create-nodejs-express-starter 1.7.0

package/src/index.js

@@ -0,0 +1,57 @@
+const mongoose = require('mongoose');
+const app = require('./app');
+const config = require('./config/config');
+const logger = require('./config/logger');
+
+let server;
+
+mongoose
+  .connect(config.mongoose.url, config.mongoose.options)
+  .then(() => {
+    logger.info('Connected to MongoDB');
+    server = app.listen(config.port, () => {
+      logger.info(`Listening to port ${config.port}`);
+    });
+  })
+  .catch((err) => {
+    logger.error('MongoDB connection failed:', err.message);
+    process.exit(1);
+  });
+
+const exitHandler = () => {
+  if (server) {
+    server.close(() => {
+      logger.info('Server closed');
+      mongoose.connection.close(false).then(() => {
+        logger.info('MongoDB connection closed');
+        process.exit(1);
+      });
+    });
+  } else {
+    mongoose.connection.close(false).then(() => {
+      process.exit(1);
+    });
+  }
+};
+
+const unexpectedErrorHandler = (error) => {
+  logger.error(error);
+  exitHandler();
+};
+
+process.on('uncaughtException', unexpectedErrorHandler);
+process.on('unhandledRejection', unexpectedErrorHandler);
+
+process.on('SIGTERM', () => {
+  logger.info('SIGTERM received');
+  if (server) {
+    server.close(() => {
+      mongoose.connection.close(false).then(() => {
+        logger.info('Graceful shutdown complete');
+        process.exit(0);
+      });
+    });
+  } else {
+    mongoose.connection.close(false).then(() => process.exit(0));
+  }
+});

package/src/middlewares/auth.js

@@ -0,0 +1,33 @@
+const passport = require('passport');
+const httpStatus = require('http-status');
+const ApiError = require('../utils/ApiError');
+const { roleRights } = require('../config/roles');
+
+const verifyCallback = (req, resolve, reject, requiredRights) => async (err, user, info) => {
+  if (err || info || !user) {
+    return reject(new ApiError(httpStatus.UNAUTHORIZED, 'Please authenticate'));
+  }
+  req.user = user;
+
+  if (requiredRights.length) {
+    const userRights = roleRights.get(user.role);
+    const hasRequiredRights = requiredRights.every((requiredRight) => userRights.includes(requiredRight));
+    if (!hasRequiredRights && req.params.userId !== user.id) {
+      return reject(new ApiError(httpStatus.FORBIDDEN, 'Forbidden'));
+    }
+  }
+
+  resolve();
+};
+
+const auth =
+  (...requiredRights) =>
+  async (req, res, next) => {
+    return new Promise((resolve, reject) => {
+      passport.authenticate('jwt', { session: false }, verifyCallback(req, resolve, reject, requiredRights))(req, res, next);
+    })
+      .then(() => next())
+      .catch((err) => next(err));
+  };
+
+module.exports = auth;

package/src/middlewares/error.js

@@ -0,0 +1,47 @@
+const mongoose = require('mongoose');
+const httpStatus = require('http-status');
+const config = require('../config/config');
+const logger = require('../config/logger');
+const ApiError = require('../utils/ApiError');
+
+const errorConverter = (err, req, res, next) => {
+  let error = err;
+  if (!(error instanceof ApiError)) {
+    const statusCode =
+      error.statusCode || error instanceof mongoose.Error ? httpStatus.BAD_REQUEST : httpStatus.INTERNAL_SERVER_ERROR;
+    const message = error.message || httpStatus[statusCode];
+    error = new ApiError(statusCode, message, false, err.stack);
+  }
+  next(error);
+};
+
+// eslint-disable-next-line no-unused-vars
+const errorHandler = (err, req, res, next) => {
+  let { statusCode, message } = err;
+  if (config.env === 'production' && !err.isOperational) {
+    statusCode = httpStatus.INTERNAL_SERVER_ERROR;
+    message = httpStatus[httpStatus.INTERNAL_SERVER_ERROR];
+  }
+
+  res.locals.errorMessage = err.message;
+
+  const response = {
+    code: statusCode,
+    message,
+    ...(req.id && { requestId: req.id }),
+    ...(config.env === 'development' && { stack: err.stack }),
+  };
+
+  if (config.env === 'development') {
+    logger.error(err);
+  } else if (config.env !== 'test') {
+    logger.error(`[${req.id || 'unknown'}] ${statusCode} - ${message}`);
+  }
+
+  res.status(statusCode).send(response);
+};
+
+module.exports = {
+  errorConverter,
+  errorHandler,
+};

