boom!

overall: formatting check, jsdoc type hints, express res/return stuff

utils - changes in logger, dateformatter and removed unneeded ones

.env file changes

license check, readme update

package.json update - version, deps, URLs

server cleanup

sequelize config check

.env

@@ -0,0 +1,12 @@
+PORT=5000
+TRUST_PROXY = 1
+
+AUTOMAILER_SMTP_SERVICE
+AUTOMAILER_SMTP_HOST
+AUTOMAILER_ID = "mailerID@mailserver.domain"
+AUTOMAILER_APP_PASSWD = "mailerpasswd"
+
+JWTSECRET="somerandomstring"
+
+ADMIN_USER = "ADMIN_USER"
+ADMIN_PASSWD = "SOME_ADMIN_PASSWD"

.env.development

@@ -0,0 +1,8 @@
+DB_USER = your_database_username
+DB_PASSWD = your_database_password
+DB_NAME = your_database_name
+DB_HOST = localhost
+DB_PORT = your_database_port
+DB_DIALECT = your_database_dialect
+
+CAPTCHA_SECRET = 'your-captcha-secret'

.env.production

@@ -0,0 +1,3 @@
+DB_URL = 'your_database_connection_string'
+
+CAPTCHA_SECRET = 'your-captcha-secret'

.gitignore

@@ -6,13 +6,101 @@ yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
 
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
 # Dependency directories
 node_modules/
 
-# dotenv environment variables file
+# TypeScript v1 declaration files
-.env.development
+typings/
-.env.production
-*.env
 
-# Data files
+# TypeScript cache
-*/*.csv
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env.local
+.env.*.local
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# Next.js build output
+.next
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and *not* Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# SQLite db
+*.db

.sequelizerc

@@ -2,5 +2,5 @@ require("dotenv-flow").config();
 
 const path = require("path");
 module.exports = {
-	"config": path.resolve("config", "config.js")
+	"config": path.resolve("config", "sequelize.js")
 };

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Kaushik Narayan R
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1 +1,17 @@
-# Induction app back-end
+# Express-Sequelize backend server template
+
+## To get started
+
+- Clone this repo: `git clone https://github.com/20kaushik02/express-sequelize-backend-template`
+- Reset the git remote repo URL: `git remote rm origin`
+- Set new git remote URL: `git remote add origin https://github.com/20kaushik02/<<new-repo-name>>`
+- Remove the template environment files from git alone: `git rm -r --cached *.env*`
+
+## Project setup
+
+- Edit `package.json` to reflect the new name and URLs
+- Edit `README.md` to reflect project details
+- Run `npm i` to install all dependencies
+- Before running `sequelize-cli` commands while developing, make sure to set `$env:NODE_ENV='development'` on Windows, or `NODE_ENV=development` on Linux/MacOS
+- [See here](https://github.com/kerimdzhanov/dotenv-flow?tab=readme-ov-file#files-under-version-control) for best practices for .env files configuration
+- Staging: `npm run staging_prep` and `npm run staging` to deploy on Render after configuring a new web service on Render dashboard

boilerplates/README.md

@@ -0,0 +1 @@
+# Boilerplates - reusable code templates

boilerplates/controller.js

@@ -1,16 +1,21 @@
-const typedefs = require("../typedefs");
 const logger = require("../utils/logger")(module);
 
+const typedefs = require("../typedefs");
+
 /**
- * @param {typedefs.Req} req
+ * Business logic to go in these controller functions.
- * @param {typedefs.Res} res
+ * Everything should be contained inside try-catch blocks
+ * 
+ * @param {typedefs.Req} req Express request object
+ * @param {typedefs.Res} res Express response object
  */
 const __controller_func = async (req, res) => {
 	try {
 
 	} catch (error) {
-		logger.error("Error", { error });
+		res.sendStatus(500);
-		return res.status(500).send({ message: "Server Error. Try again." });
+		logger.error("__controller_func", { error });
+		return;
 	}
 }
 

boilerplates/route.js

@@ -3,11 +3,15 @@ const router = require("express").Router();
 const { validate } = require("../validators");
 
 router.get(
-
+	// URL,
+	// middleware,
+	// validators,
+	// validate,
+	// controller
 );
 
 router.post(
-
+	//similar
 );
 
 module.exports = router;

boilerplates/validator.js

@@ -3,6 +3,12 @@ const { body, header, param, query } = require("express-validator");
 const typedefs = require("../typedefs");
 
