker, latest news feed, featured, and most-viewed sections.

News Detail Pages

Full article pages with estimated read time, author info, and social sharing buttons.

Newsletter & Contact

Built-in newsletter subscription form and contact form with admin reply tracking.

SEO Ready

Configurable metadata, Open Graph image, keywords, and page titles from the admin panel.

Dark Mode

Full dark mode support powered by next-themes, with smooth transitions and system detection.

Auto Sitemap

Automatically generated sitemap and legal pages (Privacy Policy, Terms & Conditions, About Us).

Admin Dashboard

News Management

Create, edit, publish, reject, sort, and soft-delete articles. Full status workflow control.

Category Management

Hierarchical categories and subcategories with drag-and-drop reordering (dnd-kit).

Author Management

Create and manage author accounts. Activate, deactivate, and delete authors.

Contact & Newsletter

View contact submissions with replied status, and browse newsletter subscriber list.

Settings Panel

Configure general info, Cloudinary credentials, SEO metadata, and legal page content.

Dashboard Statistics

At-a-glance stats: total news, authors, contacts, subscribers, and interactive charts.

Author Dashboard

Rich Text Editor

Full article creation powered by SunEditor — a feature-rich WYSIWYG HTML editor.

Review Workflow

Authors submit articles for admin review. Track status: Draft → Under Review → Published / Rejected.

Technology Stack

Next.js 16 App Router, Server Components, Turbopack

React 19 Latest stable release

TypeScript 5 Strict type safety throughout

MongoDB 6+ via Mongoose 8 ODM

NextAuth v5 Session + JWT Credentials provider

Tailwind CSS v4 Utility-first styling

Radix UI + shadcn Accessible UI primitives

SunEditor Rich text / WYSIWYG editor

React Hook Form Performant forms

Zod Schema-first validation

TanStack Table Headless data tables

dnd-kit Drag-and-drop sorting

Cloudinary Media storage & delivery

Zustand Lightweight state management

Recharts Dashboard charts

Lucide + Tabler Icons Modern SVG icon sets

React Hot Toast Toast notifications

Embla Carousel Smooth carousels

Requirements

Requirement	Minimum Version	Notes
Node.js	18.18 or later	LTS recommended
npm	9.x or later	pnpm / yarn / bun also supported
MongoDB	6.0 or later	Local or MongoDB Atlas (free tier)
Cloudinary Account	Any	Free tier is sufficient

Installation & Setup

Step 1 — Extract Files

unzip template-newspaper.zip -d template-newspaper
cd template-newspaper

Step 2 — Install Dependencies

npm install

Step 3 — Configure Environment Variables

cp .env.example .env
# Then edit .env with your actual values

See the Environment Variables section for all required values.

Step 4 — Create the First Admin Account

Insert an admin user document directly into MongoDB (via MongoDB Compass or Atlas UI). Set role to "admin" and use a bcrypt-hashed password.

Step 5 — Start Development Server

npm run dev

Open http://localhost:3000 in your browser. The admin dashboard is at http://localhost:3000/admin/dashboard. The interactive documentation is at http://localhost:3000/documentation.

Environment Variables

Create a .env file in the project root with the following variables:

# ─── Database ──────────────────────────────────────────────────────
# MongoDB connection string (Atlas or local instance)
MONGODB_URI=mongodb+srv://<user>:<password>@cluster.mongodb.net/<db>

# ─── Authentication ────────────────────────────────────────────────
# Long random string for signing JWTs. Generate: openssl rand -base64 32
NEXTAUTH_SECRET=your-secret-key-here

# ─── Internal API URL ──────────────────────────────────────────────
# Use http://localhost:3000 for local dev; production domain in prod
NEXT_API_URL=http://localhost:3000

# ─── Cloudinary ────────────────────────────────────────────────────
# Can also be configured via Admin → Settings → Cloudinary
CLOUDINARY_CLOUD_NAME=your-cloud-name
CLOUDINARY_API_KEY=your-api-key
CLOUDINARY_API_SECRET=your-api-secret

ℹ️ Cloudinary Credentials

The CLOUDINARY_CLOUD_NAME, CLOUDINARY_API_KEY, and CLOUDINARY_API_SECRET are also manageable through Admin Dashboard → Settings → Cloudinary (saved in the database). Changes take effect without redeploying.

