Skip to Content
WWWConfiguration

Configuration Guide

Overview

The www application uses a flexible configuration system that supports multiple environments, secret management, and modular configuration files.

Configuration Architecture

Configuration Files

src/config/
├── index.js          # Main configuration loader
├── ejs.js           # Template engine configuration
├── i18n.js          # Internationalization setup
├── jwt.js           # JWT token configuration
└── passport.js      # Authentication strategies

Environment Management

  • Development: Local development settings
  • Staging: Pre-production environment
  • Production: Live application settings

Environment Variables

Core Application Settings

# Server Configuration
NODE_ENV=development|staging|production
APP_PORT=8079
IS_PRODUCTION=false
 
# Database/Cache
REDIS_URL=redis://localhost:6379
REDIS_PASSWORD=your_redis_password
 
# Authentication
JWT_SECRET=your_jwt_secret_key
JWT_EXPIRES_IN=24h
GOOGLE_CLIENT_ID=your_google_oauth_client_id
GOOGLE_CLIENT_SECRET=your_google_oauth_secret
 
# External Services
INFISICAL_CLIENT_ID=your_infisical_client_id
INFISICAL_CLIENT_SECRET=your_infisical_client_secret
INFISICAL_PROJECT_ID=your_project_id

Service-Specific Variables

# Email Configuration
SMTP_HOST=smtp.example.com
SMTP_PORT=587
SMTP_USER=your_smtp_user
SMTP_PASS=your_smtp_password
 
# SMS/Phone Verification
TWILIO_ACCOUNT_SID=your_twilio_sid
TWILIO_AUTH_TOKEN=your_twilio_token
TWILIO_PHONE_NUMBER=your_twilio_number
 
# API Endpoints
API_BASE_URL=http://localhost:3000
API_VERSION=v1
 
# Logging
LOG_LEVEL=info|debug|error
LOG_FILE_PATH=./logs/app.log

Secret Management

Infisical Integration

The application uses Infisical for secure secret management:

// Automatic secret loading from Infisical
await setEnvFromInfisical();

Infisical Configuration

  • Secrets stored securely in Infisical vault
  • Environment-specific secret management
  • Automatic secret rotation support
  • Development vs production secret isolation

Local Development

# Create .env file for local development
cp .env.example .env
# Edit .env with your local configuration

Configuration Modules

1. Main Configuration (src/config/index.js)

export default function setAppConfig(app) {
  // Express app configuration
  // Middleware setup
  // Static file serving
  // Security headers
}

2. EJS Configuration (src/config/ejs.js)

// Template engine setup
// View directory configuration
// Layout management
// Helper functions

3. Internationalization (src/config/i18n.js)

// Multi-language support
// Locale detection
// Translation loading
// Fallback language handling

4. JWT Configuration (src/config/jwt.js)

// Token signing configuration
// Expiration settings
// Secret management
// Token validation rules

5. Passport Configuration (src/config/passport.js)

// OAuth strategy setup
// User serialization
// Authentication callbacks
// Session management

Database Configuration

Redis Configuration

// Redis connection settings
const redisConfig = {
  host: process.env.REDIS_HOST || 'localhost',
  port: process.env.REDIS_PORT || 6379,
  password: process.env.REDIS_PASSWORD,
  db: process.env.REDIS_DB || 0,
  retryDelayOnFailover: 100,
  maxRetriesPerRequest: 3
};

Connection Management

  • Connection pooling
  • Automatic reconnection
  • Error handling and recovery
  • Health check monitoring

Logging Configuration

Winston Logger Setup

// src/services/loggerService.js
const logger = winston.createLogger({
  level: process.env.LOG_LEVEL || 'info',
  format: winston.format.combine(
    winston.format.timestamp(),
    winston.format.errors({ stack: true }),
    winston.format.json()
  ),
  transports: [
    new winston.transports.File({ filename: 'error.log', level: 'error' }),
    new winston.transports.File({ filename: 'combined.log' })
  ]
});

Log Levels

  • Error: Application errors and exceptions
  • Warn: Warning messages and deprecated features
  • Info: General application information
  • Debug: Detailed debugging information

Security Configuration

CORS Settings

// Cross-Origin Resource Sharing
app.use(cors({
  origin: process.env.ALLOWED_ORIGINS?.split(',') || ['http://localhost:3000'],
  credentials: true,
  methods: ['GET', 'POST', 'PUT', 'DELETE'],
  allowedHeaders: ['Content-Type', 'Authorization']
}));

Security Headers

// Security middleware configuration
app.use(helmet({
  contentSecurityPolicy: {
    directives: {
      defaultSrc: ["'self'"],
      styleSrc: ["'self'", "'unsafe-inline'", "fonts.googleapis.com"],
      fontSrc: ["'self'", "fonts.gstatic.com"],
      scriptSrc: ["'self'", "'unsafe-inline'"]
    }
  }
}));

Rate Limiting

// API rate limiting configuration
const limiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100, // limit each IP to 100 requests per windowMs
  message: 'Too many requests from this IP'
});

Development Configuration

Development-Specific Settings

if (process.env.NODE_ENV === 'development') {
  // Enable detailed error reporting
  app.use(errorHandler());
  
  // Enable CORS for all origins
  app.use(cors({ origin: true }));
  
  // Disable caching
  app.use(noCache());
}

Debug Configuration

  • Detailed error messages
  • Source map generation
  • Hot reload settings
  • Development middleware

Production Configuration

Production Optimizations

if (process.env.NODE_ENV === 'production') {
  // Enable compression
  app.use(compression());
  
  // Strict security headers
  app.use(helmet());
  
  // Enable caching
  app.use(express.static('public', { maxAge: '1y' }));
}

Performance Settings

  • Asset compression
  • Caching strategies
  • Connection pooling
  • Resource optimization

Configuration Validation

Environment Validation

// Required environment variables check
const requiredEnvVars = [
  'JWT_SECRET',
  'GOOGLE_CLIENT_ID',
  'GOOGLE_CLIENT_SECRET',
  'REDIS_URL'
];
 
requiredEnvVars.forEach(envVar => {
  if (!process.env[envVar]) {
    throw new Error(`Missing required environment variable: ${envVar}`);
  }
});

Configuration Testing

  • Environment variable validation
  • Database connection testing
  • External service connectivity
  • Configuration schema validation

Deployment Configuration

Docker Configuration

# Environment variables in Docker
ENV NODE_ENV=production
ENV APP_PORT=8079

Docker Compose

# docker-compose.yml configuration
environment:
  - NODE_ENV=production
  - REDIS_URL=redis://redis:6379

CI/CD Configuration

  • Environment-specific deployments
  • Secret injection in CI/CD
  • Configuration validation in pipelines
  • Automated configuration testing
Last updated on
AuthenticationFrontend assets & build