UNPKG

generator-restgoose

Version:

Modern, Lightweight, and Powerfull Rest API Code generator. Out-Of-Box NodeJS REST API Server generator built on top of Mongoose, Express, Cors, Passport, JWT and many more.

debabhishek.com/writes/Rapid-NodeJS-REST-API-Server-generator-with-generator-restgoose-and-yo/

vikz91/generator-restgoose

98 lines (75 loc) 3.22 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# Authentication Setup > Passport + JsonWebToken + Redis enabled robust Authentication & Authorization for Restgoose ## Setup 1. Install Redis Server a. [Windows](https://github.com/rgl/redis/downloads) b. Mac OS X ``brew install redis`` c. [Linux](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-redis) 2. Open ``app.js`` from root directory and uncomment the lines where it is written ``UNCOMMENT IF USING AUTH``. For reference, the line no.s are 16-36, 125-133, 139, 145. 3. [*Optional*] Change redis port if its not runnig on the defult one, in ``config/lib.js``. 4. [*Optional*, **Recommended**] Change jwt secret and Sendgrid API key in ``config/lib.js``. 5. Enable *useAuth* in config/development. 6. That's it. Your authentication system is up and running. ## Securing APIs By Default All created APIs will be decured by JWT Auth. You can add exceptions in *config*. ## Route Usage 1. Auth Routes: 1. /api/auth/check 2. /api/auth/login 3. /api/auth/logout 4. /api/auth/register 6. /api/auth/password/validate 8. /api/auth/password/change 9. /api/auth/password/forgot/:email 10. /api/auth/password/forgot/:email/:token 11. /api/auth/profile/role 12. /api/auth/profile/status 2. Register a basic account ``` /api/auth/register curl -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{ "email":"shaktimaan@g.c", "password":"killwish", "profile":{ "firstName":"ABC", "lastName":"XYZ" } }' "http://localhost:3000/api/auth/register" ``` This will, by default, have a `Member` role. 3. Login ``` curl -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{ "email":"v@g.c", "password":"lalalaPassword" }' "http://localhost:3000/api/auth/login" ``` 4. Logout ``` curl -X POST -H "Content-Type: application/json" -H "Authorization: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWsdgOTY2YzNmYTUzNzV2YzlkYWMiLCJuYW1lIjoiQWJoaSIs133YWsdgJyb2xlIjoiTWVtYmVyIiwsdgF0Ijsdgsg3NTAwLCJleHAiOjE0ODkx55ODB9.XHXG6iWW0N3368Gpe6jOpexr8C6QNHMGTTB55Tkr70Q" -H "Cache-Control: no-cache" "http://localhost:3000/api/auth/logout" ``` A logout endpoint will expect a logged-in token, otherwise, it will not logout. 5. Access Secured Route ``` curl -X GET -H "Content-Type: application/json" -H "Authorization: JWT eyJhbGciOiJIUzIjkl13CI6IkpXVCJ9.eyJfaWQiOiI1OGMyOTY435hYTUzNzVhMjRifd5tg5WMiLCJuYW1lIjoiQWJoaSI3VtYWlsfg34b2xlIjtyWVtYdsgWF0IjoxNDg5MTQ3NTI2LCJleHAiOjE0ODkxNTc2MDZ9.aodmKjvnmp4urjMtgbBO_MoQCsKP20dyOMfHKRoo" -H "Cache-Control: no-cache" "http://localhost:3000/dashboard" ``` The server will allways expect a JWT header (returned after login) to be present in the Authorization Header. Always! ## Developer Usage [Todo] Check out sample route on usage in ``/routes/sampleauth.js``. ## Architecture After a successful login, the token and user data will be store on redis memory. So, if a token needs to be revoked, it can be done by deleting the token from redis. Restarting the redis server will essentially logout all users.