Skip to content

Contrast-Security-OSS/node-realWorld-server

BranchesTags
 
 

Repository files navigation

RealWorld Example App

Express.js + MongoDB + JavaScript codebase containing real world examples (CRUD, auth, advanced patterns, etc) that adheres to the RealWorld spec and API.

Demo    RealWorld

This codebase was created to demonstrate a fully fledged fullstack application built with Express.js + MongoDB + JavaScript including CRUD operations, authentication, routing, pagination, and more.

We've gone to great lengths to adhere to the Express.js + MongoDB + JavaScript community styleguides & best practices.

For more information on how to this works with other frontends/backends, head over to the RealWorld repo.

Getting started

  1. install npm
  2. make sure mongo is running
  3. define needed env vars
    • DATABASE_URI - the uri to the mongo database: mongodb://127.0.0.1:27017/somedbname (assuming mongo is running on localhost:27017)
    • ACCESS_TOKEN_SECRET - the secret used for the JWT
  4. execute node api/index.js
    • e.g., ACCESS_TOKEN_SECRET=xyzzy-plover-boom DATABASE_URI=mongodb://127.0.0.1:27017/test node api/index.js

Contrast-specific

  1. A contrast_security.yaml config file should be present and configured appropriately.
  2. The contrast agent should be installed as a dependency.
    1. For developmental testing, linking to the local node-mono repo is useful.
  3. To enable perf use a command line like: CSI_PERF_INTERVAL=10000 CSI_PERF=1 ACCESS_TOKEN_SECRET=xyzzy-plover-boom DATABASE_URI=mongodb://127.0.0.1:27017/somedb node --import @contrast/agent api/index.js
    1. loads the agent with perf enabled, using a 10 second interval for writing the log.
  4. set up locust per instructions in the script-locust/README.md
  5. run the request-generating script, script-locust/locustfile.py using locust -f script-locust/locustfile.py --headless -i 1.
    1. --headless just means don't use the web UI, i.e., pure command line
    2. -f specifies the file (more TBD, exercising different aspects of the code)
    3. -i 1 specifies 1 iteration.
  6. the agent writes agent-perf.jsonl
    1. agent-perf.jsonl can be analyzed using tools in script-analysis/.
    2. summarize.mjs will summarize the data. it's primitive, but provides basic data.

How it works

All the routes are defined in the src/routes folder, and their corresponding controllers are implemented in the src/controllers folder.

Design Choices and Tradeoffs

  • Only one access_token_secret is used for all the accounts registration and login. Drawback: data can be forged if this secret is leaked
  • Included array structures, e.g. list of comments in the article model and favorited articles in the user model. Drawback: not good for scalability
  • Usernames are case-sensitive

About

server-side realWorld with Express.js and MongoDB (from winterrrrrff)

angular-realworld-example-app-neon.vercel.app

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 66.5%
  • Python 31.5%
  • Other 2.0%