Production-ready Express and Websocket Node.js server installed and fully configured with built-in features.
Running locally:
npm run start:devFormating prettier:
npm run format:prettiersrc\
|--config\ # Environment variables and configuration related things
|--controllers\ # Route controllers (controller layer)
|--docs\ # Swagger files
|--enums\ # Enums
|--middlewares\ # Custom express middlewares
|--models\ # Models (data layer)
|--routes\ # Routes
|--services\ # Business logic (service layer)
|--utils\ # Utility classes and functions
|--validations\ # Request data validation schemas
|--app.ts # Express app
|--index.ts # App entry point
The environment variables can be found and modified in the .env file. Example:
# Port number
PORT=3000
# JWT
# JWT secret key
JWT_SECRET=thisisasamplesecret
# Number of minutes after which an access token expires
JWT_ACCESS_EXPIRATION_MINUTES=30
# Number of days after which a refresh token expires
JWT_REFRESH_EXPIRATION_DAYS=30
# SMTP configuration options for the email service
# For testing, you can use a fake SMTP service like Ethereal: https://ethereal.email/create
SMTP_HOST=email-server
SMTP_PORT=587
SMTP_USERNAME=email-server-username
SMTP_PASSWORD=email-server-password
EMAIL_FROM=support@yourapp.comThe auth middleware can also be used to require certain rights/permissions to access a route.
router.post('/users', auth('manageUsers'), userController.createUser);In the example above, an authenticated user can access this route only if that user has the manageUsers permission.
The permissions are role-based. You can view the permissions/rights of each role in the src/config/roles.ts file.
If the user making the request does not have the required permissions to access this route, a Forbidden (403) error is thrown.
Import the logger from src/config/logger.js. It is using the Winston logging library.
It provides a way to track events that happen when some software runs. The logging module is intended to be flexible and can be used in application code.
Logging should be done according to the following severity levels (ascending order from most important to least important):
import Logger from '<path to src>/config/logger';
logger.error('message'); // level 0
logger.warn('message'); // level 1
logger.info('message'); // level 2
logger.http('message'); // level 3
logger.verbose('message'); // level 4
logger.debug('message'); // level 5In development mode, log messages of all severity levels will be printed to the console.
In production mode, only info, warn, and error logs will be printed to the console.
It is up to the server (or process manager) to actually read them from the console and store them in log files.
This app uses pm2 in production mode, which is already configured to store the logs in log files.
Note: API request information (request url, response code, timestamp, etc.) are also automatically logged (using morgan).