Express.js + MongoDB + JavaScript codebase containing real world examples (CRUD, auth, advanced patterns, etc) that adheres to the RealWorld spec and API.

Demo    RealWorld

This codebase was created to demonstrate a fully fledged fullstack application built with Express.js + MongoDB + JavaScript including CRUD operations, authentication, routing, pagination, and more.

We've gone to great lengths to adhere to the Express.js + MongoDB + JavaScript community styleguides & best practices.

For more information on how to this works with other frontends/backends, head over to the RealWorld repo.

Getting started

1. install npm
2. make sure mongo is running
3. define needed env vars
   • DATABASE_URI - the uri to the mongo database: mongodb://127.0.0.1:27017/somedbname (assuming mongo is running on localhost:27017)
   • ACCESS_TOKEN_SECRET - the secret used for the JWT
4. execute node api/index.js
   • e.g., ACCESS_TOKEN_SECRET=xyzzy-plover-boom DATABASE_URI=mongodb://127.0.0.1:27017/test node api/index.js

Contrast-specific

1. A contrast_security.yaml config file should be present and configured appropriately.
2. The contrast agent should be installed as a dependency.
   1. For developmental testing, linking to the local node-mono repo is useful.
3. To enable perf use a command line like: CSI_PERF_INTERVAL=10000 CSI_PERF=1 ACCESS_TOKEN_SECRET=xyzzy-plover-boom DATABASE_URI=mongodb://127.0.0.1:27017/somedb node --import @contrast/agent api/index.js
   1. loads the agent with perf enabled, using a 10 second interval for writing the log.
4. set up locust per instructions in the script-locust/README.md
5. run the request-generating script, script-locust/locustfile.py using locust -f script-locust/locustfile.py --headless -i 1.
   1. --headless just means don't use the web UI, i.e., pure command line
   2. -f specifies the file (more TBD, exercising different aspects of the code)
   3. -i 1 specifies 1 iteration.
6. the agent writes agent-perf.jsonl
   1. agent-perf.jsonl can be analyzed using tools in script-analysis/.
   2. summarize.mjs will summarize the data. it's primitive, but provides basic data.

How it works

All the routes are defined in the src/routes folder, and their corresponding controllers are implemented in the src/controllers folder.

Design Choices and Tradeoffs

• Only one access_token_secret is used for all the accounts registration and login. Drawback: data can be forged if this secret is leaked
• Included array structures, e.g. list of comments in the article model and favorited articles in the user model. Drawback: not good for scalability
• Usernames are case-sensitive