nbd-app
Version:
🚀 CLI tool to scaffold full-stack authentication starter projects with React, Node.js, and multiple auth providers (Email, Google, and more)
68 lines (56 loc) • 1.87 kB
JavaScript
require('dotenv').config();
const express = require('express');
const cors = require('cors');
const cookieParser = require('cookie-parser');
const morgan = require('morgan');
const rateLimit = require('express-rate-limit');
const connectDB = require('./db');
const authRoutes = require('./routes/authRoutes');
const session = require('express-session');
const passport = require('passport');
// Initialize express app
const app = express();
const PORT = process.env.PORT || 5000;
// Connect to MongoDB
connectDB();
// Middleware
app.use(express.json());
app.use(cookieParser());
app.use(morgan('dev'));
// CORS setup for development and production
const allowedOrigins = [
process.env.PRODUCTION_FRONTEND_URL,
process.env.LOCALHOST_FRONTEND_URL
];
app.use(cors({
origin: function (origin, callback) {
// Allow requests with no origin (like mobile apps or curl)
if (!origin) return callback(null, true);
if (allowedOrigins.includes(origin)) {
return callback(null, true);
} else {
return callback(new Error('Not allowed by CORS'));
}
},
credentials: true,
methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
allowedHeaders: ['Content-Type', 'Authorization', 'Cookie', 'Accept'],
exposedHeaders: ['set-cookie'],
}));
// Rate limiting for auth routes
const authLimiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // max 100 requests per window per IP
message: { success: false, message: 'Too many attempts, please try again later.' }
});
app.use('/api/auth/', authLimiter);
app.use(session({ secret: 'your_secret', resave: false, saveUninitialized: true }));
app.use(passport.initialize());
app.use(passport.session());
// Routes
app.use('/api/auth', authRoutes);
// ...other rout
// Start server
app.listen(PORT, () => {
console.log(`Server running on port ${PORT}`);
});