ALl the server side code lives here!
Please set all the environment variables in .env as per the requirments outlined here.
*For quick start, copy the template.env file to .env. The values given in template.env needs to be changed as per deployment parameters
| Environment variable | Purpose |
|---|---|
| MONGO_CON_STR | MongoDB Connection String, URI pointing to your database |
| GOOGLE_OAUTH_CLIENT_ID | Obtain From Google Cloud Console >> APIs and Services >> Credentials >> OAuth 2.0 Client IDs |
| GOOGLE_OAUTH_CLIENT_SECRET | ^^ |
| GOOGLE_OAUTH_CALLBACK_URL | http://{yourDomain.com}/oauth/google/callback |
| GITHUB_OAUTH_CLIENT_ID | GitHub Settings >> Developer Settings >> New OAuth App |
| GITHUB_OAUTH_CLIENT_SECRET | ^^ |
| GITHUB_OAUTH_CALLBACK_URL | http://{yourDomain.com}/oauth/google/callback |
| RAZORPAY_KEY_ID | Razorpay Dashboard >> Accounts & Settings >> Website & App Settings >> API Keys |
| RAZORPAY_KEY_SECRET | ^^ |
| CORS_ALLOWED_ORIGINS | Comma seperated list of allowed origins for CORS |
| MAILER_SENDER_EMAIL | Email address for sending emails |
| MAILER_SENDER_PASS | Password for authenticating with SMTP Host |
| MAILER_HOST | SMTP Host supporting TLS which will send our emails |
-
For security purposes, cookies are used in "same-site:strict" mode. On successful login/registration the backend sets the cookie
accessToken. -
Any request to the backend, from same site, can send the cookies to backend.
-
Make sure that the frontend has the same domain name of the backend. (deploy on a different sub-domain).
- Use
credentials: "include", in yourfetchoptions, becausefetchdoes not send cookies automatically.
- Use
-
The
CORS_ALLOWED_ORIGINSenv var must be correctly set, as described above.NOTE: Doing anything else, would not be permitted by the standard CORS policy implemented by modern browsers.
To start the backend server with hot-reload:
npm run devdocker compose upRaw Deployments on Ubuntu VMs: Nginx + PM2 + Certbot Managed Platforms: Docker Compose