Skip to main content

Backend Setup

To setup the Cv Keep API you will need MongoDB running on your machine, then create a new database and get its Mongo URI, you gonna need it. With MongoDB configured and the database URI available, follow the next steps. If you didnt cloned the Cv Keep Backend project, please, read the section Requirements of this documentation.

The .Env Files#

To run your project locally or in production, you will need to set a .env file based on your state. The cvkeep-backend project has 4 .env files

Env FileDescription
.enva simple example, ignored by all environments
.env.localmust be created by you to define the local environment env vars
.env.productionmust be created by you to defined the production environment vars
.env.testsetup environment vars for automated tests

The .Env Vars#

The cvkeep-backend environment variables are:

NameDescriptionDefaultRequired
BASEThe API base route to deliver the API. The default the application root, if you defined /fizz for example, the entire API you respond after /fizz/*/true
PORTThe API port to deliver the application. You can ommit this information on your env in some hosts that sets ports automatically, like heroku for example. That doesnt mean you dont need a PORT env, only that was automatically setted5000true
DEFAULT_LANGThe default language that the API must use for human readable messages. By default, "pt-br" and "en" are availableentrue
BRAND_NAMEThe brand name to use when refering to your application in messages and emails, for exampleCv Keeptrue
EXTRA_ALLOWED_ORIGINSThe cvkeep api uses strict CORS to validate requests. Here you can allow other Origins to connect to your API. You must set the origins separeted by spaces and consider complete URLs and its possible versions, for example: "https://www.otherorigin.com https://otherorigin.com"""false
CLIENT_URLThe Cv Keep frontend URL of the current environmenthttps://localhost:8080true
SERVER_URLThe Cv Keep backend URL of the current environmenthttp://localhost:5000true
UPLOAD_MAX_FILE_SIZE_MBHow big an image can be when being uploaded10true
JWT_COOKIE_NAMEThe JWT token is stored on a Cookie, here you can setup this cookie name. If for some reason you need to invalidade all the sessions, you can only change the cookie name and all the old ones will be ignored be the application. The cookie used is a signed Cookie to prevent injection attacks__CV_APP_SESSION_0001__true
REPORT_EMAIL_ADDRESSAll the problems reported by users on the application will be sent to this email addressreport@email.comtrue
NOREPLY_EMAIL_ADDRESSA simple noreply E-Mail for application routines like password changing, for examplenoreply@email.comtrue
SOCIAL_AUTH_GITHUB_CLIENT_IDIf you intend to support github login you must fill it""false
SOCIAL_AUTH_GITHUB_CLIENT_SECRETIf you intend to support github login you must fill it""false
MONGODB_URIYour MongoDB Database URImongodb://localhost:27017/cvkeeptrue
APP_SECRETThis must be a big random STR to be used as secret and salt for some operations. We recommend at least a 450 chars stringA 450 chars random stringtrue
MAILER_CONFIGA JSON containing the application SMTP config, needed only for production modetrue

The SMTP#

The application SMTP configuration is used to allow the application send e-mails. If you are in local mode, you dont need to configure it, all the sent emails will be directed to the Console (STD) and wont be really sent. But in production mode you must setup it. The SMTP configuration is setted on the MAILER_CONFIG environment variable of your .env files (prefered the .env.production file). The env var content must be a JSON string with no line breaks like this:

{ "service": "Service", "host": "smtp.service.com", "port": 465, "secure": true, "auth": { "user": "user@service.com", "pass": "p2$$w05d" } }

The configuration above is very common: an SMTP service authenticated by user and password. If you need alternative configurations, you can pass any property accepted by the nodemailer configuration. You can checkout the nodemailer docs here: https://www.npmjs.com/package/nodemailer.

The JWT RSA#

The JWT tokens are protected by a RS256 RSA Key Pair with length 4096. This RSA is dynamically generated for you application at the first time you run it and stored on the database. If you need to invalidate all the tokens and their keys, you can go to you database, at the collection jwtsecrets and the delete the content of the fields publicKey and privateKey. After that, restart the application and a new RSA will be generated for you and all the old JWT tokens will be invalidated