create-express-mongo-ts 1.0.0

package/template/jest.config.ts

@@ -0,0 +1,201 @@
+/**
+ * For a detailed explanation regarding each configuration property, visit:
+ * https://jestjs.io/docs/configuration
+ */
+
+import type { Config } from 'jest';
+
+const config: Config = {
+    // All imported modules in your tests should be mocked automatically
+    // automock: false,
+
+    // Stop running tests after `n` failures
+    // bail: 0,
+
+    // The directory where Jest should store its cached dependency information
+    // cacheDirectory: "/tmp/jest_rs",
+
+    // Automatically clear mock calls, instances, contexts and results before every test
+    clearMocks: true,
+
+    // Indicates whether the coverage information should be collected while executing the test
+    collectCoverage: true,
+
+    // An array of glob patterns indicating a set of files for which coverage information should be collected
+    // collectCoverageFrom: undefined,
+
+    // The directory where Jest should output its coverage files
+    coverageDirectory: 'coverage',
+
+    // An array of regexp pattern strings used to skip coverage collection
+    // coveragePathIgnorePatterns: [
+    //   "/node_modules/"
+    // ],
+
+    // Indicates which provider should be used to instrument code for coverage
+    coverageProvider: 'v8',
+
+    // A list of reporter names that Jest uses when writing coverage reports
+    // coverageReporters: [
+    //   "json",
+    //   "text",
+    //   "lcov",
+    //   "clover"
+    // ],
+
+    // An object that configures minimum threshold enforcement for coverage results
+    // coverageThreshold: undefined,
+
+    // A path to a custom dependency extractor
+    // dependencyExtractor: undefined,
+
+    // Make calling deprecated APIs throw helpful error messages
+    // errorOnDeprecated: false,
+
+    // The default configuration for fake timers
+    // fakeTimers: {
+    //   "enableGlobally": false
+    // },
+
+    // Force coverage collection from ignored files using an array of glob patterns
+    // forceCoverageMatch: [],
+
+    // A path to a module which exports an async function that is triggered once before all test suites
+    // globalSetup: undefined,
+
+    // A path to a module which exports an async function that is triggered once after all test suites
+    // globalTeardown: undefined,
+
+    // A set of global variables that need to be available in all test environments
+    // globals: {},
+
+    // The maximum amount of workers used to run your tests. Can be specified as % or a number. E.g. maxWorkers: 10% will use 10% of your CPU amount + 1 as the maximum worker number. maxWorkers: 2 will use a maximum of 2 workers.
+    // maxWorkers: "50%",
+
+    // An array of directory names to be searched recursively up from the requiring module's location
+    // moduleDirectories: [
+    //   "node_modules"
+    // ],
+
+    // An array of file extensions your modules use
+    // moduleFileExtensions: [
+    //   "js",
+    //   "mjs",
+    //   "cjs",
+    //   "jsx",
+    //   "ts",
+    //   "mts",
+    //   "cts",
+    //   "tsx",
+    //   "json",
+    //   "node"
+    // ],
+
+    // A map from regular expressions to module names or to arrays of module names that allow to stub out resources with a single module
+    // moduleNameMapper: {},
+
+    // An array of regexp pattern strings, matched against all module paths before considered 'visible' to the module loader
+    // modulePathIgnorePatterns: [],
+
+    // Activates notifications for test results
+    // notify: false,
