I created this initially as a learning platform to pick up JWT and stateless authentication however because of how useful it eventually became i decided to post it on a repo to share as a scalable JWT example in express.
- Stateless authentication with JWT allowing for easy horizontal scaling
- Docker containerization for easy deployment of the full system (databases, clusters, and all)
- HaProxy loadbalancing for a simple load balancer for our api clusters
- Clean and effective code following StandardJS
- MongoDB databasing
- A "Semi-Secure" Express api to handle database transactions & functionality
Infrastructure
- HAProxy loadbalancing (optional)
- MongoDB (required)
- Docker & Docker-Compose (optional)
Libraries
- body-parser (reading body data)
- express (server)
- express-validator (input validation)
- helmet (header protection)
- mongodb (databasing)
- morgan (logging)
- express-rate-limit (ratelimiting endpoints)
- rate-limit-mongo (ratelimiting store)
- bcryptjs (password Encryption)
- jsonwebtoken (jwt creation & signing)
- express-jwt (jwt validation)
- short-uuid (uuid generation for users)
- standard (programming principles & linter)
- jest (unit testing)
I put all the relevant config stuff in ./src/settings/api_settings.json
.
Remember to sanitize user inputs / api outputs through some xss filter!
- [] Add refresh tokens for expired tokens and change token expiry to like 5 mins
- [] Move configuration to a .env instead of .json
- [] Validate env config values on boot
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
All code must follow standardjs principles. Keep documentation thorough as well.