拥有REST API身份验证的Express和mongodb应用程序的样板

拥有REST API身份验证的Express和mongodb应用程序的样板

express-auth

boilerplate for express and mongodb apps with REST api authentication

Features

Node.jsExpressMongoDB with MongooseJWTCookie-parserNodeMailerJoiBcryptHelmetExpress-rate-limit

Usage

install dependencies

$ npm install

add .env file with the following variables

DB_CONNECT = # the address for your mongodb databaseTOKEN_SECRET = # random secret for jwt tokenSMTP_SERVER = # your smtp server addressEMAIL = # your emailPASSWORD = # your email password

run development server

$ npm run dev

Note

As this project mainly features authentication, it includes a few security mesures:

Hashing passwords with bcryptSecuring HTTP headers with helmetValidating user input with JoiSetting browser cookies as httpOnlyUsing JSON web token for authenticationPreventing brute force attacks with express-rate-limit

HOWEVER, THIS IS ONLY THE MINIMUM OF SECURITY, AND THIS CODE IS NOT MEANT FOR PRODUCTION

AS PRODUCTION APPS REQUIRE A LOT MORE SECURITY MESURES

If you intend to use this code (or any code) in production, please consult a security expert.

You can also check expressjs.com for more security tips.

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。