+
+    // An enum that specifies notification mode. Requires { notify: true }
+    // notifyMode: "failure-change",
+
+    // A preset that is used as a base for Jest's configuration
+    // preset: undefined,
+
+    // Run tests from one or more projects
+    // projects: undefined,
+
+    // Use this configuration option to add custom reporters to Jest
+    // reporters: undefined,
+
+    // Automatically reset mock state before every test
+    // resetMocks: false,
+
+    // Reset the module registry before running each individual test
+    // resetModules: false,
+
+    // A path to a custom resolver
+    // resolver: undefined,
+
+    // Automatically restore mock state and implementation before every test
+    // restoreMocks: false,
+
+    // The root directory that Jest should scan for tests and modules within
+    // rootDir: undefined,
+
+    // A list of paths to directories that Jest should use to search for files in
+    // roots: [
+    //   "<rootDir>"
+    // ],
+
+    // Allows you to use a custom runner instead of Jest's default test runner
+    // runner: "jest-runner",
+
+    // The paths to modules that run some code to configure or set up the testing environment before each test
+    // setupFiles: [],
+
+    // A list of paths to modules that run some code to configure or set up the testing framework before each test
+    // setupFilesAfterEnv: [],
+
+    // The number of seconds after which a test is considered as slow and reported as such in the results.
+    // slowTestThreshold: 5,
+
+    // A list of paths to snapshot serializer modules Jest should use for snapshot testing
+    // snapshotSerializers: [],
+
+    // The test environment that will be used for testing
+    // testEnvironment: "jest-environment-node",
+
+    // Options that will be passed to the testEnvironment
+    // testEnvironmentOptions: {},
+
+    // Adds a location field to test results
+    // testLocationInResults: false,
+
+    // The glob patterns Jest uses to detect test files
+    // testMatch: [
+    //   "**/__tests__/**/*.?([mc])[jt]s?(x)",
+    //   "**/?(*.)+(spec|test).?([mc])[jt]s?(x)"
+    // ],
+
+    // An array of regexp pattern strings that are matched against all test paths, matched tests are skipped
+    // testPathIgnorePatterns: [
+    //   "/node_modules/"
+    // ],
+
+    // The regexp pattern or array of patterns that Jest uses to detect test files
+    // testRegex: [],
+
+    // This option allows the use of a custom results processor
+    // testResultsProcessor: undefined,
+
+    // This option allows use of a custom test runner
+    // testRunner: "jest-circus/runner",
+
+    // A map from regular expressions to paths to transformers
+    // transform: undefined,
+
+    // An array of regexp pattern strings that are matched against all source file paths, matched files will skip transformation
+    // transformIgnorePatterns: [
+    //   "/node_modules/",
+    //   "\\.pnp\\.[^\\/]+$"
+    // ],
+
+    // An array of regexp pattern strings that are matched against all modules before the module loader will automatically return a mock for them
+    // unmockedModulePathPatterns: undefined,
+
+    // Indicates whether each individual test should be reported during the run
+    // verbose: undefined,
+
+    // An array of regexp patterns that are matched against all source file paths before re-running tests in watch mode
+    // watchPathIgnorePatterns: [],
+
+    // Whether to use watchman for file crawling
+    // watchman: true,
+};
+
+export default config;

