[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-1619":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":15,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":21,"hasPages":21,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":30,"readmeContent":31,"aiSummary":32,"trendingCount":16,"starSnapshotCount":16,"syncStatus":33,"lastSyncTime":34,"discoverSource":35},1619,"hackathon-starter","sahat\u002Fhackathon-starter","sahat","A boilerplate for Node.js web applications","",null,"JavaScript",35223,8163,723,4,0,10,22,45,"MIT License",false,"master",[24,25,26,27,28,29],"boilerplate","hackathon","hacktoberfest","nodejs","oauth2","starter-kit","2026-06-12 02:00:30","![](https:\u002F\u002Flh4.googleusercontent.com\u002F-PVw-ZUM9vV8\u002FUuWeH51os0I\u002FAAAAAAAAD6M\u002F0Ikg7viJftQ\u002Fw1286-h566-no\u002Fhackathon-starter-logo.jpg)\nHackathon Starter\n=======================\n[![Ask DeepWiki](https:\u002F\u002Fdeepwiki.com\u002Fbadge.svg)](https:\u002F\u002Fdeepwiki.com\u002Fsahat\u002Fhackathon-starter)\n\n**Live Demo**: [Link](https:\u002F\u002Fhackathon-starter-1.ydftech.com)\n\nJump to [What's new?](https:\u002F\u002Fgithub.com\u002Fsahat\u002Fhackathon-starter\u002Fblob\u002Fmaster\u002FCHANGELOG.md)\n\nA boilerplate for **Node.js** web applications.\n\nIf you have attended any hackathons in the past, then you know how much time it takes to get a project started: decide on what to build, pick a programming language, pick a web framework, pick a CSS framework. A while later, you might have an initial project up on GitHub, and only then can other team members start contributing. Or how about doing something as simple as _Sign in with Facebook_ authentication? You can spend hours on it if you are not familiar with how OAuth 2.0 works.\n\nWhen I started this project, my primary focus was on **simplicity** and **ease of use**.\nI also tried to make it as **generic** and **reusable** as possible to cover most use cases of hackathon web apps, without being too specific. In the worst case, you can use this as a learning guide for your projects, if for example you are only interested in **Sign in with Google** authentication and nothing else.\n\n### Testimonials\n\n> [**\"Nice! That README alone is already gold!\"**](https:\u002F\u002Fwww.producthunt.com\u002Ftech\u002Fhackathon-starter#comment-224732)\u003Cbr>\n> — Adrian Le Bas\n\n> [**\"Awesome. Simply awesome.\"**](https:\u002F\u002Fwww.producthunt.com\u002Ftech\u002Fhackathon-starter#comment-224966)\u003Cbr>\n> — Steven Rueter\n\n> [**\"I'm using it for a year now and many projects, it's an awesome boilerplate and the project is well maintained!\"**](https:\u002F\u002Fwww.producthunt.com\u002Ftech\u002Fhackathon-starter#comment-228610)\u003Cbr>\n> — Kevin Granger\n\n> **\"Small world with Sahat's project. We were using his hackathon starter for our hackathon this past weekend and got some prizes. Really handy repo!\"**\u003Cbr>\n> — Interview candidate for one of the companies I used to work with.\n\n\u003Ch4 align=\"center\">Modern Theme\u003C\u002Fh4>\n\n![](https:\u002F\u002Flh6.googleusercontent.com\u002F-KQTmCFNK6MM\u002FU7OZpznjDuI\u002FAAAAAAAAERc\u002Fh3jR27Uy1lE\u002Fw1366-h1006-no\u002FScreenshot+2014-07-02+01.32.22.png)\n\n\u003Ch4 align=\"center\">Flatly Bootstrap Theme\u003C\u002Fh4>\n\n![](https:\u002F\u002Flh5.googleusercontent.com\u002F-oJ-7bSYisRY\u002FU1a-WhK_LoI\u002FAAAAAAAAECM\u002Fa04fVYgefzw\u002Fw1474-h1098-no\u002FScreen+Shot+2014-04-22+at+3.08.33+PM.png)\n\n\u003Ch4 align=\"center\">API Examples\u003C\u002Fh4>\n\n![](https:\u002F\u002Flh5.googleusercontent.com\u002F-BJD2wK8CvC8\u002FVLodBsyL-NI\u002FAAAAAAAAEx0\u002FSafE6o_qq_I\u002Fw1818-h1186-no\u002FScreenshot%2B2015-01-17%2B00.25.49.png)\n\n## Table of Contents\n\n- [Features](#features)\n- [Prerequisites](#prerequisites)\n- [Getting Started](#getting-started)\n- [HTTPS Proxy](#https-proxy)\n- [Obtaining API Keys](#obtaining-api-keys)\n- [Web Analytics](#web-analytics)\n- [Open Graph](#open-graph)\n- [Project Structure](#project-structure)\n- [List of Packages](#list-of-packages)\n- [Useful Tools and Resources](#useful-tools-and-resources)\n- [Recommended Design Resources](#recommended-design-resources)\n- [Recommended Node.js Libraries](#recommended-nodejs-libraries)\n- [Recommended Client-side Libraries](#recommended-client-side-libraries)\n- [Using AI Assistants](#using-ai-assistants)\n- [FAQ](#faq)\n- [How It Works](#how-it-works-mini-guides)\n- [Cheatsheets](#cheatsheets)\n - [ES6](#-es6-cheatsheet)\n - [JavaScript Date](#-javascript-date-cheatsheet)\n - [Mongoose Cheatsheet](#mongoose-cheatsheet)\n- [Deployment](#deployment)\n- [Production](#production)\n- [Changelog](#changelog)\n- [Contributing](#contributing)\n- [License](#license)\n\n## Features\n\n- Login\n - **Local Authentication** Sign in with Email and Password, Passwordless, Passkey \u002F Biometrics\n - **OAuth 2.0 Authentication:** Sign in with Google, Microsoft, Facebook, LinkedIn, X (Twitter), Twitch, GitHub, Discord\n- **User Profile and Account Management**\n - Gravatar\n - Profile Details\n - Password management (Change, Reset, Forgot)\n - Verify Email\n - **Two-Factor Authentication (2FA)** Email codes and Authenticator apps\n - Link multiple OAuth provider accounts to one account\n - OAuth token revocation\n - Delete Account\n- Contact Form (powered by SMTP via Mailgun, AWS SES, etc.)\n- File upload\n- Device camera\n- **AI Examples and Boilerplates**\n - AI Agent ReAct (Reasoning + Acting) with tool calling, MongoDB session persistence, and input guardrails\n - RAG with semantic and embedding caching\n - Llama 3.3, Llama 4 Scout (vision use case)\n - OpenAI Moderation\n - Support for a range of foundational and embedding models (DeepSeek, Llama, Mistral, Sentence Transformers, etc.) via LangChain, Groq, and Hugging Face\n- **API Examples**\n - **Backoffice:** Lob (USPS Mail), Paypal, Quickbooks, Stripe, Twilio (text messaging)\n - **Data, Media & Entertainment:** Alpha Vantage (stocks and finance info) with ChartJS, Github, Foursquare, Last.fm, New York Times, PubChem (chemical information), Trakt.tv (movies\u002FTV), Twitch, Tumblr (OAuth 1.0a example), Steam (OpenID), Web Scraping, GIPHY\n - **Maps and Location:** Google Maps, HERE Maps\n - **Productivity:** Google Drive, Google Sheets\n\n- Flash notifications\n- reCAPTCHA and rate limit protection\n- CSRF protection\n- MVC Project Structure\n- Node.js clusters support\n- HTTPS Proxy support (via ngrok, Cloudflare, etc.)