shillerben/adonis-fullstack-app
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(*) initial commit

Browse Source
This commit is contained in:
Harminder Virk
2017-08-20 22:39:25 +05:30
commit 991657c76b
28 changed files with 1094 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
config/auth.js Normal file
View File

@@ -0,0 +1,75 @@
'use strict'
module.exports = {
/*
|--------------------------------------------------------------------------
| Authenticator
|--------------------------------------------------------------------------
|
| Authentication is a combination of serializer and scheme with extra
| config to define on how to authenticate a user.
|
| Available Schemes - basic, session, jwt, api
| Available Serializers - lucid, database
|
*/
authenticator: 'session',
/*
|--------------------------------------------------------------------------
| Session
|--------------------------------------------------------------------------
|
| Session authenticator makes use of sessions to authenticate a user.
| Session authentication is always persistent.
|
*/
session: {
serializer: 'lucid',
model: 'App/Models/User',
scheme: 'session',
uid: 'email',
password: 'password'
},
/*
|--------------------------------------------------------------------------
| Basic Auth
|--------------------------------------------------------------------------
|
| The basic auth authenticator uses basic auth header to authenticate a
| user.
|
| NOTE:
| This scheme is not persistent and users are supposed to pass
| login credentials on each request.
|
*/
basic: {
serializer: 'lucid',
model: 'App/Models/User',
scheme: 'basic',
uid: 'email',
password: 'password'
},
/*
|--------------------------------------------------------------------------
| Jwt
|--------------------------------------------------------------------------
|
| The jwt authenticator works by passing a jwt token on each HTTP request
| via HTTP `Authorization` header.
|
*/
jwt: {
serializer: 'lucid',
model: 'App/Models/User',
scheme: 'jwt',
uid: 'email',
password: 'password',
options: {
secret: 'self::app.appKey'
}
}
}

138
config/bodyParser.js Normal file
View File

@@ -0,0 +1,138 @@
'use strict'
module.exports = {
/*
|--------------------------------------------------------------------------
| JSON Parser
|--------------------------------------------------------------------------
|
| Below settings are applied when request body contains JSON payload. If
| you want body parser to ignore JSON payload, then simply set `types`
| to an empty array.
*/
json: {
/*
|--------------------------------------------------------------------------
| limit
|--------------------------------------------------------------------------
|
| Defines the limit of JSON that can be sent by the client. If payload
| is over 1mb it will not be processed.
|
*/
limit: '1mb',
/*
|--------------------------------------------------------------------------
| strict
|--------------------------------------------------------------------------
|
| When `scrict` is set to true, body parser will only parse Arrays and
| Object. Otherwise everything parseable by `JSON.parse` is parsed.
|
*/
strict: true,
/*
|--------------------------------------------------------------------------
| types
|--------------------------------------------------------------------------
|
| Which content types are processed as JSON payloads. You are free to
| add your own types here, but the request body should be parseable
| by `JSON.parse` method.
|
*/
types: [
'application/json',
'application/json-patch+json',
'application/vnd.api+json',
'application/csp-report'
]
},
/*
|--------------------------------------------------------------------------
| Raw Parser
|--------------------------------------------------------------------------
|
|
|
*/
raw: {
types: [
'text/*'
]
},
/*
|--------------------------------------------------------------------------
| Form Parser
|--------------------------------------------------------------------------
|
|
|
*/
form: {
types: [
'application/x-www-form-urlencoded'
]
},
/*
|--------------------------------------------------------------------------
| Files Parser
|--------------------------------------------------------------------------
|
|
|
*/
files: {
types: [
'multipart/form-data'
],
/*
|--------------------------------------------------------------------------
| Max Size
|--------------------------------------------------------------------------
|
| Below value is the max size of all the files uploaded to the server. It
| is validated even before files have been processed and hard exception
| is thrown.
|
| Consider setting a reasonable value here, otherwise people may upload GB's
| of files which will keep your server busy.
|
| Also this value is considered when `autoProcess` is set to true.
|
*/
maxSize: '20mb',
/*
|--------------------------------------------------------------------------
| Auto Process
|--------------------------------------------------------------------------
|
| Whether or not to auto-process files. Since HTTP servers handle files via
| couple of specific endpoints. It is better to set this value off and
| manually process the files when required.
|
| This value can contain a boolean or an array of route patterns
| to be autoprocessed.
*/
autoProcess: true,
/*
|--------------------------------------------------------------------------
| Process Manually
|--------------------------------------------------------------------------
|
| The list of routes that should not process files and instead rely on
| manual process. This list should only contain routes when autoProcess
| is to true. Otherwise everything is processed manually.
|
*/
processManually: []
}
}

