Skip to content

cr-nattress/security-api

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
documentation
documentation
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

Security API

A Node.js Express application demonstrating security best practices including authentication, authorization, input validation, and secure configuration, using Supabase as the backend.

Features

  • Express framework
  • Supabase for database and backend services
  • JWT-based Authentication
  • Password Hashing with bcrypt (if implementing custom auth)
  • Input Validation with express-validator
  • Security Headers with Helmet
  • CORS configuration
  • Environment variable management with dotenv
  • Logging with Winston

Prerequisites

  • Node.js (v18+ recommended)
  • npm or yarn
  • A Supabase project (get URL and Anon Key from your Supabase project settings)

Setup

  1. Clone the repository:

    git clone <repository-url>
cd security-api

  2. Install dependencies:

    npm install
# or
yarn install

  3. Set up environment variables:

    • Copy the .env.example file to .env: 
      cp .env.example .env
    • Update the variables in the .env file:
      • SUPABASE_URL: Your Supabase project URL.
      • SUPABASE_ANON_KEY: Your Supabase project Anon key.
      • JWT_SECRET: A strong, random secret for signing JWTs (generate one, don't use the example value).
      • PORT: The port the server should listen on (default is 3000).
      • NODE_ENV: Set to development or production.
      • LOG_LEVEL: Logging level (e.g., info, debug).
      • JWT_EXPIRES_IN: Token expiration time (e.g., 1h, 7d).

  4. Start the server:

    npm start

  5. Start in development mode (with hot-reloading using nodemon):

    npm run dev

Project Structure

/src
  /api
    /v1
      /routes         # API routes (e.g., auth.routes.js, user.routes.js)
      /controllers    # Request handlers
      /services       # Business logic (interacts with Supabase)
      /middlewares    # Custom middleware (e.g., authentication, validation)
  /config           # Configuration files (e.g., environment loader)
  /models           # Placeholder for potential data access layer functions (using Supabase client)
  /utils            # Utility functions (e.g., logger, response handlers)
  /db               # Supabase client initialization
  app.js            # Express application setup (middleware, routes)
  server.js         # Server initialization (HTTP server start)
.env              # Environment variables (ignored by git)
.env.example      # Example environment variables
.gitignore        # Git ignore configuration
package.json      # Project dependencies and scripts
README.md         # Project documentation

API Endpoints

(Add details about your API endpoints here once defined)

Contributing

(Add contribution guidelines if applicable)

License

(Specify project license, e.g., ISC, MIT)

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages