did some router setup

Author: iolufemi

README.md

@@ -5,3 +5,9 @@
 
 
 API Development Template
+
+
+## ToDo
+
+- Implement Helmet for security
+- Implement Express Limiter for limiting requests

app.js

@@ -23,21 +23,42 @@ if (cluster.isMaster && config.env === 'production') {
 } else {
 	var express = require('express');
 	var app = express();
-	// var router = require('./routes');
-
-	if(config.trustProxy === 'yes'){
-		app.enable('trust proxy');
-	}
-
-	// app.use('/',router);
-	
-	if(config.env === 'production'){
-		log.info('Worker %d running!', cluster.worker.id);
-	}
-	
-
-	app.listen(config.port, function () {
-		log.info('listening on port '+config.port+'!');
-	});
+	var router = require('./routes');
+    var helmet = require('helmet');
+    var client = require('redis').createClient(config.redisURL);
+    var limiter = require('express-limiter')(app, client);
+
+    if(config.trustProxy === 'yes'){
+      app.enable('trust proxy');
+  }
+
+
+  app.use(helmet());
+    // no client side caching
+    if(config.noFrontendCaching === 'yes'){
+        app.use(helmet.noCache());
+    }
+
+    limiter({
+      path: '*',
+      method: 'all',
+      lookup: 'userId',
+      total: config.rateLimit * 1,
+      expire: config.rateLimitExpiry * 1,
+      onRateLimited: function (req, res, next) {
+        next({ message: 'Rate limit exceeded', statusCode: 429 });
+    }
+});
+
+    app.use('/',router);
+
+    if(config.env === 'production'){
+      log.info('Worker %d running!', cluster.worker.id);
+  }
+
+
+  app.listen(config.port, function () {
+      log.info('listening on port '+config.port+'!');
+  });
 
 }

config/development.js

@@ -6,5 +6,9 @@ module.exports = {
 	bugsnagKey: process.env.BUGSNAG_KEY || false,
 	secureMode: process.env.SECURE_MODE || false,
 	secret: process.env.SECRET || 'lakikihdgdfdjjjdgd67264664vdjhjdyncmxuei8336%%^#%gdvdhj????jjhdghduue',
-	mongoURL: process.env.MONGOLAB_URL || 'mongodb://192.168.99.100/snipe'
-};
+	mongoURL: process.env.MONGOLAB_URL || 'mongodb://192.168.99.100/snipe',
+    noFrontendCaching: process.env.NO_CACHE || 'yes',
+    rateLimit: process.env.RATE_LIMIT || '180',
+    rateLimitExpiry: process.env.RATE_LIMIT_EXPIRY || '3600000',
+    redisURL: process.env.REDIS_URL || 'redis://192.168.99.100:6379/1'
+};

config/production.js

@@ -6,5 +6,9 @@ module.exports = {
 	bugsnagKey: process.env.BUGSNAG_KEY || false,
 	secureMode: process.env.SECURE_MODE || true,
 	secret: process.env.SECRET || 'lakikihdgdfdjjjdgd67264660okjnbgtrdxswerfgytg373745ei8336%%^#%gdvdhj????jjhdghduue',
-	mongoURL: process.env.MONGOLAB_URL || 'mongodb://192.168.99.100/snipe'
-};
+	mongoURL: process.env.MONGOLAB_URL || 'mongodb://192.168.99.100/snipe',
+    noFrontendCaching: process.env.NO_CACHE || 'yes',
+    rateLimit: process.env.RATE_LIMIT || '180',
+    rateLimitExpiry: process.env.RATE_LIMIT_EXPIRY || '3600000',
+    redisURL: process.env.REDIS_URL || 'redis://192.168.99.100:6379/1'
+};

controllers/Initialize.js

@@ -0,0 +1,16 @@
+"use strict";
+var encryption = require('../services/encryption');
+var config = require('../config');
+var debug = require('debug')('initialize');
+
+module.exports = {
+    init: function(req, res, next){
+        encryption.generateKey()
+        .then(function(resp){
+            res.ok({'x-tag': resp});
+        })
+        .catch(function(err){
+            next(err);
+        });
+    }
+};