⚠️ Security Notice

Never commit .env to version control. It is listed in .gitignore by default. Always set a strong, unique NEXTAUTH_SECRET in production.

Running the Application

Command	Description
`npm run dev`	Start development server with Turbopack at `localhost:3000`
`npm run build`	Create an optimised production build
`npm run start`	Serve the production build
`npm run lint`	Run ESLint code quality checks

Project Structure

template-newspapper/
├── public/
│   ├── documentation.html           # Standalone HTML documentation
│   └── documentation-pdf.html       # Print-optimised documentation
│
├── src/
│   ├── app/                         # Next.js App Router root
│   │   ├── (auth)/                  # Auth pages (no header/footer)
│   │   │   └── login/
│   │   │
│   │   ├── (public)/                # Public-facing pages
│   │   │   ├── layout.tsx           # Header + Footer wrapper
│   │   │   ├── page.tsx             # Homepage (classic / modern)
│   │   │   ├── [category]/          # Category listing pages
│   │   │   ├── news/[slug]/         # News detail page
│   │   │   ├── about-us/
│   │   │   ├── contact-us/
│   │   │   ├── privacy-policy/
│   │   │   ├── terms-and-conditions/
│   │   │   └── site-map/
│   │   │
│   │   ├── (dashboard)/             # Protected dashboard (auth required)
│   │   │   ├── layout.tsx           # Sidebar shell
│   │   │   ├── admin/
│   │   │   │   ├── dashboard/       # Stats & charts
│   │   │   │   ├── news/            # News CRUD & status management
│   │   │   │   ├── categories/      # Category & subcategory management
│   │   │   │   ├── authors/         # Author account management
│   │   │   │   ├── contacts/        # Contact submissions
│   │   │   │   ├── newsletters/     # Newsletter subscribers
│   │   │   │   └── settings/        # Site-wide settings
│   │   │   └── author/
│   │   │       ├── dashboard/       # Author personal stats
│   │   │       └── news/            # Author's own articles
│   │   │
│   │   ├── documentation/           # /documentation route
│   │   │
│   │   └── api/
│   │       ├── auth/[...nextauth]/  # NextAuth handler
│   │       ├── admin/               # All admin API endpoints
│   │       ├── author/              # Author API endpoints
│   │       └── landing/             # Public API endpoints
│   │
│   ├── components/
│   │   ├── ui/                      # shadcn/ui primitives (50+ components)
│   │   ├── form/                    # Reusable form field components
│   │   ├── shared/                  # Header, Footer, layout components
│   │   ├── dashboard/               # Dashboard-specific widgets
│   │   └── data-table/              # TanStack React Table components
│   │
│   ├── lib/
│   │   ├── async-handler.ts         # API route wrapper (auth + validation)
│   │   ├── authenticate.ts          # JWT verification middleware
│   │   ├── fetcher.ts               # Authenticated HTTP client
│   │   ├── routes.ts                # Centralised route constants
│   │   ├── utils.ts                 # Helpers (cn, slugify, paginate…)
│   │   └── validation-schema.ts     # Zod schemas for all entities
│   │
│   ├── model/
│   │   ├── User.ts
│   │   ├── News.ts
│   │   ├── Category.ts
│   │   ├── Contact.ts
│   │   ├── Newsletter.ts
│   │   └── Settings.ts
│   │
│   ├── services/                    # Business logic / server actions
│   │   └── auth.ts / news.ts / categories.ts / authors.ts / …
│   │
│   ├── config/
│   │   ├── database.ts              # MongoDB connection singleton
│   │   ├── cloudinary.ts            # Cloudinary SDK setup
│   │   └── constant.ts              # App-wide constants (roles, statuses)
│   │
│   ├── hooks/
│   │   ├── use-user.ts
│   │   └── use-mobile.ts
│   │
│   └── store/                       # Zustand client state stores
│       ├── user-store.ts
│       ├── breadcrumb-store.ts
│       ├── category-store.tsx
│       └── table-store.ts
│
├── .env / .env.example
├── next.config.ts
├── tailwind.config.ts
├── tsconfig.json
├── components.json                  # shadcn/ui config
└── package.json

Pages & Routes

Public Pages

Route	Description
`/`	Homepage — Classic or Modern layout (configured in settings)
`/[category]`	Category listing page with subcategory navigation and pagination
`/news/[slug]`	Full news article detail page
`/about-us`	About Us page (content editable from admin)
`/contact-us`	Contact form page
`/privacy-policy`	Privacy Policy page (content editable from admin)
`/terms-and-conditions`	Terms & Conditions page (content editable from admin)
`/site-map`	Auto-generated sitemap
`/login`	Login page for admin and author accounts
`/documentation`	Built-in interactive documentation

Admin Dashboard Pages (Protected)

All admin routes are under /admin/ and require a valid admin authentication session.