 /**
+ * Validator middleware function
+ * 
+ * Use the necessary part of the request, such as params for URL parameters, or query for query parameters.
+ * 
+ * Refer https://github.com/validatorjs/validator.js for a full list of the validators and sanitizers available.
+ * 
  * @param {typedefs.Req} req 
  * @param {typedefs.Res} res 
  * @param {typedefs.Next} next 
@@ -18,5 +24,4 @@ const __validator_func = async (req, res, next) => {
 
 module.exports = {
 	__validator_func,
-}
+};
-

config/README.md

@@ -0,0 +1 @@
+# Configuration files and data

config/config.js

@@ -1,16 +0,0 @@
-module.exports = {
-  "development": {
-    "username": process.env.DB_USERNAME, // local PostgreSQL DB username
-    "password": process.env.DB_PASSWORD, // local PostgreSQL DB password
-    "host": "127.0.0.1", // localhost
-    "database": process.env.DB_NAME, // local PostgreSQL DB name
-    "dialect": "postgres"
-  },
-  "production": {
-    "use_env_variable": "DB_URL", // production database connection string
-    "dialect": "postgres",
-    "dialectOptions": {
-      "ssl": true,
-    },
-  }
-}

config/sequelize.js

@@ -0,0 +1,28 @@
+const logger = require("../utils/logger")(module);
+
+const connConfigs = {
+	development: {
+		username: process.env.DB_USERNAME || 'postgres',
+		password: process.env.DB_PASSWORD || '',
+		database: process.env.DB_NAME || 'postgres',
+		host: process.env.DB_HOST || '127.0.0.1',
+		port: process.env.DB_PORT || 5432,
+	},
+	staging: {
+		use_env_variable: "DB_URL", // use connection string for non-dev env
+	},
+	production: {
+		use_env_variable: "DB_URL", // use connection string for non-dev env
+		// dialectOptions: {
+		//   ssl: true,
+		// },
+	}
+}
+
+// common config
+for (const conf in connConfigs) {
+	connConfigs[conf]['logging'] = (msg) => logger.debug(msg);
+	connConfigs[conf]['dialect'] = process.env.DB_DIALECT || 'postgres';
+}
+
+module.exports = connConfigs;

controllers/README.md

@@ -0,0 +1 @@
+# Controllers - business logic functions, end of the API route

index.js

@@ -1,21 +1,35 @@
-require("dotenv-flow").config();7
+require("dotenv-flow").config();
 
+const util = require('util');
 const express = require("express");
+
 const cors = require("cors");
 const helmet = require("helmet");
+
 const logger = require("./utils/logger")(module);
 
 const app = express();
 
-app.use(express.json());
+// Enable this if you run behind a proxy (e.g. nginx)
-app.use(express.urlencoded({ extended: true }));
+app.set('trust proxy', process.env.TRUST_PROXY);
 
 app.use(cors());
 app.use(helmet());
 app.disable("x-powered-by");
 
-app.use((_req, res) => {
+app.use(express.json());
-	return res.status(200).send("Induction app back-end.");
+app.use(express.urlencoded({ extended: true }));
+
+// Static
+app.use(express.static(__dirname + '/static'));
+
+// Put routes here
+
+// Fallbacks
+app.use((req, res) => {
+	res.status(200).send("Back-end for");
+	logger.info("Unrecognized URL", { url: req.url });
+	return;
 });
 
 const port = process.env.PORT || 5000;
@@ -23,3 +37,20 @@ const port = process.env.PORT || 5000;
 app.listen(port, () => {
 	logger.info(`App Listening on port ${port}`);
 });
+
+const cleanupFunc = (signal) => {
+	if (signal)
+		logger.info(`${signal} signal received, shutting down now...`);
+
+	Promise.allSettled([
+		// handle DB conn, sockets, etc. here
+		util.promisify(server.close),
+	]).then(() => {
+		logger.info("Cleaned up, exiting.");
+		process.exit(0);
+	});
+}
+
+['SIGHUP', 'SIGINT', 'SIGQUIT', 'SIGTERM', 'SIGUSR1', 'SIGUSR2'].forEach((signal) => {
+	process.on(signal, () => cleanupFunc(signal));
+});

keys/README.md

@@ -0,0 +1 @@
+# Keys - public/private key pairs for certificate QR signing and verification

middleware/README.md

@@ -0,0 +1 @@
+# Middleware - functionalities that must be in the middle of the API route control flow

