微信开发中 ACCESS TOKEN 过期失效的解决方案详解
1030
2022-10-27
拥有REST API身份验证的Express和mongodb应用程序的样板
express-auth
boilerplate for express and mongodb apps with REST api authentication
Features
Node.jsExpressMongoDB with MongooseJWTCookie-parserNodeMailerJoiBcryptHelmetExpress-rate-limit
Usage
install dependencies
$ npm install
add .env file with the following variables
DB_CONNECT = # the address for your mongodb databaseTOKEN_SECRET = # random secret for jwt tokenSMTP_SERVER = # your smtp server addressEMAIL = # your emailPASSWORD = # your email password
run development server
$ npm run dev
Note
As this project mainly features authentication, it includes a few security mesures:
Hashing passwords with bcryptSecuring HTTP headers with helmetValidating user input with JoiSetting browser cookies as httpOnlyUsing JSON web token for authenticationPreventing brute force attacks with express-rate-limit
HOWEVER, THIS IS ONLY THE MINIMUM OF SECURITY, AND THIS CODE IS NOT MEANT FOR PRODUCTION
AS PRODUCTION APPS REQUIRE A LOT MORE SECURITY MESURES
If you intend to use this code (or any code) in production, please consult a security expert.
You can also check expressjs.com for more security tips.
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
发表评论
暂时没有评论,来抢沙发吧~