A minimal Express boilerplate with passport user authentication, mongoose and some security setup configured
JavaScript HTML CSS
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.github
bin
config
controllers
models
public
routes
views
.env.example
.gitignore
LICENSE
README.md
app.js
package.json
yarn.lock

README.md

Mini Express boilerplate

Looking for a Clementine.js-like, a boilerplate that contains the minimum so I get started on my projects. This boilerplate is built upon the excellent Express Generator.

Features

  • ExpressJS 4

  • Uses Mongoose 4.11

  • Passport authentication

    • Local (using email and password)
    • Facebook authentication
    • Twitter authentication
  • Stores sessions MongoDB

  • CORS is engabled

  • Uses SASS stylesheets (autocompiled)

  • Uses EJS templating language

  • MVC structure

  • Security

  • User Schema (Authentication, CRUD API)

  • If the user is logged in req.user will be available via a global variable called user for usage in views.

Getting Started

Prerequisites

Usage

To use this template you need to clone it, install dependencies, add your API keys (in order to work with Facebook and Twitter authentication APIs).

# Clone this repository in a new folder, let's call it "my-boilerplate"
git clone my-boilerplate

# Navigate to "my-boilerplate"
cd my-boilerplate

# Install NPM dependencies
npm install # If you prefer YARN just run "yarn install"

# Copy the .env file example to a new file and place your API keys there
# .env file will be ignored by GIT and it should contain your secret Data/Keys
cp .env.example .env

Getting API keys

The .env file must contain you Facebook and Twitter API keys you can get these keys from:

Securing forms against CSRF

You must add this tag to your <form>

<input type="hidden" name="_csrf" value="<%=csrftoken%>" />

If you want to disable CSRF protection:

  • Comment these lines in app.js

    app.use(csrf());
    app.use(function(req, res, next){
     res.locals.csrftoken = req.csrfToken();
     console.log(req.csrfToken());
     next();
    });
  • Remove tags using csrftoken variable ( views/users/login.ejs and views/users/signup.ejs )

Contributing

Feel free to fork this project and add whatever you like, if you have any suggestions or any comments please feel free to contact me or to open an issue.

TODO

  • Link password accounts
  • Work on front-end
  • Add awesome stuffs
  • When creating a new acocunt from Facebook or Twitter update his mail in profile (add to model)
  • Implement password recovery system

Authors

License

This project is licensed under the MIT License - see the LICENSE file for details

Acknowledgments

This project wouldn't be possible without all these amazing tutorials and these precious recourses: