Looking for a Clementine.js-like, a boilerplate that contains the strict minimum so I get started on my projects.
-
ExpressJS
4
-
Uses Mongoose
4.11
-
Passport authentication
- Local (using email and password)
- Facebook authentication
- Twitter authentication
-
Stores sessions MongoDB
-
CORS is engabled
-
Uses SASS stylesheets (autocompiled)
-
Uses EJS templating language
-
MVC structure
-
Security
- Use Helmet, it helps securing the app by setting various HTTP headers.
- Use csurf for CRSF protection. Important: How to use it
-
User Schema (Authentication, CRUD API)
-
If the user is logged in
req.user
will be available via a global variable calleduser
for usage in views.
To use this template you need to clone it, install dependencies, add your API keys (in order to work with Facebook and Twitter authentication APIs).
# Clone this repository in a new folder, let's call it "my-boilerplate"
git clone my-boilerplate
# Navigate to "my-boilerplate"
cd my-boilerplate
# Install NPM dependencies
npm install # If you prefer YARN just run "yarn install"
# Copy the .env file example to a new file and place your API keys there
# .env file will be ignored by GIT and it should contain your secret Data/Keys
cp .env.example .env
The .env
file must contain you Facebook and Twitter API keys you can get these keys from:
You must add this tag to your <form>
<input type="hidden" name="_csrf" value="<%=csrftoken%>" />
If you want to disable CSRF protection:
-
Comment these lines in
app.js
app.use(csrf()); app.use(function(req, res, next){ res.locals.csrftoken = req.csrfToken(); console.log(req.csrfToken()); next(); });
-
Remove tags using
csrftoken
variable (views/users/login.ejs
andviews/users/signup.ejs
)
Feel free to fork
this project and add whatever you like, if you have any suggestions or any comments please feel free to contact me or to open an issue.
- Link password accounts
- Work on front-end
- Add awesome stuffs
- When creating a new acocunt from Facebook or Twitter update his mail in profile (add to model)
- Implement password recovery system
- Fortas Abdeldjalil See also the list of contributors who participated in this project.
This project is licensed under the MIT License - see the LICENSE file for details
This project wouldn't be possible without all these amazing tutorials and these precious recourses:
- Scotch.io for their great
Easy Node Authentication series
. - Express: Production Best Practices: Security
- Basic Security Settings: Express.js Training