shillerben/shillerben-adonis
1
0
Fork 0
generated from shillerben/adonis-fullstack-app
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Ben Shiller
2023-08-21 00:15:16 +00:00
commit 6a880d814f
31 changed files with 1519 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

243
config/app.js Normal file
View File

@@ -0,0 +1,243 @@
'use strict'
/** @type {import('@adonisjs/framework/src/Env')} */
const Env = use('Env')
module.exports = {
/*
|--------------------------------------------------------------------------
| Application Name
|--------------------------------------------------------------------------
|
| This value is the name of your application and can be used when you
| need to place the application's name in a email, view or
| other location.
|
*/
name: Env.get('APP_NAME', 'AdonisJs'),
/*
|--------------------------------------------------------------------------
| App Key
|--------------------------------------------------------------------------
|
| App key is a randomly generated 16 or 32 characters long string required
| to encrypted cookies, sessions and other sensitive data.
|
*/
appKey: Env.getOrFail('APP_KEY'),
http: {
/*
|--------------------------------------------------------------------------
| Allow Method Spoofing
|--------------------------------------------------------------------------
|
| Method spoofing allows you to make requests by spoofing the http verb.
| Which means you can make a GET request but instruct the server to
| treat as a POST or PUT request. If you want this feature, set the
| below value to true.
|
*/
allowMethodSpoofing: true,
/*
|--------------------------------------------------------------------------
| Trust Proxy
|--------------------------------------------------------------------------
|
| Trust proxy defines whether X-Forwarded-* headers should be trusted or not.
| When your application is behind a proxy server like nginx, these values
| are set automatically and should be trusted. Apart from setting it
| to true or false Adonis supports a handful of ways to allow proxy
| values. Read documentation for that.
|
*/
trustProxy: false,
/*
|--------------------------------------------------------------------------
| Subdomains
|--------------------------------------------------------------------------
|
| Offset to be used for returning subdomains for a given request. For
| majority of applications it will be 2, until you have nested
| sudomains.
| cheatsheet.adonisjs.com - offset - 2
| virk.cheatsheet.adonisjs.com - offset - 3
|
*/
subdomainOffset: 2,
/*
|--------------------------------------------------------------------------
| JSONP Callback
|--------------------------------------------------------------------------
|
| Default jsonp callback to be used when callback query string is missing
| in request url.
|
*/
jsonpCallback: 'callback',
/*
|--------------------------------------------------------------------------
| Etag
|--------------------------------------------------------------------------
|
| Set etag on all HTTP responses. In order to disable for selected routes,
| you can call the `response.send` with an options object as follows.
|
| response.send('Hello', { ignoreEtag: true })
|
*/
etag: false
},
views: {
/*
|--------------------------------------------------------------------------
| Cache Views
|--------------------------------------------------------------------------
|
| Define whether or not to cache the compiled view. Set it to true in
| production to optimize view loading time.
|
*/
cache: Env.get('CACHE_VIEWS', true)
},
static: {
/*
|--------------------------------------------------------------------------
| Dot Files
|--------------------------------------------------------------------------
|
| Define how to treat dot files when trying to serve static resources.
| By default it is set to ignore, which will pretend that dotfiles
| do not exist.
|
| Can be one of the following
| ignore, deny, allow
|
*/
dotfiles: 'ignore',
/*
|--------------------------------------------------------------------------
| ETag
|--------------------------------------------------------------------------
|
| Enable or disable etag generation
|
*/
etag: true,
/*
|--------------------------------------------------------------------------
| Extensions
|--------------------------------------------------------------------------
|
| Set file extension fallbacks. When set, if a file is not found, the given
| extensions will be added to the file name and search for. The first
| that exists will be served. Example: ['html', 'htm'].
|
*/
extensions: false
},
locales: {
/*
|--------------------------------------------------------------------------
| Loader
|--------------------------------------------------------------------------
|
| The loader to be used for fetching and updating locales. Below is the
| list of available options.
|
| file, database
|
*/
loader: 'file',
/*
|--------------------------------------------------------------------------
| Default Locale
|--------------------------------------------------------------------------
|
| Default locale to be used by Antl provider. You can always switch drivers
| in runtime or use the official Antl middleware to detect the driver
| based on HTTP headers/query string.
|
*/
locale: 'en'
},
logger: {
/*
|--------------------------------------------------------------------------
| Transport
|--------------------------------------------------------------------------
|
| Transport to be used for logging messages. You can have multiple
| transports using same driver.
|
| Available drivers are: `file` and `console`.
|
*/
transport: 'console',
/*
|--------------------------------------------------------------------------
| Console Transport
|--------------------------------------------------------------------------
|
| Using `console` driver for logging. This driver writes to `stdout`
| and `stderr`
|
*/
console: {
driver: 'console',
name: 'adonis-app',
level: 'info'
},
/*
|--------------------------------------------------------------------------
| File Transport
|--------------------------------------------------------------------------
|
| File transport uses file driver and writes log messages for a given
| file inside `tmp` directory for your app.
|
| For a different directory, set an absolute path for the filename.
|
*/
file: {
driver: 'file',
name: 'adonis-app',
filename: 'adonis.log',
level: 'info'
}
},
/*
|--------------------------------------------------------------------------
| Generic Cookie Options
|--------------------------------------------------------------------------
|
| The following cookie options are generic settings used by AdonisJs to create
| cookies. However, some parts of the application like `sessions` can have
| seperate settings for cookies inside `config/session.js`.
|
*/
cookie: {
httpOnly: true,
sameSite: false,
path: '/',
maxAge: 7200
}
}