87
config/cors.js Normal file
View File

@@ -0,0 +1,87 @@
'use strict'
module.exports = {
/*
|--------------------------------------------------------------------------
| Origin
|--------------------------------------------------------------------------
|
| Set a list of origins to be allowed. The value can be one of the following
|
| Boolean: true - Allow current request origin
| Boolean: false - Disallow all
| String - Comma seperated list of allowed origins
| Array - An array of allowed origins
| String: * - A wildcard to allow current request origin
| Function - Receives the current origin and should return one of the above values.
|
*/
origin: false,
/*
|--------------------------------------------------------------------------
| Methods
|--------------------------------------------------------------------------
|
| HTTP methods to be allowed. The value can be one of the following
|
| String - Comma seperated list of allowed methods
| Array - An array of allowed methods
|
*/
methods: ['GET', 'PUT', 'POST'],
/*
|--------------------------------------------------------------------------
| Headers
|--------------------------------------------------------------------------
|
| List of headers to be allowed via Access-Control-Request-Headers header.
| The value can be on of the following.
|
| Boolean: true - Allow current request headers
| Boolean: false - Disallow all
| String - Comma seperated list of allowed headers
| Array - An array of allowed headers
| String: * - A wildcard to allow current request headers
| Function - Receives the current header and should return one of the above values.
|
*/
headers: true,
/*
|--------------------------------------------------------------------------
| Expose Headers
|--------------------------------------------------------------------------
|
| A list of headers to be exposed via `Access-Control-Expose-Headers`
| header. The value can be on of the following.
|
| Boolean: false - Disallow all
| String: Comma seperated list of allowed headers
| Array - An array of allowed headers
|
*/
exposeHeaders: false,
/*
|--------------------------------------------------------------------------
| Credentials
|--------------------------------------------------------------------------
|
| Define Access-Control-Allow-Credentials header. It should always be a
| boolean.
|
*/
credentials: false,
/*
|--------------------------------------------------------------------------
| MaxAge
|--------------------------------------------------------------------------
|
| Define Access-Control-Allow-Max-Age
|
*/
maxAge: 90
}

78
config/database.js Normal file
View File

@@ -0,0 +1,78 @@
'use strict'
const Env = use('Env')
const Helpers = use('Helpers')
module.exports = {
/*
|--------------------------------------------------------------------------
| Default Connection
|--------------------------------------------------------------------------
|
| Connection defines the default connection settings to be used while
| interacting with SQL databases.
|
*/
connection: Env.get('DB_CONNECTION', 'sqlite'),
/*
|--------------------------------------------------------------------------
| Sqlite
|--------------------------------------------------------------------------
|
| Sqlite is a flat file database and can be good choice under development
| environment.
|
| npm i --save sqlite3
|
*/
sqlite: {
client: 'sqlite3',
connection: {
filename: Helpers.databasePath('development.sqlite')
},
useNullAsDefault: true
},
/*
|--------------------------------------------------------------------------
| MySQL
|--------------------------------------------------------------------------
|
| Here we define connection settings for MySQL database.
|
| npm i --save mysql
|
*/
mysql: {
client: 'mysql',
connection: {
host: Env.get('DB_HOST', 'localhost'),
port: Env.get('DB_PORT', ''),
user: Env.get('DB_USER', 'root'),
password: Env.get('DB_PASSWORD', ''),
database: Env.get('DB_DATABASE', 'adonis')
}
},
/*
|--------------------------------------------------------------------------
| PostgreSQL
|--------------------------------------------------------------------------
|
| Here we define connection settings for PostgreSQL database.
|
| npm i --save pg
|
*/
pg: {
client: 'pg',
connection: {
host: Env.get('DB_HOST', 'localhost'),
port: Env.get('DB_PORT', ''),
user: Env.get('DB_USER', 'root'),
password: Env.get('DB_PASSWORD', ''),
database: Env.get('DB_DATABASE', 'adonis')
}
}
}

