Example Node (Express+Mongoose) codebase that adheres to the RealWorld API spec.
This repo is functionality complete but still in beta while we resolve bugs, etc -- PR's and issues welcome!
- expressjs - The server for handling and routing HTTP requests
- express-jwt - Middleware for validating JWTs for authentication
- jsonwebtoken - For generating JWTs used by authentication
- mongoose - For modeling and mapping MongoDB data to javascript
- mongoose-unique-validator - For handling unique validation errors in Mongoose. Mongoose only handles validation at the document level, so a unique index across a collection will throw an excpetion at the driver level. The
mongoose-unique-validator
plugin helps us by formatting the error like a normal mongooseValidationError
. - passport - For handling user authentication
- slug - For encoding titles into a URL-friendly format
app.js
- The entry point to our application. This file defines our express server and connects it to MongoDB using mongoose. It also requires the routes and models we'll be using in the application.config/
- This folder contains configuration for passport as well as a central location for configuration/environment variables.routes/
- This folder contains the route definitions for our API. They containmodels/
- This folder contains the schema definitions for our Mongoose models.
In routes/api/index.js
, we define a error-handling middleware for handling Mongoose's ValidationError
. This middleware will respond with a 422 status code and format the response to have error messages the clients can understand
Requests are authenticated using the Authorization
header with a valid JWT. We define two express middlewares in routes/auth.js
that can be used to authenticate requests. The required
middleware configures the express-jwt
middleware using our application's secret and will return a 401 status code if the request cannot be authenticated. The payload of the JWT can then be accessed from req.payload
in the endpoint. The optional
middleware configures the express-jwt
in the same way as required
, but will not return a 401 status code if the request cannot be authenticated.