Route	Description
`/admin/dashboard`	Overview statistics and charts
`/admin/news`	News list with filters and status management
`/admin/news/create`	Create new article
`/admin/news/[slug]`	Edit existing article
`/admin/categories`	Category list with drag-to-reorder
`/admin/categories/create`	Create new category
`/admin/categories/[slug]`	Edit category & subcategories
`/admin/authors`	Author account management
`/admin/contacts`	Contact form submissions
`/admin/newsletters`	Newsletter subscriber list
`/admin/settings/general`	General site settings
`/admin/settings/cloudinary`	Cloudinary credentials
`/admin/settings/metadata`	SEO metadata settings
`/admin/settings/terms-and-conditions`	Terms page content
`/admin/settings/privacy-policy`	Privacy policy content
`/admin/settings/about-us`	About Us page content

Author Dashboard Pages (Protected)

All author routes are under /author/ and require a valid author session.

Route	Description
`/author/dashboard`	Author personal statistics
`/author/news`	Author's own article list
`/author/news/create`	Create new article
`/author/news/[slug]`	Edit own article

Roles & Permissions

Role	Access
`admin`	Full access to admin dashboard, all content, settings, and user management
`author`	Access to author dashboard; can create, edit, and submit own articles only
`user`	Reserved for future public-user features; no dashboard access currently

Route protection is enforced at middleware level — unauthenticated requests to dashboard routes are redirected to /login.

Authentication

Authentication is powered by NextAuth v5 with the Credentials provider and JWT sessions (30-day expiry).

Login Flow

User submits email and password on /login.
The credentials provider calls the backend login endpoint for the appropriate role.
Backend verifies the password with bcrypt and issues a signed JWT.
NextAuth stores the token in a secure, HTTP-only session cookie.
API requests include the token as Authorization: Bearer <token>.
The authenticate() middleware verifies the token and attaches the user to the request context.

Key Files

File	Purpose
`src/app/api/auth/[...nextauth]/auth.ts`	NextAuth configuration and callbacks
`src/lib/authenticate.ts`	JWT verification middleware for API routes
`src/lib/async-handler.ts`	API route wrapper with role-checking and Zod validation
`src/hooks/use-user.ts`	React hook to read the current authenticated user

API Reference — Public Endpoints

All API responses follow a consistent envelope format:

// Success
{ "success": true, "statusCode": 200, "message": "...", "data": { ... } }

// Error
{ "success": false, "statusCode": 400, "message": "...", "errors": [ ... ] }

News & Categories

GET/api/landing/news-category

Returns all active categories for the public navigation header.

GET/api/landing/news/[slug]

Returns a single published news article by its unique slug. Increments view count.

GET/api/landing/latest-news

Returns the most recently published articles flagged as latest.

GET/api/landing/breaking-news

Returns articles flagged as breaking news for the ticker.

GET/api/landing/category-wise-news/[categoryId]/[subcategoryId]

Returns paginated published articles for the given category and subcategory.

Query Parameters: page (default: 1), limit (default: 10)

GET/api/landing/category-wise-news/[categoryId]/[subcategoryId]/featured

Returns featured articles within a specific category.

GET/api/landing/category-wise-news/[categoryId]/[subcategoryId]/most-viewed

Returns most-viewed articles within a specific category, sorted by viewCount.

Contact, Newsletter & Settings

POST/api/landing/contact

Submits a contact form enquiry.

{ "name": "Jane Doe", "email": "jane@example.com", "message": "Hello!" }

POST/api/landing/newsletter

Subscribes an email address to the newsletter.

{ "email": "reader@example.com" }

GET/api/landing/settings

Returns public site settings (company name, logo, social links, home view preference).

API Reference — Authentication

ℹ️ Protected Endpoints

All admin and author management endpoints require: Authorization: Bearer <token>

POST/api/admin/auth/login

Authenticates an admin user and returns a JWT token.

