Created
June 22, 2018 12:37
-
-
Save anikethsaha/3edad5186603121d1386162559b603fa to your computer and use it in GitHub Desktop.
Server and packages setup for nodeJS+expressJS server || express.js boilerplate MVC covered with possible most security steps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const bcrypt = require('bcrypt'); | |
module.exports = { | |
port : 5000, | |
sessionSecretKey : bcrypt.hashSync("SECRET_KEY", 2) | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"name": "express-js-boilerplate-server-setup", | |
"version": "1.0.0", | |
"description": "", | |
"main": "index.js", | |
"scripts": { | |
"test": "snyk test" | |
}, | |
"author": "aniketh_saha", | |
"license": "ISC", | |
"dependencies": { | |
"bcrypt": "^2.0.1", | |
"body-parser": "^1.18.3", | |
"cors": "^2.8.4", | |
"csurf": "^1.9.0", | |
"ejs": "^2.6.1", | |
"express": "^4.16.3", | |
"express-controller": "^0.3.2", | |
"express-limiter": "^1.6.1", | |
"express-rate-limit": "^2.11.0", | |
"express-session": "^1.15.6", | |
"helmet": "^3.12.1", | |
"jsonwebtoken": "^8.3.0", | |
"owasp-password-strength-test": "^1.3.0", | |
"winston": "^3.0.0" | |
}, | |
"devDependencies": { | |
"snyk": "^1.83.0" | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const express = require('express') | |
const bodyParser = require('body-parser') | |
const winston = require('winston') | |
var expressControllers = require('express-controller'); | |
var session = require('express-session') | |
const cors = require('cors') | |
const helmet = require('helmet') | |
const { port , sessionSecretKey} = require('./config') | |
const path = require('path') | |
var csrf = require('csurf'); | |
var RateLimit = require('express-rate-limit') | |
// M | |
// Middlewares | |
const app = express(); | |
app.use(helmet()); | |
// session Middleware | |
app.use(session({ | |
secret: sessionSecretKey, | |
resave: false, | |
saveUninitialized: true, | |
cookie: { secure: true } | |
})) | |
app.use(csrf()); | |
app.set('port', (process.env.PORT ||port)); | |
app.use(helmet.contentSecurityPolicy({ | |
directives: { | |
defaultSrc: ["'self'"] | |
// styleSrc: ["'self'", 'maxcdn.bootstrapcdn.com'] | |
} | |
})) | |
app.use(bodyParser.urlencoded({extended: true, limit: '50mb'})) | |
app.use(bodyParser.json({limit: '50mb'})) | |
app.use(cors()); | |
// use this middleware in authentications routes or post method routes | |
var authAPILimiter = new RateLimit({ | |
windowMs: 5*60*1000, // 5 minutes | |
max: 1000, | |
delayMs: 0 // disabled | |
}); | |
// loggin middleware | |
const logger = winston.createLogger({ | |
level: 'info', | |
transports: [ | |
new winston.transports.Console(), | |
new winston.transports.File({ filename: './logs/error.log', level: 'error' }), | |
new winston.transports.File({ filename: './logs/debug.log', level: 'debug' }), | |
new winston.transports.File({ filename: './logs/crit.log', level: 'crit' }), | |
new winston.transports.File({ filename: './logs/warn.log', level: 'warn' }), | |
new winston.transports.File({ filename: './logs/combined.log' }) | |
] | |
}); | |
// V | |
// static files and views | |
app.use(express.static(path.join(__dirname, 'public'))) | |
app.set('view engine' , 'ejs'); | |
app.set('views' , path.join(__dirname,'views')); | |
// C | |
//controller settings | |
//setting up the controller | |
expressControllers.setDirectory(path.join(__dirname,'/controller')).bind(app); | |
app.listen(app.get('port'),() => { | |
logger.info( '> Server is running on PORT ',app.get('port') ); | |
}) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment