Skip to content

Vishwas1/express-prod-boilerplate

Repository files navigation

Express API boilerplate for production

When building REST APIs using node express, it is very easy to get confused as there are so many packages/tools available for different purposes - you do not know which to use and when! In this repository, I tried to consolidate them in this boilerplate repository and use them for example apis with CURD operations. I tried to keep this project (or boilerplate) as close to production as possible, but yeah we know nothing is perfect when it comes to prod deployment but atleast we can give our best. I also believe that, I might have missed out something for sure, which I request you to create an issue, if you find one.

Some thoughts

Building REST apis are fun, but what I have observed is, when you think from start to end, meaning right from planning about these apis, till the deployment of apis (which ofcouse includes security and other important aspects), it becomes more complex and at the same time more fun. So the question is how do we start?

First we plan, in the planning phase you are looking at the whole product without even building it. Writing APIs specification (ofcoures when you have passed the design phase) could be good starting point. You design the API specifications so that:

  • frontend guy start developing the UI,
  • testers start wrting the test cases
  • and backend folks, start working on developing APIs.

All these process happens parallely. This process is called API first approach. I love this approach since it gives me visibility of the whole product before writing too much code! Once done, you repeat the whole process if needed.

Features

  1. Planning

    • Swagger to implement OpenAPI specification 3.0.0
    • Approach - API first (swagger)
  2. Development

    • Framework
      • Nodejs express
      • MVC
      • Typescript
      • Node v14.16.0
    • Debugging (nodemon, ts-node)
    • Storage
      • mongo db
    • Logging (winston)
    • Environment variable (dotenv)
    • Linting (eslint)
    • Security
      • Authentication ?
      • Authorization ?
      • Prevents DOS attack
        • limit body payload
        • express rate limit dependency (express-rate-limit)
      • Prevents XSS attacks
        • Appropriate headers (helmet)
        • Data Sanitization against XSS (xss-clean)
  3. Testing

  4. Deployment

    • Bundling (webpack)
    • Use process manager (PM2)
    • Containerization (docker)

Install and usage

Install dependencies

npm i 

Development

npm run dev 
npm run build:dev
npm run start  

Production

npm run build:prod 
npm run prod #production

Note: Create production.env for production run

Dockerization

Build docker image

npm run build:prod
docker build -t ts-boilerplate .  # build an image

Run container

docker run -p 5000:5000 -d ts-boilerplate

Note: Create production.env for production run

References

Production deployment - by mozilla | API First approach | production-ready-node-and-express-app- | production-ready-node-js-rest-api-typescrip - blog | Airbnb JavaScript Style Guide() | Linting in Typescript | security-on-your-nodejs-api | configuring-middleware-for-authentication | About helmet | Good repo to follow | Docker publish vs expose | make your NodeJS application or API secure | Gracefully shutdown handling | Using sqeuelize | Learn Typescript | setup-typecript-sequelize | strongly-typed-models-with-mongoose-and-typescript