Merge pull request #64 from JDIZM/update-deps

[JDI-132] Update deps, docker and minor changes

Author: JDIZM

.dockerignore

@@ -1,4 +1,6 @@
 node_modules
 .git
 dist
-.env
+.env
+node_modules/
+!nodes_modules/.prisma

.env.example

@@ -2,5 +2,9 @@
 ## prisma 
 ###
 DATABASE_URL=mongodb://root:example@localhost:27017/dbname
-APP_URL=http://localhost
-PORT=3000
+PORT=4000
+
+###
+# GCP // Firebase credentials.
+###
+GOOGLE_APPLICATION_CREDENTIALS=service-account-file.json

.gitignore

@@ -2,4 +2,6 @@ node_modules
 dist
 coverage
 .env
-package-lock.json
+package-lock.json
+pnpm-lock.yaml
+yarn.lock

.vscode/settings.json

@@ -4,5 +4,6 @@
   "editor.fontFamily": "JetBrains Mono",
   "editor.defaultFormatter": "esbenp.prettier-vscode",
   "editor.formatOnSave": true,
-  "typescript.tsdk": "node_modules/typescript/lib"
+  "typescript.tsdk": "node_modules/typescript/lib",
+  "prettier.prettierPath": "node_modules/prettier/index.cjs"
 }

Dockerfile

@@ -1,21 +1,65 @@
 # use a slimmer alpine image to consume less memory
 # https://viralganatra.com/docker-nodejs-production-secure-best-practices/
-FROM node:20-alpine
+FROM node:20-alpine AS base
+
+ENV PNPM_VERSION=9.4.0
+
+RUN npm install -g pnpm@$PNPM_VERSION
 
-# set working directory
 WORKDIR /app
 
+ARG NODE_ENV
+ENV NODE_ENV=${NODE_ENV}
+
 # required for gcloud; will require a service account key to be copied to the path location
 ENV GOOGLE_APPLICATION_CREDENTIALS=/app/gcloud.json
 
 # install deps first so we can cache them
-COPY package*.json ./
+COPY package*.json pnpm-lock.yaml ./
 COPY prisma ./prisma/
-RUN npm ci && npm cache clean --force
+RUN pnpm install --frozen-lockfile
+RUN npx prisma generate
+
+FROM base AS builder
+
+WORKDIR /app
 
-# build the app
 COPY . .
+
 RUN mkdir dist
-RUN npm run build
+
+RUN pnpm build
+
+FROM base AS runner
+
+WORKDIR /app
+
+RUN addgroup --system --gid 1001 express
+RUN adduser --system --uid 1001 express
+
+COPY --from=builder --chown=express:express /app/prisma /app/prisma
+COPY --from=builder --chown=express:express /app/node_modules /app/node_modules
+COPY --from=builder --chown=express:express /app/dist /app/dist
+COPY --from=builder --chown=express:express /app/package.json /app/package.json
+
+USER express
+
+EXPOSE 4000
+
+# --- Development ---
+
+FROM runner AS dev
+
+WORKDIR /app
+
+COPY --from=builder --chown=express:express /app/.env /app/.env
+
+CMD ["node", "./dist/server.cjs"]
+
+# --- Production ---
+
+FROM runner AS prod
+
+WORKDIR /app
 
 CMD ["node", "./dist/server.cjs"]

README.md

@@ -1,4 +1,4 @@
-# node-express-backend-component
+# node-express-firebase-mongodb
 
 - [tsx](https://github.com/esbuild-kit/tsx)
 - [pkgroll](https://github.com/privatenumber/pkgroll)
@@ -13,6 +13,8 @@
 - [firebase auth](https://firebase.google.com/docs/auth/admin)
 - [gcp](https://cloud.google.com/)
 - [digitalocean](https://www.digitalocean.com/)
+- [helmet](https://helmetjs.github.io/)
+- [cookie-parser](https://www.npmjs.com/package/cookie-parser)
 
 A simple node/express backend api template.
 
@@ -28,7 +30,7 @@ curl https://get.volta.sh | bash
 
 This will require a mongodb database to be setup. You can set one up at https://cloud.mongodb.com/
 
-This project also uses firebase auth for authentication. You can set one up at https://firebase.google.com/ and deployment is handled with DigitalOcean. See the authentication and deployment sections for more info.
+This project also uses firebase auth for authentication. You can set one up at https://firebase.google.com/ and deployment is handled with DigitalOcean. See the [Firebase Auth](#firebase-auth) section for more info on setting up your credentials and project.
 
 ## ESM Node
 
@@ -54,7 +56,7 @@ npm i
 npm run dev
 
 # view it running on localhost
-curl localhost:3000
+curl localhost:4000
 ```
 
 Be sure to configure the .env file with the correct values and make sure you have a mongodb database setup and firebase application credentials.
@@ -90,13 +92,13 @@ docker build . --tag node-express
 docker build . --tag node-express --platform linux/amd64
 
 # start the docker container
-docker run -d -p 3000:3000 node-express
+docker run -d -p 4000:4000 node-express
 
 # view it running on localhost
-curl localhost:3000
+curl localhost:4000
 ```
 
-When building with Docker locally it will require the service account key in the project root; this is because the Dockerfile is copying the service account key file into the image. See the [Firebase Auth](#firebase-auth) section for more info on the service account key file and Google Application Credentials.
+When building with Docker locally it will require the service account key to be set; this is because the Dockerfile is copying the service account key file into the image. See the [Firebase Auth](#firebase-auth) section for more info on the service account key file and Google Application Credentials.
 