94
config/auth.js Normal file
View File

@@ -0,0 +1,94 @@
'use strict'
/** @type {import('@adonisjs/framework/src/Env')} */
const Env = use('Env')
module.exports = {
/*
|--------------------------------------------------------------------------
| Authenticator
|--------------------------------------------------------------------------
|
| Authentication is a combination of serializer and scheme with extra
| config to define on how to authenticate a user.
|
| Available Schemes - basic, session, jwt, api
| Available Serializers - lucid, database
|
*/
authenticator: 'session',
/*
|--------------------------------------------------------------------------
| Session
|--------------------------------------------------------------------------
|
| Session authenticator makes use of sessions to authenticate a user.
| Session authentication is always persistent.
|
*/
session: {
serializer: 'lucid',
model: 'App/Models/User',
scheme: 'session',
uid: 'email',
password: 'password'
},
/*
|--------------------------------------------------------------------------
| Basic Auth
|--------------------------------------------------------------------------
|
| The basic auth authenticator uses basic auth header to authenticate a
| user.
|
| NOTE:
| This scheme is not persistent and users are supposed to pass
| login credentials on each request.
|
*/
basic: {
serializer: 'lucid',
model: 'App/Models/User',
scheme: 'basic',
uid: 'email',
password: 'password'
},
/*
|--------------------------------------------------------------------------
| Jwt
|--------------------------------------------------------------------------
|
| The jwt authenticator works by passing a jwt token on each HTTP request
| via HTTP `Authorization` header.
|
*/
jwt: {
serializer: 'lucid',
model: 'App/Models/User',
scheme: 'jwt',
uid: 'email',
password: 'password',
options: {
secret: Env.get('APP_KEY')
}
},
/*
|--------------------------------------------------------------------------
| Api
|--------------------------------------------------------------------------
|
| The Api scheme makes use of API personal tokens to authenticate a user.
|
*/
api: {
serializer: 'lucid',
model: 'App/Models/User',
scheme: 'api',
uid: 'email',
password: 'password'
}
}