94
config/session.js Normal file
View File

@@ -0,0 +1,94 @@
'use strict'
const Env = use('Env')
module.exports = {
/*
|--------------------------------------------------------------------------
| Session Driver
|--------------------------------------------------------------------------
|
| The session driver to be used for storing session values. It can be
| cookie, file or redis.
|
| For `redis` driver, make sure to install and register `@adonisjs/redis`
|
*/
driver: Env.get('SESSION_DRIVER', 'cookie'),
/*
|--------------------------------------------------------------------------
| Cookie Name
|--------------------------------------------------------------------------
|
| The name of the cookie to be used for saving session id. Session ids
| are signed and encrypted.
|
*/
cookieName: 'adonis-session',
/*
|--------------------------------------------------------------------------
| Clear session when browser closes
|--------------------------------------------------------------------------
|
| If this value is true, the session cookie will be temporary and will be
| removed when browser closes.
|
*/
clearWithBrowser: true,
/*
|--------------------------------------------------------------------------
| Session age
|--------------------------------------------------------------------------
|
| This value is only used when `clearWithBrowser` is set to false. The
| age must be a valid https://npmjs.org/package/ms string or should
| be in milliseconds.
|
| Valid values are:
| '2h', '10d', '5y', '2.5 hrs'
|
*/
age: '2h',
/*
|--------------------------------------------------------------------------
| Cookie options
|--------------------------------------------------------------------------
|
| Cookie options defines the options to be used for setting up session
| cookie
|
*/
cookie: {
httpOnly: true,
sameSite: true,
path: '/'
},
/*
|--------------------------------------------------------------------------
| Sessions location
|--------------------------------------------------------------------------
|
| If driver is set to file, we need to define the relative location from
| the temporary path or absolute url to any location.
|
*/
file: {
location: 'sessions'
},
/*
|--------------------------------------------------------------------------
| Redis config
|--------------------------------------------------------------------------
|
| The configuration for the redis driver. By default we reference it from
| the redis file. But you are free to define an object here too.
|
*/
redis: 'self::redis.default'
}

145
config/shield.js Normal file
View File

@@ -0,0 +1,145 @@
'use strict'
module.exports = {
/*
|--------------------------------------------------------------------------
| Content Security Policy
|--------------------------------------------------------------------------
|
| Content security policy filters out the origins not allowed to execute
| and load resources like scripts, styles and fonts. There are wide
| variety of options to choose from.
*/
csp: {
/*
|--------------------------------------------------------------------------
| Directives
|--------------------------------------------------------------------------
|
| All directives are defined in camelCase and here is the list of
| available directives and their possible values.
|
| https://content-security-policy.com
|
| @example
| directives: {
| defaultSrc: ['self', '@nonce', 'cdnjs.cloudflare.com']
| }
|
*/
directives: {
},
/*
|--------------------------------------------------------------------------
| Report only
|--------------------------------------------------------------------------
|
| Setting `reportOnly=true` will not block the scripts from running and
| instead report them to a URL.
|
*/
reportOnly: false,
/*
|--------------------------------------------------------------------------
| Set all headers
|--------------------------------------------------------------------------
|
| Headers staring with `X` have been depreciated, since all major browsers
| supports the standard CSP header. So its better to disable deperciated
| headers, unless you want them to be set.
|
*/
setAllHeaders: false,
/*
|--------------------------------------------------------------------------
| Disable on android
|--------------------------------------------------------------------------
|
| Certain versions of android are buggy with CSP policy. So you can set
| this value to true, to disable it for Android versions with buggy
| behavior.
|
| Here is an issue reported on a different package, but helpful to read
| if you want to know the behavior. https://github.com/helmetjs/helmet/pull/82
|
*/
disableAndroid: true
},
/*
|--------------------------------------------------------------------------
| X-XSS-Protection
|--------------------------------------------------------------------------
|
| X-XSS Protection saves from applications from XSS attacks. It is adopted
| by IE and later followed by some other browsers.
|
| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
|
*/
xss: {
enabled: true,
enableOnOldIE: false
},
/*
|--------------------------------------------------------------------------
| Iframe Options
|--------------------------------------------------------------------------
|
| xframe defines whether or not your website can be embedded inside an
| iframe. Choose from one of the following options.
| @available options
| DENY, SAMEORIGIN, ALLOW-FROM http://example.com
|
| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
*/
xframe: 'DENY',
/*
|--------------------------------------------------------------------------
| No Sniff
|--------------------------------------------------------------------------
|
| Browsers have a habit of sniffing content-type of a response. Which means
| files with .txt extension containing Javascript code will be executed as
| Javascript. You can disable this behavior by setting nosniff to false.
|
| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
|
*/
nosniff: true,
/*
|--------------------------------------------------------------------------
| No Open
|--------------------------------------------------------------------------
|
| IE users can execute webpages in the context of your website, which is
| a serious security risk. Below option will manage this for you.
|
*/
noopen: true,
/*
|--------------------------------------------------------------------------
| CSRF Protection
|--------------------------------------------------------------------------
|
| CSRF Protection adds another layer of security by making sure, actionable
| routes does have a valid token to execute an action.
|
*/
csrf: {
enable: true,
methods: ['POST', 'PUT', 'DELETE'],
filterUris: [],
cookieOptions: {
httpOnly: false,
sameSite: true,
path: '/',
maxAge: 7200
}
}
}