├── .gitignore ├── README.md ├── client ├── .gitignore ├── README.md ├── package-lock.json ├── package.json ├── public │ ├── favicon.ico │ ├── index.html │ └── manifest.json └── src │ ├── App.jsx │ ├── NavBar.jsx │ ├── httpClient.js │ ├── index.js │ ├── styles.css │ ├── views │ ├── Home.jsx │ ├── LogIn.jsx │ ├── LogOut.jsx │ ├── SignUp.jsx │ └── VIP.jsx │ └── vip.jpg ├── controllers └── users.js ├── models └── User.js ├── package-lock.json ├── package.json ├── routes └── users.js ├── server.js └── serverAuth.js /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | .env 3 | .DS_Store -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # React Application with JWT Authentication 2 | 3 | ### Overview 4 | 5 | This is an example application that serves an ExpressJS JSON api to a React client application. The React application is configured for a basic JWT authentication flow **WITHOUT** using redux. Great for those of you that are somewhat familiar with Node, Express, and Mongoose, but want to see an implementation of React + React Router with JWT authentication. 6 | 7 | The React client app could easily be restructured to keep current user information in a Redux Store. Give it a shot! 8 | 9 | ### Installation + Development 10 | 11 | 1. `git clone` this repository to your local machine. 12 | 13 | 2. run `npm install` from the cloned repo directory. 14 | 15 | 3. create a `.env` file at the root of the application, adjacent to `server.js`. 16 | 17 | *The only environment variable you **have** to declare in development is `JWT_SECRET`* 18 | 19 | In the `.env` file, you can declare the following environment variables: `JWT_SECRET`, `MONGODB_URI`, and `PORT`. For example: 20 | 21 | ``` 22 | JWT_SECRET=BOOOOOOOOOOOOOM 23 | MONGODB_URI=mongodb://localhost/react-express-jwt 24 | PORT=3001 25 | ``` 26 | 27 | 28 | 29 | 4. It's recommended that you run the api server on port 3001 while developing locally, as the client app will default to port 3000. 30 | 5. Make sure `mongod` is running by running… ahem… `mongod` 31 | 6. From that point you can run the api server either by using `nodemon` or just running `node server.js` 32 | 7. Now for the client application. `cd client` 33 | 8. Install the client app's dependencies with `npm install` 34 | 9. From the client directory, run `npm start` to boot up the client application. 35 | 10. $$$ Profit 36 | 37 | ### Usage 38 | 39 | It's common to identify the user making an authenticated request on the server side. In this application, the `verifyToken` middleware (declared in `/serverAuth.js`) decodes a provided token, and makes sure the request is coming from a valid user. When the user is validated, it is added to the `req` object as `req.user`. 40 | 41 | Here's an example of how you can access the 'current user' from the server side app, assuming a user is logged in and sending an authenticated request: 42 | 43 | ```javascript 44 | const express = require('express') 45 | const mySpecialRouter = new express.Router() 46 | 47 | // JWT AUTH MIDDLEWARE: 48 | const { verifyToken } = require('../serverAuth.js') 49 | 50 | const Comment = require('../models/Comment.js') 51 | 52 | // all routes declared after this middleware require a token 53 | mySpecialRouter.use(verifyToken) 54 | mySpecialRouter.post("/comments", (req, res) => { 55 | // since this route succeeds 'verifyToken', it has the current user in req.user 56 | // so we can easily associate new mongo documents to the current user: 57 | Comment.create({ ...req.body, user: req.user }, (err, comment) => { 58 | if(err) return console.log(err) 59 | res.json({ success: true, message: "Comment created.", comment }) 60 | }) 61 | }) 62 | 63 | module.exports = mySpecialRouter 64 | ``` 65 | 66 | 67 | 68 | ### Technologies 69 | - React client application business in the front 70 | - NodeJS + Express + Mongoose party in the back 71 | - React Router 4.* 72 | - Milligram CSS so it doesn't look like garbage 73 | - JSON Web Token authentication flow 74 | 75 | ### Important Notes 76 | 77 | - While the Mongoose user schema enforces email uniqueness, there's no handler for duplicate user emails on the client side. (A user wouldn't know why they couldn't create their account if they came across this scenario). 78 | -------------------------------------------------------------------------------- /client/.gitignore: -------------------------------------------------------------------------------- 1 | # See https://help.github.com/ignore-files/ for more about ignoring files. 2 | 3 | # dependencies 4 | /node_modules 5 | 6 | # testing 7 | /coverage 8 | 9 | # production 10 | /build 11 | 12 | # misc 13 | .DS_Store 14 | .env.local 15 | .env.development.local 16 | .env.test.local 17 | .env.production.local 18 | 19 | npm-debug.log* 20 | yarn-debug.log* 21 | yarn-error.log* 22 | -------------------------------------------------------------------------------- /client/README.md: -------------------------------------------------------------------------------- 1 | This project was bootstrapped with [Create React App](https://github.com/facebookincubator/create-react-app). 2 | 3 | Below you will find some information on how to perform common tasks.
4 | You can find the most recent version of this guide [here](https://github.com/facebookincubator/create-react-app/blob/master/packages/react-scripts/template/README.md). 5 | 6 | ## Table of Contents 7 | 8 | - [Updating to New Releases](#updating-to-new-releases) 9 | - [Sending Feedback](#sending-feedback) 10 | - [Folder Structure](#folder-structure) 11 | - [Available Scripts](#available-scripts) 12 | - [npm start](#npm-start) 13 | - [npm test](#npm-test) 14 | - [npm run build](#npm-run-build) 15 | - [npm run eject](#npm-run-eject) 16 | - [Supported Language Features and Polyfills](#supported-language-features-and-polyfills) 17 | - [Syntax Highlighting in the Editor](#syntax-highlighting-in-the-editor) 18 | - [Displaying Lint Output in the Editor](#displaying-lint-output-in-the-editor) 19 | - [Debugging in the Editor](#debugging-in-the-editor) 20 | - [Formatting Code Automatically](#formatting-code-automatically) 21 | - [Changing the Page ``](#changing-the-page-title) 22 | - [Installing a Dependency](#installing-a-dependency) 23 | - [Importing a Component](#importing-a-component) 24 | - [Code Splitting](#code-splitting) 25 | - [Adding a Stylesheet](#adding-a-stylesheet) 26 | - [Post-Processing CSS](#post-processing-css) 27 | - [Adding a CSS Preprocessor (Sass, Less etc.)](#adding-a-css-preprocessor-sass-less-etc) 28 | - [Adding Images, Fonts, and Files](#adding-images-fonts-and-files) 29 | - [Using the `public` Folder](#using-the-public-folder) 30 | - [Changing the HTML](#changing-the-html) 31 | - [Adding Assets Outside of the Module System](#adding-assets-outside-of-the-module-system) 32 | - [When to Use the `public` Folder](#when-to-use-the-public-folder) 33 | - [Using Global Variables](#using-global-variables) 34 | - [Adding Bootstrap](#adding-bootstrap) 35 | - [Using a Custom Theme](#using-a-custom-theme) 36 | - [Adding Flow](#adding-flow) 37 | - [Adding Custom Environment Variables](#adding-custom-environment-variables) 38 | - [Referencing Environment Variables in the HTML](#referencing-environment-variables-in-the-html) 39 | - [Adding Temporary Environment Variables In Your Shell](#adding-temporary-environment-variables-in-your-shell) 40 | - [Adding Development Environment Variables In `.env`](#adding-development-environment-variables-in-env) 41 | - [Can I Use Decorators?](#can-i-use-decorators) 42 | - [Integrating with an API Backend](#integrating-with-an-api-backend) 43 | - [Node](#node) 44 | - [Ruby on Rails](#ruby-on-rails) 45 | - [Proxying API Requests in Development](#proxying-api-requests-in-development) 46 | - ["Invalid Host Header" Errors After Configuring Proxy](#invalid-host-header-errors-after-configuring-proxy) 47 | - [Configuring the Proxy Manually](#configuring-the-proxy-manually) 48 | - [Configuring a WebSocket Proxy](#configuring-a-websocket-proxy) 49 | - [Using HTTPS in Development](#using-https-in-development) 50 | - [Generating Dynamic `<meta>` Tags on the Server](#generating-dynamic-meta-tags-on-the-server) 51 | - [Pre-Rendering into Static HTML Files](#pre-rendering-into-static-html-files) 52 | - [Injecting Data from the Server into the Page](#injecting-data-from-the-server-into-the-page) 53 | - [Running Tests](#running-tests) 54 | - [Filename Conventions](#filename-conventions) 55 | - [Command Line Interface](#command-line-interface) 56 | - [Version Control Integration](#version-control-integration) 57 | - [Writing Tests](#writing-tests) 58 | - [Testing Components](#testing-components) 59 | - [Using Third Party Assertion Libraries](#using-third-party-assertion-libraries) 60 | - [Initializing Test Environment](#initializing-test-environment) 61 | - [Focusing and Excluding Tests](#focusing-and-excluding-tests) 62 | - [Coverage Reporting](#coverage-reporting) 63 | - [Continuous Integration](#continuous-integration) 64 | - [Disabling jsdom](#disabling-jsdom) 65 | - [Snapshot Testing](#snapshot-testing) 66 | - [Editor Integration](#editor-integration) 67 | - [Developing Components in Isolation](#developing-components-in-isolation) 68 | - [Getting Started with Storybook](#getting-started-with-storybook) 69 | - [Getting Started with Styleguidist](#getting-started-with-styleguidist) 70 | - [Making a Progressive Web App](#making-a-progressive-web-app) 71 | - [Opting Out of Caching](#opting-out-of-caching) 72 | - [Offline-First Considerations](#offline-first-considerations) 73 | - [Progressive Web App Metadata](#progressive-web-app-metadata) 74 | - [Analyzing the Bundle Size](#analyzing-the-bundle-size) 75 | - [Deployment](#deployment) 76 | - [Static Server](#static-server) 77 | - [Other Solutions](#other-solutions) 78 | - [Serving Apps with Client-Side Routing](#serving-apps-with-client-side-routing) 79 | - [Building for Relative Paths](#building-for-relative-paths) 80 | - [Azure](#azure) 81 | - [Firebase](#firebase) 82 | - [GitHub Pages](#github-pages) 83 | - [Heroku](#heroku) 84 | - [Netlify](#netlify) 85 | - [Now](#now) 86 | - [S3 and CloudFront](#s3-and-cloudfront) 87 | - [Surge](#surge) 88 | - [Advanced Configuration](#advanced-configuration) 89 | - [Troubleshooting](#troubleshooting) 90 | - [`npm start` doesn’t detect changes](#npm-start-doesnt-detect-changes) 91 | - [`npm test` hangs on macOS Sierra](#npm-test-hangs-on-macos-sierra) 92 | - [`npm run build` exits too early](#npm-run-build-exits-too-early) 93 | - [`npm run build` fails on Heroku](#npm-run-build-fails-on-heroku) 94 | - [`npm run build` fails to minify](#npm-run-build-fails-to-minify) 95 | - [Moment.js locales are missing](#momentjs-locales-are-missing) 96 | - [Something Missing?](#something-missing) 97 | 98 | ## Updating to New Releases 99 | 100 | Create React App is divided into two packages: 101 | 102 | * `create-react-app` is a global command-line utility that you use to create new projects. 103 | * `react-scripts` is a development dependency in the generated projects (including this one). 104 | 105 | You almost never need to update `create-react-app` itself: it delegates all the setup to `react-scripts`. 106 | 107 | When you run `create-react-app`, it always creates the project with the latest version of `react-scripts` so you’ll get all the new features and improvements in newly created apps automatically. 108 | 109 | To update an existing project to a new version of `react-scripts`, [open the changelog](https://github.com/facebookincubator/create-react-app/blob/master/CHANGELOG.md), find the version you’re currently on (check `package.json` in this folder if you’re not sure), and apply the migration instructions for the newer versions. 110 | 111 | In most cases bumping the `react-scripts` version in `package.json` and running `npm install` in this folder should be enough, but it’s good to consult the [changelog](https://github.com/facebookincubator/create-react-app/blob/master/CHANGELOG.md) for potential breaking changes. 112 | 113 | We commit to keeping the breaking changes minimal so you can upgrade `react-scripts` painlessly. 114 | 115 | ## Sending Feedback 116 | 117 | We are always open to [your feedback](https://github.com/facebookincubator/create-react-app/issues). 118 | 119 | ## Folder Structure 120 | 121 | After creation, your project should look like this: 122 | 123 | ``` 124 | my-app/ 125 | README.md 126 | node_modules/ 127 | package.json 128 | public/ 129 | index.html 130 | favicon.ico 131 | src/ 132 | App.css 133 | App.js 134 | App.test.js 135 | index.css 136 | index.js 137 | logo.svg 138 | ``` 139 | 140 | For the project to build, **these files must exist with exact filenames**: 141 | 142 | * `public/index.html` is the page template; 143 | * `src/index.js` is the JavaScript entry point. 144 | 145 | You can delete or rename the other files. 146 | 147 | You may create subdirectories inside `src`. For faster rebuilds, only files inside `src` are processed by Webpack.<br> 148 | You need to **put any JS and CSS files inside `src`**, otherwise Webpack won’t see them. 149 | 150 | Only files inside `public` can be used from `public/index.html`.<br> 151 | Read instructions below for using assets from JavaScript and HTML. 152 | 153 | You can, however, create more top-level directories.<br> 154 | They will not be included in the production build so you can use them for things like documentation. 155 | 156 | ## Available Scripts 157 | 158 | In the project directory, you can run: 159 | 160 | ### `npm start` 161 | 162 | Runs the app in the development mode.<br> 163 | Open [http://localhost:3000](http://localhost:3000) to view it in the browser. 164 | 165 | The page will reload if you make edits.<br> 166 | You will also see any lint errors in the console. 167 | 168 | ### `npm test` 169 | 170 | Launches the test runner in the interactive watch mode.<br> 171 | See the section about [running tests](#running-tests) for more information. 172 | 173 | ### `npm run build` 174 | 175 | Builds the app for production to the `build` folder.