UNPKG

myex-cli

Version:

Opinionated Express.js framework with CLI tools

243 lines (180 loc) 7.14 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
# Product Requirements Document (PRD) ## Overview The MYX project is a modern, scalable Express.js application template built with ES6 modules. It aims to provide a solid foundation for building secure, maintainable, and production-ready APIs. ### Target Audience - Backend developers seeking a well-structured Express.js starter - Teams that need a secure API server with MongoDB integration - Developers who want to leverage modern JavaScript features with ES6 modules - Organizations looking for a containerized application template with Kubernetes support ### Objectives 1. Provide a clean, modular architecture for Express.js applications 2. Implement robust security measures and best practices 3. Enable seamless integration with MongoDB 4. Support containerization and orchestration for modern deployment workflows 5. Include comprehensive documentation and testing infrastructure ## Features ### Core Features 1. **Modular Architecture** - Clear separation of concerns with distinct layers (controllers, services, models) - Organized folder structure to improve maintainability - ES6 module system for cleaner imports and exports 2. **Secure Authentication** - JWT-based authentication with access and refresh tokens - Passport.js integration for flexible authentication strategies - Role-based access control for protected routes 3. **Database Integration** - MongoDB integration using Mongoose - Schema validation for data integrity - Optimized database connection management 4. **Logging and Error Handling** - Comprehensive logging with Winston - Centralized error handling with appropriate status codes - Environment-based error information (detailed in development, limited in production) 5. **Containerization and Orchestration** - Docker support with optimized Dockerfile - Docker Compose for local multi-container setup - Kubernetes manifests for production deployment 6. **Process Management** - PM2 integration for process clustering - Automatic application restarts on failures - Enhanced performance through load balancing ### Security Features 1. **HTTP Security Headers** - Helmet integration for secure HTTP headers - Content Security Policy configuration - Prevention of common web vulnerabilities 2. **CORS Protection** - Configurable CORS policies - Domain-based access control - Secure cookie handling 3. **Rate Limiting** - Protection against brute force attacks - Configurable request limits - IP-based rate limiting 4. **Password Security** - Secure password hashing with bcrypt - Password reset functionality - Protection against common password attacks ## Functional Requirements ### API Endpoints #### Authentication Endpoints 1. **User Registration** - `POST /api/auth/register`: Create a new user account - Required fields: name, email, password - Returns: User details and authentication tokens 2. **User Login** - `POST /api/auth/login`: Authenticate a user - Required fields: email, password - Returns: User details and authentication tokens 3. **Token Refresh** - `POST /api/auth/refresh-token`: Refresh an expired access token - Required fields: refresh_token - Returns: New access token 4. **Logout** - `POST /api/auth/logout`: Invalidate refresh token - Required fields: refresh_token 5. **Password Reset** - `POST /api/auth/forgot-password`: Initiate password reset - `POST /api/auth/reset-password`: Complete password reset #### User Management Endpoints 1. **Get Current User** - `GET /api/users/me`: Get the current user's profile - Requires authentication 2. **Get User by ID** - `GET /api/users/:id`: Get a user by ID - Requires authentication (user's own profile or admin) 3. **Update User** - `PUT /api/users/:id`: Update a user's profile - Requires authentication (user's own profile or admin) 4. **Delete User** - `DELETE /api/users/:id`: Delete a user - Requires admin authentication ### Monitoring and Health 1. **Health Check** - `GET /health`: Check API health status - Returns: Status and timestamp 2. **API Information** - `GET /api`: Get API information - Returns: API version, available endpoints ## Non-Functional Requirements ### Performance 1. **Response Time** - API endpoints should respond within 200ms (95th percentile) - Health check endpoint should respond within 50ms 2. **Throughput** - Handle at least 1000 requests per second on recommended hardware - Scale horizontally with Kubernetes for higher loads 3. **Scalability** - Support clustering with PM2 for vertical scaling - Kubernetes configuration for horizontal scaling ### Security 1. **Authentication** - JWT tokens with appropriate expiration - Refresh token rotation for enhanced security - Prevention of common authentication attacks 2. **Data Protection** - HTTPS required for all communications - Sensitive data encryption (passwords, etc.) - No logging of sensitive information 3. **Authorization** - Role-based access control - Proper validation of user permissions - Protection against privilege escalation ### Reliability 1. **Availability** - System should be available 99.9% of the time - Graceful handling of MongoDB connection issues - Health check endpoint for monitoring 2. **Backup and Recovery** - Support for MongoDB backup strategies - Ability to recover from database failures 3. **Error Handling** - Proper error codes and messages - Detailed logging for troubleshooting - Graceful degradation when possible ### Maintainability 1. **Code Quality** - Clean, well-documented code - Consistent coding style - Comprehensive test coverage 2. **Documentation** - Detailed API documentation - Clear project structure documentation - Deployment and configuration guides 3. **Monitoring** - Logging for debugging and audit purposes - Support for monitoring tools integration - Performance metrics collection ## Technical Requirements ### Technology Stack 1. **Backend** - Node.js (>=18.0.0) - Express.js with ES6 modules - MongoDB with Mongoose - Passport.js for authentication - Winston for logging 2. **DevOps** - Docker for containerization - Docker Compose for local development - Kubernetes for production deployment - PM2 for process management 3. **Testing** - Jest for unit and integration testing - Supertest for API testing ### Development Environment 1. **Local Setup** - Docker Compose for local development - Environment variables through .env file - Nodemon for hot reloading during development 2. **Testing Environment** - Isolated test database - Mock services for external dependencies ### Deployment Environment 1. **Containerized Deployment** - Docker image with optimized configuration - Multi-stage builds for production 2. **Kubernetes Deployment** - Deployment manifests for application - Service configuration for networking - Ingress for external access - StatefulSet for MongoDB