package/src/middlewares/rateLimiter.js

@@ -0,0 +1,11 @@
+const rateLimit = require('express-rate-limit');
+
+const authLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 20,
+  skipSuccessfulRequests: true,
+});
+
+module.exports = {
+  authLimiter,
+};

package/src/middlewares/requestId.js

@@ -0,0 +1,14 @@
+const { randomUUID } = require('crypto');
+
+/**
+ * Attach a unique request ID to each request for tracing
+ * Uses X-Request-Id header if present, otherwise generates a UUID
+ */
+const requestId = (req, res, next) => {
+  const id = req.get('X-Request-Id') || randomUUID();
+  req.id = id;
+  res.setHeader('X-Request-Id', id);
+  next();
+};
+
+module.exports = requestId;

package/src/middlewares/validate.js

@@ -0,0 +1,21 @@
+const Joi = require('joi');
+const httpStatus = require('http-status');
+const pick = require('../utils/pick');
+const ApiError = require('../utils/ApiError');
+
+const validate = (schema) => (req, res, next) => {
+  const validSchema = pick(schema, ['params', 'query', 'body']);
+  const object = pick(req, Object.keys(validSchema));
+  const { value, error } = Joi.compile(validSchema)
+    .prefs({ errors: { label: 'key' }, abortEarly: false })
+    .validate(object);
+
+  if (error) {
+    const errorMessage = error.details.map((details) => details.message).join(', ');
+    return next(new ApiError(httpStatus.BAD_REQUEST, errorMessage));
+  }
+  Object.assign(req, value);
+  return next();
+};
+
+module.exports = validate;

package/src/models/index.js

@@ -0,0 +1,2 @@
+module.exports.Token = require('./token.model');
+module.exports.User = require('./user.model');

package/src/models/plugins/index.js

@@ -0,0 +1,2 @@
+module.exports.toJSON = require('./toJSON.plugin');
+module.exports.paginate = require('./paginate.plugin');

package/src/models/plugins/paginate.plugin.js

@@ -0,0 +1,70 @@
+/* eslint-disable no-param-reassign */
+
+const paginate = (schema) => {
+  /**
+   * @typedef {Object} QueryResult
+   * @property {Document[]} results - Results found
+   * @property {number} page - Current page
+   * @property {number} limit - Maximum number of results per page
+   * @property {number} totalPages - Total number of pages
+   * @property {number} totalResults - Total number of documents
+   */
+  /**
+   * Query for documents with pagination
+   * @param {Object} [filter] - Mongo filter
+   * @param {Object} [options] - Query options
+   * @param {string} [options.sortBy] - Sorting criteria using the format: sortField:(desc|asc). Multiple sorting criteria should be separated by commas (,)
+   * @param {string} [options.populate] - Populate data fields. Hierarchy of fields should be separated by (.). Multiple populating criteria should be separated by commas (,)
+   * @param {number} [options.limit] - Maximum number of results per page (default = 10)
+   * @param {number} [options.page] - Current page (default = 1)
+   * @returns {Promise<QueryResult>}
+   */
+  schema.statics.paginate = async function (filter, options) {
+    let sort = '';
+    if (options.sortBy) {
+      const sortingCriteria = [];
+      options.sortBy.split(',').forEach((sortOption) => {
+        const [key, order] = sortOption.split(':');
+        sortingCriteria.push((order === 'desc' ? '-' : '') + key);
+      });
+      sort = sortingCriteria.join(' ');
+    } else {
+      sort = 'createdAt';
+    }
+
+    const limit = options.limit && parseInt(options.limit, 10) > 0 ? parseInt(options.limit, 10) : 10;
+    const page = options.page && parseInt(options.page, 10) > 0 ? parseInt(options.page, 10) : 1;
+    const skip = (page - 1) * limit;
+
+    const countPromise = this.countDocuments(filter).exec();
+    let docsPromise = this.find(filter).sort(sort).skip(skip).limit(limit);
+
+    if (options.populate) {
+      options.populate.split(',').forEach((populateOption) => {
+        docsPromise = docsPromise.populate(
+          populateOption
+            .split('.')
+            .reverse()
+            .reduce((a, b) => ({ path: b, populate: a })),
+        );
+      });
+    }
+
+    docsPromise = docsPromise.exec();
+
+    return Promise.all([countPromise, docsPromise]).then((values) => {
+      const [totalResults, results] = values;
+      const totalPages = Math.ceil(totalResults / limit);
+      const result = {
+        results,
+        page,
+        limit,
+        totalPages,
+        totalResults,
+      };
+      return Promise.resolve(result);
+    });
+  };
+};
+
+module.exports = paginate;