middleware/admin.js

@@ -0,0 +1,37 @@
+const logger = require("../utils/logger")(module);
+
+const typedefs = require("../typedefs");
+
+const creds = JSON.parse(process.env.ADMIN_CREDS);
+
+/**
+ * Middleware to validate admin access
+ * @param {typedefs.Req} req 
+ * @param {typedefs.Res} res 
+ * @param {typedefs.Next} next 
+ */
+const adminQueryCreds = async (req, res, next) => {
+	try {
+		/** @type {any} */
+		const { user, access } = req.query;
+		if (creds[user] === access) {
+			logger.info("Admin access - " + user);
+			next();
+		}
+		else {
+			// we do a bit of trolling here
+			const unauthIP = req.headers['x-real-ip'] || req.ip
+			res.status(401).send("Intruder alert. IP address: " + unauthIP);
+			logger.warn("Intruder alert.", { ip: unauthIP });
+			return;
+		}
+	} catch (error) {
+		res.sendStatus(500);
+		logger.error("adminQueryCreds", { error });
+		return;
+	}
+}
+
+module.exports = {
+	adminQueryCreds,
+};

middleware/captcha.js

@@ -0,0 +1,39 @@
+const fetch = require("cross-fetch");
+
+const logger = require("../utils/logger")(module);
+
+const typedefs = require("../typedefs");
+
+/**
+ * Google ReCAPTCHA v2 verification
+ * 
+ * @param {typedefs.Req} req 
+ * @param {typedefs.Res} res 
+ * @param {typedefs.Next} next 
+ */
+const verifyCaptcha = async (req, res, next) => {
+	try {
+		const secretKey = process.env.CAPTCHA_SECRET;
+
+		const verifyCaptchaURL = `https://google.com/recaptcha/api/siteverify?secret=${secretKey}&response=${req.body.captcha}`;
+
+		const captchaResp = await fetch(verifyCaptchaURL);
+		const captchaData = await captchaResp.json();
+		if (captchaData.success !== undefined && !captchaData.success) {
+			res.status(403).send({
+				message: "Failed captcha verification"
+			});
+			logger.error("Recaptcha", { captchaData });
+			return;
+		}
+		next();
+	} catch (error) {
+		res.sendStatus(500);
+		logger.error("verifyCaptcha", { error });
+		return;
+	}
+}
+
+module.exports = {
+	verifyCaptcha
+};

migrations/README.md

@@ -0,0 +1 @@
+# Sequelize migrations folder

models/README.md

@@ -0,0 +1 @@
+# Sequelize model schema

models/index.js

@@ -2,13 +2,12 @@
 const fs = require("fs");
 const path = require("path");
 const Sequelize = require("sequelize");
-
+const logger = require("../utils/logger")(module);
 const basename = path.basename(__filename);
 const env = process.env.NODE_ENV || "development";
-const config = require(__dirname + "/../config/config.js")[env];
+const config = require(__dirname + "/../config/sequelize.js")[env];
 const db = {};
 
-// Create new Sequelize instance
 let sequelize;
 if (config.use_env_variable) {
 	sequelize = new Sequelize(process.env[config.use_env_variable], config);
@@ -16,6 +15,16 @@ if (config.use_env_variable) {
 	sequelize = new Sequelize(config.database, config.username, config.password, config);
 }
 
+(async () => {
+	try {
+		await sequelize.authenticate();
+		logger.info("Sequelize auth success");
+	} catch (error) {
+		logger.error("Sequelize auth error", { err });
+		throw error;
+	}
+})();
+
 // Read model definitions from folder
 fs
 	.readdirSync(__dirname)