\n- Sass stylesheets\n- Bootstrap 5\n- \"Go to production\" checklist\n\n## Prerequisites\n\n- MongoDB (local install OR hosted)\n - Local Install: [MongoDB](https:\u002F\u002Fwww.mongodb.com\u002Fdownload-center\u002Fcommunity)\n - Hosted: No need to install, see the MongoDB Atlas section\n\n- [Node.js LTS 24](http:\u002F\u002Fnodejs.org)\n - Highly recommended: Use\u002FUpgrade your Node.js to the latest Node.js LTS version.\n- Command Line Tools\n- \u003Cimg src=\"https:\u002F\u002Fupload.wikimedia.org\u002Fwikipedia\u002Fcommons\u002F1\u002F1b\u002FApple_logo_grey.svg\" height=\"17\"> **Mac OS X:** [Xcode](https:\u002F\u002Fitunes.apple.com\u002Fus\u002Fapp\u002Fxcode\u002Fid497799835?mt=12) (or **OS X 10.9+**: `xcode-select --install`)\n- \u003Cimg src=\"https:\u002F\u002Fupload.wikimedia.org\u002Fwikipedia\u002Fcommons\u002F8\u002F87\u002FWindows_logo_-_2021.svg\" height=\"17\"> **Windows:** [Visual Studio Code](https:\u002F\u002Fcode.visualstudio.com) + [Windows Subsystem for Linux - Ubuntu](https:\u002F\u002Flearn.microsoft.com\u002Fen-us\u002Fwindows\u002Fwsl\u002Finstall) OR [Visual Studio](https:\u002F\u002Fwww.visualstudio.com\u002Fproducts\u002Fvisual-studio-community-vs)\n- \u003Cimg src=\"https:\u002F\u002Fupload.wikimedia.org\u002Fwikipedia\u002Fcommons\u002Fthumb\u002F9\u002F9e\u002FUbuntuCoF.svg\u002F512px-UbuntuCoF.svg.png?20120210072525\" height=\"17\"> **Ubuntu** \u002F \u003Cimg src=\"https:\u002F\u002Fupload.wikimedia.org\u002Fwikipedia\u002Fcommons\u002F3\u002F3f\u002FLinux_Mint_logo_without_wordmark.svg\" height=\"17\"> **Linux Mint:** `sudo apt-get install build-essential`\n- \u003Cimg src=\"https:\u002F\u002Fupload.wikimedia.org\u002Fwikipedia\u002Fcommons\u002F3\u002F3f\u002FFedora_logo.svg\" height=\"17\"> **Fedora**: `sudo dnf groupinstall \"Development Tools\"`\n- \u003Cimg src=\"https:\u002F\u002Fen.opensuse.org\u002Fimages\u002Fb\u002Fbe\u002FLogo-geeko_head.png\" height=\"17\"> **OpenSUSE:** `sudo zypper install --type pattern devel_basis`\n\n**Note:** If you are new to Node or Express, you may find [Node.js & Express From Scratch series](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=Ad2ngx6CT0M&list=PLillGF-RfqbYRpji8t4SxUkMxfowG4Kqp&index=3) helpful for learning the basics of Node and Express. Alternatively, here is another great tutorial for complete beginners - [Getting Started With Node.js, Express, MongoDB](https:\u002F\u002Fwww.freecodecamp.org\u002Fnews\u002Fbuild-a-restful-api-using-node-express-and-mongodb\u002F).\n\n## Getting Started\n\n**Step 1:** The easiest way to get started is to clone the repository:\n\n```bash\n# Get the latest snapshot\ngit clone https:\u002F\u002Fgithub.com\u002Fsahat\u002Fhackathon-starter.git myproject\n\n# Change directory\ncd myproject\n\n# Install NPM dependencies\nnpm install\n\n# Then simply start your app\nnpm start\n```\n\n**Note:** I highly recommend installing [Nodemon](https:\u002F\u002Fgithub.com\u002Fremy\u002Fnodemon). It watches for any changes in your node.js app and automatically restarts the server. Once installed, instead of `node app.js` use `nodemon app.js`. It will\nsave you a lot of time in the long run, because you won't need to manually restart the server each time you make a small change in code. To install, run `sudo npm install -g nodemon`.\n\n**Step 2:** Obtain API Keys and change configs if needed\nAfter completing step 1 and locally installing MongoDB, you should be able to access the application through a web browser and use local user accounts. However, certain functions like API integrations may not function correctly until you obtain specific keys from service providers. The keys provided in the project serve as placeholders, and you can retain them for features you are not currently utilizing. To incorporate the acquired keys into the application, you have two options:\n\n1. Set environment variables in your console session: Alternatively, you can set the keys as environment variables directly through the command prompt. For instance, in bash, you can use the `export` command like this: `export FACEBOOK_SECRET=xxxxxx`. This method is considered a better practice as it reduces the risk of accidentally including your secrets in a code repository.\n2. Replace the keys in the `.env.example` file: Open the `.env.example` file and update the placeholder keys with the newly acquired ones. This method has the risk of accidental checking-in of your secrets to code repos.\n\n_What to get and configure:_\n\n- SMTP\n - For user workflows for reset password and verify email\n - For contact form processing\n- reCAPTCHA\n - For contact form submission, but you can skip it during your development\n- OAuth for social logins (Sign in with \u002F Login with)\n - Depending on your application need, obtain keys from Google, Facebook, X (Twitter), LinkedIn, Twitch, GitHub. You don't have to obtain valid keys for any provider that you don't need. Just remove the buttons and links in the login and account pug views before your demo.\n- API keys for service providers that you need in the API Examples if you are planning to use them.\n\n- MongoDB Atlas\n - If you are using MongoDB Atlas instead of a local db, set the MONGODB_URI to your db URI (including your db user\u002Fpassword).\n\n- Email address\n - Set SITE_CONTACT_EMAIL as your incoming email address for messages sent to you through the contact form.\n - Set TRANSACTION_EMAIL as the \"From\" address for emails sent to users through the lost password or email verification emails to users. You may set this to the same address as SITE_CONTACT_EMAIL.\n\n**Step 3:** Setup an HTTPS proxy to access the app with an https address:\nSee\n\n- [HTTPS Proxy](#https-proxy)\n\n**Step 4:** Develop your application and customize the experience\n\n- Check out [How It Works](#how-it-works-mini-guides)\n\n**Step 5:** Optional - deploy to production\nSee:\n\n- [Deployment](#deployment)\n- [prod-checklist.md](https:\u002F\u002Fgithub.com\u002Fsahat\u002Fhackathon-starter\u002Fblob\u002Fmaster\u002Fprod-checklist.md)\n\n## HTTPS Proxy:\n\nIf you want to use an API that requires HTTPS (for example, GitHub or Facebook), you need to run the app with an HTTPS URL. You can do this by setting up an HTTPS proxy using either ngrok or Cloudflare.