<br> 176 | It correctly bundles React in production mode and optimizes the build for the best performance. 177 | 178 | The build is minified and the filenames include the hashes.<br> 179 | Your app is ready to be deployed! 180 | 181 | See the section about [deployment](#deployment) for more information. 182 | 183 | ### `npm run eject` 184 | 185 | **Note: this is a one-way operation. Once you `eject`, you can’t go back!** 186 | 187 | If you aren’t satisfied with the build tool and configuration choices, you can `eject` at any time. This command will remove the single build dependency from your project. 188 | 189 | Instead, it will copy all the configuration files and the transitive dependencies (Webpack, Babel, ESLint, etc) right into your project so you have full control over them. All of the commands except `eject` will still work, but they will point to the copied scripts so you can tweak them. At this point you’re on your own. 190 | 191 | You don’t have to ever use `eject`. The curated feature set is suitable for small and middle deployments, and you shouldn’t feel obligated to use this feature. However we understand that this tool wouldn’t be useful if you couldn’t customize it when you are ready for it. 192 | 193 | ## Supported Language Features and Polyfills 194 | 195 | This project supports a superset of the latest JavaScript standard.<br> 196 | In addition to [ES6](https://github.com/lukehoban/es6features) syntax features, it also supports: 197 | 198 | * [Exponentiation Operator](https://github.com/rwaldron/exponentiation-operator) (ES2016). 199 | * [Async/await](https://github.com/tc39/ecmascript-asyncawait) (ES2017). 200 | * [Object Rest/Spread Properties](https://github.com/sebmarkbage/ecmascript-rest-spread) (stage 3 proposal). 201 | * [Dynamic import()](https://github.com/tc39/proposal-dynamic-import) (stage 3 proposal) 202 | * [Class Fields and Static Properties](https://github.com/tc39/proposal-class-public-fields) (part of stage 3 proposal). 203 | * [JSX](https://facebook.github.io/react/docs/introducing-jsx.html) and [Flow](https://flowtype.org/) syntax. 204 | 205 | Learn more about [different proposal stages](https://babeljs.io/docs/plugins/#presets-stage-x-experimental-presets-). 206 | 207 | While we recommend to use experimental proposals with some caution, Facebook heavily uses these features in the product code, so we intend to provide [codemods](https://medium.com/@cpojer/effective-javascript-codemods-5a6686bb46fb) if any of these proposals change in the future. 208 | 209 | Note that **the project only includes a few ES6 [polyfills](https://en.wikipedia.org/wiki/Polyfill)**: 210 | 211 | * [`Object.assign()`](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/Object/assign) via [`object-assign`](https://github.com/sindresorhus/object-assign). 212 | * [`Promise`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise) via [`promise`](https://github.com/then/promise). 213 | * [`fetch()`](https://developer.mozilla.org/en/docs/Web/API/Fetch_API) via [`whatwg-fetch`](https://github.com/github/fetch). 214 | 215 | If you use any other ES6+ features that need **runtime support** (such as `Array.from()` or `Symbol`), make sure you are including the appropriate polyfills manually, or that the browsers you are targeting already support them. 216 | 217 | ## Syntax Highlighting in the Editor 218 | 219 | To configure the syntax highlighting in your favorite text editor, head to the [relevant Babel documentation page](https://babeljs.io/docs/editors) and follow the instructions. Some of the most popular editors are covered. 220 | 221 | ## Displaying Lint Output in the Editor 222 | 223 | >Note: this feature is available with `react-scripts@0.2.0` and higher.<br> 224 | >It also only works with npm 3 or higher. 225 | 226 | Some editors, including Sublime Text, Atom, and Visual Studio Code, provide plugins for ESLint. 227 | 228 | They are not required for linting. You should see the linter output right in your terminal as well as the browser console. However, if you prefer the lint results to appear right in your editor, there are some extra steps you can do. 229 | 230 | You would need to install an ESLint plugin for your editor first. Then, add a file called `.eslintrc` to the project root: 231 | 232 | ```js 233 | { 234 | "extends": "react-app" 235 | } 236 | ``` 237 | 238 | Now your editor should report the linting warnings. 239 | 240 | Note that even if you edit your `.eslintrc` file further, these changes will **only affect the editor integration**. They won’t affect the terminal and in-browser lint output. This is because Create React App intentionally provides a minimal set of rules that find common mistakes. 241 | 242 | If you want to enforce a coding style for your project, consider using [Prettier](https://github.com/jlongster/prettier) instead of ESLint style rules. 243 | 244 | ## Debugging in the Editor 245 | 246 | **This feature is currently only supported by [Visual Studio Code](https://code.visualstudio.com) and [WebStorm](https://www.jetbrains.com/webstorm/).** 247 | 248 | Visual Studio Code and WebStorm support debugging out of the box with Create React App. This enables you as a developer to write and debug your React code without leaving the editor, and most importantly it enables you to have a continuous development workflow, where context switching is minimal, as you don’t have to switch between tools. 249 | 250 | ### Visual Studio Code 251 | 252 | You would need to have the latest version of [VS Code](https://code.visualstudio.com) and VS Code [Chrome Debugger Extension](https://marketplace.visualstudio.com/items?itemName=msjsdiag.debugger-for-chrome) installed. 253 | 254 | Then add the block below to your `launch.json` file and put it inside the `.vscode` folder in your app’s root directory. 255 | 256 | ```json 257 | { 258 | "version": "0.2.0", 259 | "configurations": [{ 260 | "name": "Chrome", 261 | "type": "chrome", 262 | "request": "launch", 263 | "url": "http://localhost:3000", 264 | "webRoot": "${workspaceRoot}/src", 265 | "userDataDir": "${workspaceRoot}/.vscode/chrome", 266 | "sourceMapPathOverrides": { 267 | "webpack:///src/*": "${webRoot}/*" 268 | } 269 | }] 270 | } 271 | ``` 272 | >Note: the URL may be different if you've made adjustments via the [HOST or PORT environment variables](#advanced-configuration). 273 | 274 | Start your app by running `npm start`, and start debugging in VS Code by pressing `F5` or by clicking the green debug icon. You can now write code, set breakpoints, make changes to the code, and debug your newly modified code—all from your editor. 275 | 276 | ### WebStorm 277 | 278 | You would need to have [WebStorm](https://www.jetbrains.com/webstorm/) and [JetBrains IDE Support](https://chrome.google.com/webstore/detail/jetbrains-ide-support/hmhgeddbohgjknpmjagkdomcpobmllji) Chrome extension installed. 279 | 280 | In the WebStorm menu `Run` select `Edit Configurations...`. Then click `+` and select `JavaScript Debug`. Paste `http://localhost:3000` into the URL field and save the configuration. 281 | 282 | >Note: the URL may be different if you've made adjustments via the [HOST or PORT environment variables](#advanced-configuration). 283 | 284 | Start your app by running `npm start`, then press `^D` on macOS or `F9` on Windows and Linux or click the green debug icon to start debugging in WebStorm. 285 | 286 | The same way you can debug your application in IntelliJ IDEA Ultimate, PhpStorm, PyCharm Pro, and RubyMine. 287 | 288 | ## Formatting Code Automatically 289 | 290 | Prettier is an opinionated code formatter with support for JavaScript, CSS and JSON. With Prettier you can format the code you write automatically to ensure a code style within your project. See the [Prettier's GitHub page](https://github.com/prettier/prettier) for more information, and look at this [page to see it in action](https://prettier.github.io/prettier/). 291 | 292 | To format our code whenever we make a commit in git, we need to install the following dependencies: 293 | 294 | ```sh 295 | npm install --save husky lint-staged prettier 296 | ``` 297 | 298 | Alternatively you may use `yarn`: 299 | 300 | ```sh 301 | yarn add husky lint-staged prettier 302 | ``` 303 | 304 | * `husky` makes it easy to use githooks as if they are npm scripts. 305 | * `lint-staged` allows us to run scripts on staged files in git. See this [blog post about lint-staged to learn more about it](https://medium.com/@okonetchnikov/make-linting-great-again-f3890e1ad6b8). 306 | * `prettier` is the JavaScript formatter we will run before commits. 307 | 308 | Now we can make sure every file is formatted correctly by adding a few lines to the `package.json` in the project root. 309 | 310 | Add the following line to `scripts` section: 311 | 312 | ```diff 313 | "scripts": { 314 | + "precommit": "lint-staged", 315 | "start": "react-scripts start", 316 | "build": "react-scripts build", 317 | ``` 318 | 319 | Next we add a 'lint-staged' field to the `package.json`, for example: 320 | 321 | ```diff 322 | "dependencies": { 323 | // ... 324 | }, 325 | + "lint-staged": { 326 | + "src/**/*.{js,jsx,json,css}": [ 327 | + "prettier --single-quote --write", 328 | + "git add" 329 | + ] 330 | + }, 331 | "scripts": { 332 | ``` 333 | 334 | Now, whenever you make a commit, Prettier will format the changed files automatically. You can also run `./node_modules/.bin/prettier --single-quote --write "src/**/*.{js,jsx}"` to format your entire project for the first time. 335 | 336 | Next you might want to integrate Prettier in your favorite editor. Read the section on [Editor Integration](https://github.com/prettier/prettier#editor-integration) on the Prettier GitHub page. 337 | 338 | ## Changing the Page `<title>` 339 | 340 | You can find the source HTML file in the `public` folder of the generated project. You may edit the `<title>` tag in it to change the title from “React App” to anything else. 341 | 342 | Note that normally you wouldn’t edit files in the `public` folder very often. For example, [adding a stylesheet](#adding-a-stylesheet) is done without touching the HTML. 343 | 344 | If you need to dynamically update the page title based on the content, you can use the browser [`document.title`](https://developer.mozilla.org/en-US/docs/Web/API/Document/title) API. For more complex scenarios when you want to change the title from React components, you can use [React Helmet](https://github.com/nfl/react-helmet), a third party library. 345 | 346 | If you use a custom server for your app in production and want to modify the title before it gets sent to the browser, you can follow advice in [this section](#generating-dynamic-meta-tags-on-the-server). Alternatively, you can pre-build each page as a static HTML file which then loads the JavaScript bundle, which is covered [here](#pre-rendering-into-static-html-files). 347 | 348 | ## Installing a Dependency 349 | 350 | The generated project includes React and ReactDOM as dependencies. It also includes a set of scripts used by Create React App as a development dependency. You may install other dependencies (for example, React Router) with `npm`: 351 | 352 | ```sh 353 | npm install --save react-router 354 | ``` 355 | 356 | Alternatively you may use `yarn`: 357 | 358 | ```sh 359 | yarn add react-router 360 | ``` 361 | 362 | This works for any library, not just `react-router`. 363 | 364 | ## Importing a Component 365 | 366 | This project setup supports ES6 modules thanks to Babel.<br> 367 | While you can still use `require()` and `module.exports`, we encourage you to use [`import` and `export`](http://exploringjs.com/es6/ch_modules.html) instead. 368 | 369 | For example: 370 | 371 | ### `Button.js` 372 | 373 | ```js 374 | import React, { Component } from 'react'; 375 | 376 | class Button extends Component { 377 | render() { 378 | // ... 379 | } 380 | } 381 | 382 | export default Button; // Don’t forget to use export default! 383 | ``` 384 | 385 | ### `DangerButton.js` 386 | 387 | 388 | ```js 389 | import React, { Component } from 'react'; 390 | import Button from './Button'; // Import a component from another file 391 | 392 | class DangerButton extends Component { 393 | render() { 394 | return <Button color="red" />; 395 | } 396 | } 397 | 398 | export default DangerButton; 399 | ``` 400 | 401 | Be aware of the [difference between default and named exports](http://stackoverflow.com/questions/36795819/react-native-es-6-when-should-i-use-curly-braces-for-import/36796281#36796281). It is a common source of mistakes. 402 | 403 | We suggest that you stick to using default imports and exports when a module only exports a single thing (for example, a component). That’s what you get when you use `export default Button` and `import Button from './Button'`. 404 | 405 | Named exports are useful for utility modules that export several functions. A module may have at most one default export and as many named exports as you like. 406 | 407 | Learn more about ES6 modules: 408 | 409 | * [When to use the curly braces?](http://stackoverflow.com/questions/36795819/react-native-es-6-when-should-i-use-curly-braces-for-import/36796281#36796281) 410 | * [Exploring ES6: Modules](http://exploringjs.com/es6/ch_modules.html) 411 | * [Understanding ES6: Modules](https://leanpub.com/understandinges6/read#leanpub-auto-encapsulating-code-with-modules) 412 | 413 | ## Code Splitting 414 | 415 | Instead of downloading the entire app before users can use it, code splitting allows you to split your code into small chunks which you can then load on demand. 416 | 417 | This project setup supports code splitting via [dynamic `import()`](http://2ality.com/2017/01/import-operator.html#loading-code-on-demand). Its [proposal](https://github.com/tc39/proposal-dynamic-import) is in stage 3. The `import()` function-like form takes the module name as an argument and returns a [`Promise`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise) which always resolves to the namespace object of the module. 