Node.js Express.js Typescript boilerplate

---

this readme contain the prerequisite, how to run it, folder structure, features and dependencies used inside the project

Description

This is a small project with full authentication system. I build this boilerplate to start all my new project from this and not from 0.

Prerequisite

• node js version >= 10.xx.x
• express version >= 4.xx.x
• typescript version >= 4.x.x

Run Locally

I assume that you have node, npm, yarn, mongoDB, redis and typescript installed globally

Clone the project

git clone https://github.com/MaxR522/Boilerplate_express_ts.git

Go to the project directory

cd Boilerplate_express_ts

Install dependencies

yarn install

Start the dev server

yarn dev

To run tests, run the following command

yarn test

To build, run the following command

yarn build

To start server

yarn start

To generate doc, run the following command

yarn doc

To lint, run the following command

yarn lint

Basic folder structure

├── doc (generated doc by apiDoc)
├── src (all source file)
│   └── apiDoc (all apiDoc for routes)
│   └── config (all config files and variables from .env)
│   └── controllers
│	    └── post_controller
│	    └── user_controller
│	        └── auth
│   └── custom_typings (adding custom types)
│   └── interfaces (all the interfaces)
│   └── mailers
│   └── middlewares
│   └── models
│   └── routes
│   └── utils (utils method)
│   └── index.ts
├── tests
├── .env.example
├── .eslintrc.json
├── .gitignore
├── .prettierignore
├── .prettierrc.json
├──  apidoc.json
├──  LICENSE.md
├──  package.json
├──  tsconfig.json
└──  yarn.lock

Features

1 - User authentication system:

• Register with confirmation email
• Login generate access and refresh token
• Logout
• Generating new access-token
• Revoke refresh-token
• Reset password
• Change password
• Connection using Google account (coming soon)
• Connection using Facebook account (coming soon)

2 - CRUD User:

• Update user's information
• Delete user's account
• Read user's info (all, one)

3 - CRUD Post (for example purposes only) (coming soon):

• Create Post, only logged in user
• Read Post, show posts (all, one or specified query)
• Update Post, only the user who is the author of Post
• Delete Post, only the user who is the author of Post

Security & Privacy

• rate limit attempt on email when login
• JWT auth with access-token (low expiry time) and refresh-token (long expiry time) stored in cookie httpOnly
• CORS
• User's password hashed by bcrypt
• rate limit request per IP address, All IP addresses are not stored permanently

Some dependencies used with explanation

1. Prod dependecies:

• bcrypt to encrypt password
• cookie-parser to parse cookie
• cors to block request from unwanted domain
• express-validator validation for param, header or cookie
• jsonwebtoken the authentication system is based on JWT token
• mongoose mongoDB database
• redis for storing data with expiry time to live
• nodemailer for mailing
• passport for Oauth authentication
• express
• axios to perform some requests
• winston for logging
• morgan for http logging

2. Dev dependencies:

• mocha for testing
• chai & chai-http for testing asssertion
• apiDoc api documentation
• nodemon
• typescript
• prettier
• eslint

Author

• Mario Randrianomearisoa