Fcmam5/mini-express-boilerplate

A minimal Express boilerplate with passport user authentication, mongoose and some security setup configured

Mini Express boilerplate

Looking for a Clementine.js-like, a boilerplate that contains the minimum so I get started on my projects. This boilerplate is built upon the excellent Express Generator.

Features

• ExpressJS 4

• Uses Mongoose 4.11

• Passport authentication

  • Local (using email and password)
  • Facebook authentication
  • Twitter authentication

• Stores sessions MongoDB

• CORS is engabled

• Uses SASS stylesheets (autocompiled)

• Uses EJS templating language

• MVC structure

• Security

  • Use Helmet, it helps securing the app by setting various HTTP headers.
  • Use csurf for CRSF protection. Important: How to use it

• User Schema (Authentication, CRUD API)

• If the user is logged in req.user will be available via a global variable called user for usage in views.

Getting Started

Prerequisites

• MongoDB
• Node.js

Usage

To use this template you need to clone it, install dependencies, add your API keys (in order to work with Facebook and Twitter authentication APIs).

# Clone this repository in a new folder, let's call it "my-boilerplate"
git clone my-boilerplate

# Navigate to "my-boilerplate"
cd my-boilerplate

# Install NPM dependencies
npm install # If you prefer YARN just run "yarn install"

# Copy the .env file example to a new file and place your API keys there
# .env file will be ignored by GIT and it should contain your secret Data/Keys
cp .env.example .env

Getting API keys

The .env file must contain you Facebook and Twitter API keys you can get these keys from:

• Facebook
• Twitter

Securing forms against CSRF

You must add this tag to your <form>

<input type="hidden" name="_csrf" value="<%=csrftoken%>" />

If you want to disable CSRF protection:

• Comment these lines in app.js

  app.use(csrf());
  app.use(function(req, res, next){
   res.locals.csrftoken = req.csrfToken();
   console.log(req.csrfToken());
   next();
  });

• Remove tags using csrftoken variable ( views/users/login.ejs and views/users/signup.ejs )

Contributing

Feel free to fork this project and add whatever you like, if you have any suggestions or any comments please feel free to contact me or to open an issue.

TODO

• Link password accounts
• Work on front-end
• Add awesome stuffs
• When creating a new acocunt from Facebook or Twitter update his mail in profile (add to model)
• Implement password recovery system

Authors

• Fortas Abdeldjalil See also the list of contributors who participated in this project.

License

This project is licensed under the MIT License - see the LICENSE file for details

Acknowledgments

This project wouldn't be possible without all these amazing tutorials and these precious recourses:

• Scotch.io for their great Easy Node Authentication series.
• Express: Production Best Practices: Security
• Basic Security Settings: Express.js Training