418 | 419 | Here is an example: 420 | 421 | ### `moduleA.js` 422 | 423 | ```js 424 | const moduleA = 'Hello'; 425 | 426 | export { moduleA }; 427 | ``` 428 | ### `App.js` 429 | 430 | ```js 431 | import React, { Component } from 'react'; 432 | 433 | class App extends Component { 434 | handleClick = () => { 435 | import('./moduleA') 436 | .then(({ moduleA }) => { 437 | // Use moduleA 438 | }) 439 | .catch(err => { 440 | // Handle failure 441 | }); 442 | }; 443 | 444 | render() { 445 | return ( 446 | <div> 447 | <button onClick={this.handleClick}>Load</button> 448 | </div> 449 | ); 450 | } 451 | } 452 | 453 | export default App; 454 | ``` 455 | 456 | This will make `moduleA.js` and all its unique dependencies as a separate chunk that only loads after the user clicks the 'Load' button. 457 | 458 | You can also use it with `async` / `await` syntax if you prefer it. 459 | 460 | ### With React Router 461 | 462 | If you are using React Router check out [this tutorial](http://serverless-stack.com/chapters/code-splitting-in-create-react-app.html) on how to use code splitting with it. You can find the companion GitHub repository [here](https://github.com/AnomalyInnovations/serverless-stack-demo-client/tree/code-splitting-in-create-react-app). 463 | 464 | ## Adding a Stylesheet 465 | 466 | This project setup uses [Webpack](https://webpack.js.org/) for handling all assets. Webpack offers a custom way of “extending” the concept of `import` beyond JavaScript. To express that a JavaScript file depends on a CSS file, you need to **import the CSS from the JavaScript file**: 467 | 468 | ### `Button.css` 469 | 470 | ```css 471 | .Button { 472 | padding: 20px; 473 | } 474 | ``` 475 | 476 | ### `Button.js` 477 | 478 | ```js 479 | import React, { Component } from 'react'; 480 | import './Button.css'; // Tell Webpack that Button.js uses these styles 481 | 482 | class Button extends Component { 483 | render() { 484 | // You can use them as regular CSS styles 485 | return <div className="Button" />; 486 | } 487 | } 488 | ``` 489 | 490 | **This is not required for React** but many people find this feature convenient. You can read about the benefits of this approach [here](https://medium.com/seek-ui-engineering/block-element-modifying-your-javascript-components-d7f99fcab52b). However you should be aware that this makes your code less portable to other build tools and environments than Webpack. 491 | 492 | In development, expressing dependencies this way allows your styles to be reloaded on the fly as you edit them. In production, all CSS files will be concatenated into a single minified `.css` file in the build output. 493 | 494 | If you are concerned about using Webpack-specific semantics, you can put all your CSS right into `src/index.css`. It would still be imported from `src/index.js`, but you could always remove that import if you later migrate to a different build tool. 495 | 496 | ## Post-Processing CSS 497 | 498 | This project setup minifies your CSS and adds vendor prefixes to it automatically through [Autoprefixer](https://github.com/postcss/autoprefixer) so you don’t need to worry about it. 499 | 500 | For example, this: 501 | 502 | ```css 503 | .App { 504 | display: flex; 505 | flex-direction: row; 506 | align-items: center; 507 | } 508 | ``` 509 | 510 | becomes this: 511 | 512 | ```css 513 | .App { 514 | display: -webkit-box; 515 | display: -ms-flexbox; 516 | display: flex; 517 | -webkit-box-orient: horizontal; 518 | -webkit-box-direction: normal; 519 | -ms-flex-direction: row; 520 | flex-direction: row; 521 | -webkit-box-align: center; 522 | -ms-flex-align: center; 523 | align-items: center; 524 | } 525 | ``` 526 | 527 | If you need to disable autoprefixing for some reason, [follow this section](https://github.com/postcss/autoprefixer#disabling). 528 | 529 | ## Adding a CSS Preprocessor (Sass, Less etc.) 530 | 531 | Generally, we recommend that you don’t reuse the same CSS classes across different components. For example, instead of using a `.Button` CSS class in `<AcceptButton>` and `<RejectButton>` components, we recommend creating a `<Button>` component with its own `.Button` styles, that both `<AcceptButton>` and `<RejectButton>` can render (but [not inherit](https://facebook.github.io/react/docs/composition-vs-inheritance.html)). 532 | 533 | Following this rule often makes CSS preprocessors less useful, as features like mixins and nesting are replaced by component composition. You can, however, integrate a CSS preprocessor if you find it valuable. In this walkthrough, we will be using Sass, but you can also use Less, or another alternative. 534 | 535 | First, let’s install the command-line interface for Sass: 536 | 537 | ```sh 538 | npm install --save node-sass-chokidar 539 | ``` 540 | 541 | Alternatively you may use `yarn`: 542 | 543 | ```sh 544 | yarn add node-sass-chokidar 545 | ``` 546 | 547 | Then in `package.json`, add the following lines to `scripts`: 548 | 549 | ```diff 550 | "scripts": { 551 | + "build-css": "node-sass-chokidar src/ -o src/", 552 | + "watch-css": "npm run build-css && node-sass-chokidar src/ -o src/ --watch --recursive", 553 | "start": "react-scripts start", 554 | "build": "react-scripts build", 555 | "test": "react-scripts test --env=jsdom", 556 | ``` 557 | 558 | >Note: To use a different preprocessor, replace `build-css` and `watch-css` commands according to your preprocessor’s documentation. 559 | 560 | Now you can rename `src/App.css` to `src/App.scss` and run `npm run watch-css`. The watcher will find every Sass file in `src` subdirectories, and create a corresponding CSS file next to it, in our case overwriting `src/App.css`. Since `src/App.js` still imports `src/App.css`, the styles become a part of your application. You can now edit `src/App.scss`, and `src/App.css` will be regenerated. 561 | 562 | To share variables between Sass files, you can use Sass imports. For example, `src/App.scss` and other component style files could include `@import "./shared.scss";` with variable definitions. 563 | 564 | To enable importing files without using relative paths, you can add the `--include-path` option to the command in `package.json`. 565 | 566 | ``` 567 | "build-css": "node-sass-chokidar --include-path ./src --include-path ./node_modules src/ -o src/", 568 | "watch-css": "npm run build-css && node-sass-chokidar --include-path ./src --include-path ./node_modules src/ -o src/ --watch --recursive", 569 | ``` 570 | 571 | This will allow you to do imports like 572 | 573 | ```scss 574 | @import 'styles/_colors.scss'; // assuming a styles directory under src/ 575 | @import 'nprogress/nprogress'; // importing a css file from the nprogress node module 576 | ``` 577 | 578 | At this point you might want to remove all CSS files from the source control, and add `src/**/*.css` to your `.gitignore` file. It is generally a good practice to keep the build products outside of the source control. 579 | 580 | As a final step, you may find it convenient to run `watch-css` automatically with `npm start`, and run `build-css` as a part of `npm run build`. You can use the `&&` operator to execute two scripts sequentially. However, there is no cross-platform way to run two scripts in parallel, so we will install a package for this: 581 | 582 | ```sh 583 | npm install --save npm-run-all 584 | ``` 585 | 586 | Alternatively you may use `yarn`: 587 | 588 | ```sh 589 | yarn add npm-run-all 590 | ``` 591 | 592 | Then we can change `start` and `build` scripts to include the CSS preprocessor commands: 593 | 594 | ```diff 595 | "scripts": { 596 | "build-css": "node-sass-chokidar src/ -o src/", 597 | "watch-css": "npm run build-css && node-sass-chokidar src/ -o src/ --watch --recursive", 598 | - "start": "react-scripts start", 599 | - "build": "react-scripts build", 600 | + "start-js": "react-scripts start", 601 | + "start": "npm-run-all -p watch-css start-js", 602 | + "build-js": "react-scripts build", 603 | + "build": "npm-run-all build-css build-js", 604 | "test": "react-scripts test --env=jsdom", 605 | "eject": "react-scripts eject" 606 | } 607 | ``` 608 | 609 | Now running `npm start` and `npm run build` also builds Sass files. 610 | 611 | **Why `node-sass-chokidar`?** 612 | 613 | `node-sass` has been reported as having the following issues: 614 | 615 | - `node-sass --watch` has been reported to have *performance issues* in certain conditions when used in a virtual machine or with docker. 616 | 617 | - Infinite styles compiling [#1939](https://github.com/facebookincubator/create-react-app/issues/1939) 618 | 619 | - `node-sass` has been reported as having issues with detecting new files in a directory [#1891](https://github.com/sass/node-sass/issues/1891) 620 | 621 | `node-sass-chokidar` is used here as it addresses these issues. 622 | 623 | ## Adding Images, Fonts, and Files 624 | 625 | With Webpack, using static assets like images and fonts works similarly to CSS. 626 | 627 | You can **`import` a file right in a JavaScript module**. This tells Webpack to include that file in the bundle. Unlike CSS imports, importing a file gives you a string value. This value is the final path you can reference in your code, e.g. as the `src` attribute of an image or the `href` of a link to a PDF. 628 | 629 | To reduce the number of requests to the server, importing images that are less than 10,000 bytes returns a [data URI](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs) instead of a path. This applies to the following file extensions: bmp, gif, jpg, jpeg, and png. SVG files are excluded due to [#1153](https://github.com/facebookincubator/create-react-app/issues/1153). 630 | 631 | Here is an example: 632 | 633 | ```js 634 | import React from 'react'; 635 | import logo from './logo.png'; // Tell Webpack this JS file uses this image 636 | 637 | console.log(logo); // /logo.84287d09.png 638 | 639 | function Header() { 640 | // Import result is the URL of your image 641 | return <img src={logo} alt="Logo" />; 642 | } 643 | 644 | export default Header; 645 | ``` 646 | 647 | This ensures that when the project is built, Webpack will correctly move the images into the build folder, and provide us with correct paths. 648 | 649 | This works in CSS too: 650 | 651 | ```css 652 | .Logo { 653 | background-image: url(./logo.png); 654 | } 655 | ``` 656 | 657 | Webpack finds all relative module references in CSS (they start with `./`) and replaces them with the final paths from the compiled bundle. If you make a typo or accidentally delete an important file, you will see a compilation error, just like when you import a non-existent JavaScript module. The final filenames in the compiled bundle are generated by Webpack from content hashes. If the file content changes in the future, Webpack will give it a different name in production so you don’t need to worry about long-term caching of assets. 658 | 659 | Please be advised that this is also a custom feature of Webpack. 660 | 661 | **It is not required for React** but many people enjoy it (and React Native uses a similar mechanism for images).<br> 662 | An alternative way of handling static assets is described in the next section. 663 | 664 | ## Using the `public` Folder 665 | 666 | >Note: this feature is available with `react-scripts@0.5.0` and higher. 667 | 668 | ### Changing the HTML 669 | 670 | The `public` folder contains the HTML file so you can tweak it, for example, to [set the page title](#changing-the-page-title). 671 | The `<script>` tag with the compiled code will be added to it automatically during the build process. 672 | 673 | ### Adding Assets Outside of the Module System 674 | 675 | You can also add other assets to the `public` folder. 676 | 677 | Note that we normally encourage you to `import` assets in JavaScript files instead. 678 | For example, see the sections on [adding a stylesheet](#adding-a-stylesheet) and [adding images and fonts](#adding-images-fonts-and-files). 679 | This mechanism provides a number of benefits: 680 | 681 | * Scripts and stylesheets get minified and bundled together to avoid extra network requests. 682 | * Missing files cause compilation errors instead of 404 errors for your users. 683 | * Result filenames include content hashes so you don’t need to worry about browsers caching their old versions. 684 | 685 | However there is an **escape hatch** that you can use to add an asset outside of the module system. 686 | 687 | If you put a file into the `public` folder, it will **not** be processed by Webpack. Instead it will be copied into the build folder untouched. To reference assets in the `public` folder, you need to use a special variable called `PUBLIC_URL`. 688 | 689 | Inside `index.html`, you can use it like this: 690 | 691 | ```html 692 | <link rel="shortcut icon" href="%PUBLIC_URL%/favicon.ico"> 693 | ``` 694 | 695 | Only files inside the `public` folder will be accessible by `%PUBLIC_URL%` prefix. If you need to use a file from `src` or `node_modules`, you’ll have to copy it there to explicitly specify your intention to make this file a part of the build. 696 | 697 | When you run `npm run build`, Create React App will substitute `%PUBLIC_URL%` with a correct absolute path so your project works even if you use client-side routing or host it at a non-root URL. 698 | 699 | In JavaScript code, you can use `process.env.PUBLIC_URL` for similar purposes: 700 | 701 | ```js 702 | render() { 703 | // Note: this is an escape hatch and should be used sparingly! 704 | // Normally we recommend using `import` for getting asset URLs 705 | // as described in “Adding Images and Fonts” above this section. 706 | return <img src={process.env.PUBLIC_URL + '/img/logo.png'} />; 707 | } 708 | ``` 709 | 710 | Keep in mind the downsides of this approach: 711 | 712 | * None of the files in `public` folder get post-processed or minified. 713 | * Missing files will not be called at compilation time, and will cause 404 errors for your users. 714 | * Result filenames won’t include content hashes so you’ll need to add query arguments or rename them every time they change. 