nodejs + express security and performance boilerplate.
My nodejs + express security and performance playground (boilerplate).
Disclaimer: The main purpose of this repository is to demonstrate security, caching and performance principles, it's not about DB, UI, UX.
Certificate
The application runs only on HTTPS, so a certificate is required. If you want to just try it locally, then generate self-signed certificate online for domain localhost
and save both files into the server/certificates/
folder. Name them server.cert
and server.key
.
Redis The application uses Redis to store sessions, caching, websockets and saving rate limits. Please follow their installation guide.
yarn install
or npm install
yarn run start
or npm run start
https://localhost:8443/
in a browser (you can change the port if you re-run the previous command with PORT=8444 yarn run start
)yarn install
or npm install
yarn run build:client
yarn run watch:server
(runs nodemon so any change in server's code immediately restarts server)https://localhost:5000/
in a browser (you can change the port in nodemon.json
)The application can run as a cluster of node applications. Use "useCluster"
option in server/config/config.json
:
You can change server/config/config.json
file directly. If you are in development mode and you don't want to commit your config changes, then create config.dev.json
next to the original JSON file and store your overrides there. Both configs are deeply merged together, config.dev.json
takes precedence.
yarn run test:unit
to run unit tests onlyyarn run test:vulnerabilities
to check app dependencies for vulnerabilities (using nsp)to run e2e tests, you have to start the server in development first
yarn run test:e2e
If you want to run all tests, start the server in development mode and then run yarn run test
The application uses rate limiters to prevent hundreds of requests from the same IP address. This protection must be turned off while running e2e tests, otherwise the tests will start to fail randomly after the limits are reached. To turn it off, create config.dev.json
and add into it:
{
"rateLimiter": {
"enabled": false
}
}