package/src/models/plugins/toJSON.plugin.js

@@ -0,0 +1,43 @@
+/* eslint-disable no-param-reassign */
+
+/**
+ * A mongoose schema plugin which applies the following in the toJSON transform call:
+ *  - removes __v, createdAt, updatedAt, and any path that has private: true
+ *  - replaces _id with id
+ */
+
+const deleteAtPath = (obj, path, index) => {
+  if (index === path.length - 1) {
+    delete obj[path[index]];
+    return;
+  }
+  deleteAtPath(obj[path[index]], path, index + 1);
+};
+
+const toJSON = (schema) => {
+  let transform;
+  if (schema.options.toJSON && schema.options.toJSON.transform) {
+    transform = schema.options.toJSON.transform;
+  }
+
+  schema.options.toJSON = Object.assign(schema.options.toJSON || {}, {
+    transform(doc, ret, options) {
+      Object.keys(schema.paths).forEach((path) => {
+        if (schema.paths[path].options && schema.paths[path].options.private) {
+          deleteAtPath(ret, path.split('.'), 0);
+        }
+      });
+
+      ret.id = ret._id.toString();
+      delete ret._id;
+      delete ret.__v;
+      delete ret.createdAt;
+      delete ret.updatedAt;
+      if (transform) {
+        return transform(doc, ret, options);
+      }
+    },
+  });
+};
+
+module.exports = toJSON;

package/src/models/token.model.js

@@ -0,0 +1,44 @@
+const mongoose = require('mongoose');
+const { toJSON } = require('./plugins');
+const { tokenTypes } = require('../config/tokens');
+
+const tokenSchema = mongoose.Schema(
+  {
+    token: {
+      type: String,
+      required: true,
+      index: true,
+    },
+    user: {
+      type: mongoose.SchemaTypes.ObjectId,
+      ref: 'User',
+      required: true,
+    },
+    type: {
+      type: String,
+      enum: [tokenTypes.REFRESH, tokenTypes.RESET_PASSWORD, tokenTypes.VERIFY_EMAIL],
+      required: true,
+    },
+    expires: {
+      type: Date,
+      required: true,
+    },
+    blacklisted: {
+      type: Boolean,
+      default: false,
+    },
+  },
+  {
+    timestamps: true,
+  },
+);
+
+// add plugin that converts mongoose to json
+tokenSchema.plugin(toJSON);
+
+/**
+ * @typedef Token
+ */
+const Token = mongoose.model('Token', tokenSchema);
+
+module.exports = Token;

package/src/models/user.model.js

@@ -0,0 +1,91 @@
+const mongoose = require('mongoose');
+const validator = require('validator');
+const bcrypt = require('bcryptjs');
+const { toJSON, paginate } = require('./plugins');
+const { roles } = require('../config/roles');
+
+const userSchema = mongoose.Schema(
+  {
+    name: {
+      type: String,
+      required: true,
+      trim: true,
+    },
+    email: {
+      type: String,
+      required: true,
+      unique: true,
+      trim: true,
+      lowercase: true,
+      validate(value) {
+        if (!validator.isEmail(value)) {
+          throw new Error('Invalid email');
+        }
+      },
+    },
+    password: {
+      type: String,
+      required: true,
+      trim: true,
+      minlength: 8,
+      validate(value) {
+        if (!value.match(/\d/) || !value.match(/[a-zA-Z]/)) {
+          throw new Error('Password must contain at least one letter and one number');
+        }
+      },
+      private: true, // used by the toJSON plugin
+    },
+    role: {
+      type: String,
+      enum: roles,
+      default: 'user',
+    },
+    isEmailVerified: {
+      type: Boolean,
+      default: false,
+    },
+  },
+  {
+    timestamps: true,
+  },
+);
+
+// add plugin that converts mongoose to json
+userSchema.plugin(toJSON);
+userSchema.plugin(paginate);
+
+/**
+ * Check if email is taken
+ * @param {string} email - The user's email
+ * @param {ObjectId} [excludeUserId] - The id of the user to be excluded
+ * @returns {Promise<boolean>}
+ */
+userSchema.statics.isEmailTaken = async function (email, excludeUserId) {
+  const user = await this.findOne({ email, _id: { $ne: excludeUserId } });
+  return !!user;
+};
+
+/**
+ * Check if password matches the user's password
+ * @param {string} password
+ * @returns {Promise<boolean>}
+ */
+userSchema.methods.isPasswordMatch = async function (password) {
+  const user = this;
+  return bcrypt.compare(password, user.password);
+};
+
+userSchema.pre('save', async function (next) {
+  const user = this;
+  if (user.isModified('password')) {
+    user.password = await bcrypt.hash(user.password, 8);
+  }
+  next();
+});
+
+/**
+ * @typedef User
+ */
+const User = mongoose.model('User', userSchema);
+
+module.exports = User;