chore(deps): updates deps

Author: EQuimper

README.md

@@ -37,6 +37,7 @@
 - [Installation](https://github.com/EQuimper/nodejs-api-boilerplate#installation)
 - [Install Mongodb](https://github.com/EQuimper/nodejs-api-boilerplate#install-mongodb)
 - [Raven Log](https://github.com/EQuimper/nodejs-api-boilerplate#raven-log)
+- [Body Whitelist](https://github.com/EQuimper/nodejs-api-boilerplate#body-whitelist)
 - [Api Doc](https://github.com/EQuimper/nodejs-api-boilerplate#api-doc)
 - [Pre-Commit Hook](https://github.com/EQuimper/nodejs-api-boilerplate#pre-commit-hook)
 - [Scripts](https://github.com/EQuimper/nodejs-api-boilerplate#scripts)
@@ -69,10 +70,28 @@ For get raven log create account here: [Sentry](https://sentry.io/)
 
 ---
 
+## Body Whitelist
+
+For security have add a whitelist function for your `req.body` coming from the front end. You can take a look of it in the `contants.js` file.
+
+---
+
 ## Api Doc
 
 Api doc his hosted on surge. [Link](http://equimper-nodejs-api-boilerplate.surge.sh/). For change the url and have your own docs just add you link in the `.env` file.
 
+```js
+const WHITELIST = {
+  posts: {
+    create: ['title', 'text'],
+    update: ['title', 'text'],
+  },
+  users: {
+    create: ['email', 'username', 'password'],
+  },
+};
+```
+
 ---
 
