Version 4.14.0 (Security)

- Update packages
- Create .env vars instead of available constants in code
 - Add support for public and private routes

Author: renanlopescoder

.gitignore

@@ -1,3 +1,4 @@
 node_modules
 *.log
-package-lock.json
+package-lock.json
+.env

README.md

@@ -97,7 +97,20 @@ This application is hosted on Heroku and serve a bunch of AJAX requests to give
 ## Configuring the API locally
 
 - Download or clone the project access the project folder with the terminal and execute the CLI <code>npm install</code>
-- To change database change on constants the databaseUrl
+- Create your .env file with the following configuration
+  - WORKERS: How many workers you need
+  - AUTO_SCALE: When enabled will create workers by CPU Eg.: CPU \* WORKERS
+  - DATABASE_URL: Your database URL
+  - AUTH_ROUNDS and AUTH_SECRET: Those are used for authentication and verification
+
+```
+WORKERS=1
+AUTO_SCALE=true
+DATABASE_URL=mongodb+srv://<user>:<password>@cluster0.mongodb.net/?retryWrites=true&w=majority
+AUTH_ROUNDS=15
+AUTH_SECRET=docssecret
+```
+
 - Run the server <code>npm start</code>
 - Access in your browser <a href="http://localhost:3000/projects">http://localhost:3000/projects</a>
 
@@ -111,6 +124,6 @@ This application is hosted on Heroku and serve a bunch of AJAX requests to give
 
 By: <a href="http://renanlopes.com">Renan Lopes</a>
 
-[heroku.com]: https://www.heroku.com
-[mlab.com]: https://mlab.com
+[vercel.com]: https://www.vercel.com
+[mongodb.com]: https://www.mongodb.com/atlas/database
 [github.com]: https://www.github.com

package.json

@@ -1,25 +1,26 @@
 {
   "name": "node_api",
-  "version": "3.2.0",
+  "version": "4.14.0",
   "description": "Node API is production ready and open source project in Node, Express, MongoDB",
   "scripts": {
     "start": "node server.js"
   },
   "author": "Renan Lopes",
   "license": "MIT",
   "dependencies": {
-    "bcrypt": "4.0.1",
-    "body-parser": "1.19.0",
+    "bcrypt": "^5.1.1",
+    "body-parser": "^1.20.2",
     "consign": "^0.1.6",
     "cors": "^2.8.3",
+    "dotenv": "^16.4.1",
     "express": "^4.14.0",
-    "jsonwebtoken": "^8.5.1",
-    "mongoose": "5.9.11",
-    "nodemailer": "6.4.6",
+    "jsonwebtoken": "^9.0.2",
+    "mongoose": "^5.13.22",
+    "nodemailer": "^6.9.9",
     "swagger-jsdoc": "^4.3.2",
     "swagger-ui-express": "^4.1.6"
   },
   "engines": {
-    "node": "14.1.0"
+    "node": "20.x"
   }
 }

server.js

@@ -2,17 +2,39 @@ const mongoose = require("mongoose");
 const expressServer = require("./src/config/express");
 const cluster = require("cluster");
 const OS = require("os");
-const { databaseUrl } = require("./src/app/Constants/database");
-
-const PORT = process.env.PORT || 8080;
+require("dotenv").config();
 
 class App {
-  constructor(workers, autoScale = true) {
-    this.buildCluster(workers, autoScale);
+  port;
+  databaseUrl;
+
+  constructor() {
+    this.validateEnvVars();
+
+    this.port = process.env.PORT || 8080;
+    this.databaseUrl = process.env.DATABASE_URL;
+
+    this.buildCluster();
   }
 
+  validateEnvVars = () => {
+    const errorMessage = "Required Environment Variable:";
+
+    if (!process.env.DATABASE_URL) {
+      throw new Error(`${errorMessage} DATABASE_URL`);
+    }
+
+    if (!process.env.AUTH_ROUNDS) {
+      throw new Error(`${errorMessage} AUTH_ROUNDS`);
+    }
+
+    if (!process.env.AUTH_SECRET) {
+      throw new Error(`${errorMessage} AUTH_SECRET`);
+    }
+  };
+
   database = () => {
-    mongoose.connect(databaseUrl, {
+    mongoose.connect(this.databaseUrl, {
       useCreateIndex: true,
       useNewUrlParser: true,
       useUnifiedTopology: true,
@@ -34,13 +56,15 @@ class App {
     });
   };
 
