New modules introduced to this project will exist in separate branches. Production instances will be available in the repos that declare Q as a depenency.
This repository is the backbone of all 3merge applications. It is highly extensible: we can configure it as an order management system, content management system, event registration platform and more.
Locally, create a .env file in the root. Add the following code to it, replacing with real values where appropriate:
NODE_ENV=testing
LOCALHOST=localhost
USER=user
PASSWORD=password
HOSTNAME=example.com
SECRET=somestrongstring
PORT=80
EMAIL=example@yourdomain.com
PASSWORD=Str0ngPa55W0rd!12
If NODE_ENV equals "testing," it will require the LOCALHOST. Otherwise, "production" and "development" look for real server credentials. Note that the hostname encompasses everything following @ in a mongoDB URI connection string. For example, it will likely include ssl and replicaSet query parameters.
Not every vendor reads .env files in production. Really, this file exists for testing and development processes. When ready for production, you'll need to setup environment variables according to the vendor's own documentation. For example, checkout Heroku.
Q depends on many instance properties to run. These are defined in qconfig.json at the root level. Without it, the application will fail to run. There are no default properties because the setup of each instance will be wildly different. Use the json schema below to populate the file before starting development.
{
/**
* @NOTE
* Each factory collection can be enabled and disabled.
* For instance, this instance will contain CMS functionalities with "pages" set as true.
* A full list of available collections comes later in this document.
*/
"pages": "true",
/**
* @NOTE
* There are various vendors that this software integrates with.
* Services such as email and file hosting are provided via third-parties.
* The credentials for each strategy defined must also exist as environment variables.
* For a list of strategies, see each respective module's instructions below.
*/
"strategies": {
"email": "mailgun",
"media": "cloudinary"
}
/**
* @NOTE:
* This contains all role types for the application.
* Roles can inherit permissions from other roles.
* All "rules" refer to document collections inside the database
*/
"accesscontrol": {
"admin": {
"inherits": "basic",
"rules": {
"users": ["read", "write", "delete"],
"pages": ["read", "write", "delete"]
}
},
"basic": {}
}
}
madewithq ships with various security constraints, meaning all calls to the API must include several standard headers. The following applies to all private endpoints; however, public still requires all but the Bearer Authorization token and refreshToken cookie.
Cookie _curf // must match the x-csrf-token in the header
Cookie accessToken // this is an httpOnly cookie that the api reads
headers['x-csrf-token'] // special client generated token
headers['Authorization'] // bearer token
headers['Referer'] // must match host
headers['host']
FAQs
Headless CMS
The npm package madewithq receives a total of 1 weekly downloads. As such, madewithq popularity was classified as not popular.
We found that madewithq demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.