157
config/bodyParser.js Normal file
View File

@@ -0,0 +1,157 @@
'use strict'
module.exports = {
/*
|--------------------------------------------------------------------------
| JSON Parser
|--------------------------------------------------------------------------
|
| Below settings are applied when request body contains JSON payload. If
| you want body parser to ignore JSON payload, then simply set `types`
| to an empty array.
*/
json: {
/*
|--------------------------------------------------------------------------
| limit
|--------------------------------------------------------------------------
|
| Defines the limit of JSON that can be sent by the client. If payload
| is over 1mb it will not be processed.
|
*/
limit: '1mb',
/*
|--------------------------------------------------------------------------
| strict
|--------------------------------------------------------------------------
|
| When `scrict` is set to true, body parser will only parse Arrays and
| Object. Otherwise everything parseable by `JSON.parse` is parsed.
|
*/
strict: true,
/*
|--------------------------------------------------------------------------
| types
|--------------------------------------------------------------------------
|
| Which content types are processed as JSON payloads. You are free to
| add your own types here, but the request body should be parseable
| by `JSON.parse` method.
|
*/
types: [
'application/json',
'application/json-patch+json',
'application/vnd.api+json',
'application/csp-report'
]
},
/*
|--------------------------------------------------------------------------
| Raw Parser
|--------------------------------------------------------------------------
|
|
|
*/
raw: {
types: [
'text/*'
]
},
/*
|--------------------------------------------------------------------------
| Form Parser
|--------------------------------------------------------------------------
|
|
|
*/
form: {
types: [
'application/x-www-form-urlencoded'
]
},
/*
|--------------------------------------------------------------------------
| Files Parser
|--------------------------------------------------------------------------
|
|
|
*/
files: {
types: [
'multipart/form-data'
],
/*
|--------------------------------------------------------------------------
| Max Size
|--------------------------------------------------------------------------
|
| Below value is the max size of all the files uploaded to the server. It
| is validated even before files have been processed and hard exception
| is thrown.
|
| Consider setting a reasonable value here, otherwise people may upload GB's
| of files which will keep your server busy.
|
| Also this value is considered when `autoProcess` is set to true.
|
*/
maxSize: '20mb',
/*
|--------------------------------------------------------------------------
| Auto Process
|--------------------------------------------------------------------------
|
| Whether or not to auto-process files. Since HTTP servers handle files via
| couple of specific endpoints. It is better to set this value off and
| manually process the files when required.
|
| This value can contain a boolean or an array of route patterns
| to be autoprocessed.
*/
autoProcess: true,
/*
|--------------------------------------------------------------------------
| Process Manually
|--------------------------------------------------------------------------
|
| The list of routes that should not process files and instead rely on
| manual process. This list should only contain routes when autoProcess
| is to true. Otherwise everything is processed manually.
|
*/
processManually: []
/*
|--------------------------------------------------------------------------
| Temporary file name
|--------------------------------------------------------------------------
|
| Define a function, which should return a string to be used as the
| tmp file name.
|
| If not defined, Bodyparser will use `uuid` as the tmp file name.
|
| To be defined as. If you are defining the function, then do make sure
| to return a value from it.
|
| tmpFileName () {
| return 'some-unique-value'
| }
|
*/
}
}

87
config/cors.js Normal file
View File

@@ -0,0 +1,87 @@
'use strict'
module.exports = {
/*
|--------------------------------------------------------------------------
| Origin
|--------------------------------------------------------------------------
|
| Set a list of origins to be allowed. The value can be one of the following
|
| Boolean: true - Allow current request origin
| Boolean: false - Disallow all
| String - Comma seperated list of allowed origins
| Array - An array of allowed origins
| String: * - A wildcard to allow current request origin
| Function - Receives the current origin and should return one of the above values.
|
*/
origin: false,
/*
|--------------------------------------------------------------------------
| Methods
|--------------------------------------------------------------------------
|
| HTTP methods to be allowed. The value can be one of the following
|
| String - Comma seperated list of allowed methods
| Array - An array of allowed methods
|
*/
methods: ['GET', 'PUT', 'PATCH', 'POST', 'DELETE'],
/*
|--------------------------------------------------------------------------
| Headers
|--------------------------------------------------------------------------
|
| List of headers to be allowed via Access-Control-Request-Headers header.
| The value can be on of the following.
|
| Boolean: true - Allow current request headers
| Boolean: false - Disallow all
| String - Comma seperated list of allowed headers
| Array - An array of allowed headers
| String: * - A wildcard to allow current request headers
| Function - Receives the current header and should return one of the above values.
|
*/
headers: true,
/*
|--------------------------------------------------------------------------
| Expose Headers
|--------------------------------------------------------------------------
|
| A list of headers to be exposed via `Access-Control-Expose-Headers`
| header. The value can be on of the following.
|
| Boolean: false - Disallow all
| String: Comma seperated list of allowed headers
| Array - An array of allowed headers
|
*/
exposeHeaders: false,
/*
|--------------------------------------------------------------------------
| Credentials
|--------------------------------------------------------------------------
|
| Define Access-Control-Allow-Credentials header. It should always be a
| boolean.
|
*/
credentials: false,
/*
|--------------------------------------------------------------------------
| MaxAge
|--------------------------------------------------------------------------
|
| Define Access-Control-Allow-Max-Age
|
*/
maxAge: 90
}

