@aspiesoft/basic-site

Basic Site

A module that runs express with an easy setup and additional basic security for a small and simple website.

Develop your express sites faster.

Useful if you tend to make a lot of apis or web apps that run on express.

Behind the sense, this module adds in middleware for basic security and compression.

• Also sets "trust proxy" to true for reverse proxies like nginx.
• Includes the ability to add any view engine you choose.
• Includes the optional default view engine (@aspiesoft/regve) pre setup if installed as a dependency.
• Runs the helmet module.
• Adds easy access to validator, and a function to sanitize variable types.
• Combines req.body and req.query into a single req.data (post data has priority over get data).
• In production (process.env.NODE_ENV === 'production'), forces ssl and verifies if the hostname is a FQDN with validator.
• Checks if the request is from localhost.
• Gets the users geo IP with the geoip-lite module.
• Runs a simple check to detect bots using the isbot-fast module (could be useful for SEO development).
• Simplifies the req.url to remove any extra / at the end, and removes query vars from the url (still accessible with req.query).
• Only allows GET and POST methods with "Access-Control-Allow-Methods".
• Limits the request size to 1mb (this size can be modified).
• Adds a /ping url that runs before the view engine (simply returns "pong!") (useful for quickly checking if the server is online).
• You still have full access to the express module.

Installation

npm install basic-site


# or without optional dependencies
npm install basic-site --no-optional

Setup

You can use any view engine you want. By default, this module runs on regve made by AspieSoft. It has a similar syntax to handlebars, but with more features and better stability. It also supports a markdown like syntax.

This module now supports turbx beta made by AspieSoft. It is a newer view engine than regve, and has an xhtml like syntax. It also supports a component system you can pass variables into. To use it, simply run server.viewEngine('turbx'); before starting the server.

const server = require('basic-site');


// optional
// turbx - a newer view engine than regve (currently in beta)
server.viewEngine('turbx'); // note: by default, this will use .xhtml instead of .html

// add pwa
server.pwa({name: 'App Name', short_name: 'App', icon: 'favicon.ico', icon_background: '#ffffff'});

// auto minify public js and css files
server.minify(['js', 'css']);
server.minify(); // all supported files (currently .js and .css)

// basic setup
server.pages({
  '/url': function(req, res, next){
    // express page callback here
    res.render('index', {opts});
  },
  '/url2': function(req, res, next){
    // express page callback here
    res.render('url2', {opts});
  },
});

// start server
const port = 3000;
server(port);

// default: add .html views to "views" directory
// default: add static files to "public" directory


// advanced setup

// set static path (optional) (default: public)
server.static('/', server.path(__dirname, 'public'));

// set view engine (optional) (default: regve with below options)
server.viewEngine('regve' || 'inputmd', {
  template: 'layout',
  dir: server.path(__dirname, 'views'),
  type: 'html',
  cache: '1D',
});
// regve and inputmd are view engines made by AspieSoft

// regve is similar to handlebars, but with more features and less crashing

// inputmd simply adds a markdown like syntax to html
// it allows basic inputs similar to handlebars, and allows importing files (but has no functions or if statements)


// limit data size for post requests
server.limit('1mb'); // default = 1mb
server.limit(10); // 10mb (numbers are converted to an mb string)

// set any other view engine (optional)
server.viewEngine(function(app){
  // setup view engine
  app.engine('html', regve({
    template: 'layout',
    dir: server.path(__dirname, 'views'),
    type: 'html',
    cache: '1D',
  }));
});


// set pages
server.pages(function(app){
  app.use('/url', (req, res, next) => {
    // express page callback here
  });

  // app.req will add the pages as app.post and app.get combination
  app.req('/url2', (req, res, next) => {
    // express page callback here
  });

  app.post('/url3', (req, res, next) => {
    // express page callback here
  });

  app.get('/url3', (req, res, next) => {
    // express page callback here
  });
});

// or pass an object to pages (used app.req method)
server.pages({
  '/url': function(req, res, next){
    // express page callback here
  },
  '/url2': function(req, res, next){
    // express page callback here
  },
});


// start server
const port = 3000;
server(port);

Usage

function(req, res, next){
  req.startTime // the time the request started (time is set after some basics like the helmet module have run)
  req.static // the static url if set (example: "/cdn") or undefined
  req.root // the root file this module detected as the main file you used to start the server
  req.limit // returns the data limit for post requests (default: 1mb)
  req.clean(jsVar) // sanitizes any variable type and ensures valid utf8 (also checks nested objects and arrays)
  req.varType(jsVar) // returns the typeof variable and also returns if the var is an array, null, or regex
  req.joinPath('path', 'to', 'file', 'from', 'app', 'root') // a safer way to use path.join which prevents backtracking when combining by cammas, and enforces a path to stay within the root of your app
  req.validator // returns the validator module
  req.hostUrl // returns the host url without the http:// or https://
  req.browser // returns the user-agent
  req.uip // returns the ip after cleaning it up and fixing ipv6
  req.localhost // returns true if the request is from localhost (127.0.0.1, localhost, ::1)
  req.geo // returns the result from the ip lookup from the geoip-lite module
  req.bot // returns the result from the isbot-fast module after passing the browser (user-agent)
  req.url // created by express, and modified by this module to remove query vars and the trailing / at the end of the string

  req.body // the POST/body data sent by the user
  req.query // the GET/query data sent by the user
  req.data // the combined POST/body and GET/query data sent by the user (with POST/body taking priority over GET/query)
}

// other useful functions
server.randToken(size /* default: 64 */) // returns crypto.randomBytes(size).toString('hex')
server.path('path', 'to', 'file', 'from', 'app', 'root') // a safer way to use path.join which prevents backtracking when combining by cammas, and enforces a path to stay within the root of your app
server.clean(userInput) // sanitizes an input of any valid json data type, and enforces valid utf8 (same as req.clean)
server.varType(myVar) // kind of like typeof, but also returns 'array', 'regex', and 'null' (same as req.varType)
server.root // returns the root path of your app (same as req.root)

server.server // returns the server object produced after starting the module
server.express // returns the express module
server.helmet // returns the helmet module
server.validator // returns the validator module
server.geoIP // returns the geoip-lite module
server.isBot // returns the isbot-fast module