DhruvPatel011/tracklix-backend — reverse-engineered prompt

Build me the backend for Tracklix, a personal finance tracker app. I need a clean Node and Express API that connects to MongoDB and handles user accounts securely.

Users should be able to register, log in, stay authenticated with JWT, and access protected routes only when they have a valid token. Passwords need to be hashed, and sensitive settings should come from environment variables.

I also need a password recovery flow using OTP codes. The app should generate an OTP, email it using Resend, verify the code, and let the user reset their password safely.

Please organize the project in a normal backend structure with routes, controllers, models, middleware, config, and utilities. Include MongoDB models for users and OTPs, auth middleware, token generation, and email sending. Add a basic server setup, CORS for the frontend URL, and clear startup instructions with the needed env variables.