81
config/database.js Normal file
View File

@@ -0,0 +1,81 @@
'use strict'
/** @type {import('@adonisjs/framework/src/Env')} */
const Env = use('Env')
/** @type {import('@adonisjs/ignitor/src/Helpers')} */
const Helpers = use('Helpers')
module.exports = {
/*
|--------------------------------------------------------------------------
| Default Connection
|--------------------------------------------------------------------------
|
| Connection defines the default connection settings to be used while
| interacting with SQL databases.
|
*/
connection: Env.get('DB_CONNECTION', 'sqlite'),
/*
|--------------------------------------------------------------------------
| Sqlite
|--------------------------------------------------------------------------
|
| Sqlite is a flat file database and can be good choice under development
| environment.
|
| npm i --save sqlite3
|
*/
sqlite: {
client: 'sqlite3',
connection: {
filename: Helpers.databasePath(`${Env.get('DB_DATABASE', 'development')}.sqlite`)
},
useNullAsDefault: true
},
/*
|--------------------------------------------------------------------------
| MySQL
|--------------------------------------------------------------------------
|
| Here we define connection settings for MySQL database.
|
| npm i --save mysql
|
*/
mysql: {
client: 'mysql',
connection: {
host: Env.get('DB_HOST', 'localhost'),
port: Env.get('DB_PORT', ''),
user: Env.get('DB_USER', 'root'),
password: Env.get('DB_PASSWORD', ''),
database: Env.get('DB_DATABASE', 'adonis')
}
},
/*
|--------------------------------------------------------------------------
| PostgreSQL
|--------------------------------------------------------------------------
|
| Here we define connection settings for PostgreSQL database.
|
| npm i --save pg
|
*/
pg: {
client: 'pg',
connection: {
host: Env.get('DB_HOST', 'localhost'),
port: Env.get('DB_PORT', ''),
user: Env.get('DB_USER', 'root'),
password: Env.get('DB_PASSWORD', ''),
database: Env.get('DB_DATABASE', 'adonis')
}
}
}

49
config/hash.js Normal file
View File

@@ -0,0 +1,49 @@
'use strict'
/** @type {import('@adonisjs/framework/src/Env')} */
const Env = use('Env')
module.exports = {
/*
|--------------------------------------------------------------------------
| Driver
|--------------------------------------------------------------------------
|
| Driver to be used for hashing values. The same driver is used by the
| auth module too.
|
*/
driver: Env.get('HASH_DRIVER', 'bcrypt'),
/*
|--------------------------------------------------------------------------
| Bcrypt
|--------------------------------------------------------------------------
|
| Config related to bcrypt hashing. https://www.npmjs.com/package/bcrypt
| package is used internally.
|
*/
bcrypt: {
rounds: 10
},
/*
|--------------------------------------------------------------------------
| Argon
|--------------------------------------------------------------------------
|
| Config related to argon. https://www.npmjs.com/package/argon2 package is
| used internally.
|
| Since argon is optional, you will have to install the dependency yourself
|
|============================================================================
| npm i argon2
|============================================================================
|
*/
argon: {
type: 1
}
}

101
config/session.js Normal file
View File

@@ -0,0 +1,101 @@
'use strict'
/** @type {import('@adonisjs/framework/src/Env')} */
const Env = use('Env')
module.exports = {
/*
|--------------------------------------------------------------------------
| Session Driver
|--------------------------------------------------------------------------
|
| The session driver to be used for storing session values. It can be
| cookie, file or redis.
|
| For `redis` driver, make sure to install and register `@adonisjs/redis`
|
*/
driver: Env.get('SESSION_DRIVER', 'cookie'),
/*
|--------------------------------------------------------------------------
| Cookie Name
|--------------------------------------------------------------------------
|
| The name of the cookie to be used for saving session id. Session ids
| are signed and encrypted.
|
*/
cookieName: 'adonis-session',
/*
|--------------------------------------------------------------------------
| Clear session when browser closes
|--------------------------------------------------------------------------
|
| If this value is true, the session cookie will be temporary and will be
| removed when browser closes.
|
*/
clearWithBrowser: true,
/*
|--------------------------------------------------------------------------
| Session age
|--------------------------------------------------------------------------
|
| This value is only used when `clearWithBrowser` is set to false. The
| age must be a valid https://npmjs.org/package/ms string or should
| be in milliseconds.
|
| Valid values are:
| '2h', '10d', '5y', '2.5 hrs'
|
*/
age: '2h',
/*
|--------------------------------------------------------------------------
| Cookie options
|--------------------------------------------------------------------------
|
| Cookie options defines the options to be used for setting up session
| cookie
|
*/
cookie: {
httpOnly: true,
sameSite: false,
path: '/'
},
/*
|--------------------------------------------------------------------------
| Sessions location
|--------------------------------------------------------------------------
|
| If driver is set to file, we need to define the relative location from
| the temporary path or absolute url to any location.
|
*/
file: {
location: 'sessions'
},
/*
|--------------------------------------------------------------------------
| Redis config
|--------------------------------------------------------------------------
|
| The configuration for the redis driver. By default we reference it from
| the redis file. But you are free to define an object here too.
|
*/
redis: {
host: '127.0.0.1',
port: 6379,
password: null,
db: 0,
keyPrefix: ''
}
}