\nNote: When using an HTTPS proxy, you may get a CSRF mismatch error if you try to directly access the app at `http:\u002F\u002Flocalhost:8080` instead of the HTTPS proxy address.\n\n### ngrok\n\n- Download [ngrok](https:\u002F\u002Fngrok.com\u002Fdownload).\n- Start ngrok.\n- Set your BASE_URL to the forwarding address from ngrok (i.e., `https:\u002F\u002F3ccb-1234-abcd.ngrok-free.app`). This will be the HTTPS address for accessing the app.\n\n### Cloudflare\n\n- Download and install [cloudflared](https:\u002F\u002Fdevelopers.cloudflare.com\u002Fcloudflare-one\u002Fnetworks\u002Fconnectors\u002Fcloudflare-tunnel\u002Fdownloads).\n- For a quick, free tunnel with a random subdomain under `trycloudflare.com`, execute:\n\n```\ncloudflared tunnel --url http:\u002F\u002Flocalhost:8080\n```\n\n- Set BASE_URL to the HTTPS address for the tunnel.\n\n#### Cloudflare with your own domain name\n\nIf you own a domain managed by Cloudflare, you can use Cloudflare's Zero Trust portal to set up a tunnel to your app that is activated by a system service. Alternatively, you can create a tunnel and route a subdomain you like to your app using their CLI:\n\n```\ncloudflared tunnel login\ncloudflared tunnel create myapptunnel\ncloudflared tunnel route dns myapptunnel myappsubdomain.mydomain.com\ncloudflared tunnel --url http:\u002F\u002Flocalhost:8080 run myapptunnel\n```\n\nThen set BASE_URL to the HTTPS address for the tunnel.\nNote that the tunnel and DNS route are a one-time setup. To reactivate the HTTPS tunnel to your app later, such as after a system restart, just rerun:\n\n```\ncloudflared tunnel --url http:\u002F\u002Flocalhost:8080 run myapptunnel\n```\n\nTo clean up your own domain's related configurations when you're done:\n\n- Delete the tunnel by executing `cloudflared tunnel delete myapptunnel`\n- Remove the `myappsubdomain` DNS entry from your domain through the Cloudflare web UI.\n- Remove `%USERPROFILE%\\.cloudflared` (Windows) or `~\u002F.cloudflared` (Linux\u002FmacOS) if you want to clear local credentials.\n\n# Obtaining API Keys\n\nYou will need to obtain appropriate credentials (Client ID, Client Secret, API Key, or Username & Password) for API and service providers which you need. See Step 2 in the Getting started section for more info.\n\n## SMTP\n\nObtain SMTP credentials from a provider for transactional emails. Set the SMTP_USER, SMTP_PASSWORD, and SMTP_HOST environment variables accordingly. When picking the SMTP host, keep in mind that the app is configured to use secure SMTP transmissions over port 465 out of the box. You have the flexibility to select any provider that suits your needs or take advantage of one of the following providers, each offering a free tier for your convenience.\n\n| Provider | Free Tier | Website |\n| -------- | -------------------------- | ----------------------- |\n| SMTP2Go | 1000 emails\u002Fmonth for free | https:\u002F\u002Fwww.smtp2go.com |\n| Brevo | 300 emails\u002Fday for free | https:\u002F\u002Fwww.brevo.com |\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fi.imgur.com\u002FjULUCKF.png\" height=\"75\">\n\n- Visit \u003Ca href=\"https:\u002F\u002Fdevelopers.facebook.com\u002F\" target=\"_blank\">Facebook Developers\u003C\u002Fa>\n- Click **My Apps**, then select \\*_Add a New App_ from the dropdown menu\n- Enter a new name for your app\n- Click on the **Create App ID** button\n- Find the Facebook Login Product and click on **Facebook Login**\n- Instead of going through their Quickstart, click on **Settings** for your app in the top left corner\n- Copy and paste _App ID_ and _App Secret_ keys into `.env`\n- **Note:** _App ID_ is **FACEBOOK_ID**, _App Secret_ is **FACEBOOK_SECRET** in `.env`\n- Enter `localhost` under _App Domains_\n- Choose a **Category** that best describes your app\n- Click on **+ Add Platform** and select **Website**\n- Enter your BASE*URL value (i.e. `http:\u002F\u002Flocalhost:8080`, etc) under \\_Site URL*\n- Click on the _Settings_ tab in the left nav under Facebook Login\n- Enter your BASE_URL value followed by \u002Fauth\u002Ffacebook\u002Fcallback (i.e. `http:\u002F\u002Flocalhost:8080\u002Fauth\u002Ffacebook\u002Fcallback` ) under Valid OAuth redirect URIs\n\n**Note:** After a successful sign-in with Facebook, a user will be redirected back to the home page with appended hash `#_=_` in the URL. It is _not_ a bug. See this [Stack Overflow](https:\u002F\u002Fstackoverflow.com\u002Fquestions\u002F7131909\u002Ffacebook-callback-appends-to-return-url) discussion for ways to handle it.\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fimgur.com\u002F2P4UMvC.png\" height=\"75\">\n\n- Go to \u003Ca href=\"https:\u002F\u002Ffoursquare.com\u002Fdevelopers\" target=\"_blank\">Foursquare for Developers\u003C\u002Fa> and log in\n\n- Click on **Create a new project** button\n- Enter your _Organization_ and _Project Name_\n- Click **Create**\n- Navigate to your project\n- Click **Settings** in the left-hand-side menu\n- Generate a Service API Key\n- Copy and paste the Service API Key as `FOURSQUARE_APIKEY` in your `.env` file\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fi.imgur.com\u002FoUob1wG.png\" height=\"75\">\n\n- Go to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsettings\u002Fprofile\" target=\"_blank\">Account Settings\u003C\u002Fa>\n- Select **Developer settings** from the sidebar\n- Then click on **OAuth Apps** and then on **Register new application**\n- Enter _Application Name_ and _Homepage URL_. Enter your BASE_URL value (i.e. `http:\u002F\u002Flocalhost:8080`, etc) as the homepage URL.\n- For _Authorization Callback URL_: your BASE_URL value followed by \u002Fauth\u002Fgithub\u002Fcallback (i.e. `http:\u002F\u002Flocalhost:8080\u002Fauth\u002Fgithub\u002Fcallback` )\n- Click **Register application**\n- Now copy and paste _Client ID_ and _Client Secret_ keys into `.env` file\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fi.imgur.com\u002Fddl2VjR.png\" height=\"75\">\n\n- Go to \u003Ca href=\"https:\u002F\u002Fdevelopers.giphy.com\u002F\" target=\"_blank\">GIPHY Developers website\u003C\u002Fa>\n- Login or create a new account and login.