package.json

@@ -1,39 +1,46 @@
 {
-  "name": "induction-api-2023",
+  "name": "backend-template",
-  "version": "1.0.0",
+  "version": "2.0.0",
-  "description": "",
+  "description": "Template for a back-end server using Express and Sequelize.",
   "main": "index.js",
   "scripts": {
     "dev": "cross-env NODE_ENV=development nodemon --exitcrash index.js",
-    "prod": "cross-env NODE_ENV=production node index.js"
+    "staging_prep": "npm i && cross-env NODE_ENV=staging npx sequelize-cli db:migrate",
+    "staging": "cross-env NODE_ENV=staging node index.js",
+    "prod": "NODE_ENV=production node index.js"
   },
   "repository": {
     "type": "git",
-    "url": "git+https://gitlab.com/ctf-tech-2023/induction-api-2023.git"
+    "url": "git+https://github.com/20kaushik02/express-sequelize-backend-template.git"
   },
-  "author": "",
+  "author": "Kaushik Ravishankar <rknarayan02@gmail.com>",
-  "license": "ISC",
+  "license": "MIT",
   "bugs": {
-    "url": "https://gitlab.com/ctf-tech-2023/induction-api-2023/issues"
+    "url": "https://github.com/20kaushik02/express-sequelize-backend-template/issues"
   },
-  "homepage": "https://gitlab.com/ctf-tech-2023/induction-api-2023#readme",
+  "homepage": "https://github.com/20kaushik02/express-sequelize-backend-template#readme",
   "dependencies": {
+    "archiver": "^7.0.1",
     "cors": "^2.8.5",
-    "cross-fetch": "^3.1.5",
+    "cross-fetch": "^4.0.0",
-    "dotenv-flow": "^3.2.0",
+    "dotenv-flow": "^4.1.0",
-    "express": "^4.18.1",
+    "express": "^4.18.2",
-    "express-validator": "^6.14.2",
+    "express-validator": "^7.2.0",
-    "fast-csv": "^4.3.6",
+    "fast-csv": "^5.0.1",
-    "helmet": "^6.0.0",
+    "helmet": "^7.1.0",
-    "jsonwebtoken": "^8.5.1",
+    "jsonwebtoken": "^9.0.2",
-    "nodemailer": "^6.8.0",
+    "nodemailer": "^6.9.14",
-    "pg": "^8.8.0",
+    "pg": "^8.12.0",
-    "sequelize": "^6.24.0",
+    "qrcode": "^1.5.4",
-    "winston": "^3.8.2"
+    "sequelize": "^6.37.3",
+    "winston": "^3.14.1"
   },
   "devDependencies": {
+    "@types/express": "^4.17.21",
+    "@types/node": "^22.2.0",
     "cross-env": "^7.0.3",
-    "nodemon": "^2.0.20",
+    "nodemon": "^3.1.4",
-    "sequelize-cli": "^6.5.1"
+    "sequelize-cli": "^6.6.2",
+    "typescript": "^5.5.4"
   }
 }

routes/README.md

@@ -0,0 +1 @@
+# Routes - define control flow of the API route

seeders/README.md

@@ -0,0 +1 @@
+# Sequelize seeder scripts - initial data feed, for dummy data and testing

typedefs.js

@@ -1,15 +1,11 @@
+// Type definitions to enable better auto-complete features.
+
 /**
  * @typedef {import("module")} Module
  * 
  * @typedef {import("express").Request} Req
  * @typedef {import("express").Response} Res
  * @typedef {import("express").NextFunction} Next
- * 
- * @typedef {import("sequelize") Sequelize}
- * @typedef {import("sequelize").Model Model}
- * @typedef {import("sequelize").QueryInterface QueryInterface}
- * 
- * @typedef {import("winston").Logger} Logger
  */
 
 exports.unused = {};

utils/README.md

@@ -0,0 +1 @@
+## General, reusable functionalities unrelated to API

utils/archiver.js

@@ -0,0 +1,27 @@
+const fs = require("fs");
+const archiver = require('archiver');
+
+/**
+ * @param {string} sourceDir /some/folder/to/compress
+ * @param {string} outPath /path/to/created.zip
+ * @returns {Promise}
+ */
+function zipDirectory(sourceDir, outPath) {
+	const archive = archiver('zip', { zlib: { level: 9 } });
+	const stream = fs.createWriteStream(outPath);
+
+	return new Promise((resolve, reject) => {
+		archive
+			.directory(sourceDir, false)
+			.on('error', err => reject(err))
+			.pipe(stream)
+			;
+
+		stream.on('close', () => resolve());
+		archive.finalize();
+	});
+}
+
+module.exports = {
+	zipDirectory,
+};

utils/dateFormatter.js

@@ -0,0 +1,14 @@
+/**
+ * Returns a timestamp string to use for timestamped files
+ * @returns {string} String of current datetime in YYYYMMDDHHMMSS format
+ */
+const dateForFilename = () => {
+	return new Date().
+		toISOString().slice(-24).
+		replace(/\D/g, '').
+		slice(0, 14);
+}
+
+module.exports = {
+	dateForFilename,
+};

