nogin
A template for quickly building login systems on top of Node.js; a fork of
the "node-login" project.
nogin [help|(add|create|remove|delete|update|view|read)] [options]
Run nogin help for the allowable options of the verbs.
Options
--NL_EMAIL_USER user Email user. Required; no defaults.
--NL_EMAIL_PASS pass Email password (for `NL_EMAIL_USER`). Required; no defaults.
--NL_EMAIL_HOST host Email host. Required; no defaults.
-f, --NL_EMAIL_FROM from Email "from". Required; no defaults.
--NS_EMAIL_TIMEOUT timeout-in-ms Millisecond duration for attempting to send emails. Defaults to 5000.
--NL_SITE_URL url Email site URL. Base URL added within password reset and activation emails.
Required; no defaults.
--PORT port HTTP/S port. Defaults to 3000
--loggerLocale locale Locale for server log messages; defaults to "en-US".
-l, --noLogging Whether to disable logging; defaults to `false` (logging is enabled).
-n, --DB_NAME name Database name; defaults to "nogin"
-t, --DB_HOST host Database host; defaults to "127.0.0.1"
-p, --DB_PORT port Database port; defaults to 27017
-u, --DB_USER user Database user; only needed with env=production
-x, --DB_PASS password Database password; only needed with env=production
--secret secret `cookieParser` secret. Required; no defaults.
--cwd cwd path Current working directory; used with `--config`; defaults to `process.cwd()`
-d, --JS_DIR path Not normally needed; used to point to instrumented path. Defaults to
`/app/public`
--localesBasePath path Points to a base path for finding locales. Defaults to `app/server`. Only
needed if overriding built-in locales.
--postLoginRedirectPath path or URL Points to a path or URL to which to redirect after users successfully log in.
Defaults to `/home` (or locale equivalent). Note that if you are overriding
this option, you should provide another means to your users to visit `/home`,
e.g., through the accessibility-recommended approach of having a site-wide
navigation bar, so as to allow your users to update or delete their accounts.
Note that this option will be overridden by any `redirect` query parameter
present in the URL.
--customRoute locale=route=path A convenience to allow overriding the default route name per locale, e.g.,
`en-US=home=/updateAccount` would change the `/home` path to `/updateAccount`
for the `en-US` locale. If present, this will take precedence over the
routes in `localesBasePath`.
--crossDomainJSRedirects Whether to allow cross-domain redirects (for some values set by
`customRoute`). Note that the very old Firefox 2 will not be able to make
cross-domain redirects regardless of this setting, so it will always use the
(safe) locale redirect.
--composeResetPasswordEmailView path Path to a Node file that will be required. The file must have a
`module.exports` default function export that accepts the template options
(_, jml, baseurl, name, user, passKey, fromText, fromURL). Defaults to
`/app/server/views/composeResetPasswordEmail.js`.
--composeActivationEmailView path Path to a Node file that will be required. The file must have a
`module.exports` default function export that accepts the template options
(_, jml, baseurl, name, user, activationCode, fromText, fromURL). Defaults to
`/app/server/views/composeActivationEmail.js`.
--requireName Whether to require a name (separate from user name, as in a real name) from
users. Default is `false`.
--staticDir absolute path Point to absolute path at which to serve static files on the same server.
Multiple allowed. Not required. To require serving within a particular non-
root path, use `router` with Express' `app.get()` or `app.post`. See
https://expressjs.com/en/api.html
--middleware path Path to a Node file that will be required. The file must have a
`module.exports` default function export that will be passed the resolved
options. Multiple allowed. Not required. To require serving within a
particular non-root path, use `router` with Express' `app.use()`. See
https://expressjs.com/en/api.html#app.use
--router path Path to a Node file that will be required. The file must have a
`module.exports` default function export that will be passed the Express
`app` instance and resolved options. Not required.
--useESM Mainly for easier debugging. Whether to use browser ESM source modules where
available in place of compiled IIFE code. Defaults to `false`.
--noPolyfill Whether to drop the core-js polyfills for compatibility with older browsers.
Defaults to `false`.
--injectHTML path Path to a Node file that will be required. The file must have a
`module.exports` default function export that will be passed a config object,
including a `template` string indicating the template being built. Must
return an object with any of 4 optional methods (`headPre`, `headPost`,
`bodyPre`, and/or `bodyPost`) which should either be an HTML string or an
array of Jamilih children to be appended at the given position (or return an
empty array to add nothing). Not required.
-c, --config config path Used to set config; when `cwd` is set, defaults to "/nogin.json"; of
lower priority than other CLI arguments; may also be a JavaScript file
(nogin.js).
--countryCodes country code Two-letter country codes as JSON array; defaults to codes in
`/app/server/modules/country-codes.json`
-a, --adapter "mongodb" The database adapter to use. Defaults to "mongodb", the only current option.
--favicon favicon path The path to a favicon; defaults to blank.
--stylesheet stylesheet path or URL The path to a custom CSS stylesheet; defaults to no extra stylesheets being
used
--noBuiltinStylesheets Whether to suppress addition of built-in stylesheets, Bootstrap, and gh-fork-
ribbon.css. Defaults to `false`, i.e., built-in stylesheets are applied.
--userJS path or URL Regular client-side JavaScript file to load after other scripts (none by
default)
--userJSModule path or URL ESM client-side JavaScript file to load after other scripts (none by default)
--localScripts Whether to load framework scripts locally instead of via CDN. Defaults to
`false`.
--fromText from Person's name to include as from text in email notifications (password
resets).
--fromURL URL URL of person to include as link on from text in email notifications
(password resets).
-s, --SERVE_COVERAGE Whether to host coverage within `/coverage`; defaults to `false`.
--showUsers Whether to show the `/users` page. Off by default for privacy. (May be
removed as an option in the future if privileges are added.)
-r, --RATE_LIMIT rate limit Used for mitigating DoS attacks; defaults to 100
--disableXSRF Disable Cross-site Resource Forgery checking. This setting should normally
not be used.
--noHelmet Disable helmet use entirely. Off by default.
--helmetOptions options Options to be supplied to helmet. Defaults to `\\u007bframeguard:
\\u007baction: "SAMEORIGIN"\\u007d\\u007d`
--csurfOptions options Options to be supplied to csurf. Defaults to `\\u007bcookie: \\u007bsigned:
true, sameSite: "lax"\\u007d`; you may wish to add `secure: true` to the
`cookie` if serving on HTTPS.
--sessionCookieOptions options Options to be supplied to `cookie` of `express-session`.Defaults to
\\u007bsameSite: 'lax'\\u007d
--sessionOptions options Options to be supplied to `express-session`.Defaults to \\u007bresave: true,
saveUninitialized: true\\u007d along with `cookie: sessionCookieOptions`,
`secret`, and `store: new MongoStore(\\u007burl: DB_URL, mongoOptions:
\\u007buseUnifiedTopology: true, useNewUrlParser: true\\u007d\\u007d)
-v, --version
-h, --help