 ## Database
 
@@ -146,6 +148,9 @@ Sign in with email and password is supported out of the box with Firebase Auth.
 ```js
 # sign in with email and password by posting
 https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=[API_KEY]
+
+# refresh token
+https://securetoken.googleapis.com/v1/token?key=[API_KEY]
 ```
 
 ## Permissions
@@ -177,7 +182,7 @@ A claim is defined when the user is created which defines the user's role and pe
 
 This project uses Firebase Auth for authentication. The firebase admin sdk is used to verify the token and decode the claims.
 
-Because we are not running in a google environment we need to initialize the firebase admin sdk with a service account key file.
+Because we are not running in a google environment we need to initialize the firebase admin sdk with a service account key file. see the [Firebase Admin SDK docs](https://firebase.google.com/docs/admin/setup#initialize_the_sdk_in_non-google_environments) for more info.
 
 This requires a service account key file at `$HOME/gcloud.json`. The `GOOGLE_APPLICATION_CREDENTIALS` env variable must be set to the path of the service account key file.
 
@@ -187,6 +192,8 @@ You can create a service account from the firebase console and place in your hom
 export GOOGLE_APPLICATION_CREDENTIALS=$HOME/gcloud.json
 ```
 
+You can also set this in the `.env` file but if you have set the env variable in your shell it will take precedence.
+
 When running in CI/CD the service account key file is stored as a secret and the env variable is set in the Dockerfile using the copied service account key file fron secrets.
 
 ## Deployment with DigitalOcean

docker-compose.yml

@@ -1,16 +1,14 @@
-version: "3.1"
-
 services:
   app:
     build:
       context: .
     environment:
-      - NODE_ENV=development
+      - NODE_ENV=${NODE_ENV:-development}
       - DATABASE_URL=${DATABASE_URL}
-      - APP_URL=${APP_URL}
       - PORT=${PORT}
     ports:
       - "${PORT}:${PORT}"
     volumes:
       # set the GOOGLE_APPLICATION_CREDENTIALS env variable to the path of the gcloud.json file
-      - $HOME/gcloud.json:/app/gcloud.json
+      # will use the default path if not set. If shell env is set it will take precedence.
+      - ${GOOGLE_APPLICATION_CREDENTIALS:-$HOME/gcloud.json}:/app/gcloud.json

package.json

@@ -1,5 +1,5 @@
 {
-  "name": "node-express-backend-component",
+  "name": "node-express-firebase-mongodb",
   "version": "1.0.0",
   "description": "",
   "main": "dist/server.cjs",
@@ -13,7 +13,7 @@
     "format": "prettier -w '**/*.{js,ts,mjs,cjs,json,tsx,jsx}'",
     "format:check": "prettier --check '**/*.{js,ts,mjs,cjs,json,tsx,jsx}'",
     "tsc:check": "tsc -p tsconfig.json --noEmit",
-    "dev": "tsx watch ./src/server.ts",
+    "dev": "tsx watch ./src/server.ts | pino-pretty",
     "build": "pkgroll",
     "test": "vitest --run --coverage"
   },
@@ -23,18 +23,19 @@
   "devDependencies": {
     "@typescript-eslint/eslint-plugin": "^7.0.0",
     "@typescript-eslint/parser": "^7.0.0",
-    "@vitest/coverage-v8": "^2.0.0",
+    "@vitest/coverage-istanbul": "^2.0.5",
     "dotenv": "^16.3.1",
     "eslint": "^8.37.0",
     "eslint-config-prettier": "^9.0.0",
     "eslint-import-resolver-typescript": "^3.5.5",
     "eslint-plugin-import": "^2.27.5",
+    "pino-pretty": "^11.2.2",
     "pkgroll": "^2.0.0",
-    "prettier": "^3.0.0",
+    "prettier": "^3.3.3",
     "prisma": "^5.2.0",
     "tsx": "^4.0.0",
     "typescript": "^5.0.4",
-    "vitest": "^2.0.0",
+    "vitest": "^2.0.5",
     "zod": "^3.21.4",
     "zod-prisma-types": "^3.0.0"
   },
@@ -49,19 +50,21 @@
   },
   "dependencies": {
     "@prisma/client": "^5.2.0",
+    "@types/cookie-parser": "^1.4.7",
     "@types/cors": "^2.8.17",
-    "@types/node": "^20.2.1",
-    "@types/bcrypt": "^5.0.0",
     "@types/express": "^4.17.17",
-    "bcrypt": "^5.1.1",
+    "@types/node": "^22.1.0",
+    "cookie-parser": "^1.4.6",
     "cors": "^2.8.5",
     "express": "^4.18.2",
     "firebase-admin": "^12.0.0",
+    "helmet": "^7.1.0",
     "mongodb": "^6.3.0",
     "pino": "^9.0.0",
     "pino-http": "^10.0.0"
   },
   "optionalDependencies": {
     "@rollup/rollup-linux-x64-gnu": "^4.9.6"
-  }
+  },
+  "packageManager": "pnpm@9.4.0+sha512.f549b8a52c9d2b8536762f99c0722205efc5af913e77835dbccc3b0b0b2ca9e7dc8022b78062c17291c48e88749c70ce88eb5a74f1fa8c4bf5e18bb46c8bd83a"
 }