145
config/shield.js Normal file
View File

@@ -0,0 +1,145 @@
'use strict'
module.exports = {
/*
|--------------------------------------------------------------------------
| Content Security Policy
|--------------------------------------------------------------------------
|
| Content security policy filters out the origins not allowed to execute
| and load resources like scripts, styles and fonts. There are wide
| variety of options to choose from.
*/
csp: {
/*
|--------------------------------------------------------------------------
| Directives
|--------------------------------------------------------------------------
|
| All directives are defined in camelCase and here is the list of
| available directives and their possible values.
|
| https://content-security-policy.com
|
| @example
| directives: {
| defaultSrc: ['self', '@nonce', 'cdnjs.cloudflare.com']
| }
|
*/
directives: {
},
/*
|--------------------------------------------------------------------------
| Report only
|--------------------------------------------------------------------------
|
| Setting `reportOnly=true` will not block the scripts from running and
| instead report them to a URL.
|
*/
reportOnly: false,
/*
|--------------------------------------------------------------------------
| Set all headers
|--------------------------------------------------------------------------
|
| Headers staring with `X` have been depreciated, since all major browsers
| supports the standard CSP header. So its better to disable deperciated
| headers, unless you want them to be set.
|
*/
setAllHeaders: false,
/*
|--------------------------------------------------------------------------
| Disable on android
|--------------------------------------------------------------------------
|
| Certain versions of android are buggy with CSP policy. So you can set
| this value to true, to disable it for Android versions with buggy
| behavior.
|
| Here is an issue reported on a different package, but helpful to read
| if you want to know the behavior. https://github.com/helmetjs/helmet/pull/82
|
*/
disableAndroid: true
},
/*
|--------------------------------------------------------------------------
| X-XSS-Protection
|--------------------------------------------------------------------------
|
| X-XSS Protection saves applications from XSS attacks. It is adopted
| by IE and later followed by some other browsers.
|
| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
|
*/
xss: {
enabled: true,
enableOnOldIE: false
},
/*
|--------------------------------------------------------------------------
| Iframe Options
|--------------------------------------------------------------------------
|
| xframe defines whether or not your website can be embedded inside an
| iframe. Choose from one of the following options.
| @available options
| DENY, SAMEORIGIN, ALLOW-FROM http://example.com
|
| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
*/
xframe: 'DENY',
/*
|--------------------------------------------------------------------------
| No Sniff
|--------------------------------------------------------------------------
|
| Browsers have a habit of sniffing content-type of a response. Which means
| files with .txt extension containing Javascript code will be executed as
| Javascript. You can disable this behavior by setting nosniff to false.
|
| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
|
*/
nosniff: true,
/*
|--------------------------------------------------------------------------
| No Open
|--------------------------------------------------------------------------
|
| IE users can execute webpages in the context of your website, which is
| a serious security risk. Below option will manage this for you.
|
*/
noopen: true,
/*
|--------------------------------------------------------------------------
| CSRF Protection
|--------------------------------------------------------------------------
|
| CSRF Protection adds another layer of security by making sure, actionable
| routes does have a valid token to execute an action.
|
*/
csrf: {
enable: true,
methods: ['POST', 'PUT', 'DELETE'],
filterUris: [],
cookieOptions: {
httpOnly: false,
sameSite: true,
path: '/',
maxAge: 7200
}
}
}