From 7ca0c5297f3fb40ce1aa5e47bae9b318405033d4 Mon Sep 17 00:00:00 2001 From: melophonic Date: Wed, 14 Sep 2016 12:56:33 -0700 Subject: [PATCH] README cleanup + CSRF-JWT usage (#8) * Rework README Clarify clone/fork vs. from scratch instructions Add CSRF-JWT demo instructions * Update to clarify CSRF tokens in both headers and cookies * Clarify CSRF-JWT response behavior --- samples/universal-react-node/README.md | 123 ++++++++++++++++++++----- 1 file changed, 102 insertions(+), 21 deletions(-) diff --git a/samples/universal-react-node/README.md b/samples/universal-react-node/README.md index a0d769a14..c1f755d85 100644 --- a/samples/universal-react-node/README.md +++ b/samples/universal-react-node/README.md @@ -1,20 +1,61 @@ -# Electrode app with Electrode Modules -- This repo is a sample Electrode app generated from `yo electrode` with Electrode modules +# Electrode App with Electrode Modules +A sample Electrode app generated using `yo electrode` that demonstrates the usage of several Electrode modules. +## Install and Run ---- -## Electrode Confippet ## -- [Confippet](https://github.com/electrode-io/electrode-confippet) is a versatile utility for managing your NodeJS application configuration. Its goal is customization and extensibility, but offers a preset config out of the box. -- Scaffold an electrode app using the following commands: +If cloning or forking this repo, simply install via `npm` and run with `gulp`: + +```bash +$ npm install +$ NODE_ENV=development gulp hot +``` + +The app should be accessible at http://127.0.0.1:3000/ + +## Starting from Scratch + +This app was generated using [yeoman](yeoman.io) and instructions for recreating it from scratch are provided below. +First, install `yeoman` and `electrode-generator`: + +```bash +$ npm install -g yo +$ npm install -g generator-electrode +``` + +Scaffold a new app using `yeoman`: + +```bash +$ mkdir electrode-app-csrf-jwt +$ cd electrode-app-csrf-jwt +$ yo electrode ``` -npm install -g yo -npm install -g generator-electrode -yo electrode + +At this point, you should be able to run the server locally: + +```bash +$ npm install +$ NODE_ENV=development gulp hot +``` + +## Electrode Module Demos + +This application already contains demonstration code for the following modules. If you're starting from scratch using scaffolding, you can find instructions for adding and configuring individual modules below. + +- [Electrode Confippet](#electrode-confippet) +- [Electrode CSRF-JWT](#electrode-csrf-jwt) + +## Electrode Confippet + +[Confippet](https://github.com/electrode-io/electrode-confippet) is a versatile utility for managing your NodeJS application configuration. Its goal is customization and extensibility, but offers a preset config out of the box. + +### Installation + +```bash +$ npm install electrode-confippet --save ``` #### Config Files -- Once the scaffolding is complete, open the following config files: ``` config @@ -24,9 +65,10 @@ config ``` #### Development Environment -- Update the `config/development.json` to have the following settings: -``` +Update the `config/development.json` to have the following settings: + +```json { "server": { "connections": { @@ -45,12 +87,13 @@ config } ``` -- The above settings should show server log errors that may be beneficial for debugging, disable content encoding, and run the server in port 3000 +The above settings should show server log errors that may be beneficial for debugging, disable content encoding, and run the server in port 3000 #### Production Environment -- Update the `config/production.json` to have the following settings: -``` +Update the `config/production.json` to have the following settings: + +```json { "server": { "connections": { @@ -75,9 +118,10 @@ config - Keys that exist in the `config/default.json` that are also in the other environment configs will be replaced by the environment specific versions #### Confippet Require -- In Electrode, the configurations are loaded from `server/index.js` at this line: -``` +In Electrode, the configurations are loaded from `server/index.js` at this line: + +```javascript const config = require("electrode-confippet").config; const staticPathsDecor = require("electrode-static-paths"); @@ -85,20 +129,57 @@ require("electrode-server")(config, [staticPathsDecor()]); ``` #### Running Electrode app + - Start the electrode app in `development` environment: -``` -NODE_ENV=development gulp hot +```bash +$ NODE_ENV=development gulp hot ``` - Start the electrode app in `production` environment: -``` -NODE_ENV=production gulp hot +```bash +$ NODE_ENV=production gulp hot ``` - Running in the selected environment should load the appropriate configuration settings +--- + +## Electrode CSRF-JWT + +[CSRF-JWT](https://github.com/electrode-io/electrode-csrf-jwt) is an Electrode plugin that allows you to authenticate HTTP requests using JWT in your Electrode applications. + +### Installation + +Add the `electrode-csrf-jwt` component: + +```bash +$ npm install electrode-csrf-jwt --save +``` + +Next, register the plugin with the Electrode server. Add the following configuration to the `plugins` section of `config/default.json`: + +```json + "electrode-csrf-jwt": { + "options": { + "secret": "test", + "expiresIn": 60 + } + } +``` + +That's it! CSRF protection will be automatically enabled for endpoints added to the app. CSRF JWT tokens will be returned in the headers and set as cookies for every response and must be provided as both a header and a cookie in every `POST` request. + +> You can read more about options and usage details on [the component's README page](https://github.com/electrode-io/electrode-csrf-jwt#usage) + +### CSRF-JWT Demonstration code + +In addition to the above steps, the following modifications were made in order to demonstrate functionality: + +* A plugin with two endpoints was added as `server/plugins/csrf.js` and registered via `config/default.json` +* AJAX testing logic was added to `client/components/csrf.jsx` + --- ## Electrode Javascript Bundle Viewer - How to use/integrate guide ##