// Request
{ "email": "admin@example.com", "password": "your_password" }

// Response
{
  "success": true,
  "data": {
    "token": "eyJhbGci...",
    "user": { "name": "Admin", "email": "admin@example.com", "role": "admin" }
  }
}

POST/api/author/auth/login

Authenticates an author user and returns a JWT token.

GET/api/admin/auth/me

Returns the currently authenticated admin's profile. Requires Bearer token.

PUT/api/admin/auth/me

Updates the admin's profile name. Requires Bearer token.

PUT/api/admin/auth/password

Changes the admin password. Requires Bearer token.

{ "oldPassword": "current", "newPassword": "new_pass", "confirmPassword": "new_pass" }

GET/api/author/auth/me

Returns the current author's profile. Requires Bearer token.

PUT/api/author/auth/me

Updates the author's profile. Requires Bearer token.

PUT/api/author/auth/password

Changes the author's password. Requires Bearer token.

API Reference — Categories

Method	Endpoint	Description
GET	`/api/admin/category`	List all categories with subcategories
POST	`/api/admin/category`	Create a new category
GET	`/api/admin/category/[slug]`	Get single category with its subcategories
PUT	`/api/admin/category/[slug]`	Update category details and subcategories
DELETE	`/api/admin/category/[slug]`	Delete category and its subcategories
PUT	`/api/admin/category/sort`	Reorder categories (drag-and-drop)

// Create Category — Request Body
{
  "name": "Politics",
  "slug": "politics",
  "status": true,
  "featured": true,
  "subCategories": [
    { "name": "National", "slug": "national", "status": true }
  ]
}

API Reference — Authors

Method	Endpoint	Description
GET	`/api/admin/author`	List all author accounts
POST	`/api/admin/author`	Create a new author account
PUT	`/api/admin/author/[id]`	Update author details or status
DELETE	`/api/admin/author/[id]`	Delete an author account

// Create Author — Request Body
{
  "name": "Jane Reporter",
  "email": "jane@newsroom.com",
  "password": "initial_password"
}

API Reference — News (Admin)

Method	Endpoint	Description
GET	`/api/admin/news`	Paginated news list with status, category, and author filters
POST	`/api/admin/news`	Create and publish a news article (with image upload)
GET	`/api/admin/news/[slug]`	Get a single article
PUT	`/api/admin/news/[slug]`	Update article content, status, or flags
DELETE	`/api/admin/news/[slug]`	Soft-delete article (recoverable)
PUT	`/api/admin/news/sort`	Reorder articles by position
PUT	`/api/admin/news/reject/[slug]`	Reject a submitted article with a reason

// News article status values
"draft"      // saved but not submitted
"review"     // submitted by author, awaiting admin action
"published"  // live on the public portal
"rejected"   // rejected by admin with a reason

// Reject endpoint — Request Body
{ "rejectReason": "Content needs more sources." }

API Reference — News (Author)

Method	Endpoint	Description
GET	`/api/author/news`	List the author's own articles with status filter
POST	`/api/author/news`	Create an article in draft or submit for review
PUT	`/api/author/news/[slug]`	Update own article (allowed in draft or rejected state)
DELETE	`/api/author/news/[slug]`	Delete own article

API Reference — Contact & Newsletter

Method	Endpoint	Description
GET	`/api/admin/contact`	List all contact form submissions
PUT	`/api/admin/contact/[id]`	Toggle the replied status of a contact submission
GET	`/api/admin/newsletter`	List all newsletter subscribers

API Reference — Settings

Method	Endpoint	Description
GET	`/api/admin/settings/general`	Get general site settings
PUT	`/api/admin/settings/general`	Update general settings (name, logo, social links, home view)
GET	`/api/admin/settings/cloudinary`	Get Cloudinary configuration
PUT	`/api/admin/settings/cloudinary`	Update Cloudinary credentials
GET	`/api/admin/settings/metadata`	Get SEO metadata settings
PUT	`/api/admin/settings/metadata`	Update SEO metadata (title, description, keywords, OG image)
GET	`/api/admin/settings/terms`	Get Terms & Privacy HTML content
PUT	`/api/admin/settings/terms`	Update Terms, Privacy Policy, and About Us content

API Reference — Dashboard

Method	Endpoint	Description
GET	`/api/admin/dashboard`	Returns overview stats, chart data, and recent articles for the admin
GET	`/api/author/dashboard`	Returns the author's personal stats (article counts by status)