utils/formData.js

@@ -0,0 +1,35 @@
+/**
+ * Recursively build a FormData object from a JSON object
+ * @param {FormData} formData
+ * @param {any} data
+ * @param {string} parentKey
+ */
+function buildFormData(formData, data, parentKey) {
+	if (data && typeof data === 'object' && !(data instanceof Date)) {
+		Object.keys(data).forEach(key => {
+			buildFormData(formData, data[key], parentKey ? `${parentKey}[${key}]` : key);
+		});
+	} else {
+		const value = data == null ? '' : data;
+
+		formData.append(parentKey, value);
+	}
+}
+
+/**
+ * Converts a JSON object to a FormData object
+ * @param {any} data
+ * @returns {FormData}
+ */
+function jsonToFormData(data) {
+	const formData = new FormData();
+
+	buildFormData(formData, data);
+
+	return formData;
+}
+
+module.exports = {
+	jsonToFormData,
+	buildFormData,
+};

utils/jsonTransformer.js

@@ -0,0 +1,23 @@
+/**
+ * Stringifies only values of a JSON object, including nested ones
+ * 
+ * @param {any} obj JSON object
+ * @param {string} delimiter Delimiter of final string
+ * @returns {string}
+ */
+const getNestedValuesString = (obj, delimiter = ', ') => {
+	let values = [];
+	for (key in obj) {
+		if (typeof obj[key] !== "object") {
+			values.push(obj[key]);
+		} else {
+			values = values.concat(getNestedValuesString(obj[key]));
+		}
+	}
+
+	return values.join(delimiter);
+}
+
+module.exports = {
+	getNestedValuesString
+};

utils/logger.js

@@ -1,35 +1,34 @@
 const path = require("path");
 
-const { createLogger, transports, config, format } = require("winston");
+const { createLogger, transports, config, format } = require('winston');
-const { combine, label, timestamp, printf } = format;
+const { combine, label, timestamp, printf, errors } = format;
 
 const typedefs = require("../typedefs");
 
 const getLabel = (callingModule) => {
-  const parts = callingModule.filename.split(path.sep);
+	if (!callingModule.filename) return "repl";
+	const parts = callingModule.filename?.split(path.sep);
 	return path.join(parts[parts.length - 2], parts.pop());
 };
 
-const logMetaReplacer = (key, value) => {
+const allowedErrorKeys = ["name", "code", "message", "stack"];
-  if (key === "error") {
-    return value.name + ": " + value.message;
-  }
-  return value;
-}
 
 const metaFormat = (meta) => {
 	if (Object.keys(meta).length > 0)
-    return "\n" + JSON.stringify(meta, logMetaReplacer) + "\n";
+		return '\n' + JSON.stringify(meta, null, "\t");
-  return "\n";
+	return '';
 }
 
 const logFormat = printf(({ level, message, label, timestamp, ...meta }) => {
-  if (meta.error) {
+	if (meta.error) { // if the error was passed
 		for (const key in meta.error) {
-      if (typeof key !== "symbol" && key !== "message" && key !== "name") {
+			if (!allowedErrorKeys.includes(key)) {
-        delete meta.error[key]
+				delete meta.error[key];
 			}
 		}
+		const { stack, ...rest } = meta.error;
+		return `${timestamp} [${label}] ${level}: ${message}${metaFormat(rest)}\n` +
+			`${stack ?? ''}`;
 	}
 	return `${timestamp} [${label}] ${level}: ${message}${metaFormat(meta)}`;
 });
@@ -37,23 +36,32 @@ const logFormat = printf(({ level, message, label, timestamp, ...meta }) => {
 /**
  * Creates a curried function, and call it with the module in use to get logs with filename
  * @param {typedefs.Module} callingModule The module from which the logger is called
- * @returns {typedefs.Logger} 
  */
-const logger = (callingModule) => {
+const curriedLogger = (callingModule) => {
-  return createLogger({
+	let winstonLogger = createLogger({
 		levels: config.npm.levels,
 		format: combine(
+			errors({ stack: true }),
 			label({ label: getLabel(callingModule) }),
-      timestamp({ format: "YYYY-MM-DD HH:mm:ss" }),
+			timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }),
 			logFormat,
 		),
 		transports: [
-      process.env.NODE_ENV !== "production" ?
+			new transports.Console({ level: 'info' }),
-        new transports.Console() :
+			new transports.File({
-        new transports.File({ filename: __dirname + "/../logs/common.log" }),
+				filename: __dirname + '/../logs/debug.log',
-      new transports.File({ filename: __dirname + "/../logs/error.log", level: "error" }),
+				level: 'debug',
+				maxsize: 10485760,
+			}),
+			new transports.File({
+				filename: __dirname + '/../logs/error.log',
+				level: 'error',
+				maxsize: 1048576,
+			}),
 		]
 	});
+	winstonLogger.on('error', (error) => winstonLogger.error("Error inside logger", { error }));
+	return winstonLogger;
 }
 