\n- Select **Dashboard** from the navigation bar\n- Then click on **Create an API Key** and then select **API** and click on **Next Step**.\n- Enter _App Name_ and _App Description_. Select **Web** and create a beta key.\n- Now copy and paste the API key into `.env` file as GIPHY_API_KEY.\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fupload.wikimedia.org\u002Fwikipedia\u002Fcommons\u002Fthumb\u002F2\u002F2f\u002FGoogle_2015_logo.svg\u002F1000px-Google_2015_logo.svg.png\" height=\"50\">\n\n- Visit \u003Ca href=\"https:\u002F\u002Fconsole.cloud.google.com\u002F\" target=\"_blank\">Google Cloud Console\u003C\u002Fa>\n- Click on the **Create Project** button\n- Enter _Project Name_, then click **Create**\n- Copy the Project ID for your project and add it as GOOGLE_PROJECT_ID in your `.env` file.\n- Then add the APIs and services that apply to your application. If the UI doesn't let you add them during project creation, you can add them later via the **APIs & Services** page (left sidebar) or by searching for them in the top search bar.\n\n**Sign in with Google:**\n\n- Go to the **Credentials** tab, click **Create credentials**, and choose **OAuth client ID**.\n- Select **Web application**, and for **Authorized redirect URI** use your BASE_URL value followed by `\u002Fauth\u002Fgoogle\u002Fcallback` (for example `http:\u002F\u002Flocalhost:8080\u002Fauth\u002Fgoogle\u002Fcallback`).\n- Copy and paste the **Client ID** and **Client secret** into your `.env` file.\n- Update the OAuth consent screen if needed.\n\n**Other APIs:**\n\nOpen the **Enabled APIs & services** page for your project in the Google Cloud Console (APIs & Services). Click **+ Enable APIs and services** (top of the page), find the services you need, and enable them:\n\n- **reCAPTCHA Enterprise API** (recommended for the contact form)\n- **Google Drive API**\n- **Google Sheets API**\n- **Maps JavaScript API**\n\nNext, create API keys for the services you enabled:\n\n- For backend API calls (Google Drive and Sheets), create a single API key and restrict it to those APIs. Copy the key as `GOOGLE_API_KEY` into your `.env` file.\n- For reCAPTCHA, follow the instructions at \u003Ca href=\"https:\u002F\u002Fcloud.google.com\u002Frecaptcha\u002Fdocs\u002Fcreate-key-website#create-recaptcha-key-Cloud%20console\" target=\"_blank\">Google Cloud reCAPTCHA Docs\u003C\u002Fa> and create a web checkbox reCAPTCHA key. No code changes are required. Just copy the reCAPTCHA site key into `.env` as `GOOGLE_RECAPTCHA_SITE_KEY`.\n- For the Google Maps JavaScript API, use a separate API key from your backend key because the key is sent to the front end and can be exposed. Restrict this key to your website on the credentials page. Do NOT use \"localhost\" as the restriction since it is not unique to your application. Once configured, copy the API key as `GOOGLE_MAP_API_KEY` into your `.env` file.\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fcdn.worldvectorlogo.com\u002Flogos\u002Fdiscord-6.svg\" height=\"50\">\n\n- Go to \u003Ca href=\"https:\u002F\u002Fdiscord.com\u002Fdevelopers\u002Fteams\" target=\"_blank\">Teams tab\u003C\u002Fa> in the Discord Developer Portal and create a new team. This allows you to manage your Discord applications under a team name instead of your personal account.\n- After creating a team, switch to the \u003Ca href=\"https:\u002F\u002Fdiscord.com\u002Fdevelopers\u002Fapplications\" target=\"_blank\">Applications tab\u003C\u002Fa> in the Discord Developer Portal.\n- Click on **New Application** and give your app a name. When prompted, select your team as the owner.\n- In the left sidebar, click on **OAuth2** > **General**.\n- Copy the **Client ID** and **Client Secret** (you may need to \"reset\" the client secret to obtain it for the first time), then paste them into your `.env` file as `DISCORD_CLIENT_ID` and `DISCORD_CLIENT_SECRET`, or set them as environment variables.\n- In the left sidebar, click on **OAuth2** > **URL Generator**.\n- Under **Scopes**, select `identify` and `email`.\n- Under **Redirects**, add your BASE_URL value followed by `\u002Fauth\u002Fdiscord\u002Fcallback` (i.e. `http:\u002F\u002Flocalhost:8080\u002Fauth\u002Fdiscord\u002Fcallback`).\n- Save changes.\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fupload.wikimedia.org\u002Fwikipedia\u002Fcommons\u002Fc\u002Fc7\u002FHERE_logo.svg\" height=\"75\">\n\n- Go to \u003Ca href=\"https:\u002F\u002Fdeveloper.here.com\" target=\"_blank\">https:\u002F\u002Fdeveloper.here.com\u003C\u002Fa>\n- Sign up for the Base plan. The Base plan require a credit card to start, but you get 30,000 map renders for free each month.\n- Create JAVASCRIPT\u002FREST credentials. Copy and paste the API key into the `.env` file as HERE_API_KEY, or set it up as an environment variable.\n- **Set up Trusted Domain** - Your credentials will go to the client-side (browser of the users). You need to enable trusted domains and add your test domain address. Otherwise, others may be able to use your credentials on other websites, go through your quota, and potentially leave you with a bill.\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fi.imgur.com\u002FOEVF7HK.png\" height=\"75\">\n\n- Go to \u003Ca href=\"https:\u002F\u002Fhuggingface.co\" target=\"_blank\">https:\u002F\u002Fhuggingface.co\u003C\u002Fa> and create an account.\n- Go to your Account Settings and create a new Access Token. Make sure you have granted the **\"Make calls to Inference Provider\"** permission to your token.\n- Add your token as `HUGGINGFACE_KEY` to your `.env` file or as an environment variable.\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fi.imgur.com\u002FLw5Jb7A.png\" height=\"50\">\n\n- Go to \u003Ca href=\"https:\u002F\u002Fdeveloper.intuit.com\u002Fapp\u002Fdeveloper\u002Fqbo\u002Fdocs\u002Fget-started\" target=\"_blank\">https:\u002F\u002Fdeveloper.intuit.com\u002Fapp\u002Fdeveloper\u002Fqbo\u002Fdocs\u002Fget-started\u003C\u002Fa>\n- Use the Sign Up option in the upper right corner of the screen (navbar) to get a free developer account and a sandbox company.