A template for Express + EJS application with user accounts.
This repository has been archived on 2023-11-02. You can view files and clone it, but cannot push or open issues or pull requests.
Go to file
Renovate 627fffbfe4
--> Linted: CSS No errors were found in the linting process Details
--> Linted: DOCKERFILE_HADOLINT No errors were found in the linting process Details
--> Linted: EDITORCONFIG No errors were found in the linting process Details
--> Linted: GITHUB_ACTIONS No errors were found in the linting process Details
--> Linted: GITLEAKS No errors were found in the linting process Details
--> Linted: JSON No errors were found in the linting process Details
--> Linted: YAML No errors were found in the linting process Details
lint Details
Update dependency eslint-plugin-unicorn to v49
2023-10-29 19:53:53 +00:00
.github Update '.github/workflows/linter.yml' 2023-09-13 16:34:35 +00:00
.vscode Self-Service Social Detach Form 2023-08-20 21:16:08 -05:00
src extend sessions to 1mo. 2023-08-29 07:58:13 -05:00
tools randomly gen more user characteristics. 2023-08-08 15:37:30 -05:00
.dockerignore Initial Commit 2023-06-23 14:49:24 -05:00
.editorconfig unset md 2023-08-02 13:29:31 -05:00
.env.example change morgan to node_env 2023-08-20 09:16:07 -05:00
.eslintrc.json Initial Commit 2023-06-23 14:49:24 -05:00
.gitattributes Initial Commit 2023-06-23 14:49:24 -05:00
.gitignore + PFPs 2023-07-13 22:36:17 -05:00
.htmlhintrc Only show API Key/2FA Recovery Key Once. 2023-08-07 21:26:09 -05:00
Dockerfile Update node Docker tag to v21 2023-10-20 00:16:04 +00:00
LICENSE.md unset md 2023-08-02 13:29:31 -05:00
Makefile Initial Commit 2023-06-23 14:49:24 -05:00
README.md Staff API: deleteUser & detachUser 2023-08-01 12:47:43 -05:00
package-lock.json Update dependency eslint-plugin-unicorn to v49 2023-10-29 19:53:53 +00:00
package.json Update dependency eslint-plugin-unicorn to v49 2023-10-29 19:53:53 +00:00
renovate.json Initial Commit 2023-06-23 14:49:24 -05:00

README.md

express-useraccounts
Donate

A template for Express + EJS application with user accounts.

Screenshots

Screenshots

Notes/Warnings

  • Because of how 2FA is implemented, any route that does not require authentication will not be protected by 2FA. (Homepage for example should have no user data on it because you are not fully logged in. Make another route for /app or whatever that requires authentication.)
  • Pick and choose which Social Sign In methods you want to use. Don't overwhelm the user by turning all of them on.

Features

  • Social Sign In
  • Registration (w/ Forced Email Verification)
  • Login/Logout
  • Forgot Password (Email Reset Link)
  • Edit Profile
    • Change Username
    • Change Password
    • Change Email (Email Confirmation to Old Address to Prevent Hijacking)
    • Change Profile Picture
    • Enable/Disable 2FA (Optional for Users, Forced for Admins)
    • Delete Account
    • Request/Revoke API Key(s)
  • Admin Panel
    • List of Accounts
      • Change User's Username
      • Reset User's Profile Picture
      • Ban/Unban User (Does not let them login)
      • Force Disable 2FA
      • Delete Account
      • Revoke API Key(s)
      • Detach Social Account (User turns into a Local Account, and must reset their password.)
      • View History of a User's Actions
  • Basic Terms of Service and Privacy Policy
  • Report Content Form
  • API (Swagger)
git clone https://git.chse.dev/chase/express-useraccounts.git
cd express-useraccounts
npm install
cp .env.example .env
# Edit .env to your liking
node .

Social Sign In Setup

Social Sign In Setup

In these guides, baseUrl refers to the entire URL of accessing your website. (Example: https://example.com)

Google

  1. Follow the Setting up OAuth 2.0 Google Documentation.
  2. When configuring the OAuth consent screen, ensure you have the scopes email, and profile.
  3. When configuring the Credentials, for authorized JavaScript origins, put the baseUrl.
  4. When configuring the Credentials, for authorized redirect URIs, put the baseUrl/login/google/callback.

Microsoft

  1. Follow the Setting up OAuth 2.0 Microsoft Documentation.
  2. When configuring the Redirect URI, put the baseUrl/login/microsoft/callback.

GitHub

  1. Follow the Setting up OAuth 2.0 GitHub Documentation.
  2. When configuring the Redirect URI, put the baseUrl/login/github/callback.

GitLab

  1. Follow the Setting up OAuth 2.0 GitLab Documentation.
  2. When configuring the Redirect URI, put the baseUrl/login/gitlab/callback.

Bitbucket

  1. Follow the Setting up OAuth 2.0 Bitbucket Documentation.
  2. When configuring the Redirect URI, put the baseUrl/login/bitbucket/callback.

Facebook

  1. Follow the Setting up OAuth 2.0 Facebook Documentation.
  2. When configuring the Redirect URI, put the baseUrl/login/facebook/callback.

Twitter

  1. Follow the Setting up OAuth 2.0 Twitter Documentation.
  2. When configuring the Redirect URI, put the baseUrl/login/twitter/callback.

Twitch

  1. Follow the Setting up OAuth 2.0 Twitch Documentation.
  2. When configuring the Redirect URI, put the baseUrl/login/twitch/callback.

Steam

  1. Get an API Key from Steam.

Spotify

  1. Follow the Setting up OAuth 2.0 Spotify Documentation.
  2. When configuring the Redirect URI, put the baseUrl/login/spotify/callback.

Last.fm

  1. Follow the Setting up OAuth 2.0 Last.fm Documentation.
  2. When configuring the Redirect URI, put the baseUrl/login/lastfm/callback.

Staff Roles

Staff Roles

Admin (Staff=2)

  • Full Access

Generic Staff (Staff=1)

  • Can Access Admin Panel, with restrictions.
  • Cannot see Users History.
  • Users Emails are redacted.
  • Cannot remove 2FA from users using their recovery key.
  • Cannot delete accounts.
  • Cannot revoke API Keys.
  • Cannot change a user's linked Last.fm account.