-module.exports = logger;
+module.exports = curriedLogger;

utils/sendAttachment.js

@@ -0,0 +1,30 @@
+const typedefs = require("../typedefs");
+
+const fastCSV = require("fast-csv");
+const stream = require("stream");
+
+/**
+ * Sends object data from Sequelize after formatting into CSV
+ * 
+ * @param {typedefs.Res} res Express response object
+ * @param {string} filename Filename for attachment. Prefer timestamped names
+ * @param {any[]} data Data from database queries, without metadata
+ * @returns 
+ */
+const sendCSV = async (res, filename, data) => {
+	const csvData = await fastCSV.writeToBuffer(data, { headers: true });
+
+	// refer https://stackoverflow.com/a/45922316/
+	const fileStream = new stream.PassThrough();
+	fileStream.end(csvData);
+
+	res.attachment(filename + ".csv");
+	res.type("text/csv");
+
+	fileStream.pipe(res);
+	return;
+}
+
+module.exports = {
+	sendCSV,
+}

utils/token.js

@@ -0,0 +1,48 @@
+const fs = require("fs");
+const jwt = require("jsonwebtoken");
+
+const privateKey = fs.readFileSync(process.env.PRIVKEY_PATH);
+const publicKey = fs.readFileSync(process.env.PUBKEY_PATH);
+
+/**
+ * Sign data into JWT with JWT env secret
+ * @param {string|any} data
+ * @returns {jwt.JwtPayload}
+ */
+const getJWT = (data) => {
+	return jwt.sign({ id: data }, process.env.JWTSECRET, { algorithm: "HS256" }); // symmetric encryption, so simple secret with SHA
+};
+
+/**
+ * Sign data into JWT with private key.
+ * @param {string|any} data 
+ * @returns {jwt.JwtPayload}
+ */
+const getSignedJWT = (data) => {
+	return jwt.sign({ id: data }, privateKey, { algorithm: "RS256" }); // asymmetric signing, so private key with RSA
+}
+
+/**
+ * Verify a JWT with JWT env secret
+ * @param {jwt.JwtPayload} data
+ * @returns {string|any}
+ */
+const verifyJWT = (data) => {
+	return jwt.verify(data, process.env.JWTSECRET, { algorithms: ["HS256"] });
+}
+
+/**
+ * Verify a signed JWT with public key.
+ * @param {jwt.JwtPayload} signedString 
+ * @returns {string|any}
+ */
+const verifySignedJWT = (signedString) => {
+	return jwt.verify(signedString, publicKey, { algorithms: ["RS256"] });
+}
+
+module.exports = {
+	getJWT,
+	verifyJWT,
+	getSignedJWT,
+	verifySignedJWT,
+};

validators/README.md

@@ -0,0 +1 @@
+## Validators - middleware functions for request object validation

validators/index.js

@@ -1,9 +1,13 @@
 const { validationResult } = require("express-validator");
 
+const { getNestedValuesString } = require("../utils/jsonTransformer");
+const logger = require("../utils/logger")(module);
+
 const typedefs = require("../typedefs");
 
 /**
- * Middleware to call after running validators to finalize result
+ * Refer: https://stackoverflow.com/questions/58848625/access-messages-in-express-validator
+ * 
  * @param {typedefs.Req} req 
  * @param {typedefs.Res} res 
  * @param {typedefs.Next} next 
@@ -13,16 +17,30 @@ const validate = (req, res, next) => {
 	if (errors.isEmpty()) {
 		return next();
 	}
-	const extractedErrors = []
-	errors.array().map(err => extractedErrors.push({
-		[err.param]: err.msg
-	}));
 
-	return res.status(400).json({
+	const extractedErrors = [];
-		message: extractedErrors,
+	errors.array().forEach(err => {
-	})
+		if (err.type === 'alternative') {
+			err.nestedErrors.forEach(nestedErr => {
+				extractedErrors.push({
+					[nestedErr.path]: nestedErr.msg
+				});
+			});
+		} else if (err.type === 'field') {
+			extractedErrors.push({
+				[err.path]: err.msg
+			});
+		}
+	});
+
+	res.status(400).json({
+		message: getNestedValuesString(extractedErrors),
+		errors: extractedErrors
+	});
+	logger.warn("invalid request", { extractedErrors });
+	return;
 }
 
 module.exports = {
-	validate,
+	validate
-}
+};