package/template/keys/README.md

@@ -0,0 +1,2 @@
+# Directory where keys will reside
+

package/template/nodemon.json

@@ -0,0 +1,5 @@
+{
+    "watch": ["src"],
+    "ext": "ts",
+    "exec": "npx tsc -b && node dist/index.js"
+}

package/template/package.json

@@ -0,0 +1,65 @@
+{
+  "name": "express-mongo-app",
+  "version": "1.0.0",
+  "description": "Express + MongoDB application",
+  "main": "dist/index.js",
+  "scripts": {
+    "lint:fix": "eslint . --fix",
+    "build": "npx tsc -b",
+    "dev": "nodemon",
+    "start": "npm run build && npm run serve",
+    "serve": "node -r dotenv/config dist/index.js",
+    "test": "jest",
+    "prettier:base": "prettier --parser typescript --single-quote",
+    "prettier:check": "npm run prettier:base -- --list-different \"src/**/*.{ts,tsx}\"",
+    "prettier:write": "npm run prettier:base -- --write \"src/**/*.{ts,tsx}\"",
+    "lint": "eslint \"src/**\""
+  },
+  "keywords": [
+    "express",
+    "mongodb",
+    "typescript",
+    "rest-api",
+    "template"
+  ],
+  "author": "",
+  "license": "MIT",
+  "type": "commonjs",
+  "dependencies": {
+    "bcryptjs": "^3.0.3",
+    "cookie-parser": "^1.4.7",
+    "cors": "^2.8.5",
+    "dotenv": "^17.2.3",
+    "express": "^5.1.0",
+    "helmet": "^8.1.0",
+    "jsonwebtoken": "^9.0.2",
+    "lodash": "^4.17.21",
+    "mongoose": "^8.20.0",
+    "winston": "^3.18.3",
+    "winston-daily-rotate-file": "^5.0.0",
+    "zod": "^4.1.12"
+  },
+  "devDependencies": {
+    "@types/bcryptjs": "^2.4.6",
+    "@types/cookie-parser": "^1.4.10",
+    "@types/cors": "^2.8.19",
+    "@types/express": "^5.0.5",
+    "@types/helmet": "^0.0.48",
+    "@types/jsonwebtoken": "^9.0.10",
+    "@types/lodash": "^4.17.20",
+    "@types/mongoose": "^5.11.96",
+    "@types/node": "^24.10.1",
+    "@typescript-eslint/eslint-plugin": "^8.48.0",
+    "@typescript-eslint/parser": "^8.48.0",
+    "eslint": "^9.39.1",
+    "eslint-plugin-react": "^7.37.5",
+    "globals": "^16.5.0",
+    "jest": "^30.2.0",
+    "jiti": "^2.5.1",
+    "nodemon": "^3.1.11",
+    "prettier": "^3.7.3",
+    "ts-node": "^10.9.2",
+    "tsconfig-paths": "^4.2.0",
+    "typescript": "^5.9.3"
+  }
+}

package/template/src/app.ts

@@ -0,0 +1,42 @@
+import logger from './core/logger.js';
+import express from 'express';
+import cors from 'cors';
+import { originUrl } from './config.js';
+import router from './routes/index.js';
+import { errorHandler } from './middlewares/error.middleware.js';
+import { NotFoundError } from './core/ApiError.js';
+import cookieParser from 'cookie-parser';
+import helmet from "helmet";
+
+process.on('uncaughtException', (e) => {
+    logger.error(e);
+});
+
+export const app = express();
+
+// Adjust the size of response body as per requirement
+app.use(express.json({ limit: '10mb' }));
+app.use(
+    express.urlencoded({
+        limit: '10mb',
+        extended: true,
+        parameterLimit: 50000,
+    }),
+);
+// Allows cross origin reference
+app.use(
+    cors({
+        origin: originUrl,
+        optionsSuccessStatus: 200,
+        credentials: true,
+    }),
+);
+app.use(cookieParser());
+// Adds security header, express best security practice
+app.use(helmet());
+
+// Main routes
+app.use('/', router);
+
+app.use((_req, _res, next) => next(new NotFoundError()));
+app.use(errorHandler);

package/template/src/config.ts

@@ -0,0 +1,31 @@
+import dotenv from 'dotenv';
+
+dotenv.config();
+
+export const originUrl = process.env.ORIGIN_URL;
+export const isProduction = process.env.NODE_ENV === 'production';
+export const timeZone = process.env.TZ;
+export const port = process.env.PORT;
+
+// JWT token configuration
+export const tokenInfo = {
+    accessTokenValidity: parseInt(process.env.ACCESS_TOKEN_VALIDITY_SEC || '0'),
+    refreshTokenValidity: parseInt(
+        process.env.REFRESH_TOKEN_VALIDITY_SEC || '0',
+    ),
+    issuer: process.env.TOKEN_ISSUER || '',
+    audience: process.env.TOKEN_AUDIENCE || '',
+};
+
+// DB config
+export const db = {
+    name: process.env.DB_NAME || '',
+    host: process.env.DB_HOST || '',
+    port: process.env.DB_PORT || '27017',
+    user: process.env.DB_USER || '',
+    password: process.env.DB_USER_PASSWORD || '',
+    minPoolSize: parseInt(process.env.DB_MIN_POOL_SIZE || '5'),
+    maxPoolSize: parseInt(process.env.DB_MAX_POOL_SIZE || '10'),
+};
+
+export const logDirectory = process.env.LOG_DIRECTORY;

