A modern, production-ready template for building full-stack React applications using React Router.
- 🚀 Server-side rendering
- ⚡️ Hot Module Replacement (HMR)
- 📦 Asset bundling and optimization
- 🔄 Data loading and mutations
- 🔒 TypeScript by default
- 🎉 TailwindCSS for styling
- 🔗 API integration with Django backend
- 📖 React Router docs
Install the dependencies:
npm installThe application uses environment variables for configuration. Copy the example environment file to create your own:
# Copy the example env file
cp app/env.example .env.local
# Edit the file with your specific settings
nano .env.localAvailable environment variables:
| Variable | Description | Default |
|---|---|---|
| VITE_API_BASE_URL | Base URL for API requests | http://localhost:8000/api |
| VITE_API_TIMEOUT | Timeout for API requests (ms) | 30000 |
| VITE_AUTH_LOGIN_ENDPOINT | Login endpoint | /auth/login |
| VITE_AUTH_REGISTER_ENDPOINT | Registration endpoint | /auth/register |
| VITE_AUTH_VALIDATE_TOKEN_ENDPOINT | Token validation endpoint | /auth/validate-token |
| VITE_AUTH_REFRESH_TOKEN_ENDPOINT | Token refresh endpoint | /auth/refresh-token |
Start the development server with HMR:
npm run devYour application will be available at http://localhost:5173.
Create a production build:
npm run buildTo build and run using Docker:
docker build -t my-app .
# Run the container
docker run -p 3000:3000 my-appThe containerized application can be deployed to any platform that supports Docker, including:
- AWS ECS
- Google Cloud Run
- Azure Container Apps
- Digital Ocean App Platform
- Fly.io
- Railway
If you're familiar with deploying Node applications, the built-in app server is production-ready.
Make sure to deploy the output of npm run build
├── package.json
├── package-lock.json (or pnpm-lock.yaml, or bun.lockb)
├── build/
│ ├── client/ # Static assets
│ └── server/ # Server-side code
This template comes with Tailwind CSS already configured for a simple default starting experience. You can use whatever CSS framework you prefer.
This application uses HTTP-only cookies for authentication, which provides enhanced security against XSS attacks. The authentication flow works as follows:
- When a user logs in or registers, the backend sets HTTP-only cookies containing the authentication tokens.
- These cookies are automatically included in subsequent requests to the backend.
- If authentication fails, the application attempts to refresh the token using a dedicated endpoint.
- The tokens are never accessible to JavaScript, reducing the risk of token theft via XSS attacks.
Cross-Site Request Forgery (CSRF) protection is implemented using Django's CSRF token system:
- The backend sets a
csrftokencookie that is readable by JavaScript. - For all non-GET requests, a
X-CSRFTokenheader is automatically included with the value from the cookie. - The API utility functions handle this transparently, retrieving the token and adding it to appropriate requests.
- If CSRF validation fails, the user is prompted to refresh the page to obtain a new token.
This approach provides robust protection against CSRF attacks while maintaining a seamless user experience.
Built with ❤️ using React Router.