\n- Create a new app by going to your Dashboard using the My Apps option in the top nav bar or by going to \u003Ca href=\"https:\u002F\u002Fdeveloper.intuit.com\u002Fapp\u002Fdeveloper\u002Fmyapps\" target=\"_blank\">https:\u002F\u002Fdeveloper.intuit.com\u002Fapp\u002Fdeveloper\u002Fmyapps\u003C\u002Fa>\n- In your App, under Development, Keys & OAuth (right nav), find the Client ID and Client Secret for your `.env` file\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fcontent.linkedin.com\u002Fcontent\u002Fdam\u002Fme\u002Fbusiness\u002Fen-us\u002Famp\u002Fbrand-site\u002Fv2\u002Fbg\u002FLI-Logo.svg.original.svg\" height=\"50\">\n\n- Sign in at \u003Ca href=\"https:\u002F\u002Fdeveloper.linkedin.com\u002F\" target=\"_blank\">LinkedIn Developer Network\u003C\u002Fa>\n- From the account name dropdown menu select **API Keys**\n- _It may ask you to sign in once again_\n- Click **+ Add New Application** button\n- Fill out all the _required_ fields\n- **OAuth 2.0 Redirect URLs**: your BASE_URL value followed by \u002Fauth\u002Flinkedin\u002Fcallback (i.e. `http:\u002F\u002Flocalhost:8080\u002Fauth\u002Flinkedin\u002Fcallback` )\n- **JavaScript API Domains**: your BASE_URL value (i.e. `http:\u002F\u002Flocalhost:8080`, etc).\n- For **Default Application Permissions** make sure at least the following is checked:\n- `r_basicprofile`\n- Finish by clicking **Add Application** button\n- Copy and paste _API Key_ and _Secret Key_ keys into `.env` file\n- _API Key_ is your **clientID**\n- _Secret Key_ is your **clientSecret**\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fupload.wikimedia.org\u002Fwikipedia\u002Fcommons\u002F4\u002F44\u002FMicrosoft_logo.svg\" height=\"50\">\n\n- Go to \u003Ca href=\"https:\u002F\u002Fentra.microsoft.com\u002F\" target=\"_blank\">Microsoft Entra admin center\u003C\u002Fa> and sign in\n- Click **App registrations** > **+ New registration**\n- Enter an application name (e.g., \"Hackathon Starter App\") and select **Accounts in any organizational directory and personal Microsoft accounts**\n- Set **Redirect URI** to **Web** with your BASE_URL followed by `\u002Fauth\u002Fmicrosoft\u002Fcallback` (e.g., `http:\u002F\u002Flocalhost:8080\u002Fauth\u002Fmicrosoft\u002Fcallback`)\n- Click **Register**, then copy the **Application (client) ID** to `.env` as `MICROSOFT_CLIENT_ID`\n- Go to **Certificates & secrets** > **+ New client secret**, add a description and expiration, then click **Add**\n- Copy the secret **Value** immediately to `.env` as `MICROSOFT_CLIENT_SECRET` (won't be visible again)\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fs3-us-west-2.amazonaws.com\u002Fpublic.lob.com\u002Fdashboard\u002Fnavbar\u002Flob-logo.svg\" height=\"50\">\n\n- Visit \u003Ca href=\"https:\u002F\u002Fdashboard.lob.com\u002Fregister\" target=\"_blank\">Lob Dashboard\u003C\u002Fa>\n- Create an account\n- Once logged into the dashboard, go to Settings in the bottom left corner of the page. (If there is a bottom pop-up, you may need to close it to see the Settings option.)\n- Go to the API Keys tab and get your Secret API key for the Test Environment. No physical paper mail will be sent out if you use the Test key, but you can see the PDF of what would have been mailed from your app (with some limitations) through the dashboard. If you use the Live key, they will actually print a physical letter, put it in an envelope with postage, place it in a USPS mailbox, and bill you for it.\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fi.imgur.com\u002FiCsCgp6.png\" height=\"75\">\n\nThe OpenAI moderation API for checking harmful inputs is free to use as long as you have paid credits in your OpenAI developer account. The cost of using their other models depends on the model, as well as the input and output size of the API call.\n\n- Visit \u003Ca href=\"https:\u002F\u002Fplatform.openai.com\u002Fapi-keys\" target=\"_blank\">OpenAI API Keys\u003C\u002Fa>\n- Sign in or create an OpenAI account.\n- Click on **Create new secret key** to generate an API key.\n- Copy and paste the generated API key into your `.env` file as `OPENAI_API_KEY` or set it as an environment variable.\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fimgur.com\u002FVpWnjp1.png\" height=\"75\">\n\n- Visit \u003Ca href=\"https:\u002F\u002Fdeveloper.paypal.com\" target=\"_blank\">PayPal Developer\u003C\u002Fa>\n- Log in to your PayPal account\n- Click **Applications > Create App** in the navigation bar\n- Enter _Application Name_, then click **Create app**\n- Copy and paste _Client ID_ and _Secret_ keys into `.env` file\n- _App ID_ is **client_id**, _App Secret_ is **client_secret**\n- Change **host** to api.paypal.com if you want to test against production and use the live credentials\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fupload.wikimedia.org\u002Fwikipedia\u002Fcommons\u002Fa\u002Fae\u002FSteam_logo.svg\" height=\"75\">\n\n- Go to \u003Ca href=\"http:\u002F\u002Fsteamcommunity.com\u002Fdev\u002Fapikey\" target=\"_blank\">http:\u002F\u002Fsteamcommunity.com\u002Fdev\u002Fapikey\u003C\u002Fa>\n- Sign in with your existing Steam account\n- Enter your _Domain Name_ based on your BASE_URL, then and click **Register**\n- Copy and paste _Key_ into `.env` file\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fstripe.com\u002Fimg\u002Fabout\u002Flogos\u002Flogos\u002Fblack@2x.png\" height=\"75\">\n\n- \u003Ca href=\"https:\u002F\u002Fstripe.com\u002F\" target=\"_blank\">Sign up\u003C\u002Fa> or log into your \u003Ca href=\"https:\u002F\u002Fmanage.stripe.com\" target=\"_blank\">dashboard\u003C\u002Fa>\n- Click on your profile and click on Account Settings\n- Then click on **API Keys**\n- Copy the **Secret Key**. and add this into `.env` file\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fi.imgur.com\u002FdSwblOk.png\" height=\"50\">\n\n- Visit \u003Ca href=\"https:\u002F\u002Fgroq.com\" target=\"_blank\">Groq\u003C\u002Fa>\n- Sign in or create a Groq account.\n- Click on **Create API Key** to generate a new key. You will also be able to access your API key under your account settings in the API Keys tab.\n- Copy and paste the generated API key into your `.env` file as `GROQ_API_KEY` or set it as an environment variable.