package/template/src/core/ApiError.ts

@@ -0,0 +1,118 @@
+import { Response } from 'express';
+import { isProduction } from '../config.js';
+import {
+    AuthFailureResponse,
+    AccessTokenErrorResponse,
+    InternalErrorResponse,
+    NotFoundResponse,
+    BadRequestResponse,
+    ForbiddenResponse,  
+} from './ApiResponse.js';
+
+export enum ErrorType {
+    BAD_TOKEN = 'BadTokenError',
+    TOKEN_EXPIRED = 'TokenExpiredError',
+    UNAUTHORIZED = 'AuthFailureError',
+    ACCESS_TOKEN = 'AccessTokenError',
+    INTERNAL = 'InternalError',
+    NOT_FOUND = 'NotFoundError',
+    NO_ENTRY = 'NoEntryError',
+    NO_DATA = 'NoDataError',
+    BAD_REQUEST = 'BadRequestError',
+    FORBIDDEN = 'ForbiddenError',
+}
+
+export abstract class ApiError extends Error {
+    constructor(public type: ErrorType, public message: string = 'error', public success: boolean) {
+        super(type);
+    }
+
+    public static handle(err: ApiError, res: Response): Response {
+        switch (err.type) {
+            case ErrorType.BAD_TOKEN:
+            case ErrorType.TOKEN_EXPIRED:
+            case ErrorType.UNAUTHORIZED:
+                return new AuthFailureResponse(err.message).send(res);
+            case ErrorType.ACCESS_TOKEN:
+                return new AccessTokenErrorResponse(err.message).send(res);
+            case ErrorType.INTERNAL:
+                return new InternalErrorResponse(err.message).send(res);
+            case ErrorType.NOT_FOUND:
+            case ErrorType.NO_ENTRY:
+            case ErrorType.NO_DATA:
+                return new NotFoundResponse(err.message).send(res);
+            case ErrorType.BAD_REQUEST:
+                return new BadRequestResponse(err.message).send(res);
+            case ErrorType.FORBIDDEN:
+                return new ForbiddenResponse(err.message).send(res);
+            default: {
+                let message = err.message;
+                // Do not send failure message in production as it may send sensitive data
+                if (isProduction) {
+                    message = 'Something wrong happened.';
+                }
+                return new InternalErrorResponse(message).send(res);
+            }
+        }
+    }
+}
+
+export class AuthFailureError extends ApiError {
+    constructor(message = 'Invalid Credentials') {
+        super(ErrorType.UNAUTHORIZED, message, false);
+    }
+}
+
+export class InternalError extends ApiError {
+    constructor(message = 'Internal error') {
+        super(ErrorType.INTERNAL, message, false);
+    }
+}
+
+export class BadRequestError extends ApiError {
+    constructor(message = 'Bad Request') {
+        super(ErrorType.BAD_REQUEST, message, false);
+    }
+}
+
+export class NotFoundError extends ApiError {
+    constructor(message = 'Not Found') {
+        super(ErrorType.NOT_FOUND, message, false);
+    }
+}
+
+export class ForbiddenError extends ApiError {
+    constructor(message = 'Permission denied') {
+        super(ErrorType.FORBIDDEN, message, false);
+    }
+}
+
+export class NoEntryError extends ApiError {
+    constructor(message = "Entry don't exists") {
+        super(ErrorType.NO_ENTRY, message, false);
+    }
+}
+
+export class BadTokenError extends ApiError {
+    constructor(message = 'Token is not valid') {
+        super(ErrorType.BAD_TOKEN, message, false);
+    }
+}
+
+export class TokenExpiredError extends ApiError {
+    constructor(message = 'Token is expired') {
+        super(ErrorType.TOKEN_EXPIRED, message, false);
+    }
+}
+
+export class NoDataError extends ApiError {
+    constructor(message = 'No data available') {
+        super(ErrorType.NO_DATA, message, false);
+    }
+}
+
+export class AccessTokenError extends ApiError {
+    constructor(message = 'Invalid access token') {
+        super(ErrorType.ACCESS_TOKEN, message, false);
+    }
+}

