nogin
A template for quickly building login systems on top of Node.js; a fork of
the "node-login" project.
nogin [help|(add|create|remove|delete|update|view|read)] [options]
Run nogin help for the allowable options of the verbs.
Options
--NL_EMAIL_USER user Email user. Required; no defaults.
--NL_EMAIL_PASS pass Email password (for `NL_EMAIL_USER`). Required; no defaults.
--NL_EMAIL_HOST host Email host. Required; no defaults.
-f, --NL_EMAIL_FROM from Email "from". Required; no defaults.
--NS_EMAIL_TIMEOUT timeout-in-ms Millisecond duration for attempting to send emails. Defaults to 5000.
--NL_SITE_URL url Email site URL. Base URL added within password reset and activation emails.
Required; no defaults.
--PORT port HTTP/S port. Defaults to 3000
--loggerLocale locale Locale for server log messages; defaults to "en-US".
-l, --noLogging Whether to disable logging; defaults to `false` (logging is enabled).
-n, --DB_NAME name Database name; defaults to "nogin"
-t, --DB_HOST host Database host; defaults to "127.0.0.1"
-p, --DB_PORT port Database port; defaults to 27017
-u, --DB_USER user Database user; only needed with env=production
-x, --DB_PASS password Database password; only needed with env=production
--secret secret `cookieParser` secret. Required; no defaults.
--cwd cwd path Current working directory; used with `--config`; defaults to `process.cwd()`
-d, --JS_DIR path Not normally needed; used to point to instrumented path. Defaults to
`/app/public`
--localesBasePath path Points to a base path for finding locales. Defaults to `app/server`. Only
needed if overriding built-in locales.
--postLoginRedirectPath path or URL Points to a path or URL to which to redirect after users successfully log in.
Defaults to `/home` (or locale equivalent). Note that if you are overriding
this option, you should provide another means to your users to visit `/home`,
e.g., through the accessibility-recommended approach of having a site-wide
navigation bar, so as to allow your users to update or delete their accounts.
Note that this option will be overridden by any `redirect` query parameter
present in the URL.
--customRoute locale=route=path A convenience to allow overriding the default route name per locale, e.g.,
`en-US=home=/updateAccount` would change the `/home` path to `/updateAccount`
for the `en-US` locale. If present, this will take precedence over the
routes in `localesBasePath`.
--rootUser user Users who are granted all available privileges to view and edit users.
--crossDomainJSRedirects Whether to allow cross-domain redirects (for some values set by
`customRoute`). Note that the very old Firefox 2 will not be able to make
cross-domain redirects regardless of this setting, so it will always use the
(safe) locale redirect.
--composeResetPasswordEmailView path Path to a Node file that will be imported. The file must have an ESM default
function export that accepts the template options (_, jml, baseurl, name,
user, passKey, fromText, fromURL). Defaults to
`/app/server/views/composeResetPasswordEmail.js`.
--composeActivationEmailView path Path to a Node file that will be imported. The file must have an ESM default
function export that accepts the template options (_, jml, baseurl, name,
user, activationCode, fromText, fromURL). Defaults to
`/app/server/views/composeActivationEmail.js`.
--requireName Whether to require a name (separate from user name, as in a real name) from
users. Default is `false`.
--staticDir absolute path Point to absolute path at which to serve static files on the same server.
Multiple allowed. Not required. To require serving within a particular non-
root path, use `router` with Express' `app.get()` or `app.post`. See
https://expressjs.com/en/api.html
--middleware path Path to a Node file that will be imported. The file must have an ESM default
function export that will be passed the resolved options. Multiple allowed.
Not required. To require serving within a particular non-root path, use
`router` with Express' `app.use()`. See
https://expressjs.com/en/api.html#app.use
--router path Path to a Node file that will be imported. The file must have an ESM default
function export that will be passed the Express `app` instance and resolved
options. Not required.
--fallback path Path to a Node file that will be imported. Use for a file server. The file
must have an ESM default function export that will be passed the `req`
object, `res` object, and `next` function. Probably required.
--useESM Mainly for easier debugging. Whether to use browser ESM source modules where
available in place of compiled IIFE code. Defaults to `false`.
--noPolyfill Whether to drop the core-js polyfills for compatibility with older browsers.
Defaults to `false`.
--injectHTML path Path to a Node file that will be imported. The file must have an ESM default
function export that will be passed a config object, including a `template`
string indicating the template being built. Must return an object with any of
4 optional methods (`headPre`, `headPost`, `bodyPre`, and/or `bodyPost`)
which should either be an HTML string or an array of Jamilih children to be
appended at the given position (or return an empty array to add nothing). Not
required.
-c, --config config path Used to set config; when `cwd` is set, defaults to "/nogin.json"; of
lower priority than other CLI arguments; may also be a JavaScript file
(nogin.js).
--countryCodes country code Two-letter country codes as JSON array; defaults to codes in
`/app/server/modules/country-codes.json`
-a, --adapter "mongodb" The database adapter to use. Defaults to "mongodb", the only current option.
--favicon favicon path The path to a favicon; defaults to blank.
--stylesheet stylesheet path or URL The path to a custom CSS stylesheet; defaults to no extra stylesheets being
used
--noBuiltinStylesheets Whether to suppress addition of built-in stylesheets, Bootstrap, and gh-fork-
ribbon.css. Defaults to `false`, i.e., built-in stylesheets are applied.
--userJS path or URL Regular client-side JavaScript file to load after other scripts (none by
default)
--userJSModule path or URL ESM client-side JavaScript file to load after other scripts (none by default)
--localScripts Whether to load framework scripts locally instead of via CDN. Defaults to
`false`.
--fromText from Person's name to include as from text in email notifications (password
resets).
--fromURL URL URL of person to include as link on from text in email notifications
(password resets).
-s, --SERVE_COVERAGE Whether to host coverage within `/coverage`; defaults to `false`.
-r, --RATE_LIMIT rate limit Used for mitigating DoS attacks; defaults to 700
--disableXSRF Disable Cross-site Resource Forgery checking. This setting should normally
not be used.
--noHelmet Disable helmet use entirely. Off by default.
--noHostValidation Disable hostValidation use entirely. Off by default.
--helmetOptions options Options to be supplied to helmet. Defaults to `{frameguard: {action:
"SAMEORIGIN"}}`
--csurfOptions options Options to be supplied to csurf. Defaults to `{cookie: {signed: true,
sameSite: "lax"}`; you may wish to add `secure: true` to the `cookie` if
serving on HTTPS.
--sessionCookieOptions options Options to be supplied to `cookie` of `express-session`.Defaults to
{sameSite: 'lax'}
--sessionOptions options Options to be supplied to `express-session`.Defaults to {resave: true,
saveUninitialized: true} along with `cookie: sessionCookieOptions`, `secret`,
and `store: MongoStore.create({mongoUrl: DB_URL})`
--transferLimit limit Options to be supplied to `express.json` and `express.urlencoded`. Defaults
to 10mb
--signupAgreement string JSON containing locale-keyed signup agreements. Defaults to no signup
agreement.
-v, --version
-h, --help