A user system API starter. Bring your own front-end.
- Login system with forgot password and reset password
- Abusive login attempt detection
- User roles for accounts and admins
- Admins only notes and status history for accounts
- Admin groups with shared permissions
- Admin level permissions that override group permissions
Frame is built with the hapi framework. We're using MongoDB as a data store.
Frame is only a restful JSON API. If you'd like a ready made front-end, checkout Aqua. Or better yet, fork this repo and build one on top of Frame.
| url | username | password |
|---|---|---|
| https://getframe.herokuapp.com/ | root | root |
| https://getframe.herokuapp.com/docs | ---- | ---- |
Postman is a great tool for testing and developing APIs. See the wiki for details on how to login.
You need Node.js installed and you'll need MongoDB installed and running.
We use bcrypt for hashing
secrets. If you have issues during installation related to bcrypt then refer
to this wiki
page.
$ git clone [email protected]:jedireza/frame.git
$ cd frame
$ npm installSimply edit config.js. The configuration uses
confidence which makes it easy to
manage configuration settings across environments. Don't store secrets in
this file or commit them to your repository.
Instead, access secrets via environment variables. We use
dotenv to help make setting local
environment variables easy (not to be used in production).
Simply copy .env-sample to .env and edit as needed. Don't commit .env
to your repository.
WARNING: This will clear all data in the following MongoDB collections if
they exist: accounts, adminGroups, admins, authAttempts, sessions,
statuses, and users.
$ npm run first-time-setup
# > [email protected] first-time-setup /home/jedireza/projects/frame
# > node first-time-setup.js
# MongoDB URL: (mongodb://localhost:27017/frame)
# Root user email: [email protected]
# Root user password:
# Setup complete.$ npm start
# > [email protected] start /Users/jedireza/projects/frame
# > ./node_modules/nodemon/bin/nodemon.js -e js,md server
# 09 Sep 03:47:15 - [nodemon] v1.10.2
# ...Now you should be able to point your browser to http://127.0.0.1:9000/ and see the welcome message.
nodemon watches for changes in server
code and restarts the app automatically.
We also pass the --inspect flag to Node so you have a debugger available.
Watch the output of $ npm start and look for the debugging URL and open it in
Chrome. It looks something like this:
chrome-devtools://devtools/remote/serve_file/@62cd277117e6f8ec53e31b1be58290a6f7ab42ef/inspector.html?experiments=true&v8only=true&ws=localhost:9229/node
$ node server.jsUnlike $ npm start this doesn't watch for file changes. Also be sure to set
these environment variables in your production environment:
NODE_ENV=production- This is important for many different optimizations.NPM_CONFIG_PRODUCTION=false- This tells$ npm installto not skip installingdevDependencies, which we may need to run the first time setup script.
Any issues or questions (no matter how basic), open an issue. Please take the initiative to read relevant documentation and be pro-active with debugging.
Contributions are welcome. If you're changing something non-trivial, you may want to submit an issue before creating a large pull request.
Lab is part of the hapi ecosystem and what we use to write all of our tests.
$ npm test
# > [email protected] test /Users/jedireza/projects/frame
# > ./node_modules/lab/bin/lab -c
# ..................................................
# ..................................................
# ..................................................
# ..................................................
# ..................................................
# ........
# 258 tests complete
# Test duration: 2398 ms
# No global variable leaks detected
# Coverage: 100.00%
# Linting results: No issuesMIT
What you build with Frame is more important than Frame.