A secure and tamper-proof RESTful backend API for a digital voting system, built with Node.js and Express.js. The system enforces strict one-person-one-vote logic at both the database and application level. Key Features: - Aadhar Card-based authentication — users register and login using their 12-digit Aadhar number (unique identity verification) - One vote per user — isVoted flag prevents any user from casting duplicate votes - Admin-only candidate management — only admin can add, update, or delete candidates - Smart delete — when a candidate is deleted, all voters who voted for them get their isVoted flag reset automatically - Live vote count — returns real-time leaderboard sorted by vote count (highest first) - Admin is blocked from voting — role-based restriction enforced at API level - JWT authentication with 10-hour token expiry - Rate limiting — global limiter (1000 req/day) + strict per-user limiter (3 req/day) for sensitive routes - Password hashing with Bcrypt using Mongoose pre-save hooks - Helmet.js for secure HTTP headers and CORS support - Centralized error handling middleware with custom status codes