\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fi.imgur.com\u002FAdtl9qg.png\" height=\"75\">\n\n- Sign up or sign in to your trakt.tv account and go to \u003Ca href=\"https:\u002F\u002Ftrakt.tv\u002Foauth\u002Fapplications\" target=\"_blank\">Trakt.tv Applications\u003C\u002Fa>.\n- Create a new application and fill in the required fields:\n - **Name**: Your app name.\n - **Redirect URI**: Set to your BASE_URL value followed by `\u002Fauth\u002Ftrakt\u002Fcallback` (i.e. `http:\u002F\u002Flocalhost:8080\u002Fauth\u002Ftrakt\u002Fcallback` or `ngrokURL\u002Fauth\u002Ftrakt\u002Fcallback`)\n - Leave the JavaScript origins blank as we won't be using client-side API calls.\n- Click **Save App**.\n- Copy and paste the **Client ID** and **Client Secret** into your `.env` file as `TRAKT_ID` and `TRAKT_SECRET` or set them as your environment variables.\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fi.imgur.com\u002FgUngyyW.png\" height=\"50\">\n\n- Go to \u003Ca href=\"http:\u002F\u002Fwww.tumblr.com\u002Foauth\u002Fapps\" target=\"_blank\">http:\u002F\u002Fwww.tumblr.com\u002Foauth\u002Fapps\u003C\u002Fa>\n- Once signed in, click **+Register application**\n- Fill in all the details\n- For **Default Callback URL**: your BASE_URL value followed by \u002Fauth\u002Ftumblr\u002Fcallback (i.e. `http:\u002F\u002Flocalhost:8080\u002Fauth\u002Ftumblr\u002Fcallback` )\n- Click **✔Register**\n- Copy and paste _OAuth consumer key_ and _OAuth consumer secret_ keys into `.env` file\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fwww.freepnglogos.com\u002Fuploads\u002Ftwitch-logo-image-hd-31.png\" height=\"75\">\n\n- Visit the \u003Ca href=\"https:\u002F\u002Fdev.twitch.tv\u002Fconsole\" target=\"_blank\">Twitch developer console\u003C\u002Fa>\n- If prompted, authorize the dashboard to access your twitch account\n- In the Console, click on Register Your Application\n- Enter the name of your application\n- Use OAuth Redirect URLs enter your BASE_URL value followed by \u002Fauth\u002Ftwitch\u002Fcallback (i.e. `http:\u002F\u002Flocalhost:8080\u002Fauth\u002Ftwitch\u002Fcallback` )\n- Set Category to Website Integration and press the Create button\n- After the application has been created, click on the Manage button\n- Copy and paste _Client ID_ into `.env`\n- If there is no Client Secret displayed, click on the New Secret button and then copy and paste the _Client secret_ into `.env`\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fs3.amazonaws.com\u002Fahoy-assets.twilio.com\u002Fglobal\u002Fimages\u002Fwordmark.svg\" height=\"75\">\n\n- Go to \u003Ca href=\"https:\u002F\u002Fwww.twilio.com\u002Ftry-twilio\" target=\"_blank\">https:\u002F\u002Fwww.twilio.com\u002Ftry-twilio\u003C\u002Fa>\n- Sign up for an account.\n- Once logged into the dashboard, expand the link 'show api credentials'\n- Copy your Account Sid and Auth Token\n- Note that you also need to set TWILIO_FROM_NUMBER environment variable to a number you have registered with Twilio and are authorized to send messages from. The +15005550006 placeholder in the .env.example file can be used in the sandbox environment for testing without registering a sending phone number with Twilio.\n\n\u003Chr>\n\n\u003Cimg src=\"https:\u002F\u002Fi.imgur.com\u002FQMjwCk6.png\" height=\"50\">\n\n- Sign in at \u003Ca href=\"https:\u002F\u002Fdeveloper.x.com\u002F\" target=\"_blank\">https:\u002F\u002Fdeveloper.x.com\u002F\u003C\u002Fa>\n- Start with the Free tier\n- Click **Create a new application**\n- Enter your application name, website and description. Set the website as your BASE_URL value (i.e. `http:\u002F\u002Flocalhost:8080`, etc).\n- For **Callback URL**: your BASE_URL value followed by \u002Fauth\u002Fx\u002Fcallback (i.e. `http:\u002F\u002Flocalhost:8080\u002Fauth\u002Fx\u002Fcallback` )\n- Go to **Settings** tab\n- Under _Application Type_ select **Read and Write** access\n- Check the box **Allow this application to be used to Sign in with X**\n- Click **Update this X's applications settings**\n- Copy and paste _Consumer Key_ and _Consumer Secret_ keys into `.env` file\n\n\u003Chr>\n\n## Web Analytics\n\nThis project supports integrating web analytics tools such as Google Analytics 4 and Facebook Pixel, along with Open Graph metadata for social sharing. Below are instructions to help you set up these features in your application.\n\n### Google Analytics 4 Setup\n\n- Go to [Google Analytics](https:\u002F\u002Fanalytics.google.com)\n- Create a new GA4 property so you create a Measurement ID.\n- Copy and paste your Measurement ID into `.env` file or set it up as an env variable\n\n### Facebook Pixel\n\n**Optional:** It is highly recommended to set up a business with Facebook that your personal account along with others you authorize can manage. You would need to Go to [Meta Business Suite](https:\u002F\u002Fbusiness.facebook.com\u002F), register a business and add a business page and your website as an asset for the business.\n\n- Go to [Meta Event Manager](https:\u002F\u002Fwww.facebook.com\u002Fevents_manager)\n- If you have set up a business, switch from your personal to your business account and pick your business asset using the drop down in the upper right corner of the page.\n- Use the Connect Data option to add a Web data source and create a Pixel ID\n- Copy and paste the Pixel ID into `.env` file for FACEBOOK_PIXEL_ID or set it up as an environment variable\n\n## Open Graph\n\nThe metadata for Open Graph is only set up for the home page (`home.pug`). Update it to suit your application. You can also add Open Graph metadata to any other page that you plan to share through social media by including the relevant data in the corresponding view.