The development environment for Express, mongoose and graphgl with Front end boiler plates
The development environment for Express with Front end boiler plates
The app is made using Express generator(v 4.16.0) with handlebars and runs on port 1998
One of the best way to keep your secret keys, api keys, DB username and passwords safe and together is to store them in a .env
file use it to manipulate node's process.env
variable. This template also adopts this approach. Follow the steps below:
.env.set
file in bin folder i.e., ./bin/.env.set
.env.set
to .env
DB_NAME = "~"
and replace ~ with key values.)note:
.env
files contain crucial information and are not uploaded to GitHub
the file ./bin/config/config
exports the config object which is a cover over the .env file for better protections and encapsulation
the ./bin/config
directory also have the development.js
, production.js
and testing.js
files for fine tuning the config object in the respective NODE_ENV
for more info open these files and go through the comments.
For security Helmet is used with its defaults and additionally Content Security Policy
Additionally other mechanisms are also used:-
./middlewares/security/globalSecurity.js
and disable it and import ./middlewares/security/csurfSetup.js
to the file where it is required. for more details refer csurf../middlewares/security/limiterSetup.js
The response object is gzip compressed using compression. To request for an uncompressed response use x-no-compression in the request header.
npm install
- installs all the dependenciesnpm start
- lints the server and client script, starts eslint on watch mode on server scripts and starts the project at localhost:1998 in debug mode.npm run start-w
- Restarts the server(using nodemon) on every save and lints the server and client side scripts on each save.npm run start-w-lite
- Simply restarts the server(using nodemon) on every save.npm run lint-server
- lints the server scripts (all scripts except that in node_module and public directory) once.npm run lint-client
- lints the client scripts (all scripts in the public directory) once.npm run lint-w
- starts the linter in watch mode. When called from root directory it watches the server scripts and when called in public directory it watches the client scripts.npm run localTunnel
- exposes localhost:1998 to the world wide webnpm run lt
- runs npm start
and npm run localTunnel
in parallelUse
npm run --silent <your-script>
to hide the internal logs from your terminal window.eg:npm run --silent start-w
ornpm run --silent start-w-lite