package/template/src/core/ApiResponse.ts

@@ -0,0 +1,140 @@
+import { Response } from 'express';
+
+// Helper code for the API consumer to understand the error and handle it accordingly
+enum StatusCode {
+    SUCCESS = '10000',
+    FAILURE = '10001',
+    RETRY = '10002',
+    INVALID_ACCESS_TOKEN = '10003',
+}
+
+enum ResponseStatus {
+    SUCCESS = 200,
+    BAD_REQUEST = 400,
+    UNAUTHORIZED = 401,
+    FORBIDDEN = 403,
+    NOT_FOUND = 404,
+    INTERNAL_ERROR = 500,
+}
+
+abstract class ApiResponse {
+    constructor(
+        protected statusCode: StatusCode,
+        protected status: ResponseStatus,
+        protected message: string,
+        protected success: boolean
+    ) { }
+
+    protected prepare<T extends ApiResponse>(
+        res: Response,
+        response: T,
+        headers: { [key: string]: string },
+    ): Response {
+        for (const [key, value] of Object.entries(headers)) res.append(key, value);
+        return res.status(this.status).json(ApiResponse.sanitize(response));
+    }
+
+    public send(
+        res: Response,
+        headers: { [key: string]: string } = {},
+    ): Response {
+        return this.prepare<ApiResponse>(res, this, headers);
+    }
+
+    private static sanitize<T extends ApiResponse>(response: T): T {
+        const clone: T = {} as T;
+        Object.assign(clone, response);
+        // @ts-expect-error: optional
+        delete clone.status;
+        for (const i in clone) if (typeof clone[i] === 'undefined') delete clone[i];
+        return clone;
+    }
+}
+
+export class AuthFailureResponse extends ApiResponse {
+    constructor(message = 'Authentication Failure') {
+        super(StatusCode.FAILURE, ResponseStatus.UNAUTHORIZED, message, false);
+    }
+}
+
+export class NotFoundResponse extends ApiResponse {
+    constructor(message = 'Not Found') {
+        super(StatusCode.FAILURE, ResponseStatus.NOT_FOUND, message, false);
+    }
+
+    send(res: Response, headers: { [key: string]: string } = {}): Response {
+        return super.prepare<NotFoundResponse>(res, this, headers);
+    }
+}
+
+export class ForbiddenResponse extends ApiResponse {
+    constructor(message = 'Forbidden') {
+        super(StatusCode.FAILURE, ResponseStatus.FORBIDDEN, message, false);
+    }
+}
+
+export class BadRequestResponse extends ApiResponse {
+    constructor(message = 'Bad Parameters') {
+        super(StatusCode.FAILURE, ResponseStatus.BAD_REQUEST, message, false);
+    }
+}
+
+export class InternalErrorResponse extends ApiResponse {
+    constructor(message = 'Internal Error') {
+        super(StatusCode.FAILURE, ResponseStatus.INTERNAL_ERROR, message, false);
+    }
+}
+
+export class SuccessMsgResponse extends ApiResponse {
+    constructor(message: string) {
+        super(StatusCode.SUCCESS, ResponseStatus.SUCCESS, message, true);
+    }
+}
+
+export class FailureMsgResponse extends ApiResponse {
+    constructor(message: string) {
+        super(StatusCode.FAILURE, ResponseStatus.SUCCESS, message, false);
+    }
+}
+
+export class SuccessResponse<T> extends ApiResponse {
+    constructor(message: string, private data: T) {
+        super(StatusCode.SUCCESS, ResponseStatus.SUCCESS, message, true);
+    }
+
+    send(res: Response, headers: { [key: string]: string } = {}): Response {
+        return super.prepare<SuccessResponse<T>>(res, this, headers);
+    }
+}
+
+export class AccessTokenErrorResponse extends ApiResponse {
+    private instruction = 'refresh_token';
+
+    constructor(message = 'Access token invalid') {
+        super(
+            StatusCode.INVALID_ACCESS_TOKEN,
+            ResponseStatus.UNAUTHORIZED,
+            message,
+            false
+        );
+    }
+
+    send(res: Response, headers: { [key: string]: string } = {}): Response {
+        headers.instruction = this.instruction;
+        return super.prepare<AccessTokenErrorResponse>(res, this, headers);
+    }
+}
+
+export class TokenRefreshResponse extends ApiResponse {
+    constructor(
+        message: string,
+        private accessToken: string,
+        private refreshToken: string,
+    ) {
+        super(StatusCode.SUCCESS, ResponseStatus.SUCCESS, message, true);
+    }
+
+    send(res: Response, headers: { [key: string]: string } = {}): Response {
+        return super.prepare<TokenRefreshResponse>(res, this, headers);
+    }
+}