715 | 716 | ### When to Use the `public` Folder 717 | 718 | Normally we recommend importing [stylesheets](#adding-a-stylesheet), [images, and fonts](#adding-images-fonts-and-files) from JavaScript. 719 | The `public` folder is useful as a workaround for a number of less common cases: 720 | 721 | * You need a file with a specific name in the build output, such as [`manifest.webmanifest`](https://developer.mozilla.org/en-US/docs/Web/Manifest). 722 | * You have thousands of images and need to dynamically reference their paths. 723 | * You want to include a small script like [`pace.js`](http://github.hubspot.com/pace/docs/welcome/) outside of the bundled code. 724 | * Some library may be incompatible with Webpack and you have no other option but to include it as a `<script>` tag. 725 | 726 | Note that if you add a `<script>` that declares global variables, you also need to read the next section on using them. 727 | 728 | ## Using Global Variables 729 | 730 | When you include a script in the HTML file that defines global variables and try to use one of these variables in the code, the linter will complain because it cannot see the definition of the variable. 731 | 732 | You can avoid this by reading the global variable explicitly from the `window` object, for example: 733 | 734 | ```js 735 | const $ = window.$; 736 | ``` 737 | 738 | This makes it obvious you are using a global variable intentionally rather than because of a typo. 739 | 740 | Alternatively, you can force the linter to ignore any line by adding `// eslint-disable-line` after it. 741 | 742 | ## Adding Bootstrap 743 | 744 | You don’t have to use [React Bootstrap](https://react-bootstrap.github.io) together with React but it is a popular library for integrating Bootstrap with React apps. If you need it, you can integrate it with Create React App by following these steps: 745 | 746 | Install React Bootstrap and Bootstrap from npm. React Bootstrap does not include Bootstrap CSS so this needs to be installed as well: 747 | 748 | ```sh 749 | npm install --save react-bootstrap bootstrap@3 750 | ``` 751 | 752 | Alternatively you may use `yarn`: 753 | 754 | ```sh 755 | yarn add react-bootstrap bootstrap@3 756 | ``` 757 | 758 | Import Bootstrap CSS and optionally Bootstrap theme CSS in the beginning of your ```src/index.js``` file: 759 | 760 | ```js 761 | import 'bootstrap/dist/css/bootstrap.css'; 762 | import 'bootstrap/dist/css/bootstrap-theme.css'; 763 | // Put any other imports below so that CSS from your 764 | // components takes precedence over default styles. 765 | ``` 766 | 767 | Import required React Bootstrap components within ```src/App.js``` file or your custom component files: 768 | 769 | ```js 770 | import { Navbar, Jumbotron, Button } from 'react-bootstrap'; 771 | ``` 772 | 773 | Now you are ready to use the imported React Bootstrap components within your component hierarchy defined in the render method. Here is an example [`App.js`](https://gist.githubusercontent.com/gaearon/85d8c067f6af1e56277c82d19fd4da7b/raw/6158dd991b67284e9fc8d70b9d973efe87659d72/App.js) redone using React Bootstrap. 774 | 775 | ### Using a Custom Theme 776 | 777 | Sometimes you might need to tweak the visual styles of Bootstrap (or equivalent package).<br> 778 | We suggest the following approach: 779 | 780 | * Create a new package that depends on the package you wish to customize, e.g. Bootstrap. 781 | * Add the necessary build steps to tweak the theme, and publish your package on npm. 782 | * Install your own theme npm package as a dependency of your app. 783 | 784 | Here is an example of adding a [customized Bootstrap](https://medium.com/@tacomanator/customizing-create-react-app-aa9ffb88165) that follows these steps. 785 | 786 | ## Adding Flow 787 | 788 | Flow is a static type checker that helps you write code with fewer bugs. Check out this [introduction to using static types in JavaScript](https://medium.com/@preethikasireddy/why-use-static-types-in-javascript-part-1-8382da1e0adb) if you are new to this concept. 789 | 790 | Recent versions of [Flow](http://flowtype.org/) work with Create React App projects out of the box. 791 | 792 | To add Flow to a Create React App project, follow these steps: 793 | 794 | 1. Run `npm install --save flow-bin` (or `yarn add flow-bin`). 795 | 2. Add `"flow": "flow"` to the `scripts` section of your `package.json`. 796 | 3. Run `npm run flow init` (or `yarn flow init`) to create a [`.flowconfig` file](https://flowtype.org/docs/advanced-configuration.html) in the root directory. 797 | 4. Add `// @flow` to any files you want to type check (for example, to `src/App.js`). 798 | 799 | Now you can run `npm run flow` (or `yarn flow`) to check the files for type errors. 800 | You can optionally use an IDE like [Nuclide](https://nuclide.io/docs/languages/flow/) for a better integrated experience. 801 | In the future we plan to integrate it into Create React App even more closely. 802 | 803 | To learn more about Flow, check out [its documentation](https://flowtype.org/). 804 | 805 | ## Adding Custom Environment Variables 806 | 807 | >Note: this feature is available with `react-scripts@0.2.3` and higher. 808 | 809 | Your project can consume variables declared in your environment as if they were declared locally in your JS files. By 810 | default you will have `NODE_ENV` defined for you, and any other environment variables starting with 811 | `REACT_APP_`. 812 | 813 | **The environment variables are embedded during the build time**. Since Create React App produces a static HTML/CSS/JS bundle, it can’t possibly read them at runtime. To read them at runtime, you would need to load HTML into memory on the server and replace placeholders in runtime, just like [described here](#injecting-data-from-the-server-into-the-page). Alternatively you can rebuild the app on the server anytime you change them. 814 | 815 | >Note: You must create custom environment variables beginning with `REACT_APP_`. Any other variables except `NODE_ENV` will be ignored to avoid accidentally [exposing a private key on the machine that could have the same name](https://github.com/facebookincubator/create-react-app/issues/865#issuecomment-252199527). Changing any environment variables will require you to restart the development server if it is running. 816 | 817 | These environment variables will be defined for you on `process.env`. For example, having an environment 818 | variable named `REACT_APP_SECRET_CODE` will be exposed in your JS as `process.env.REACT_APP_SECRET_CODE`. 819 | 820 | There is also a special built-in environment variable called `NODE_ENV`. You can read it from `process.env.NODE_ENV`. When you run `npm start`, it is always equal to `'development'`, when you run `npm test` it is always equal to `'test'`, and when you run `npm run build` to make a production bundle, it is always equal to `'production'`. **You cannot override `NODE_ENV` manually.** This prevents developers from accidentally deploying a slow development build to production. 821 | 822 | These environment variables can be useful for displaying information conditionally based on where the project is 823 | deployed or consuming sensitive data that lives outside of version control. 824 | 825 | First, you need to have environment variables defined. For example, let’s say you wanted to consume a secret defined 826 | in the environment inside a `<form>`: 827 | 828 | ```jsx 829 | render() { 830 | return ( 831 | <div> 832 | <small>You are running this application in <b>{process.env.NODE_ENV}</b> mode.</small> 833 | <form> 834 | <input type="hidden" defaultValue={process.env.REACT_APP_SECRET_CODE} /> 835 | </form> 836 | </div> 837 | ); 838 | } 839 | ``` 840 | 841 | During the build, `process.env.REACT_APP_SECRET_CODE` will be replaced with the current value of the `REACT_APP_SECRET_CODE` environment variable. Remember that the `NODE_ENV` variable will be set for you automatically. 842 | 843 | When you load the app in the browser and inspect the `<input>`, you will see its value set to `abcdef`, and the bold text will show the environment provided when using `npm start`: 844 | 845 | ```html 846 | <div> 847 | <small>You are running this application in <b>development</b> mode.</small> 848 | <form> 849 | <input type="hidden" value="abcdef" /> 850 | </form> 851 | </div> 852 | ``` 853 | 854 | The above form is looking for a variable called `REACT_APP_SECRET_CODE` from the environment. In order to consume this 855 | value, we need to have it defined in the environment. This can be done using two ways: either in your shell or in 856 | a `.env` file. Both of these ways are described in the next few sections. 857 | 858 | Having access to the `NODE_ENV` is also useful for performing actions conditionally: 859 | 860 | ```js 861 | if (process.env.NODE_ENV !== 'production') { 862 | analytics.disable(); 863 | } 864 | ``` 865 | 866 | When you compile the app with `npm run build`, the minification step will strip out this condition, and the resulting bundle will be smaller. 867 | 868 | ### Referencing Environment Variables in the HTML 869 | 870 | >Note: this feature is available with `react-scripts@0.9.0` and higher. 871 | 872 | You can also access the environment variables starting with `REACT_APP_` in the `public/index.html`. For example: 873 | 874 | ```html 875 | <title>%REACT_APP_WEBSITE_NAME% 876 | ``` 877 | 878 | Note that the caveats from the above section apply: 879 | 880 | * Apart from a few built-in variables (`NODE_ENV` and `PUBLIC_URL`), variable names must start with `REACT_APP_` to work. 881 | * The environment variables are injected at build time. If you need to inject them at runtime, [follow this approach instead](#generating-dynamic-meta-tags-on-the-server). 882 | 883 | ### Adding Temporary Environment Variables In Your Shell 884 | 885 | Defining environment variables can vary between OSes. It’s also important to know that this manner is temporary for the 886 | life of the shell session. 887 | 888 | #### Windows (cmd.exe) 889 | 890 | ```cmd 891 | set REACT_APP_SECRET_CODE=abcdef&&npm start 892 | ``` 893 | 894 | (Note: the lack of whitespace is intentional.) 895 | 896 | #### Linux, macOS (Bash) 897 | 898 | ```bash 899 | REACT_APP_SECRET_CODE=abcdef npm start 900 | ``` 901 | 902 | ### Adding Development Environment Variables In `.env` 903 | 904 | >Note: this feature is available with `react-scripts@0.5.0` and higher. 905 | 906 | To define permanent environment variables, create a file called `.env` in the root of your project: 907 | 908 | ``` 909 | REACT_APP_SECRET_CODE=abcdef 910 | ``` 911 | 912 | `.env` files **should be** checked into source control (with the exclusion of `.env*.local`). 913 | 914 | #### What other `.env` files are can be used? 915 | 916 | >Note: this feature is **available with `react-scripts@1.0.0` and higher**. 917 | 918 | * `.env`: Default. 919 | * `.env.local`: Local overrides. **This file is loaded for all environments except test.** 920 | * `.env.development`, `.env.test`, `.env.production`: Environment-specific settings. 921 | * `.env.development.local`, `.env.test.local`, `.env.production.local`: Local overrides of environment-specific settings. 922 | 923 | Files on the left have more priority than files on the right: 924 | 925 | * `npm start`: `.env.development.local`, `.env.development`, `.env.local`, `.env` 926 | * `npm run build`: `.env.production.local`, `.env.production`, `.env.local`, `.env` 927 | * `npm test`: `.env.test.local`, `.env.test`, `.env` (note `.env.local` is missing) 928 | 929 | These variables will act as the defaults if the machine does not explicitly set them.
930 | Please refer to the [dotenv documentation](https://github.com/motdotla/dotenv) for more details. 931 | 932 | >Note: If you are defining environment variables for development, your CI and/or hosting platform will most likely need 933 | these defined as well. Consult their documentation how to do this. For example, see the documentation for [Travis CI](https://docs.travis-ci.com/user/environment-variables/) or [Heroku](https://devcenter.heroku.com/articles/config-vars). 934 | 935 | ## Can I Use Decorators? 936 | 937 | Many popular libraries use [decorators](https://medium.com/google-developers/exploring-es7-decorators-76ecb65fb841) in their documentation.
938 | Create React App doesn’t support decorator syntax at the moment because: 939 | 940 | * It is an experimental proposal and is subject to change. 941 | * The current specification version is not officially supported by Babel. 942 | * If the specification changes, we won’t be able to write a codemod because we don’t use them internally at Facebook. 943 | 944 | However in many cases you can rewrite decorator-based code without decorators just as fine.
945 | Please refer to these two threads for reference: 946 | 947 | * [#214](https://github.com/facebookincubator/create-react-app/issues/214) 948 | * [#411](https://github.com/facebookincubator/create-react-app/issues/411) 949 | 950 | Create React App will add decorator support when the specification advances to a stable stage. 951 | 952 | ## Integrating with an API Backend 953 | 954 | These tutorials will help you to integrate your app with an API backend running on another port, 955 | using `fetch()` to access it. 956 | 957 | ### Node 958 | Check out [this tutorial](https://www.fullstackreact.com/articles/using-create-react-app-with-a-server/). 959 | You can find the companion GitHub repository [here](https://github.com/fullstackreact/food-lookup-demo). 960 | 961 | ### Ruby on Rails 962 | 963 | Check out [this tutorial](https://www.fullstackreact.com/articles/how-to-get-create-react-app-to-work-with-your-rails-api/). 964 | You can find the companion GitHub repository [here](https://github.com/fullstackreact/food-lookup-demo-rails). 965 | 966 | ## Proxying API Requests in Development 967 | 968 | >Note: this feature is available with `react-scripts@0.2.3` and higher. 969 | 970 | People often serve the front-end React app from the same host and port as their backend implementation.
