Sample Express server for studying backend REST server.
- Bundle with Webpack or Vite then use pm2 for auto restart.
- Await is not supposed to be used.
- More tests, especially unit tests. Better if parallelized.
- Security issues.
- Add huskey/pre-commit to run "tsoa" and validate swagger.json before commit.
- Easy validation using a library like express-validator.
- Want to introduce absolute imports and ESModule.
- Tsoa is not enough for generating OpenAPI document api responses on errors.
See GitHub issue 186 for more details(?).
Language - TypeScript
Main Framework - Express
ORM - Prisma
Database - PostgreSQL
Test - Jest
Authentication - Passport
Code Formatting - Prettier
Linting - ESLint
Validation - Joi
Generate Swagger - Tsoa
Validate Swagger - openapi-schema-validator
Add following environments
POSTGRES_PRISMA_URL=
POSTGRES_URL_NON_POOLING=
NODE_VERSION=18.17.1
PORT=8080
Build command (This should change to webpack & pm2 or vite for bundling)
pnpm i
Start command
NODE_ENV=production pnpm start
Use docker
docker compose --profile app up -d
git clone https://github.com/s-hirano-ist/rss-dumper.git
cd rss-dumper
docker compose up --build -d
pnpm i
pnpm prisma:dev
pnpm tsoa:swagger
pnpm tsoa:routes
/api/docs
: Swagger UI/health
: health/v1/news
: Pure REST API/v1/news-detail
: REST API with Swagger auto generation with Tsoa
pnpm test
# GET
curl -s https://rss-dumper.onrender.com/v1/news/
curl -s https://rss-dumper.onrender.com/v1/news/test-a
# POST
curl -s -d '{"heading": "test-a", "description": "test description A"}' -H 'Content-Type: application/json' https://rss-dumper.onrender.com/v1/news/create
# PATCH
curl -s -d '{"description": "updated description"}' -H 'Content-Type: application/json' -X PATCH https://rss-dumper.onrender.com/v1/news/update/test-a
# DELETE
curl -s -X DELETE https://rss-dumper.onrender.com/v1/news/delete/test-a
curl -s -X DELETE https://rss-dumper.onrender.com/v1/news/delete
gh release create --generate-notes
Sanitization to prevent XSS is done by sanitize-html
No sanitization to prevent SQL injection is needed due to Prisma's prevention.
https://www.prisma.io/docs/concepts/components/prisma-client/raw-database-access#sql-injection