Skip to content

Latest commit

 

History

History
224 lines (164 loc) · 5.77 KB

WIKI.md

File metadata and controls

224 lines (164 loc) · 5.77 KB

Introduction

Welcome to the Node wiki! Here you will find various information about this repo.

Menu

Node Wiki

WAOS

Node WIKI

API

Success

responses.success(res, 'task created')({});

body :

{
 type: 'success',
 message: 'task created'
 data: {}
}

Errors

default

responses.error(res, 422, 'Unprocessable Entity', 'task creation failed')({err});

body :

{
 code: 422,
 message: 'Unprocessable Entity'
 description: 'task creation failed'
 type: 'error',
 error: '{err}'
}

schema

responses.error(res, 422, 'Unprocessable Entity', errors.getMessage(err))({err});

body :

{
 code: 422,
 message: 'Unprocessable Entity'
 description: 'Title must be a string. Name must be a string.',
 type: 'error',
 error: '{
  original: {
   title: 2,
   description: 'do something about something else'
  },
       details: [{
        message: 'title must be a string',
        type: 'string.base'
       },
       {
        message: 'name must be a string',
        type: 'string.base'
       }]
   }'
}

service & others

throw new AppError('invalid user or password.', { code: 'SERVICE_ERROR', details: [] });

body :

{
   type: 'error',
   message: 'invalid user or password.',
   error: {
    code: 'SERVICE_ERROR',
    details: []
   }
}

authentication

status : 401 error :

{
 text: 'Unauthorized'
}

Authentification

As explained in Readme, we are curently using JWT Stateless, the server is unaware of who sends the request, it don’t maintain the state.

How to manage authentification

  • First, you need to signin (or signup) with a post request :

Post : http://localhost:3000/api/auth/signin with json body :

{
 "email": "user@localhost.com",
 "password": "F5FSpvRGBvtwQWCQJY2Y"
}

The answer will be something like this :

{
    "user": {
        "roles": [
            "user"
        ],
        "_id": "5cdfd9a18da698bacb4ca448",
        "provider": "local",
        "email": "user@localhost.com",
        "firstName": "User",
        "lastName": "Local",
        "displayName": "User Local",
        "password": "$2b$10$gmrfSq32PolvXKgAxt8BK.ic/mliTT3FU5/jE85HlJVjbNYlwjoga",
        "__v": 0,
        "id": "5cdfd9a18da698bacb4ca448"
    },
    "tokenExpiresIn": 1558263105423
}

with and header set Cookie like this :

Set-Cookie →TOKEN=aaaaaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.ccccccc; Path=/; HttpOnly
  • Second, you need to set this cookie for api request, it's ok !

  • third, You can renew the token before it expires as you wish, thanks to the signin you know the expiration date. You can also check the status of the token regularly, via /users/me for example. Or simply redirect the user to the sign once the token has expired.

Jwt configuration

Two options are available in config/default/development.js for the default and production.js if you want to override the default values ​​in produciton.

  // jwt is for token authentification
  jwt: {
    secret: 'test', // secret for hash
    expiresIn: 7 * 24 * 60 * 60, // token expire in x sec
  },

Password configuration

we use the package zxcvbn to check package security

  // zxcvbn is used to manage password security
  zxcvbn: {
    minimumScore: 3,
  },

SSL

There are two ways to set up https, the most used way is to set up a reverse proxy in front of the server node, and enable let's encrypt.

The second is to set up https directly at the node server.

Both are possible with the stack.

Reverse Proxy with Let's Encrypt

We recommend this method, however we will not explain it. Many tutorials already exist, and it depends on what you use, apache, nginx, traeffik, Let's Encrypt ...

Express TLS - SSL

To run your application in a secure manner with express you'll need to use OpenSSL and generate a set of self-signed certificates.

  • Unix-based users can use the following command:
npm run generate-ssl-certs

this will create cert and key files and place them in config/sslcerts folder.

  • Windows users can follow instructions found here. After you've generated the key and certificate, place them in the config/sslcerts folder.

Finally, uncomment and activate ssl in configuration (config/defaults/development.js) :

// SSL on express server (FYI : Wiki)
secure: {
   ssl: true,
   key: './config/sslcerts/key.pem',
   cert: './config/sslcerts/cert.pem',
},