Skip to content

Instantly share code, notes, and snippets.

@anikethsaha
Created June 22, 2018 12:37
Show Gist options
  • Save anikethsaha/3edad5186603121d1386162559b603fa to your computer and use it in GitHub Desktop.
Save anikethsaha/3edad5186603121d1386162559b603fa to your computer and use it in GitHub Desktop.
Server and packages setup for nodeJS+expressJS server || express.js boilerplate MVC covered with possible most security steps
const bcrypt = require('bcrypt');
module.exports = {
port : 5000,
sessionSecretKey : bcrypt.hashSync("SECRET_KEY", 2)
}
{
"name": "express-js-boilerplate-server-setup",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "snyk test"
},
"author": "aniketh_saha",
"license": "ISC",
"dependencies": {
"bcrypt": "^2.0.1",
"body-parser": "^1.18.3",
"cors": "^2.8.4",
"csurf": "^1.9.0",
"ejs": "^2.6.1",
"express": "^4.16.3",
"express-controller": "^0.3.2",
"express-limiter": "^1.6.1",
"express-rate-limit": "^2.11.0",
"express-session": "^1.15.6",
"helmet": "^3.12.1",
"jsonwebtoken": "^8.3.0",
"owasp-password-strength-test": "^1.3.0",
"winston": "^3.0.0"
},
"devDependencies": {
"snyk": "^1.83.0"
}
}
const express = require('express')
const bodyParser = require('body-parser')
const winston = require('winston')
var expressControllers = require('express-controller');
var session = require('express-session')
const cors = require('cors')
const helmet = require('helmet')
const { port , sessionSecretKey} = require('./config')
const path = require('path')
var csrf = require('csurf');
var RateLimit = require('express-rate-limit')
// M
// Middlewares
const app = express();
app.use(helmet());
// session Middleware
app.use(session({
secret: sessionSecretKey,
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}))
app.use(csrf());
app.set('port', (process.env.PORT ||port));
app.use(helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"]
// styleSrc: ["'self'", 'maxcdn.bootstrapcdn.com']
}
}))
app.use(bodyParser.urlencoded({extended: true, limit: '50mb'}))
app.use(bodyParser.json({limit: '50mb'}))
app.use(cors());
// use this middleware in authentications routes or post method routes
var authAPILimiter = new RateLimit({
windowMs: 5*60*1000, // 5 minutes
max: 1000,
delayMs: 0 // disabled
});
// loggin middleware
const logger = winston.createLogger({
level: 'info',
transports: [
new winston.transports.Console(),
new winston.transports.File({ filename: './logs/error.log', level: 'error' }),
new winston.transports.File({ filename: './logs/debug.log', level: 'debug' }),
new winston.transports.File({ filename: './logs/crit.log', level: 'crit' }),
new winston.transports.File({ filename: './logs/warn.log', level: 'warn' }),
new winston.transports.File({ filename: './logs/combined.log' })
]
});
// V
// static files and views
app.use(express.static(path.join(__dirname, 'public')))
app.set('view engine' , 'ejs');
app.set('views' , path.join(__dirname,'views'));
// C
//controller settings
//setting up the controller
expressControllers.setDirectory(path.join(__dirname,'/controller')).bind(app);
app.listen(app.get('port'),() => {
logger.info( '> Server is running on PORT ',app.get('port') );
})
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment