当前位置: 首页 > 软件库 > Web应用开发 > >

Express-API-Boilerplate

授权协议 MIT License
开发语言 JavaScript
所属分类 Web应用开发
软件类型 开源软件
地区 不详
投 递 者 荣俊杰
操作系统 跨平台
开源组织
适用人群 未知
 软件概览

Express API Boilerplate

GitHub last commit

Foreword

This is a boilerplate to help quickly throw up "internal use / private" style semi-secure REST api's. It comes packaged with Mongoose, express, helmet, and a whole host of security features. All of this can be configured in the settings file located in src/settings/api_settings.json.

This does not garuntee complete and utter security. This is just a simple boilerplate to throw up a semi-secure api. To achieve absolute security you must take several steps outside of this code such as server hardening, reverse proxies, firewall rules, and many other things. This is strictly a boilerplate if you want to quickly throw up api's without necessarily having to worry about immediate security vulnerabilities presented in express apps.

Security offered

  • HelmetJS middleware security for headers which includes these enabled defaultly
    • ContentSecurityPolicy
    • dnsPrefetchControl
    • expectCt
    • frameguard
    • hidePoweredBy
    • hsts
    • ieNoOpen
    • noSniff
    • PermittedCrossDomainPolicies
    • referrerPolic
    • xssFilter
  • Key authentication if used by private seperate application (optional)
  • Packaged with an express-validator in the routes to validate params
  • XSS filter middleware to sanitize req.body, req.query, and req.params as well as manual filtration.
  • Time based attack protection on the private key
  • HaProxy loadbalancing if utilizing docker

Running

To use this download and extract files as normal and navigate to the root folder (not src). Then type npm i in console to install the dependencies. Once they are installed you will want to run the app through the npm start script.

Alternatively you can run the docker-compose up script to utilize haproxy loadbalancing & containers.

Dependencies

  • Express (main framework)
  • Helmet (some header protection/safe defaults)
  • xss-clean (xss filtration)
  • Express-validator (route data validating)
  • Mongoose (databasing)
  • safe-compare (time based comparison protection)

Dev-Dependencies

  • Jest (unit testing framework)

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

All code must follow standardjs principles. Keep documentation thorough as well.

  • B站视频: https://www.bilibili.com/video/BV1xz4y1X7cE MongoDB 数据库笔记 教你如何使用 node(Express) + mongoose + mongoDB 创建属于自己的 API 接口 1. mongoose mongoose是nodeJS提供连接 mongodb的一个库. 此外还有mongoskin, mongodb(mongodb官方出品

 相关资料
  • express-rest-api-boilerplate Express REST API with JWT Authentication and support for sqlite, mysql, and postgresql authentication via JWT routes mapping via express-routes-mapper support for sqlite,

  • API RESTful em Express, Mongoose, Mocha e Chai. Scripts Os seguintes scripts estão disponiveis com yarn run SCRIPT ou npm run SCRIPT Script Descrição test Roda o linter, roda os testes unitários e os

  • jackblog api express版 简介 Jackblog 是使用 Node.js + MongoDB + Redis + 其它客户端框架开发的个人博客系统,前后端分离,仿简书模板. 服务端有: express 版 , koa 版 客户端有: angular1.x 版 , angular2.x 版 , react 版 , vue 版 移动端有: react native 版, ionic2

  • express-mongodb-rest-api-boilerplate Also express-graphql-mongodb-boilerplate - GraphQL API Boilerplate Authentication from scratch Sign In, Sign Up, Reset Password, Change Password, Update User E-mai

  • 我正在编写一个具有独立前端和后端的Web应用程序。前端用React编写,后端是运行Express终结点的node.js服务器。如何确保只有我的前端可以访问API,而不是其他任何人?我的API URL在我的前端客户端代码中公开,所以任何人都可以看到。 我在我的应用编程接口中添加了JWT身份验证,但是我仍然需要一个不受保护的 /loginendpoint来生成JWT令牌,并且为了登录来生成令牌,我必须

  • Node.js Express API with TypeScript 3 Node.js Express API with TypeScript 3. Supports MongoDB Description This skeleton will help you to build your own Node.js Express Mongodb API using TypeScript 3.