This template provides a basic user system built with Node.js, Express Js and MongoDB.
It provides a public homepage (that do not require a registered user), a registration and login process, a private homepage for registered users, and an admin panel. The registration process is guided by the following rules :
- a new user must provide an invitation code from an already registered user ;
- the new account must be activated using a link sent by email.
App administrators can also fine tune the registration process by modifying the auth configuration in back/config/auth.config.js :
config = {
secret: 'userstack-secret-key', // Secret key used to hash things (token etc)
adminCode: 'GGJESUS', // The invitation code to provide for the first user to register
passwordLength: 8, // The minimal password length expected
tokenValidity: 86400, // Tokens validity in seconds
saltRounds: 8 // The amount of salt rounds to use when hashing passwords
}Since registration are restrained using an invitation code, users are linked to each other like a user genealogy. The root account is at depth 0, while all the user it will invite using its code will be at depth 1 etc. The maximum depth restrain the registration process ; users that have reached this maximum depth will not have any invitation code.
Administrator accounts can lock or unlock registration, and update the allowed depth in the adminuistration page.
Users are assigned with roles : admin and user. The admin role grant access for the admin page, while the user role grant access to all the private pages except the administration ones.
To make it work on your environment, please rename .env.example to .env and fill all the required information in it.
You must ensure npm is installed on the system, and that you've run npm install before going any further. You can optionnaly build front end assets, using npm run build or npm run watch.
If you have docker and docker-compose installed on your system, you can run docker-compose up -d after you've created an .env file to automatically run a MongoDB container for this app.
However, if you can't use docker, you must manually install MongoDB, and ensure you've created a database that match the information you've filled in the .env file. You also may create a user with permissions on this database if you filled those in the .env file. Finally, you must also ensure that the MongoDB service is running before starting the server.
/is the public homepage of the app/loginis the classical login form/registeris the classical register form/verify/:email/:tokenlink sent by mail used to verify an account
/register/activateis the page that sends an activation link by email/homeis the private homepage for registered users/profileis the page that summarizes the user information/profile/editis the page for users to change their information and password/logoutto clear the client session
/adminis the administration homepage/admin/usersis the users listing with an option for admin to delete them
payload = {
username: username, // Either username or email
password: password // Associated password
}payload = {
username: username,
email: email,
code: code, // The invitation code of an already registered user
pass1: password,
pass2: password
}payload = {
username: newUsername,
email: newEmail
}payload = {
pass1: oldPassword,
pass2: newPassword,
pass3: newPassword
}// The avatarSrc is an already saved one for user, but which was not its active avatar
payload = {
src: avatarSrc
}payload = {
src: avatarSrc
}// Payload is a FormData created from an input[type="file"] The user wants to remove its account
payload = {
userId: userId // The user ID to delete from database
}payload = {
userId: userId, // The user Id to modify roles from
roleId: roleId, // The role ID to assign/revoke
checked: true // Grant or not role to user
}payload = {
lockRegistration: Boolean, // Allow or not registration on app
maxDepth: Number // Update max depth from root account for new users
}