971 | For example, a production setup might look like this after the app is deployed: 972 | 973 | ``` 974 | / - static server returns index.html with React app 975 | /todos - static server returns index.html with React app 976 | /api/todos - server handles any /api/* requests using the backend implementation 977 | ``` 978 | 979 | Such setup is **not** required. However, if you **do** have a setup like this, it is convenient to write requests like `fetch('/api/todos')` without worrying about redirecting them to another host or port during development. 980 | 981 | To tell the development server to proxy any unknown requests to your API server in development, add a `proxy` field to your `package.json`, for example: 982 | 983 | ```js 984 | "proxy": "http://localhost:4000", 985 | ``` 986 | 987 | This way, when you `fetch('/api/todos')` in development, the development server will recognize that it’s not a static asset, and will proxy your request to `http://localhost:4000/api/todos` as a fallback. The development server will **only** attempt to send requests without `text/html` in its `Accept` header to the proxy. 988 | 989 | Conveniently, this avoids [CORS issues](http://stackoverflow.com/questions/21854516/understanding-ajax-cors-and-security-considerations) and error messages like this in development: 990 | 991 | ``` 992 | Fetch API cannot load http://localhost:4000/api/todos. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. 993 | ``` 994 | 995 | Keep in mind that `proxy` only has effect in development (with `npm start`), and it is up to you to ensure that URLs like `/api/todos` point to the right thing in production. You don’t have to use the `/api` prefix. Any unrecognized request without a `text/html` accept header will be redirected to the specified `proxy`. 996 | 997 | The `proxy` option supports HTTP, HTTPS and WebSocket connections.
998 | If the `proxy` option is **not** flexible enough for you, alternatively you can: 999 | 1000 | * [Configure the proxy yourself](#configuring-the-proxy-manually) 1001 | * Enable CORS on your server ([here’s how to do it for Express](http://enable-cors.org/server_expressjs.html)). 1002 | * Use [environment variables](#adding-custom-environment-variables) to inject the right server host and port into your app. 1003 | 1004 | ### "Invalid Host Header" Errors After Configuring Proxy 1005 | 1006 | When you enable the `proxy` option, you opt into a more strict set of host checks. This is necessary because leaving the backend open to remote hosts makes your computer vulnerable to DNS rebinding attacks. The issue is explained in [this article](https://medium.com/webpack/webpack-dev-server-middleware-security-issues-1489d950874a) and [this issue](https://github.com/webpack/webpack-dev-server/issues/887). 1007 | 1008 | This shouldn’t affect you when developing on `localhost`, but if you develop remotely like [described here](https://github.com/facebookincubator/create-react-app/issues/2271), you will see this error in the browser after enabling the `proxy` option: 1009 | 1010 | >Invalid Host header 1011 | 1012 | To work around it, you can specify your public development host in a file called `.env.development` in the root of your project: 1013 | 1014 | ``` 1015 | HOST=mypublicdevhost.com 1016 | ``` 1017 | 1018 | If you restart the development server now and load the app from the specified host, it should work. 1019 | 1020 | If you are still having issues or if you’re using a more exotic environment like a cloud editor, you can bypass the host check completely by adding a line to `.env.development.local`. **Note that this is dangerous and exposes your machine to remote code execution from malicious websites:** 1021 | 1022 | ``` 1023 | # NOTE: THIS IS DANGEROUS! 1024 | # It exposes your machine to attacks from the websites you visit. 1025 | DANGEROUSLY_DISABLE_HOST_CHECK=true 1026 | ``` 1027 | 1028 | We don’t recommend this approach. 1029 | 1030 | ### Configuring the Proxy Manually 1031 | 1032 | >Note: this feature is available with `react-scripts@1.0.0` and higher. 1033 | 1034 | If the `proxy` option is **not** flexible enough for you, you can specify an object in the following form (in `package.json`).
1035 | You may also specify any configuration value [`http-proxy-middleware`](https://github.com/chimurai/http-proxy-middleware#options) or [`http-proxy`](https://github.com/nodejitsu/node-http-proxy#options) supports. 1036 | ```js 1037 | { 1038 | // ... 1039 | "proxy": { 1040 | "/api": { 1041 | "target": "", 1042 | "ws": true 1043 | // ... 1044 | } 1045 | } 1046 | // ... 1047 | } 1048 | ``` 1049 | 1050 | All requests matching this path will be proxies, no exceptions. This includes requests for `text/html`, which the standard `proxy` option does not proxy. 1051 | 1052 | If you need to specify multiple proxies, you may do so by specifying additional entries. 1053 | Matches are regular expressions, so that you can use a regexp to match multiple paths. 1054 | ```js 1055 | { 1056 | // ... 1057 | "proxy": { 1058 | // Matches any request starting with /api 1059 | "/api": { 1060 | "target": "", 1061 | "ws": true 1062 | // ... 1063 | }, 1064 | // Matches any request starting with /foo 1065 | "/foo": { 1066 | "target": "", 1067 | "ssl": true, 1068 | "pathRewrite": { 1069 | "^/foo": "/foo/beta" 1070 | } 1071 | // ... 1072 | }, 1073 | // Matches /bar/abc.html but not /bar/sub/def.html 1074 | "/bar/[^/]*[.]html": { 1075 | "target": "", 1076 | // ... 1077 | }, 1078 | // Matches /baz/abc.html and /baz/sub/def.html 1079 | "/baz/.*/.*[.]html": { 1080 | "target": "" 1081 | // ... 1082 | } 1083 | } 1084 | // ... 1085 | } 1086 | ``` 1087 | 1088 | ### Configuring a WebSocket Proxy 1089 | 1090 | When setting up a WebSocket proxy, there are a some extra considerations to be aware of. 1091 | 1092 | If you’re using a WebSocket engine like [Socket.io](https://socket.io/), you must have a Socket.io server running that you can use as the proxy target. Socket.io will not work with a standard WebSocket server. Specifically, don't expect Socket.io to work with [the websocket.org echo test](http://websocket.org/echo.html). 1093 | 1094 | There’s some good documentation available for [setting up a Socket.io server](https://socket.io/docs/). 1095 | 1096 | Standard WebSockets **will** work with a standard WebSocket server as well as the websocket.org echo test. You can use libraries like [ws](https://github.com/websockets/ws) for the server, with [native WebSockets in the browser](https://developer.mozilla.org/en-US/docs/Web/API/WebSocket). 1097 | 1098 | Either way, you can proxy WebSocket requests manually in `package.json`: 1099 | 1100 | ```js 1101 | { 1102 | // ... 1103 | "proxy": { 1104 | "/socket": { 1105 | // Your compatible WebSocket server 1106 | "target": "ws://", 1107 | // Tell http-proxy-middleware that this is a WebSocket proxy. 1108 | // Also allows you to proxy WebSocket requests without an additional HTTP request 1109 | // https://github.com/chimurai/http-proxy-middleware#external-websocket-upgrade 1110 | "ws": true 1111 | // ... 1112 | } 1113 | } 1114 | // ... 1115 | } 1116 | ``` 1117 | 1118 | ## Using HTTPS in Development 1119 | 1120 | >Note: this feature is available with `react-scripts@0.4.0` and higher. 1121 | 1122 | You may require the dev server to serve pages over HTTPS. One particular case where this could be useful is when using [the "proxy" feature](#proxying-api-requests-in-development) to proxy requests to an API server when that API server is itself serving HTTPS. 1123 | 1124 | To do this, set the `HTTPS` environment variable to `true`, then start the dev server as usual with `npm start`: 1125 | 1126 | #### Windows (cmd.exe) 1127 | 1128 | ```cmd 1129 | set HTTPS=true&&npm start 1130 | ``` 1131 | 1132 | (Note: the lack of whitespace is intentional.) 1133 | 1134 | #### Linux, macOS (Bash) 1135 | 1136 | ```bash 1137 | HTTPS=true npm start 1138 | ``` 1139 | 1140 | Note that the server will use a self-signed certificate, so your web browser will almost definitely display a warning upon accessing the page. 1141 | 1142 | ## Generating Dynamic `` Tags on the Server 1143 | 1144 | Since Create React App doesn’t support server rendering, you might be wondering how to make `` tags dynamic and reflect the current URL. To solve this, we recommend to add placeholders into the HTML, like this: 1145 | 1146 | ```html 1147 | 1148 | 1149 | 1150 | 1151 | 1152 | ``` 1153 | 1154 | Then, on the server, regardless of the backend you use, you can read `index.html` into memory and replace `__OG_TITLE__`, `__OG_DESCRIPTION__`, and any other placeholders with values depending on the current URL. Just make sure to sanitize and escape the interpolated values so that they are safe to embed into HTML! 1155 | 1156 | If you use a Node server, you can even share the route matching logic between the client and the server. However duplicating it also works fine in simple cases. 1157 | 1158 | ## Pre-Rendering into Static HTML Files 1159 | 1160 | If you’re hosting your `build` with a static hosting provider you can use [react-snapshot](https://www.npmjs.com/package/react-snapshot) or [react-snap](https://github.com/stereobooster/react-snap) to generate HTML pages for each route, or relative link, in your application. These pages will then seamlessly become active, or “hydrated”, when the JavaScript bundle has loaded. 1161 | 1162 | There are also opportunities to use this outside of static hosting, to take the pressure off the server when generating and caching routes. 1163 | 1164 | The primary benefit of pre-rendering is that you get the core content of each page _with_ the HTML payload—regardless of whether or not your JavaScript bundle successfully downloads. It also increases the likelihood that each route of your application will be picked up by search engines. 1165 | 1166 | You can read more about [zero-configuration pre-rendering (also called snapshotting) here](https://medium.com/superhighfives/an-almost-static-stack-6df0a2791319). 1167 | 1168 | ## Injecting Data from the Server into the Page 1169 | 1170 | Similarly to the previous section, you can leave some placeholders in the HTML that inject global variables, for example: 1171 | 1172 | ```js 1173 | 1174 | 1175 | 1176 | 1179 | ``` 1180 | 1181 | Then, on the server, you can replace `__SERVER_DATA__` with a JSON of real data right before sending the response. The client code can then read `window.SERVER_DATA` to use it. **Make sure to [sanitize the JSON before sending it to the client](https://medium.com/node-security/the-most-common-xss-vulnerability-in-react-js-applications-2bdffbcc1fa0) as it makes your app vulnerable to XSS attacks.** 1182 | 1183 | ## Running Tests 1184 | 1185 | >Note: this feature is available with `react-scripts@0.3.0` and higher.
1186 | >[Read the migration guide to learn how to enable it in older projects!](https://github.com/facebookincubator/create-react-app/blob/master/CHANGELOG.md#migrating-from-023-to-030) 1187 | 1188 | Create React App uses [Jest](https://facebook.github.io/jest/) as its test runner. To prepare for this integration, we did a [major revamp](https://facebook.github.io/jest/blog/2016/09/01/jest-15.html) of Jest so if you heard bad things about it years ago, give it another try. 1189 | 1190 | Jest is a Node-based runner. This means that the tests always run in a Node environment and not in a real browser. This lets us enable fast iteration speed and prevent flakiness. 1191 | 1192 | While Jest provides browser globals such as `window` thanks to [jsdom](https://github.com/tmpvar/jsdom), they are only approximations of the real browser behavior. Jest is intended to be used for unit tests of your logic and your components rather than the DOM quirks. 1193 | 1194 | We recommend that you use a separate tool for browser end-to-end tests if you need them. They are beyond the scope of Create React App. 1195 | 1196 | ### Filename Conventions 1197 | 1198 | Jest will look for test files with any of the following popular naming conventions: 1199 | 1200 | * Files with `.js` suffix in `__tests__` folders. 1201 | * Files with `.test.js` suffix. 1202 | * Files with `.spec.js` suffix. 1203 | 1204 | The `.test.js` / `.spec.js` files (or the `__tests__` folders) can be located at any depth under the `src` top level folder. 1205 | 1206 | We recommend to put the test files (or `__tests__` folders) next to the code they are testing so that relative imports appear shorter. For example, if `App.test.js` and `App.js` are in the same folder, the test just needs to `import App from './App'` instead of a long relative path. Colocation also helps find tests more quickly in larger projects. 1207 | 1208 | ### Command Line Interface 1209 | 1210 | When you run `npm test`, Jest will launch in the watch mode. Every time you save a file, it will re-run the tests, just like `npm start` recompiles the code. 1211 | 1212 | The watcher includes an interactive command-line interface with the ability to run all tests, or focus on a search pattern. It is designed this way so that you can keep it open and enjoy fast re-runs. You can learn the commands from the “Watch Usage” note that the watcher prints after every run: 1213 | 1214 | ![Jest watch mode](http://facebook.github.io/jest/img/blog/15-watch.gif) 1215 | 1216 | ### Version Control Integration 1217 | 1218 | By default, when you run `npm test`, Jest will only run the tests related to files changed since the last commit. This is an optimization designed to make your tests run fast regardless of how many tests you have. However it assumes that you don’t often commit the code that doesn’t pass the tests. 1219 | 1220 | Jest will always explicitly mention that it only ran tests related to the files changed since the last commit. You can also press `a` in the watch mode to force Jest to run all tests. 1221 | 1222 | Jest will always run all tests on a [continuous integration](#continuous-integration) server or if the project is not inside a Git or Mercurial repository. 1223 | 1224 | ### Writing Tests 1225 | 1226 | To create tests, add `it()` (or `test()`) blocks with the name of the test and its code. You may optionally wrap them in `describe()` blocks for logical grouping but this is neither required nor recommended. 1227 | 1228 | Jest provides a built-in `expect()` global function for making assertions. A basic test could look like this: 1229 | 1230 | ```js 1231 | import sum from './sum'; 1232 | 1233 | it('sums numbers', () => { 1234 | expect(sum(1, 2)).toEqual(3); 1235 | expect(sum(2, 2)).toEqual(4); 1236 | }); 1237 | ``` 1238 | 1239 | All `expect()` matchers supported by Jest are [extensively documented here](https://facebook.github.io/jest/docs/en/expect.html#content).