Data Models — User

Field	Type	Description
`name`	String	Display name
`email`	String (unique)	Login email address
`password`	String	Bcrypt-hashed password
`role`	Enum	`admin`, `author`, or `user`
`image`	String	Profile image URL (Cloudinary)
`status`	Boolean	Account active / inactive flag
`softDelete`	Boolean	Soft-deletion flag (default: false)

Data Models — News

Field	Type	Description
`title`	String	Article headline
`slug`	String (unique)	URL-friendly identifier (auto-generated)
`image`	String	Featured image URL (Cloudinary)
`shortDesc`	String	Summary / excerpt for listing pages
`body`	String	Full HTML article content from SunEditor
`readTime`	Number	Estimated reading time in minutes
`author`	ObjectId → User	Reference to the article's author
`category`	ObjectId → Category	Primary category reference
`subCategory`	ObjectId → Category	Subcategory reference
`status`	Enum	`draft` \| `review` \| `published` \| `rejected`
`rejectReason`	String	Rejection reason provided by admin
`publishedAt`	Date	Timestamp when article was published
`viewCount`	Number	Incremented on each public view
`breakingNews`	Boolean	Show in breaking news ticker
`latest`	Boolean	Show in latest news section
`featured`	Boolean	Show in featured section
`position`	Number	Manual sort order
`softDelete`	Boolean	Soft-deletion flag

Data Models — Category

Field	Type	Description
`name`	String	Category display name
`slug`	String (unique)	URL slug
`parent`	ObjectId → Category	`null` for top-level; parent ID for subcategories
`status`	Boolean	Active / inactive
`featured`	Boolean	Show in featured navigation
`position`	Number	Manual sort order

Data Models — Settings

Namespace	Key Fields
`general`	`companyName`, `phone`, `address`, `logo`, `favicon`, social links, `homeView` (`classic`/`modern`)
`cloudinary`	`cloudName`, `apiKey`, `apiSecret`, `folder`, `secureUrlBase`
`metadata`	`title`, `applicationName`, `description`, `keywords`, `openGraphImage`
`termsPolicy`	`terms`, `policy`, `aboutUs` (rich HTML content)

Data Models — Contact & Newsletter

Model	Field	Type	Description
Contact	`name`	String	Submitter's name
	`email`	String	Submitter's email
	`message`	String	Message body
	`isReplied`	Boolean	Replied status flag
Newsletter	`email`	String (unique)	Subscriber email address

Configuration

Homepage Layout

Switch between Classic and Modern homepage layouts from Admin → Settings → General → Home View. The change takes effect immediately without a rebuild.

Cloudinary

Configure from Admin → Settings → Cloudinary. Required fields:

Cloud Name — from your Cloudinary dashboard
API Key — from your Cloudinary dashboard
API Secret — from your Cloudinary dashboard
Upload Folder — destination folder in your Cloudinary library (e.g. newspaper)
Secure URL Base — e.g. https://res.cloudinary.com

SEO & Metadata

Go to Admin → Settings → Metadata to set the page title template, default description, keywords, and Open Graph / Twitter Card image.

Legal Pages

The About Us, Privacy Policy, and Terms & Conditions page content is fully editable from Admin → Settings using the rich text editor. No code changes required.

Deployment

Vercel (Recommended)

Push the project to a GitHub or GitLab repository.
Import the repository at vercel.com.
Add all environment variables in the Vercel project settings.
Click Deploy — Vercel auto-detects Next.js and configures the build.

Self-Hosted (Node.js)

# Build the production bundle
npm run build

# Start the production server
npm run start

Docker

Create a Dockerfile based on the official Next.js Docker example and pass environment variables at runtime via --env-file .env.

Production Checklist

Set a strong, unique NEXTAUTH_SECRET (use openssl rand -base64 32)
Use a MongoDB Atlas cluster with a dedicated user and IP allowlist
Enable HTTPS (Vercel handles this automatically)
Set NEXT_API_URL to your production domain (e.g. https://yourdomain.com)
Update Cloudinary credentials from Admin → Settings → Cloudinary after first login
Change the default admin password immediately after first login
Configure Open Graph image and site metadata from Admin → Settings → Metadata

Support

If you have questions, issues, or feature requests, please open a support ticket through your purchase platform's messaging system.

When reporting a bug, please include:

Your Node.js version (node -v)
The full error message and stack trace
Step-by-step instructions to reproduce the issue

Documentation last updated: April 2026