\n\n## Project Structure\n\n| Name | Description |\n| -------------------------------- | -------------------------------------------------------------------- |\n| **config**\u002Fflash.js | Flash middleware (replacement for express-flash) |\n| **config**\u002Fmorgan.js | Configuration for request logging with morgan. |\n| **config**\u002Fnodemailer.js | Configuration and helper function for sending email with nodemailer. |\n| **config**\u002Fpassport.js | Passport Local and OAuth strategies, plus login middleware. |\n| **config**\u002Ftoken-revocation.js | Helper for revoking OAuth tokens. |\n| **controllers**\u002Fai.js | Controller for \u002Fai route and all ai examples and boilerplates. |\n| **controllers**\u002Fapi.js | Controller for \u002Fapi route and all api examples. |\n| **controllers**\u002Fcontact.js | Controller for contact form. |\n| **controllers**\u002Fhome.js | Controller for home page (index). |\n| **controllers**\u002Fuser.js | Controller for user account management. |\n| **controllers**\u002Fwebauthn.js | Controller for webauthn management (passkey \u002F biometrics login) |\n| **models**\u002FUser.js | Mongoose schema and model for User. |\n| **public**\u002F | Static assets (fonts, css, js, img). |\n| **public**\u002F**js**\u002Fapplication.js | Specify client-side JavaScript dependencies. |\n| **public**\u002F**js**\u002Fapp.js | Place your client-side JavaScript here. |\n| **public**\u002F**css**\u002Fmain.scss | Main stylesheet for your app. |\n| **test**\u002F\\*.js | Tests, related configs and helpers. |\n| **views\u002Faccount**\u002F | Templates for _login, password reset, signup, profile, webauthn_ |\n| **views\u002Fai**\u002F | Templates for AI examples and boilerplates. |\n| **views\u002Fapi**\u002F | Templates for API examples. |\n| **views\u002Fpartials**\u002Fflash.pug | Error, info and success flash notifications. |\n| **views\u002Fpartials**\u002Fheader.pug | Navbar partial template. |\n| **views\u002Fpartials**\u002Ffooter.pug | Footer partial template. |\n| **views**\u002Flayout.pug | Base template. |\n| **views**\u002Fhome.pug | Home page template. |\n| .env.example | Your API keys, tokens, passwords and database URI. |\n| .gitignore | Folder and files ignored by git. |\n| app.js | The main application file. |\n| eslint.config.mjs | Rules for eslint linter. |\n| package.json | NPM dependencies. |\n| package-lock.json | Contains exact versions of NPM dependencies in package.json. |\n\n**Note:** There is no preference for how you name or structure your views.\nYou could place all your templates in a top-level `views` directory without\nhaving a nested folder structure if that makes things easier for you.\nJust don't forget to update `extends ..\u002Flayout` and corresponding\n`res.render()` paths in controllers.\n\n## List of Packages\n\n**Dependencies**\n\nRequired to run the project before your modifications\n\n| Package | Description |\n| ----------------------------- | --------------------------------------------------------------------- |\n| @fortawesome\u002Ffontawesome-free | Symbol and Icon library. |\n| @googleapis\u002Fdrive | Google Drive API integration library. |\n| @googleapis\u002Fsheets | Google Sheets API integration library. |\n| @huggingface\u002Finference | Client library for Hugging Face Inference providers |\n| @keyv\u002Fmongo | MongoDB storage adapter for Keyv |\n| @langchain\u002Fcommunity | Third party integrations for Langchain |\n| @langchain\u002Fcore | Base LangChain abstractions and Expression Language |\n| @langchain\u002Fmongodb | MongoDB integrations for LangChain |\n| @langchain\u002Ftextsplitters | LangChain text splitters for RAG pipelines |\n| @lob\u002Flob-typescript-sdk | Lob (USPS mailing \u002F physical mailing service) library. |\n| @node-rs\u002Fbcrypt | Library for hashing and salting user passwords. |\n| @octokit\u002Frest | GitHub API library. |\n| @passport-js\u002Fpassport-twitter | X (Twitter) login support (OAuth 2). |\n| @popperjs\u002Fcore | Frontend js library for poppers and tooltips. |\n| @simplewebauthn\u002Fbrowser | WebAuthn frontend library (passkey \u002F biometrics authentication) |\n| @simplewebauthn\u002Fserver | WebAuthn backend library (passkey \u002F biometrics authentication) |\n| bootstrap | CSS Framework. |\n| bootstrap-social | Social buttons library. |\n| bowser | User agent parser |\n| chart.js | Front-end js library for creating charts. |\n| cheerio | Scrape web pages using jQuery-style syntax. |\n| compression | Node.js compression middleware. |\n| connect-mongo | MongoDB session store for Express. |\n| errorhandler | Development-only error handler middleware. |\n| express | Node.js web framework. |\n| express-rate-limit | Rate limiting middleware for abuse protection. |\n| express-session | Simple session middleware for Express. |\n| jquery | Front-end JS library to interact with HTML elements. |\n| keyv | key-value storage with support for multiple backends |\n| langchain | Framework for developing LLM applications |\n| lastfm | Last.fm API library. |\n| lusca | CSRF middleware. |\n| mailchecker | Verifies that an email address is valid and not a disposable address. |\n| mongodb | MongoDB driver |\n| mongoose | MongoDB ODM. |\n| morgan | HTTP request logger middleware for node.js. |\n| multer | Node.js middleware for handling `multipart\u002Fform-data`. |\n| nodemailer | Node.js library for sending emails. |\n| oauth | OAuth API library without middleware constraints. |\n| otpauth | One-Time Password (TOTP\u002FHOTP) library for 2FA authenticator apps. |\n| passport | Simple and elegant authentication library for node.js. |\n| passport-facebook | Sign-in with Facebook plugin. |\n| passport-github2 | Sign-in with GitHub plugin. |\n| passport-google-oauth | Sign-in with Google plugin. |\n| passport-local | Sign-in with Username and Password plugin. |\n| passport-oauth1 | Allows you to set up your own OAuth 1.0a strategy. |\n| passport-oauth2 | Allows you to set up your own OAuth 2.0 strategy. |\n| passport-oauth2-refresh | A library to refresh OAuth 2.0 access tokens using refresh tokens. |\n| passport-steam-openid | OpenID 2.0 Steam plugin. |\n| patch-package | Fix broken node modules ahead of fixes by maintainers. |\n| pdfjs-dist | PDF parser |\n| pug | Template engine for Express. |\n| qr | Generate and decode QR codes |\n| sass | Sass compiler to generate CSS with superpowers. |\n| stripe | Official Stripe API library. |\n| twilio | Twilio API library. |\n| twitch-passport | Sign-in with Twitch plugin. |\n| validator | A library of string validators and sanitizers. |\n\n**Dev Dependencies**\n\nRequired during code development for testing, Hygiene, code styling, etc.