1240 | You can also use [`jest.fn()` and `expect(fn).toBeCalled()`](https://facebook.github.io/jest/docs/en/expect.html#tohavebeencalled) to create “spies” or mock functions. 1241 | 1242 | ### Testing Components 1243 | 1244 | There is a broad spectrum of component testing techniques. They range from a “smoke test” verifying that a component renders without throwing, to shallow rendering and testing some of the output, to full rendering and testing component lifecycle and state changes. 1245 | 1246 | Different projects choose different testing tradeoffs based on how often components change, and how much logic they contain. If you haven’t decided on a testing strategy yet, we recommend that you start with creating simple smoke tests for your components: 1247 | 1248 | ```js 1249 | import React from 'react'; 1250 | import ReactDOM from 'react-dom'; 1251 | import App from './App'; 1252 | 1253 | it('renders without crashing', () => { 1254 | const div = document.createElement('div'); 1255 | ReactDOM.render(, div); 1256 | }); 1257 | ``` 1258 | 1259 | This test mounts a component and makes sure that it didn’t throw during rendering. Tests like this provide a lot value with very little effort so they are great as a starting point, and this is the test you will find in `src/App.test.js`. 1260 | 1261 | When you encounter bugs caused by changing components, you will gain a deeper insight into which parts of them are worth testing in your application. This might be a good time to introduce more specific tests asserting specific expected output or behavior. 1262 | 1263 | If you’d like to test components in isolation from the child components they render, we recommend using [`shallow()` rendering API](http://airbnb.io/enzyme/docs/api/shallow.html) from [Enzyme](http://airbnb.io/enzyme/). To install it, run: 1264 | 1265 | ```sh 1266 | npm install --save enzyme enzyme-adapter-react-16 react-test-renderer 1267 | ``` 1268 | 1269 | Alternatively you may use `yarn`: 1270 | 1271 | ```sh 1272 | yarn add enzyme enzyme-adapter-react-16 react-test-renderer 1273 | ``` 1274 | 1275 | As of Enzyme 3, you will need to install Enzyme along with an Adapter corresponding to the version of React you are using. (The examples above use the adapter for React 16.) 1276 | 1277 | The adapter will also need to be configured in your [global setup file](#initializing-test-environment): 1278 | 1279 | #### `src/setupTests.js` 1280 | ```js 1281 | import { configure } from 'enzyme'; 1282 | import Adapter from 'enzyme-adapter-react-16'; 1283 | 1284 | configure({ adapter: new Adapter() }); 1285 | ``` 1286 | 1287 | Now you can write a smoke test with it: 1288 | 1289 | ```js 1290 | import React from 'react'; 1291 | import { shallow } from 'enzyme'; 1292 | import App from './App'; 1293 | 1294 | it('renders without crashing', () => { 1295 | shallow(); 1296 | }); 1297 | ``` 1298 | 1299 | Unlike the previous smoke test using `ReactDOM.render()`, this test only renders `` and doesn’t go deeper. For example, even if `` itself renders a ` 40 | 41 | 42 | 43 | 44 | ) 45 | } 46 | } 47 | 48 | export default LogIn -------------------------------------------------------------------------------- /client/src/views/LogOut.jsx: -------------------------------------------------------------------------------- 1 | import React from 'react' 2 | import { Redirect } from 'react-router-dom' 3 | 4 | class LogOut extends React.Component { 5 | 6 | componentDidMount() { 7 | this.props.onLogOut() 8 | } 9 | 10 | render() { 11 | return 12 | } 13 | } 14 | 15 | export default LogOut -------------------------------------------------------------------------------- /client/src/views/SignUp.jsx: -------------------------------------------------------------------------------- 1 | import React from 'react' 2 | import httpClient from '../httpClient' 3 | 4 | // sign up form behaves almost identically to log in form. We could create a flexible Form component to use for both actions, but for now we'll separate the two: 5 | class SignUp extends React.Component { 6 | state = { 7 | fields: { name: '', email: '', password: ''} 8 | } 9 | 10 | onInputChange(evt) { 11 | this.setState({ 12 | fields: { 13 | ...this.state.fields, 14 | [evt.target.name]: evt.target.value 15 | } 16 | }) 17 | } 18 | 19 | onFormSubmit(evt) { 20 | evt.preventDefault() 21 | httpClient.signUp(this.state.fields).then(user => { 22 | this.setState({ fields: { name: '', email: '', password: '' } }) 23 | if(user) { 24 | this.props.onSignUpSuccess(user) 25 | this.props.history.push('/') 26 | } 27 | }) 28 | } 29 | 30 | render() { 31 | const { name, email, password } = this.state.fields 32 | return ( 33 |
34 |
35 |
36 |

Sign Up

37 |
38 | 39 | 40 | 41 | 42 |
43 |
44 |
45 |
46 | ) 47 | } 48 | } 49 | 50 | export default SignUp -------------------------------------------------------------------------------- /client/src/views/VIP.jsx: -------------------------------------------------------------------------------- 1 | import React from 'react' 2 | import vipImage from '../vip.jpg' 3 | 4 | const VIP = (props) => { 5 | return ( 6 |
7 |

Welcome to the VIP!

8 | VIP 9 |
10 | ) 11 | } 12 | 13 | export default VIP -------------------------------------------------------------------------------- /client/src/vip.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/philuchansky/react-express-jwt/bc758c9a1eb4030eb3535fba6bdcce513c18afb1/client/src/vip.jpg -------------------------------------------------------------------------------- /controllers/users.js: -------------------------------------------------------------------------------- 1 | const User = require('../models/User.js') 2 | const signToken = require('../serverAuth.js').signToken 3 | 4 | module.exports = { 5 | // list all users 6 | index: (req, res) => { 7 | User.find({}, (err, users) => { 8 | res.json(users) 9 | }) 10 | }, 11 | 12 | // get one user 13 | show: (req, res) => { 14 | console.log("Current User:") 15 | console.log(req.user) 16 | User.findById(req.params.id, (err, user) => { 17 | res.json(user) 18 | }) 19 | }, 20 | 21 | // create a new user 22 | create: (req, res) => { 23 | User.create(req.body, (err, user) => { 24 | if(err) return res.json({success: false, code: err.code}) 25 | // once user is created, generate a token to "log in": 26 | const token = signToken(user) 27 | res.json({success: true, message: "User created. Token attached.", token}) 28 | }) 29 | }, 30 | 31 | // update an existing user 32 | update: (req, res) => { 33 | User.findById(req.params.id, (err, user) => { 34 | Object.assign(user, req.body) 35 | user.save((err, updatedUser) => { 36 | res.json({success: true, message: "User updated.", user}) 37 | }) 38 | }) 39 | }, 40 | 41 | // delete an existing user 42 | destroy: (req, res) => { 43 | User.findByIdAndRemove(req.params.id, (err, user) => { 44 | res.json({success: true, message: "User deleted.", user}) 45 | }) 46 | }, 47 | 48 | // the login route 49 | authenticate: (req, res) => { 50 | // check if the user exists 51 | User.findOne({email: req.body.email}, (err, user) => { 52 | // if there's no user or the password is invalid 53 | if(!user || !user.validPassword(req.body.password)) { 54 | // deny access 55 | return res.json({success: false, message: "Invalid credentials."}) 56 | } 57 | 58 | const token = signToken(user) 59 | res.json({success: true, message: "Token attached.", token}) 60 | }) 61 | } 62 | } -------------------------------------------------------------------------------- /models/User.js: -------------------------------------------------------------------------------- 1 | const 2 | mongoose = require('mongoose'), 3 | bcrypt = require('bcrypt-nodejs'), 4 | userSchema = new mongoose.Schema({ 5 | name: { type: String }, 6 | email: { type: String, required: true, unique: true }, 7 | password: { type: String, required: true } 8 | }) 9 | 10 | // adds a method to a user document object to create a hashed password 11 | userSchema.methods.generateHash = function(password) { 12 | return bcrypt.hashSync(password, bcrypt.genSaltSync(8)) 13 | } 14 | 15 | // adds a method to a user document object to check if provided password is correct 16 | userSchema.methods.validPassword = function(password) { 17 | return bcrypt.compareSync(password, this.password) 18 | } 19 | 20 | // middleware: before saving, check if password was changed, 21 | // and if so, encrypt new password before saving: 22 | userSchema.pre('save', function(next) { 23 | if(this.isModified('password')) { 24 | this.password = this.generateHash(this.password) 25 | } 26 | next() 27 | }) 28 | 29 | const User = mongoose.model('User', userSchema) 30 | module.exports = User -------------------------------------------------------------------------------- /package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "react-express-auth-starter", 3 | "version": "1.0.0", 4 | "lockfileVersion": 1, 5 | "requires": true, 6 | "dependencies": { 7 | "accepts": { 8 | "version": "1.3.4", 9 | "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.4.tgz", 10 | "integrity": "sha1-hiRnWMfdbSGmR0/whKR0DsBesh8=", 11 | "requires": { 12 | "mime-types": "~2.1.16", 13 | "negotiator": "0.6.1" 14 | } 15 | }, 16 | "array-flatten": { 17 | "version": "1.1.1", 18 | "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", 19 | "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI=" 20 | }, 21 | "basic-auth": { 22 | "version": "2.0.1", 23 | "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz", 24 | "integrity": "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==", 25 | "requires": { 26 | "safe-buffer": "5.1.2" 27 | }, 28 | "dependencies": { 29 | "safe-buffer": { 30 | "version": "5.1.2", 31 | "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", 32 | "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" 33 | } 34 | } 35 | }, 36 | "bcrypt-nodejs": { 37 | "version": "0.0.3", 38 | "resolved": "https://registry.npmjs.org/bcrypt-nodejs/-/bcrypt-nodejs-0.0.3.tgz", 39 | "integrity": "sha1-xgkX8m3CNWYVZsaBBhwwPCsohCs=" 40 | }, 41 | "bluebird": { 42 | "version": "3.5.1", 43 | "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.5.1.tgz", 44 | "integrity": "sha512-MKiLiV+I1AA596t9w1sQJ8jkiSr5+ZKi0WKrYGUn6d1Fx+Ij4tIj+m2WMQSGczs5jZVxV339chE8iwk6F64wjA==" 45 | }, 46 | "body-parser": { 47 | "version": "1.18.2", 48 | "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.18.2.tgz", 49 | "integrity": "sha1-h2eKGdhLR9hZuDGZvVm84iKxBFQ=", 50 | "requires": { 51 | "bytes": "3.0.0", 52 | "content-type": "~1.0.4", 53 | "debug": "2.6.9", 54 | "depd": "~1.1.1", 55 | "http-errors": "~1.6.2", 56 | "iconv-lite": "0.4.19", 57 | "on-finished": "~2.3.0", 58 | "qs": "6.5.1", 59 | "raw-body": "2.3.2", 60 | "type-is": "~1.6.15" 61 | } 62 | }, 63 | "bson": { 64 | "version": "1.1.1", 65 | "resolved": "https://registry.npmjs.org/bson/-/bson-1.1.1.tgz", 66 | "integrity": "sha512-jCGVYLoYMHDkOsbwJZBCqwMHyH4c+wzgI9hG7Z6SZJRXWr+x58pdIbm2i9a/jFGCkRJqRUr8eoI7lDWa0hTkxg==" 67 | }, 68 | "buffer-equal-constant-time": { 69 | "version": "1.0.1", 70 | "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", 71 | "integrity": "sha1-+OcRMvf/5uAaXJaXpMbz5I1cyBk=" 72 | }, 73 | "bytes": { 74 | "version": "3.0.0", 75 | "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.0.0.tgz", 76 | "integrity": "sha1-0ygVQE1olpn4Wk6k+odV3ROpYEg=" 77 | }, 78 | "content-disposition": { 79 | "version": "0.5.2", 80 | "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.2.tgz", 81 | "integrity": "sha1-DPaLud318r55YcOoUXjLhdunjLQ=" 82 | }, 83 | "content-type": { 84 | "version": "1.0.4", 85 | "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz", 86 | "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==" 87 | }, 88 | "cookie": { 89 | "version": "0.3.1", 90 | "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz", 91 | "integrity": "sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s=" 92 | }, 93 | "cookie-signature": { 94 | "version": "1.0.6", 95 | "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", 96 | "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw=" 97 | }, 98 | "debug": { 99 | "version": "2.6.9", 100 | "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", 101 | "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", 102 | "requires": { 103 | "ms": "2.0.0" 104 | } 105 | }, 106 | "depd": { 107 | "version": "1.1.1", 108 | "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.1.tgz", 109 | "integrity": "sha1-V4O04cRZ8G+lyif5kfPQbnoxA1k=" 110 | }, 111 | "destroy": { 112 | "version": "1.0.4", 113 | "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz", 114 | "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA=" 115 | }, 116 | "dotenv": { 117 | "version": "6.1.0", 118 | "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-6.1.0.tgz", 119 | "integrity": "sha512-/veDn2ztgRlB7gKmE3i9f6CmDIyXAy6d5nBq+whO9SLX+Zs1sXEgFLPi+aSuWqUuusMfbi84fT8j34fs1HaYUw==" 120 | }, 121 | "ee-first": { 122 | "version": "1.1.1", 123 | "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", 124 | "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=" 125 | }, 126 | "encodeurl": { 127 | "version": "1.0.1", 128 | "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.1.tgz", 129 | "integrity": "sha1-eePVhlU0aQn+bw9Fpd5oEDspTSA=" 130 | }, 131 | "escape-html": { 132 | "version": "1.0.3", 133 | "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", 134 | "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=" 135 | }, 136 | "etag": { 137 | "version": "1.8.1", 138 | "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", 139 | "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc=" 140 | }, 141 | "express": { 142 | "version": "4.16.2", 143 | "resolved": "https://registry.npmjs.org/express/-/express-4.16.2.tgz", 144 | "integrity": "sha1-41xt/i1kt9ygpc1PIXgb4ymeB2w=", 145 | "requires": { 146 | "accepts": "~1.3.4", 147 | "array-flatten": "1.1.1", 148 | "body-parser": "1.18.2", 149 | "content-disposition": "0.5.2", 150 | "content-type": "~1.0.4", 151 | "cookie": "0.3.1", 152 | "cookie-signature": "1.0.6", 153 | "debug": "2.6.9", 154 | "depd": "~1.1.1", 155 | "encodeurl": "~1.0.1", 156 | "escape-html": "~1.0.3", 157 | "etag": "~1.8.1", 158 | "finalhandler": "1.1.0", 159 | "fresh": "0.5.2", 160 | "merge-descriptors": "1.0.1", 161 | "methods": "~1.1.2", 162 | "on-finished": "~2.3.0", 163 | "parseurl": "~1.3.2", 164 | "path-to-regexp": "0.1.7", 165 | "proxy-addr": "~2.0.2", 166 | "qs": "6.5.1", 167 | "range-parser": "~1.2.0", 168 | "safe-buffer": "5.1.1", 169 | "send": "0.16.1", 170 | "serve-static": "1.13.1", 171 | "setprototypeof": "1.1.0", 172 | "statuses": "~1.3.1", 173 | "type-is": "~1.6.15", 174 | "utils-merge": "1.0.1", 175 | "vary": "~1.1.2" 176 | }, 177 | "dependencies": { 178 | "setprototypeof": { 179 | "version": "1.1.0", 180 | "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz", 181 | "integrity": "sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ==" 182 | }, 183 | "statuses": { 184 | "version": "1.3.1", 185 | "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz", 186 | "integrity": "sha1-+vUbnrdKrvOzrPStX2Gr8ky3uT4=" 187 | } 188 | } 189 | }, 190 | "finalhandler": { 191 | "version": "1.1.0", 192 | "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.0.tgz", 193 | "integrity": "sha1-zgtoVbRYU+eRsvzGgARtiCU91/U=", 194 | "requires": { 195 | "debug": "2.6.9", 196 | "encodeurl": "~1.0.1", 197 | "escape-html": "~1.0.3", 198 | "on-finished": "~2.3.0", 199 | "parseurl": "~1.3.2", 200 | "statuses": "~1.3.1", 201 | "unpipe": "~1.0.0" 202 | }, 203 | "dependencies": { 204 | "statuses": { 205 | "version": "1.3.1", 206 | "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz", 207 | "integrity": "sha1-+vUbnrdKrvOzrPStX2Gr8ky3uT4=" 208 | } 209 | } 210 | }, 211 | "forwarded": { 212 | "version": "0.1.2", 213 | "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.1.2.tgz", 214 | "integrity": "sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ=" 215 | }, 216 | "fresh": { 217 | "version": "0.5.2", 218 | "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", 219 | "integrity": "sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac=" 220 | }, 221 | "http-errors": { 222 | "version": "1.6.2", 223 | "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.2.tgz", 224 | "integrity": "sha1-CgAsyFcHGSp+eUbO7cERVfYOxzY=", 225 | "requires": { 226 | "depd": "1.1.1", 227 | "inherits": "2.0.3", 228 | "setprototypeof": "1.0.3", 229 | "statuses": ">= 1.3.1 < 2" 230 | } 231 | }, 232 | "iconv-lite": { 233 | "version": "0.4.19", 234 | "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.19.tgz", 235 | "integrity": "sha512-oTZqweIP51xaGPI4uPa56/Pri/480R+mo7SeU+YETByQNhDG55ycFyNLIgta9vXhILrxXDmF7ZGhqZIcuN0gJQ==" 236 | }, 237 | "inherits": { 238 | "version": "2.0.3", 239 | "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", 240 | "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=" 241 | }, 242 | "ipaddr.js": { 243 | "version": "1.5.2", 244 | "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.5.2.tgz", 245 | "integrity": "sha1-1LUFvemUaYfM8PxY2QEP+WB+P6A=" 246 | }, 247 | "jsonwebtoken": { 248 | "version": "8.1.0", 249 | "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.1.0.tgz", 250 | "integrity": "sha1-xjl80uX9WD1lwAeoPce7eOaYK4M=", 251 | "requires": { 252 | "jws": "^3.1.4", 253 | "lodash.includes": "^4.3.0", 254 | "lodash.isboolean": "^3.0.3", 255 | "lodash.isinteger": "^4.0.4", 256 | "lodash.isnumber": "^3.0.3", 257 | "lodash.isplainobject": "^4.0.6", 258 | "lodash.isstring": "^4.0.1", 259 | "lodash.once": "^4.0.0", 260 | "ms": "^2.0.0", 261 | "xtend": "^4.0.1" 262 | } 263 | }, 264 | "jws": { 265 | "version": "3.2.2", 266 | "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", 267 | "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==", 268 | "requires": { 269 | "jwa": "^1.4.1", 270 | "safe-buffer": "^5.0.1" 271 | }, 272 | "dependencies": { 273 | "ecdsa-sig-formatter": { 274 | "version": "1.0.11", 275 | "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", 276 | "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", 277 | "requires": { 278 | "safe-buffer": "^5.0.1" 279 | } 280 | }, 281 | "jwa": { 282 | "version": "1.4.1", 283 | "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz", 284 | "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==", 285 | "requires": { 286 | "buffer-equal-constant-time": "1.0.1", 287 | "ecdsa-sig-formatter": "1.0.11", 288 | "safe-buffer": "^5.0.1" 289 | } 290 | } 291 | } 292 | }, 293 | "kareem": { 294 | "version": "2.3.1", 295 | "resolved": "https://registry.npmjs.org/kareem/-/kareem-2.3.1.tgz", 296 | "integrity": "sha512-l3hLhffs9zqoDe8zjmb/mAN4B8VT3L56EUvKNqLFVs9YlFA+zx7ke1DO8STAdDyYNkeSo1nKmjuvQeI12So8Xw==" 297 | }, 298 | "lodash.includes": { 299 | "version": "4.3.0", 300 | "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", 301 | "integrity": "sha1-YLuYqHy5I8aMoeUTJUgzFISfVT8=" 302 | }, 303 | "lodash.isboolean": { 304 | "version": "3.0.3", 305 | "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", 306 | "integrity": "sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY=" 307 | }, 308 | "lodash.isinteger": { 309 | "version": "4.0.4", 310 | "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", 311 | "integrity": "sha1-YZwK89A/iwTDH1iChAt3sRzWg0M=" 312 | }, 313 | "lodash.isnumber": { 314 | "version": "3.0.3", 315 | "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", 316 | "integrity": "sha1-POdoEMWSjQM1IwGsKHMX8RwLH/w=" 317 | }, 318 | "lodash.isplainobject": { 319 | "version": "4.0.6", 320 | "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", 321 | "integrity": "sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs=" 322 | }, 323 | "lodash.isstring": { 324 | "version": "4.0.1", 325 | "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", 326 | "integrity": "sha1-1SfftUVuynzJu5XV2ur4i6VKVFE=" 327 | }, 328 | "lodash.once": { 329 | "version": "4.1.1", 330 | "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", 331 | "integrity": "sha1-DdOXEhPHxW34gJd9UEyI+0cal6w=" 332 | }, 333 | "media-typer": { 334 | "version": "0.3.0", 335 | "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", 336 | "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=" 337 | }, 338 | "merge-descriptors": { 339 | "version": "1.0.1", 340 | "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", 341 | "integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E=" 342 | }, 343 | "methods": { 344 | "version": "1.1.2", 345 | "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", 346 | "integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4=" 347 | }, 348 | "mime": { 349 | "version": "1.4.1", 350 | "resolved": "https://registry.npmjs.org/mime/-/mime-1.4.1.tgz", 351 | "integrity": "sha512-KI1+qOZu5DcW6wayYHSzR/tXKCDC5Om4s1z2QJjDULzLcmf3DvzS7oluY4HCTrc+9FiKmWUgeNLg7W3uIQvxtQ==" 352 | }, 353 | "mime-db": { 354 | "version": "1.30.0", 355 | "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.30.0.tgz", 356 | "integrity": "sha1-dMZD2i3Z1qRTmZY0ZbJtXKfXHwE=" 357 | }, 358 | "mime-types": { 359 | "version": "2.1.17", 360 | "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.17.tgz", 361 | "integrity": "sha1-Cdejk/A+mVp5+K+Fe3Cp4KsWVXo=", 362 | "requires": { 363 | "mime-db": "~1.30.0" 364 | } 365 | }, 366 | "mongodb": { 367 | "version": "3.3.2", 368 | "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-3.3.2.tgz", 369 | "integrity": "sha512-fqJt3iywelk4yKu/lfwQg163Bjpo5zDKhXiohycvon4iQHbrfflSAz9AIlRE6496Pm/dQKQK5bMigdVo2s6gBg==", 370 | "requires": { 371 | "bson": "^1.1.1", 372 | "require_optional": "^1.0.1", 373 | "safe-buffer": "^5.1.2" 374 | }, 375 | "dependencies": { 376 | "safe-buffer": { 377 | "version": "5.2.0", 378 | "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz", 379 | "integrity": "sha512-fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg==" 380 | } 381 | } 382 | }, 383 | "mongoose": { 384 | "version": "5.7.5", 385 | "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-5.7.5.tgz", 386 | "integrity": "sha512-BZ4FxtnbTurc/wcm/hLltLdI4IDxo4nsE0D9q58YymTdZwreNzwO62CcjVtaHhmr8HmJtOInp2W/T12FZaMf8g==", 387 | "requires": { 388 | "bson": "~1.1.1", 389 | "kareem": "2.3.1", 390 | "mongodb": "3.3.2", 391 | "mongoose-legacy-pluralize": "1.0.2", 392 | "mpath": "0.6.0", 393 | "mquery": "3.2.2", 394 | "ms": "2.1.2", 395 | "regexp-clone": "1.0.0", 396 | "safe-buffer": "5.1.2", 397 | "sift": "7.0.1", 398 | "sliced": "1.0.1" 399 | }, 400 | "dependencies": { 401 | "ms": { 402 | "version": "2.1.2", 403 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", 404 | "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" 405 | }, 406 | "safe-buffer": { 407 | "version": "5.1.2", 408 | "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", 409 | "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" 410 | } 411 | } 412 | }, 413 | "mongoose-legacy-pluralize": { 414 | "version": "1.0.2", 415 | "resolved": "https://registry.npmjs.org/mongoose-legacy-pluralize/-/mongoose-legacy-pluralize-1.0.2.tgz", 416 | "integrity": "sha512-Yo/7qQU4/EyIS8YDFSeenIvXxZN+ld7YdV9LqFVQJzTLye8unujAWPZ4NWKfFA+RNjh+wvTWKY9Z3E5XM6ZZiQ==" 417 | }, 418 | "morgan": { 419 | "version": "1.9.1", 420 | "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.9.1.tgz", 421 | "integrity": "sha512-HQStPIV4y3afTiCYVxirakhlCfGkI161c76kKFca7Fk1JusM//Qeo1ej2XaMniiNeaZklMVrh3vTtIzpzwbpmA==", 422 | "requires": { 423 | "basic-auth": "~2.0.0", 424 | "debug": "2.6.9", 425 | "depd": "~1.1.2", 426 | "on-finished": "~2.3.0", 427 | "on-headers": "~1.0.1" 428 | }, 429 | "dependencies": { 430 | "depd": { 431 | "version": "1.1.2", 432 | "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", 433 | "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak=" 434 | } 435 | } 436 | }, 437 | "mpath": { 438 | "version": "0.6.0", 439 | "resolved": "https://registry.npmjs.org/mpath/-/mpath-0.6.0.tgz", 440 | "integrity": "sha512-i75qh79MJ5Xo/sbhxrDrPSEG0H/mr1kcZXJ8dH6URU5jD/knFxCVqVC/gVSW7GIXL/9hHWlT9haLbCXWOll3qw==" 441 | }, 442 | "mquery": { 443 | "version": "3.2.2", 444 | "resolved": "https://registry.npmjs.org/mquery/-/mquery-3.2.2.tgz", 445 | "integrity": "sha512-XB52992COp0KP230I3qloVUbkLUxJIu328HBP2t2EsxSFtf4W1HPSOBWOXf1bqxK4Xbb66lfMJ+Bpfd9/yZE1Q==", 446 | "requires": { 447 | "bluebird": "3.5.1", 448 | "debug": "3.1.0", 449 | "regexp-clone": "^1.0.0", 450 | "safe-buffer": "5.1.2", 451 | "sliced": "1.0.1" 452 | }, 453 | "dependencies": { 454 | "debug": { 455 | "version": "3.1.0", 456 | "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz", 457 | "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==", 458 | "requires": { 459 | "ms": "2.0.0" 460 | } 461 | }, 462 | "safe-buffer": { 463 | "version": "5.1.2", 464 | "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", 465 | "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" 466 | } 467 | } 468 | }, 469 | "ms": { 470 | "version": "2.0.0", 471 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", 472 | "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" 473 | }, 474 | "negotiator": { 475 | "version": "0.6.1", 476 | "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.1.tgz", 477 | "integrity": "sha1-KzJxhOiZIQEXeyhWP7XnECrNDKk=" 478 | }, 479 | "on-finished": { 480 | "version": "2.3.0", 481 | "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz", 482 | "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=", 483 | "requires": { 484 | "ee-first": "1.1.1" 485 | } 486 | }, 487 | "on-headers": { 488 | "version": "1.0.2", 489 | "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz", 490 | "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==" 491 | }, 492 | "parseurl": { 493 | "version": "1.3.2", 494 | "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz", 495 | "integrity": "sha1-/CidTtiZMRlGDBViUyYs3I3mW/M=" 496 | }, 497 | "path-to-regexp": { 498 | "version": "0.1.7", 499 | "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", 500 | "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w=" 501 | }, 502 | "proxy-addr": { 503 | "version": "2.0.2", 504 | "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.2.tgz", 505 | "integrity": "sha1-ZXFQT0e7mI7IGAJT+F3X4UlSvew=", 506 | "requires": { 507 | "forwarded": "~0.1.2", 508 | "ipaddr.js": "1.5.2" 509 | } 510 | }, 511 | "qs": { 512 | "version": "6.5.1", 513 | "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz", 514 | "integrity": "sha512-eRzhrN1WSINYCDCbrz796z37LOe3m5tmW7RQf6oBntukAG1nmovJvhnwHHRMAfeoItc1m2Hk02WER2aQ/iqs+A==" 515 | }, 516 | "range-parser": { 517 | "version": "1.2.0", 518 | "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz", 519 | "integrity": "sha1-9JvmtIeJTdxA3MlKMi9hEJLgDV4=" 520 | }, 521 | "raw-body": { 522 | "version": "2.3.2", 523 | "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.3.2.tgz", 524 | "integrity": "sha1-vNYMd9Prk83gBQKVw/N5OJvIj4k=", 525 | "requires": { 526 | "bytes": "3.0.0", 527 | "http-errors": "1.6.2", 528 | "iconv-lite": "0.4.19", 529 | "unpipe": "1.0.0" 530 | } 531 | }, 532 | "regexp-clone": { 533 | "version": "1.0.0", 534 | "resolved": "https://registry.npmjs.org/regexp-clone/-/regexp-clone-1.0.0.tgz", 535 | "integrity": "sha512-TuAasHQNamyyJ2hb97IuBEif4qBHGjPHBS64sZwytpLEqtBQ1gPJTnOaQ6qmpET16cK14kkjbazl6+p0RRv0yw==" 536 | }, 537 | "require_optional": { 538 | "version": "1.0.1", 539 | "resolved": "https://registry.npmjs.org/require_optional/-/require_optional-1.0.1.tgz", 540 | "integrity": "sha512-qhM/y57enGWHAe3v/NcwML6a3/vfESLe/sGM2dII+gEO0BpKRUkWZow/tyloNqJyN6kXSl3RyyM8Ll5D/sJP8g==", 541 | "requires": { 542 | "resolve-from": "^2.0.0", 543 | "semver": "^5.1.0" 544 | } 545 | }, 546 | "resolve-from": { 547 | "version": "2.0.0", 548 | "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-2.0.0.tgz", 549 | "integrity": "sha1-lICrIOlP+h2egKgEx+oUdhGWa1c=" 550 | }, 551 | "safe-buffer": { 552 | "version": "5.1.1", 553 | "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz", 554 | "integrity": "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg==" 555 | }, 556 | "semver": { 557 | "version": "5.7.1", 558 | "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", 559 | "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" 560 | }, 561 | "send": { 562 | "version": "0.16.1", 563 | "resolved": "https://registry.npmjs.org/send/-/send-0.16.1.tgz", 564 | "integrity": "sha512-ElCLJdJIKPk6ux/Hocwhk7NFHpI3pVm/IZOYWqUmoxcgeyM+MpxHHKhb8QmlJDX1pU6WrgaHBkVNm73Sv7uc2A==", 565 | "requires": { 566 | "debug": "2.6.9", 567 | "depd": "~1.1.1", 568 | "destroy": "~1.0.4", 569 | "encodeurl": "~1.0.1", 570 | "escape-html": "~1.0.3", 571 | "etag": "~1.8.1", 572 | "fresh": "0.5.2", 573 | "http-errors": "~1.6.2", 574 | "mime": "1.4.1", 575 | "ms": "2.0.0", 576 | "on-finished": "~2.3.0", 577 | "range-parser": "~1.2.0", 578 | "statuses": "~1.3.1" 579 | }, 580 | "dependencies": { 581 | "statuses": { 582 | "version": "1.3.1", 583 | "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz", 584 | "integrity": "sha1-+vUbnrdKrvOzrPStX2Gr8ky3uT4=" 585 | } 586 | } 587 | }, 588 | "serve-static": { 589 | "version": "1.13.1", 590 | "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.13.1.tgz", 591 | "integrity": "sha512-hSMUZrsPa/I09VYFJwa627JJkNs0NrfL1Uzuup+GqHfToR2KcsXFymXSV90hoyw3M+msjFuQly+YzIH/q0MGlQ==", 592 | "requires": { 593 | "encodeurl": "~1.0.1", 594 | "escape-html": "~1.0.3", 595 | "parseurl": "~1.3.2", 596 | "send": "0.16.1" 597 | } 598 | }, 599 | "setprototypeof": { 600 | "version": "1.0.3", 601 | "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.0.3.tgz", 602 | "integrity": "sha1-ZlZ+NwQ+608E2RvWWMDL77VbjgQ=" 603 | }, 604 | "sift": { 605 | "version": "7.0.1", 606 | "resolved": "https://registry.npmjs.org/sift/-/sift-7.0.1.tgz", 607 | "integrity": "sha512-oqD7PMJ+uO6jV9EQCl0LrRw1OwsiPsiFQR5AR30heR+4Dl7jBBbDLnNvWiak20tzZlSE1H7RB30SX/1j/YYT7g==" 608 | }, 609 | "sliced": { 610 | "version": "1.0.1", 611 | "resolved": "https://registry.npmjs.org/sliced/-/sliced-1.0.1.tgz", 612 | "integrity": "sha1-CzpmK10Ewxd7GSa+qCsD+Dei70E=" 613 | }, 614 | "statuses": { 615 | "version": "1.4.0", 616 | "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.4.0.tgz", 617 | "integrity": "sha512-zhSCtt8v2NDrRlPQpCNtw/heZLtfUDqxBM1udqikb/Hbk52LK4nQSwr10u77iopCW5LsyHpuXS0GnEc48mLeew==" 618 | }, 619 | "type-is": { 620 | "version": "1.6.15", 621 | "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.15.tgz", 622 | "integrity": "sha1-yrEPtJCeRByChC6v4a1kbIGARBA=", 623 | "requires": { 624 | "media-typer": "0.3.0", 625 | "mime-types": "~2.1.15" 626 | } 627 | }, 628 | "unpipe": { 629 | "version": "1.0.0", 630 | "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", 631 | "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw=" 632 | }, 633 | "utils-merge": { 634 | "version": "1.0.1", 635 | "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", 636 | "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=" 637 | }, 638 | "vary": { 639 | "version": "1.1.2", 640 | "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", 641 | "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw=" 642 | }, 643 | "xtend": { 644 | "version": "4.0.1", 645 | "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.1.tgz", 646 | "integrity": "sha1-pcbVMr5lbiPbgg77lDofBJmNY68=" 647 | } 648 | } 649 | } 650 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "react-express-auth-starter", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "server.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1", 8 | "start": "node server.js", 9 | "heroku-postbuild": "cd client && npm install --only=dev && npm install && npm run build" 10 | }, 11 | "author": "", 12 | "license": "ISC", 13 | "dependencies": { 14 | "bcrypt-nodejs": "0.0.3", 15 | "body-parser": "^1.18.2", 16 | "dotenv": "^6.1.0", 17 | "express": "^4.16.2", 18 | "jsonwebtoken": "^8.1.0", 19 | "mongoose": "5.7.5", 20 | "morgan": "^1.9.1" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /routes/users.js: -------------------------------------------------------------------------------- 1 | const 2 | express = require('express'), 3 | usersRouter = new express.Router(), 4 | usersCtrl = require('../controllers/users.js'), 5 | verifyToken = require('../serverAuth.js').verifyToken 6 | 7 | usersRouter.route('/') 8 | .get(usersCtrl.index) 9 | .post(usersCtrl.create) 10 | 11 | usersRouter.post('/authenticate', usersCtrl.authenticate) 12 | 13 | 14 | usersRouter.use(verifyToken) 15 | usersRouter.route('/:id') 16 | .get(usersCtrl.show) 17 | .patch(usersCtrl.update) 18 | .delete(usersCtrl.destroy) 19 | 20 | module.exports = usersRouter -------------------------------------------------------------------------------- /server.js: -------------------------------------------------------------------------------- 1 | const 2 | dotenv = require('dotenv').load(), 3 | express = require('express'), 4 | app = express(), 5 | logger = require('morgan'), 6 | bodyParser = require('body-parser'), 7 | mongoose = require('mongoose'), 8 | MONGODB_URI = process.env.MONGODB_URI || 'mongodb://localhost/react-express-jwt', 9 | PORT = process.env.PORT || 3001, 10 | usersRoutes = require('./routes/users.js') 11 | 12 | mongoose.set('useCreateIndex', true) 13 | mongoose.connect(MONGODB_URI, { useNewUrlParser: true }, (err) => { 14 | console.log(err || `Connected to MongoDB.`) 15 | }) 16 | 17 | app.use(express.static(`${__dirname}/client/build`)) 18 | app.use(logger('dev')) 19 | app.use(bodyParser.json()) 20 | 21 | app.get('/api', (req, res) => { 22 | res.json({message: "API root."}) 23 | }) 24 | 25 | app.use('/api/users', usersRoutes) 26 | 27 | app.use('*', (req, res) => { 28 | res.sendFile(`${__dirname}/client/build/index.html`) 29 | }) 30 | 31 | app.listen(PORT, (err) => { 32 | console.log(err || `Server running on port ${PORT}.`) 33 | }) 34 | -------------------------------------------------------------------------------- /serverAuth.js: -------------------------------------------------------------------------------- 1 | const 2 | jwt = require('jsonwebtoken'), 3 | User = require('./models/User.js'), 4 | { JWT_SECRET } = process.env 5 | 6 | // function for creating tokens 7 | function signToken(user) { 8 | // toObject() returns a basic js object with only the info from the db 9 | const userData = user.toObject() 10 | delete userData.password 11 | return jwt.sign(userData, JWT_SECRET) 12 | } 13 | 14 | // function for verifying tokens 15 | function verifyToken(req, res, next) { 16 | // grab token from either headers, req.body, or query string 17 | const token = req.get('token') || req.body.token || req.query.token 18 | // if no token present, deny access 19 | if(!token) return res.json({success: false, message: "No token provided"}) 20 | // otherwise, try to verify token 21 | jwt.verify(token, JWT_SECRET, (err, decodedData) => { 22 | // if problem with token verification, deny access 23 | if(err) return res.json({success: false, message: "Invalid token."}) 24 | // otherwise, search for user by id that was embedded in token 25 | User.findById(decodedData._id, (err, user) => { 26 | // if no user, deny access 27 | if(!user) return res.json({success: false, message: "Invalid token."}) 28 | // otherwise, add user to req object 29 | req.user = user 30 | // go on to process the route: 31 | next() 32 | }) 33 | }) 34 | } 35 | 36 | module.exports = { 37 | signToken, 38 | verifyToken 39 | } --------------------------------------------------------------------------------