anikethsaha/config.js

## config.js
const bcrypt = require('bcrypt');
module.exports = {
    port : 5000,
    sessionSecretKey : bcrypt.hashSync("SECRET_KEY", 2)
}

## package,json
{
  "name": "express-js-boilerplate-server-setup",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "snyk test"
  },
  "author": "aniketh_saha",
  "license": "ISC",
  "dependencies": {
    "bcrypt": "^2.0.1",
    "body-parser": "^1.18.3",
    "cors": "^2.8.4",
    "csurf": "^1.9.0",
    "ejs": "^2.6.1",
    "express": "^4.16.3",
    "express-controller": "^0.3.2",
    "express-limiter": "^1.6.1",
    "express-rate-limit": "^2.11.0",
    "express-session": "^1.15.6",
    "helmet": "^3.12.1",
    "jsonwebtoken": "^8.3.0",
    "owasp-password-strength-test": "^1.3.0",
    "winston": "^3.0.0"
  },
  "devDependencies": {
    "snyk": "^1.83.0"
  }
}

## server.js

const express = require('express')
const bodyParser = require('body-parser')
const winston = require('winston')
var expressControllers = require('express-controller');
var session = require('express-session')
const cors = require('cors')
const helmet = require('helmet')
const { port , sessionSecretKey} = require('./config')
const path  = require('path')
var csrf = require('csurf');
var RateLimit = require('express-rate-limit')


// M
// Middlewares
const app = express();
app.use(helmet());

// session Middleware
app.use(session({
    secret: sessionSecretKey,
    resave: false,
    saveUninitialized: true,
    cookie: { secure: true }
  }))
app.use(csrf());
app.set('port', (process.env.PORT ||port));
app.use(helmet.contentSecurityPolicy({
    directives: {
      defaultSrc: ["'self'"]
    //   styleSrc: ["'self'", 'maxcdn.bootstrapcdn.com']
    }
  }))
app.use(bodyParser.urlencoded({extended: true, limit: '50mb'}))
app.use(bodyParser.json({limit: '50mb'}))
app.use(cors());
// use this middleware in authentications routes or post method routes
var authAPILimiter = new RateLimit({
    windowMs: 5*60*1000, // 5 minutes
    max: 1000,
    delayMs: 0 // disabled
  });
// loggin middleware
const logger = winston.createLogger({
    level: 'info',
    transports: [
      new winston.transports.Console(),
      new winston.transports.File({ filename: './logs/error.log', level: 'error' }),
      new winston.transports.File({ filename: './logs/debug.log', level: 'debug' }),
      new winston.transports.File({ filename: './logs/crit.log', level: 'crit' }),
      new winston.transports.File({ filename: './logs/warn.log', level: 'warn' }),
      new winston.transports.File({ filename: './logs/combined.log' })
    ]
  });

// V
// static files and views
app.use(express.static(path.join(__dirname, 'public')))
app.set('view engine' , 'ejs');
app.set('views' , path.join(__dirname,'views'));


// C
//controller settings
//setting up the controller
expressControllers.setDirectory(path.join(__dirname,'/controller')).bind(app);


app.listen(app.get('port'),() => {
    logger.info( '> Server is running on PORT ',app.get('port') );
})
	const bcrypt = require('bcrypt');
	module.exports = {
	port : 5000,
	sessionSecretKey : bcrypt.hashSync("SECRET_KEY", 2)
	}
	{
	"name": "express-js-boilerplate-server-setup",
	"version": "1.0.0",
	"description": "",
	"main": "index.js",
	"scripts": {
	"test": "snyk test"
	},
	"author": "aniketh_saha",
	"license": "ISC",
	"dependencies": {
	"bcrypt": "^2.0.1",
	"body-parser": "^1.18.3",
	"cors": "^2.8.4",
	"csurf": "^1.9.0",
	"ejs": "^2.6.1",
	"express": "^4.16.3",
	"express-controller": "^0.3.2",
	"express-limiter": "^1.6.1",
	"express-rate-limit": "^2.11.0",
	"express-session": "^1.15.6",
	"helmet": "^3.12.1",
	"jsonwebtoken": "^8.3.0",
	"owasp-password-strength-test": "^1.3.0",
	"winston": "^3.0.0"
	},
	"devDependencies": {
	"snyk": "^1.83.0"
	}
	}

	const express = require('express')
	const bodyParser = require('body-parser')
	const winston = require('winston')
	var expressControllers = require('express-controller');
	var session = require('express-session')
	const cors = require('cors')
	const helmet = require('helmet')
	const { port , sessionSecretKey} = require('./config')
	const path = require('path')
	var csrf = require('csurf');
	var RateLimit = require('express-rate-limit')


	// M
	// Middlewares
	const app = express();
	app.use(helmet());

	// session Middleware
	app.use(session({
	secret: sessionSecretKey,
	resave: false,
	saveUninitialized: true,
	cookie: { secure: true }
	}))
	app.use(csrf());
	app.set('port', (process.env.PORT \|\|port));
	app.use(helmet.contentSecurityPolicy({
	directives: {
	defaultSrc: ["'self'"]
	// styleSrc: ["'self'", 'maxcdn.bootstrapcdn.com']
	}
	}))
	app.use(bodyParser.urlencoded({extended: true, limit: '50mb'}))
	app.use(bodyParser.json({limit: '50mb'}))
	app.use(cors());
	// use this middleware in authentications routes or post method routes
	var authAPILimiter = new RateLimit({
	windowMs: 5601000, // 5 minutes
	max: 1000,
	delayMs: 0 // disabled
	});
	// loggin middleware
	const logger = winston.createLogger({
	level: 'info',
	transports: [
	new winston.transports.Console(),
	new winston.transports.File({ filename: './logs/error.log', level: 'error' }),
	new winston.transports.File({ filename: './logs/debug.log', level: 'debug' }),
	new winston.transports.File({ filename: './logs/crit.log', level: 'crit' }),
	new winston.transports.File({ filename: './logs/warn.log', level: 'warn' }),
	new winston.transports.File({ filename: './logs/combined.log' })
	]
	});

	// V
	// static files and views
	app.use(express.static(path.join(__dirname, 'public')))
	app.set('view engine' , 'ejs');
	app.set('views' , path.join(__dirname,'views'));


	// C
	//controller settings
	//setting up the controller
	expressControllers.setDirectory(path.join(__dirname,'/controller')).bind(app);



	app.listen(app.get('port'),() => {
	logger.info( '> Server is running on PORT ',app.get('port') );
	})