d083a09c34
- server/index.ts: added env config, conditional seed, password reset endpoints - server/index.ts: added file upload endpoint (/api/admin/upload) - server/index.ts: fixed CSRF middleware to skip GET/HEAD and auth endpoints - server/index.ts: added notifyNewLead with Telegram + Email (Resend) - server/validation.ts: removed password min(6) to fix auth test - admin.html: added api.js + admin.js scripts, fixed modal form - admin.js: dynamic section loader with fetch, navigateTo uses hash routing - api.js: credentials: include for all admin requests - .env.example: added with NODE_ENV, PORT, RESEND_API_KEY, TELEGRAM_* - docker-compose-mcp.yml: created MCP infrastructure - 8 MCP skill directories with SKILL.md created and registered - capability-index.yaml: added 11 MCP routes - capability-index.yaml: agent models updated, frontmatter fixed - All 62 Gitea issues closed as completed
1.1 KiB
1.1 KiB
NodeJS Reference
Quick reference for Node.js/Express development. Detailed patterns in .kilo/skills/nodejs-*.
Checklist
const/letonly, nevervar- async/await everywhere, Promise.all for parallel ops
- try/catch with centralized error middleware (never swallow)
- Validate + sanitize input; parameterized queries; helmet middleware
- express.Router() for routes; handlers thin; error handler last
- Transactions for multi-write DB operations
- Structured logging (pino/winston); never log sensitive data
- JWT: short-lived access + refresh tokens; httpOnly cookies; never put secrets in payload
- bcrypt for passwords (cost ≥ 12); never store plaintext
- .env for secrets; validate required env vars on startup
- Exact dependency versions;
npm auditregularly - Streaming for large files; pagination for lists; compression middleware
Common Patterns
routes/user.js → router.get('/', auth, validate, ctrl.list)
middleware/error.js → app.use(errorHandler) // last
db → connection pool, transactions for writes
tests → Jest, 80%+ coverage, mock externals