A server boilerplate built upon express + mongoDB. The boilerplate comes with an authentication system based on jwt and refresh tokens fully covered by tests.
First step, copy the repository and run:
npm i
Second step, you have to setup environment variables. Create a .env file at the top path of the repo and add the following variables each on a new line:
PORT=
server port during develompentMONGODB_URI=
atlas uri to connect toTEST_MONGODB_URI=
atlas uri to connect to during testsSECRET=
secret key for the jsonwebtokenTEST_SECRET=
secret key for the jsonwebtoken duting tests
Third step, run the server in development mode which will be aided by nodemon:
npm run dev
- Server base: Node.js + express
- Database: Cloud MongoDB Atlas + mongoose
- Authorization and authentication: built from scratch using jsonwebtoken and refresh tokens
- Emails: with nodemailer (disabled during tests)
- Validation: with Joi
- Environment variables: with dotenv and cross-env
- Testing: with jest and supertest
- Error handling: centralized to a final middleware
- Cross-Origin Resource-Sharing: enabled by cors
- Code style: ESLint and Prettier, lint rules borrowed from wesbos
Authentication and authorization are built on a jwt + refresh tokens and roles such as "user" and "admin". Refresh tokens expire in a week and their purpose is to periodically get jwt tokens which expire in 15 min. The refresh token is sent in a http only cookie while the jwt token inside the "Authorization" header.
The bulk of authorization is done by the /middleware/authorize.js
middleware, which can be attached on any route.
Authentication routes:
POST /accounts/register
POST /accounts/verify-email
POST /accounts/authenticate
POST /accounts/refresh-token
- refresh the jwt token
POST /accounts/revoke-token
- revoke the refresh token
POST /accounts/forgot-password
POST /accounts/validate-reset-token
POST /accounts/reset-password
POST /accounts
- create an account
GET /accounts
- get all accounts
GET /accounts/:id
PUT /accounts/:id
DELETE /accounts/:id
Currently there are integration tests for authentication and authorization. Run the tests with:
npm run test
// or
npm test -- tests/integration/accounts.test.js
src\
|--build\ # The app to serve on the frontend
|--config\ # Env variables and configuration
|--features\ # Feature based modules
|-- name # A certain feature
|-- name.controller.js # A feature's controller
|-- name.model.js # A feature's model (may be more)
|-- name.service.js # A feature's business logic
|--middleware\ # Custom express middlewares
|--utils\ # Utility classes and functions
|--app.js # Express app
|--index.js # App entry point
- Great auth node + mongo boilerplate
- Great overall node + mongo boilerplate which also has TESTS!!!
Why use it? Right. Don't use it.
The resources provided above are way, way better. This is a custom boilerplate made to my needs.