controllers/Users.js

@@ -0,0 +1,43 @@
+"use strict";
+
+var Users = require('../models/Users');
+
+var UsersController = {};
+
+UsersController.find = function(query,projection,options){
+    return Users.find(query,projection,options);
+};
+
+UsersController.findOne = function(id,projection,options){
+    return Users.findById(id,projection,options);
+};
+
+UsersController.search = function(string){
+    return Users.search(string);
+};
+
+UsersController.create = function(data){
+    return Users.create(data);
+};
+
+UsersController.update = function(query, data){
+    return Users.update(query,data);
+};
+
+UsersController.updateOne = function(id, data){
+    return Users.findByIdAndUpdate(id,data);
+};
+
+UsersController.delete = function(query){
+    return Users.deleteMany(query);
+};
+
+UsersController.deleteOne = function(id){
+    return Users.findByIdAndRemove(id);
+};
+
+UsersController.count = function(query){
+    return Users.count(query);
+};
+
+module.exports = UsersController;

models/Users.js

@@ -1,7 +1,6 @@
 "use strict";
 
 var db = require('../services/database/mongo');
-var _ = require('lodash');
 
 var collection = 'Users';
 

package.json

@@ -40,14 +40,18 @@
     "body-parser": "^1.17.1",
     "bugsnag": "^1.9.1",
     "cluster": "^0.7.7",
+    "cors": "^2.8.3",
     "crypto": "0.0.3",
     "debug": "^2.6.3",
     "express": "^4.15.2",
+    "express-limiter": "^1.6.0",
     "express-validator": "^3.1.2",
+    "helmet": "^3.6.1",
     "lodash": "^4.17.4",
     "mongoose": "^4.9.0",
     "q": "^1.4.1",
     "randomstring": "^1.1.5",
+    "redis": "^2.7.1",
     "util": "^0.10.3",
     "winston": "^2.3.1",
     "winston-bugsnag": "^2.1.0"

routes/index.js

@@ -0,0 +1,78 @@
+"use strict";
+var express = require('express');
+var router = express.Router();
+var bodyParser = require('body-parser');
+var expressValidator = require('express-validator');
+var cors = require('cors');
+var response = require('../services/response');
+var encryption = require('../services/encryption');
+var log = require('../services/logger');
+var me = require('../package.json');
+var initialize = require('./initialize');
+var _ = require('lodash');
+
+var allRequestData = function(req,res,next){
+    var requestData = {};
+    var newRequestData = _.assignIn(requestData, req.params, req.body, req.query);
+    req.param = function(key, defaultValue){
+        if(newRequestData[key]){
+            return newRequestData[key];
+        }else if(defaultValue){
+            return defaultValue;
+        }else{
+            return false;
+        }
+    };
+    next();
+};
+
+var enforceUserId = function(req,res,next){
+    var userId = req.param('userId');
+    if(!userId){
+        res.badRequest(false,'No userId parameter was passed in the payload of this request. Please pass a userId.');
+    }else{
+        // Do a middleware that validates userId here. put the user service endpoint in the env var. ideally, this should be the gateway endpoint
+        next();
+    }
+};
+
+
+router.use(cors());
+router.use(response);
+router.use(bodyParser.urlencoded({ extended: false }));
+router.use(bodyParser.json());
+router.use(bodyParser.raw());
+router.use(bodyParser.text());
+// add the param function to request object
+router.use(allRequestData);
+// Make userId compolsory in every request
+router.use(enforceUserId);
+router.use(encryption.interpreter);
+router.use(expressValidator());
+
+router.use(function(req,res,next){
+    log.info('[TIME: '+new Date().toISOString()+'] [IP Address: '+req.ip+'] [METHOD: '+req.method+'] [URL: '+req.originalUrl+']');
+    next();
+});
+
+router.options('*', cors());
+
+router.get('/', function (req, res) {
+    res.ok({name: me.name, version: me.version});
+});
+
+router.get('/.well-known/acme-challenge/xvArhQBSilF4V30dGUagNAZ96ASipB0b0ex0kXn0za8', function(req,res){
+    res.send('xvArhQBSilF4V30dGUagNAZ96ASipB0b0ex0kXn0za8._v6aFbaRYWeOmSebtlD-X4Ixf5tPsyULMsXM8HjsK-Q');
+});
+
+// Other routes here
+
+router.use('/', initialize);
+
+router.use(function(req, res, next) { // jshint ignore:line
+    res.notFound();
+});
+
+router.use(log.errorHandler);
+
+module.exports = router;

routes/initialize.js

@@ -0,0 +1,9 @@
+"use strict";
+var express = require('express');
+var router = express.Router();
+var initializeController = require('../controllers/initialize');
+
+// set tag
+router.get('/initialize', initializeController.init);
+
+module.exports = router;