package/template/src/core/asyncHandler.ts

@@ -0,0 +1,15 @@
+import { Request, Response, NextFunction } from "express";
+
+type AsyncFunction<Req extends Request = Request> = (
+    req: Req,
+    res: Response,
+    next: NextFunction
+) => Promise<void>;
+
+export function asyncHandler<Req extends Request = Request>(
+    execution: AsyncFunction<Req>
+) {
+    return (req: Request, res: Response, next: NextFunction) => {
+        execution(req as Req, res, next).catch(next);
+    };
+}

package/template/src/core/authUtils.ts

@@ -0,0 +1,68 @@
+import { AuthFailureError, InternalError } from './ApiError';
+import User from './../types/User';
+import { Tokens } from './../types/app-requests';
+import JWT, { JwtPayload } from './jwtUtils';
+import { tokenInfo } from './../config';
+import { Types } from 'mongoose';
+import bcryptjs from 'bcryptjs';
+
+export const getAccessToken = (authorization?: string) => {
+    if (!authorization) throw new AuthFailureError('Invalid Authorization');
+    if (!authorization.startsWith('Bearer '))
+        throw new AuthFailureError('Invalid Authorization');
+    return authorization.split(' ')[1];
+};
+
+export const validateTokenData = (payload: JwtPayload): boolean => {
+    if (
+        !payload ||
+        !payload.iss ||
+        !payload.sub ||
+        !payload.aud ||
+        !payload.prm ||
+        payload.iss !== tokenInfo.issuer ||
+        payload.aud !== tokenInfo.audience ||
+        !Types.ObjectId.isValid(payload.sub)
+    )
+        throw new AuthFailureError('Invalid Access Token');
+    return true;
+};
+
+export const createTokens = async (
+    user: User,
+    accessTokenKey: string,
+    refreshTokenKey: string,
+): Promise<Tokens> => {
+    const accessToken = await JWT.encode(
+        new JwtPayload(
+            tokenInfo.issuer,
+            tokenInfo.audience,
+            user._id.toString(),
+            accessTokenKey,
+            tokenInfo.accessTokenValidity,
+        ),
+    );
+
+    if (!accessToken) throw new InternalError();
+
+    const refreshToken = await JWT.encode(
+        new JwtPayload(
+            tokenInfo.issuer,
+            tokenInfo.audience,
+            user._id.toString(),
+            refreshTokenKey,
+            tokenInfo.refreshTokenValidity,
+        ),
+    );
+
+    if (!refreshToken) throw new InternalError();
+
+    return {
+        accessToken: accessToken,
+        refreshToken: refreshToken,
+    } as Tokens;
+};
+
+export const isPasswordCorrect = async function (userPassword: string, hashedPassword: string) {
+    return await bcryptjs.compare(userPassword, hashedPassword);
+};