UNPKG

nbd-app

Version:

🚀 CLI tool to scaffold full-stack authentication starter projects with React, Node.js, and multiple auth providers (Email, Google, and more)

68 lines (56 loc) • 1.87 kB
require('dotenv').config(); const express = require('express'); const cors = require('cors'); const cookieParser = require('cookie-parser'); const morgan = require('morgan'); const rateLimit = require('express-rate-limit'); const connectDB = require('./db'); const authRoutes = require('./routes/authRoutes'); const session = require('express-session'); const passport = require('passport'); // Initialize express app const app = express(); const PORT = process.env.PORT || 5000; // Connect to MongoDB connectDB(); // Middleware app.use(express.json()); app.use(cookieParser()); app.use(morgan('dev')); // CORS setup for development and production const allowedOrigins = [ process.env.PRODUCTION_FRONTEND_URL, process.env.LOCALHOST_FRONTEND_URL ]; app.use(cors({ origin: function (origin, callback) { // Allow requests with no origin (like mobile apps or curl) if (!origin) return callback(null, true); if (allowedOrigins.includes(origin)) { return callback(null, true); } else { return callback(new Error('Not allowed by CORS')); } }, credentials: true, methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'], allowedHeaders: ['Content-Type', 'Authorization', 'Cookie', 'Accept'], exposedHeaders: ['set-cookie'], })); // Rate limiting for auth routes const authLimiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 100, // max 100 requests per window per IP message: { success: false, message: 'Too many attempts, please try again later.' } }); app.use('/api/auth/', authLimiter); app.use(session({ secret: 'your_secret', resave: false, saveUninitialized: true })); app.use(passport.initialize()); app.use(passport.session()); // Routes app.use('/api/auth', authRoutes); // ...other rout // Start server app.listen(PORT, () => { console.log(`Server running on port ${PORT}`); });