 ## Pre-Commit Hook
@@ -95,7 +114,7 @@ or
 npm run dev
 ```
 
-**PS** That can crash it's the first time but don't worry give it 2 sec the scripts gonna work. He just need to created a dist folder :) This way you have only one command to run.
+**PS** That can crash if this is the first time but don't worry give it 2 sec the scripts gonna work. He just need to created a dist folder :) This way you have only one command to run.
 
 ### DEV-DEBUG
 
@@ -195,7 +214,7 @@ bash scripts/development.sh
 - [Joi](https://github.com/hapijs/joi)
 - [Http-Status](https://github.com/adaltas/node-http-status)
 - [Lint-Staged](https://github.com/okonet/lint-staged)
-- [Pre-Commit](https://github.com/observing/pre-commit)
+- [Husky](https://github.com/typicode/husky)
 - [Prettier](https://github.com/prettier/prettier)
 - [Eslint Config EQuimper](https://github.com/EQuimper/eslint-config-equimper)
 - [Eslint Config Prettier](https://github.com/prettier/eslint-config-prettier)
@@ -211,6 +230,7 @@ bash scripts/development.sh
 - [NPS](https://github.com/kentcdodds/nps)
 - [MongoDB](https://www.mongodb.com/)
 - [Mongoose](http://mongoosejs.com/)
+- [Webpack2](https://webpack.js.org/)
 
 ---
 

package-scripts.js

@@ -22,7 +22,7 @@ module.exports = {
     },
     default: {
       description: 'Start project with pm2 on production.',
-      script: `${crossEnv('NODE_ENV=production')} pm2 start dist/index.bundle.js`,
+      script: `${crossEnv('NODE_ENV=production')} pm2 start processes.json dist/index.bundle.js`,
     },
     doc: {
       description: 'Documenting the api.',

package.json

@@ -34,7 +34,7 @@
     "semantic-release",
     "prettier",
     "lint-staged",
-    "webpack"
+    "webpack2"
   ],
   "license": "MIT",
   "lint-staged": {
@@ -78,24 +78,24 @@
     "cz-conventional-changelog": "^2.0.0",
     "eslint": "^3.19.0",
     "eslint-config-equimper": "^1.6.4",
-    "eslint-config-prettier": "^2.0.0",
+    "eslint-config-prettier": "^2.1.0",
     "faker": "^4.1.0",
     "glob": "^7.1.1",
+    "husky": "^0.13.3",
     "istanbul": "1.1.0-alpha.1",
     "lint-staged": "^3.4.1",
-    "mocha": "^3.3.0",
+    "mocha": "^3.4.1",
     "morgan": "^1.8.1",
     "nodemon": "^1.11.0",
     "nps": "^5.1.0",
     "nps-utils": "^1.2.0",
-    "pre-commit": "^1.2.2",
     "prettier": "^1.3.1",
     "semantic-release": "^6.3.2",
     "shelljs": "^0.7.7",
     "superagent": "^3.5.2",
     "supertest": "^3.0.0",
     "webpack": "fulls1z3/webpack#v2.5.0-harmony",
-    "webpack-node-externals": "^1.5.4"
+    "webpack-node-externals": "^1.6.0"
   },
   "dependencies": {
     "bcrypt-nodejs": "^0.0.3",
@@ -109,17 +109,17 @@
     "express-winston": "^2.4.0",
     "helmet": "^3.6.0",
     "http-status": "^1.0.1",
-    "joi": "^10.4.1",
+    "joi": "^10.4.2",
     "jsonwebtoken": "^7.4.0",
     "method-override": "^2.3.8",
-    "mongoose": "^4.9.8",
+    "mongoose": "^4.9.9",
     "mongoose-unique-validator": "^1.0.5",
     "passport": "^0.3.2",
     "passport-jwt": "^2.2.1",
     "passport-local": "^1.0.0",
     "pm2": "^2.4.6",
     "pretty-error": "^2.1.0",
-    "raven": "^1.2.1",
+    "raven": "^2.0.0",
     "slug": "^0.9.1",
     "winston": "^2.3.1"
   },

processes.json

@@ -5,11 +5,11 @@
       "script": "./dist",
       "merge_logs": true,
       "max_restarts": 20,
-      "instances": 4,
+      "instances": "max",
+      "exec_mode" : "cluster",
       "max_memory_restart": "200M",
-      "env": {
-        "PORT": 3000,
-        "NODE_ENV": "development"
+      "env_production" : {
+        "NODE_ENV": "production"
       }
     }
   ]

src/config/constants.js

@@ -1,5 +1,15 @@
 require('dotenv').config();
 
+const WHITELIST = {
+  posts: {
+    create: ['title', 'text'],
+    update: ['title', 'text'],
+  },
+  users: {
+    create: ['email', 'username', 'password'],
+  },
+};
+
 const devConfig = {
   JWT_SECRET: process.env.JWT_SECRET_DEV,
   MONGO_URL: process.env.MONGO_URL_DEV,
@@ -18,12 +28,7 @@ const prodConfig = {
 const defaultConfig = {
   PORT: process.env.PORT || 3000,
   RAVEN_ID: process.env.RAVEN_ID,
-  WHITELIST: {
-    posts: {
-      create: ['title', 'text'],
-      update: ['title', 'text'],
-    },
-  },
+  WHITELIST,
 };
 
 function envConfig(env) {

src/config/middlewares.js

@@ -18,6 +18,7 @@ const isTest = process.env.NODE_ENV === 'test';
 const isDev = process.env.NODE_ENV === 'development';
 
 export default app => {
+  app.use(compression());
   app.use(bodyParser.json());
   app.use(bodyParser.urlencoded({ extended: true }));
   app.use(passport.initialize());
@@ -38,5 +39,4 @@ export default app => {
       }),
     );
   }
-  app.use(compression());
 };

src/controllers/user.controller.js

@@ -5,6 +5,8 @@
 import Joi from 'joi';
 import HTTPStatus from 'http-status';
 
+import { filteredBody } from '../utils/filteredBody';
+import constants from '../config/constants';
 import User from '../models/user.model';
 
 export const validation = {
@@ -51,8 +53,9 @@ export const validation = {
  *  }
  */
 export async function create(req, res, next) {
+  const body = filteredBody(req.body, constants.WHITELIST.users.create);
   try {
-    const user = await User.create(req.body);
+    const user = await User.create(body);
     return res.status(HTTPStatus.CREATED).json(user.toAuthJSON());
   } catch (e) {
     e.status = HTTPStatus.BAD_REQUEST;

src/index.js

@@ -2,7 +2,6 @@
 /**
  * Server setup
  */
-
 import express from 'express';
 
 import './config/database';
@@ -18,17 +17,17 @@ middlewaresConfig(app);
 // Add the apiRoutes stack to the server
 app.use('/api', ApiRoutes);
 
-// http://www.marcusoft.net/2015/10/eaddrinuse-when-watching-tests-with-mocha-and-supertest.html
+// We need this to make sure we don't run a second instance
 if (!module.parent) {
   app.listen(constants.PORT, err => {
     if (err) {
       console.error('Cannot run');
     } else {
       console.log(`
-          Yep this is working 🍺
-          App listen on port: ${constants.PORT} 🍕
-          Env: ${process.env.NODE_ENV} 🦄
-        `);
+        Yep this is working 🍺
+        App listen on port: ${constants.PORT} 🍕
+        Env: ${process.env.NODE_ENV} 🦄
+      `);
     }
   });
 }