-  buildCluster = (workers, autoScale) => {
-    if (autoScale) {
+  buildCluster = () => {
+    let workers = Number(process.env.WORKERS ?? 1);
+
+    if (process.env.AUTO_SCALE === "true") {
       workers = this.autoScale(workers);
     }
 
     if (cluster.isMaster) {
-      console.log("Cluster Master Online");
+      console.log("Master Cluster Online");
 
       for (let i = 0; i < workers; i += 1) {
         console.log(`Creating instances ${workers}`);
@@ -52,25 +76,18 @@ class App {
         cluster.fork();
       });
     } else {
-      expressServer.listen(PORT, () => {
+      expressServer.listen(this.port, () => {
         this.database();
-        console.log(`Server running on port ${PORT}`);
+        console.log(`Server running on port ${this.port}`);
       });
     }
   };
 
   autoScale = (workersByCpu) => {
     const cpus = OS.cpus().length;
-    const workers = cpus / workersByCpu;
+    const workers = cpus * workersByCpu;
     return workers;
   };
 }
 
-/**
- * Application Start
- *
- * @param number number of workers
- * @param boolean auto scale will use the number of workers by each CPU
- */
-
-new App(1, false);
+new App();

src/app/Constants/auth.js

@@ -2,7 +2,6 @@ const mongoose = require("mongoose");
 const bcrypt = require("bcrypt");
 const jwt = require("jsonwebtoken");
 const model = mongoose.model("User");
-const { secret } = require("../Constants/auth");
 
 class AuthController {
   login = async (req, res) => {
@@ -13,7 +12,7 @@ class AuthController {
       let token;
       if (!match) {
         res.status(401).send({ error: "error", message: "Password mismatch" });
-        token = jwt.sign({ user_id: user._id }, secret, {
+        token = jwt.sign({ user_id: user._id }, process.env.AUTH_SECRET, {
           expiresIn: "3h",
         });
       }
@@ -37,7 +36,7 @@ class AuthController {
     const token = req.get("Authorization");
     if (token) {
       try {
-        let decoded = jwt.verify(token, secret);
+        let decoded = jwt.verify(token, process.env.AUTH_SECRET);
         req.user = decoded;
         next();
       } catch (error) {

src/app/Constants/database.js

@@ -1,19 +1,18 @@
 const mongoose = require("mongoose");
 const bcrypt = require("bcrypt");
-const { rounds } = require("../Constants/auth");
 const model = mongoose.model("User");
 
 const MailerService = require("../Services/Mail");
 
 class UserController {
-  hashPassword = password => {
-    const saltRounds = bcrypt.genSaltSync(rounds);
+  hashPassword = (password) => {
+    const saltRounds = bcrypt.genSaltSync(process.env.AUTH_ROUNDS);
     const hashedPassword = bcrypt.hashSync(password, saltRounds);
 
     return hashedPassword;
   };
 
-  sendWelcomeEmail = email => {
+  sendWelcomeEmail = (email) => {
     const content = MailerService.welcomeMailContent(email);
     MailerService.sendMail(content);
   };

src/app/Controllers/AuthController.js

@@ -1,8 +1,8 @@
-module.exports = src => {
+module.exports = (src) => {
   const { AuthController, UserController } = src.app.Controllers;
 
   src.post("/login", AuthController.login);
   src.post("/users/create", UserController.createUser);
   // Private Routes
-  // src.use("/*", AuthController.verifyToken);
+  src.use("/*", AuthController.verifyToken);
 };

src/app/Controllers/UserController.js

@@ -20,8 +20,9 @@ app.get("/docs", swaggerUi.setup(specs, { explorer: true }));
 consign({ cwd: process.cwd() + "/src" })
   .include("app/Models")
   .then("app/Controllers")
+  .then("routes/public")
   .then("app/Middleware/AuthMiddleware.js")
-  .then("routes")
+  .then("routes/private")
   .into(app);
 
 module.exports = app;