I'm making a reusable boilerplate for myself to use as the basis for Express apps with authentication.
- ES Modules
- Node 18
- Nunjucks
- Better-Sqlite3
- Express Sessions
- Try to do some best practices like salt and stuff
- zxcvbn for password strength
npm run migrations
to run first time DB setup scripts- Server-side pages with progressive enhancement using petite-vue, generally.
The base system provides the following pages:
- Index (
/
) - Login (
/login
) - Register (
/register
)
There are two usage styles:
- POST-Redirect-GET (PRG)
- JSON API
POST to the /login
, /logout
, or /register
routes with Form Data (see example Login page). On success, you will be redirected to index with the Session User set. On failure, you'll stay on the page and the model will be a common result type with a status
and message
or model
.
POST with form data or JSON data to the /api/login
, /api/logout
, or /api/register
endpoints with e.g. {"username":"Ste","password":"Test"}
.
await fetch("/api/login", {
method: "POST",
headers: {
Accept: "application/json",
"Content-Type": "application/json",
},
body: JSON.stringify({ username: "Ste", password: "Test" }),
});
Registration also accepts an optional email
parameter (make this mandatory if you want).
You will receive a JSON response like:
{
"status": "OK",
"model": {
"ID": 1,
"Username": "Ste",
"Email": "[email protected]"
}
}
For failed registration, the response will have a message
field, and the model
field will be the complete result object from zxcvbn.
Successful registration logs you in immediately.
Get the current user with GET /api/user
which will either return the user model or a 401 error.
Salt is 200 chars to accomodate 128 bytes to base64 (should be 172 chars)
Each column in an SQLite 3 database is assigned one of the following type affinities:
- TEXT
- NUMERIC
- INTEGER
- REAL
- BLOB
https://www.sqlite.org/datatype3.html
Download the SQLite CLI from: https://sqlite.org/download.html
Look for 'sqlite-tools-win32'
To run SQL migrations one-by-one or to run the inspections, use SQLite CLI, and, for example:
sqlite> .read sql/check-logs.sql
We have some mjs
files in /ops
which run things:
npm run migrations
- runs/ops/migrations.mjs
- sets up DB for first time;npm run status
- run/ops/status.mjs
- gets stats about extant data.