Sign upLogin

dominiklessel/node-restify-boilerplate

View on GitHub
Star
README.md

Summary

Maintainability
Test Coverage
# restify Boilerplate

[![Dependency Status](https://gemnasium.com/dominiklessel/node-restify-boilerplate.png)](https://gemnasium.com/dominiklessel/node-restify-boilerplate)
[![Build Status](https://travis-ci.org/dominiklessel/node-restify-boilerplate.svg)](https://travis-ci.org/dominiklessel/node-restify-boilerplate)
[![Code Climate](https://codeclimate.com/github/dominiklessel/node-restify-boilerplate.png)](https://codeclimate.com/github/dominiklessel/node-restify-boilerplate)

Get your [restify](https://github.com/mcavage/node-restify) API up and running in no time :) Most of the things the boilerplate does should be self-explaining. If not: [AMA](mailto:dominik@mifitto.com?subject=Question:%20restify%20API%20boilerplate)

I included a custom authorization plugin, which is enabled by default. Feel free to modify its settings inside `config/global.json`

## Index

- [CORS](#cors)
- [Authorization](#authorization)
- [Loging](#loging)
- [Enviroments](#enviroments)

## CORS

Making CORS work properly if you use custom headers is not always straightforward ([restify / Issue #284](https://github.com/mcavage/node-restify/issues/284)). The boilerplate provides a helper, which takes care of **MethodNotAllowed responses** in conjunction with **preflight requests + custom headers**.

## Authorization (v1.1.0)

**Enable via `config.Security.UseAuth`**

Every request you make must be authenticated. The REST API uses a custom HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code) for authentication.

The value of the Authorization header is as follows:

```
Authorization: <Config/Security/Scheme> <AccessKey>:<Signature(Base64(HMAC-SHA1(UTF-8(<String to Sign>), UTF-8(<SecretAccessKey>))))>
```

AccessKey: Provided by `config/global.json`
SecretAccessKey: Provided by `config/global.json`
String to Sign: Value of the `<Config/Security/StringToSign>` header

You can find an example in the [examples/client](https://github.com/dominiklessel/node-restify-boilerplate/tree/examples/client) branch.

## ACL (v1.1.0)

**Enable via `config.Security.UseACL`**

The Boilerplate now supports ACL via [node_acl](https://github.com/OptimalBits/node_acl). Take a look at `config/global.json` for configuration ...

## Logging

By default `node-bunyan` is used for logging to a file (`./logs/{{NODE_ENV}}-{{SERVER:NAME}}.log`). Additionally sending logs to Loggly is supported (take a look at the config file).

## Environments

`NODE_ENV` is not yet used to allow different configurations for development / production. The only thing it does is disabling the Auth- and CORS-Plugin in development.

```
$ NODE_ENV=production node server
```

vs.

```
$node server
```