\n\n| Package | Description |\n| --------------------------- | --------------------------------------------------------------------------- |\n| @eslint\u002Fjs | ESLint JavaScript language implementation. |\n| @playwright\u002Ftest | Automated end-to-end web testing framework (supports headless web browsers) |\n| @prettier\u002Fplugin-pug | Prettier plugin for formatting pug templates |\n| c8 | Coverage test. |\n| chai | BDD\u002FTDD assertion library. |\n| eslint-config-prettier | Make ESLint and Prettier play nice with each other. |\n| eslint | Linter JavaScript. |\n| eslint-plugin-chai-friendly | Makes eslint friendly towards Chai.js 'expect' and 'should' statements. |\n| eslint-plugin-import-x | ESLint plugin with rules that help validate proper imports. |\n| globals | ESLint global identifiers from different JavaScript environments. |\n| husky | Git hook manager to automate tasks with git. |\n| mocha | Test framework. |\n| mongodb-memory-server | In memory mongodb server for testing, so tests can be ran without a DB. |\n| prettier | Code formatter. |\n| sinon | Test spies, stubs and mocks for JavaScript. |\n| supertest | HTTP assertion library. |\n\n## Useful Tools and Resources\n\n- [Microsoft Copilot](https:\u002F\u002Fcopilot.microsoft.com\u002F) - Free AI Assistant that can help you with coding questions as well\n- [HTML to Pug converter](https:\u002F\u002Fhtml-to-pug.com\u002F) - HTML to PUG is a free online converter helping you to convert HTML files to pug syntax in real-time.\n- [Favicon Generator](http:\u002F\u002Frealfavicongenerator.net\u002F) - Generate favicons for PC, Android, iOS, Windows 8.\n\n## Recommended Design Resources\n\n- [Code Guide](http:\u002F\u002Fcodeguide.co\u002F) - Standards for developing flexible, durable, and sustainable HTML and CSS.\n- [Bootsnipp](http:\u002F\u002Fbootsnipp.com\u002F) - Code snippets for Bootstrap.\n- [Bootstrap Zero](https:\u002F\u002Fwww.bootstrapzero.com) - Free Bootstrap templates themes.\n- [Google Bootstrap](http:\u002F\u002Ftodc.github.io\u002Ftodc-bootstrap\u002F) - Google-styled theme for Bootstrap.\n- [Font Awesome Icons](https:\u002F\u002Ffontawesome.com) - It's already part of the Hackathon Starter, so use this page as a reference.\n- [Colors](http:\u002F\u002Fclrs.cc) - A nicer color palette for the web.\n- [Creative Button Styles](http:\u002F\u002Ftympanus.net\u002FDevelopment\u002FCreativeButtons\u002F) - awesome button styles.\n- [Creative Link Effects](http:\u002F\u002Ftympanus.net\u002FDevelopment\u002FCreativeLinkEffects\u002F) - Beautiful link effects in CSS.\n- [Medium Scroll Effect](http:\u002F\u002Fcodepen.io\u002Fandreasstorm\u002Fpen\u002FpyjEh) - Fade in\u002Fout header background image as you scroll.\n- [GeoPattern](https:\u002F\u002Fgithub.com\u002Fbtmills\u002Fgeopattern) - SVG background pattern generator.\n- [Trianglify](https:\u002F\u002Fgithub.com\u002Fqrohlf\u002Ftrianglify) - SVG low-poly background pattern generator.\n\n## Recommended Node.js Libraries\n\n- [Nodemon](https:\u002F\u002Fgithub.com\u002Fremy\u002Fnodemon) - Automatically restart Node.js server on code changes.\n- [geoip-lite](https:\u002F\u002Fgithub.com\u002Fbluesmoon\u002Fnode-geoip) - Geolocation coordinates from IP address.\n- [Filesize.js](http:\u002F\u002Ffilesizejs.com\u002F) - Pretty file sizes, e.g. `filesize(265318); \u002F\u002F \"265.32 kB\"`.\n- [Numeral.js](http:\u002F\u002Fnumeraljs.com) - Library for formatting and manipulating numbers.\n- [sharp](https:\u002F\u002Fgithub.com\u002Flovell\u002Fsharp) - Node.js module for resizing JPEG, PNG, WebP and TIFF images.\n\n## Recommended Client-side Libraries\n\n- [Framework7](https:\u002F\u002Fframework7.io\u002F) - Full Featured HTML Framework For Building iOS7 Apps.\n- [InstantClick](http:\u002F\u002Finstantclick.io) - Makes your pages load instantly by pre-loading them on mouse hover.\n- [NProgress.js](https:\u002F\u002Fgithub.com\u002Frstacruz\u002Fnprogress) - Slim progress bars like on YouTube and Medium.\n- [Hover](https:\u002F\u002Fgithub.com\u002FIanLunn\u002FHover) - Awesome CSS3 animations on mouse hover.\n- [Magnific Popup](http:\u002F\u002Fdimsemenov.com\u002Fplugins\u002Fmagnific-popup\u002F) - Responsive jQuery Lightbox Plugin.\n- [Offline.js](http:\u002F\u002Fgithub.hubspot.com\u002Foffline\u002Fdocs\u002Fwelcome\u002F) - Detect when user's internet connection goes offline.\n- [Alertify.js](https:\u002F\u002Falertifyjs.com) - Sweet looking alerts and browser dialogs.\n- [selectize.js](http:\u002F\u002Fselectize.github.io\u002Fselectize.js) - Styleable select elements and input tags.\n- [drop.js](http:\u002F\u002Fgithub.hubspot.com\u002Fdrop\u002Fdocs\u002Fwelcome\u002F) - Powerful Javascript and CSS library for creating dropdowns and other floating displays.\n- [scrollReveal.js](https:\u002F\u002Fgithub.com\u002Fjlmakes\u002FscrollReveal.js) - Declarative on-scroll reveal animations.\n\n## Using AI Assistants\n\nAI tools and large language models (LLMs) can greatly accelerate your ramp-up time, efficiency, and productivity during hackathons. Many of these tools are available for free and offer features that can significantly enhance your coding experience.\n\nYou have two main options for accessing these tools:\n\n- **Web-based chat interfaces**: Platforms like [ChatGPT](https:\u002F\u002Fchat.openai.com\u002F) and [MS Copilot](https:\u002F\u002Fcopilot.microsoft.com\u002F)\n- **Integrated code assistants**: Tools like [Amazon Q (CodeWhisperer)](https:\u002F\u002Faws.amazon.com\u002Fq\u002Fdeveloper\u002Fpricing\u002F), [GitHub Copilot](https:\u002F\u002Fgithub.com\u002Ffeatures\u002Fcopilot), and Gemini Code Assist integrate directly into code editors, such as Visual Studio Code.\n\nIntegrated tools, like plugins for Visual Studio Code, let you reference your code directly without needing to copy-paste, making them easier to use in many cases. Web-based assistants, on the other hand, require manual copy-pasting but can offer a different approach without impacting the \"context\" for your integrated tool. Tools and models perform differently depending on their update cycles, so results may vary. If an integrated tool struggles with a task, try copy-pasting the relevant code into a web assistant to troubleshoot. A good starting point is combining Amazon Q and MS Copilot, as these tools tend to produce fewer issues like outdated syntax, vulnerable code, or incomplete solutions compared to other assistants.\n\n### Providing Context to AI Tools\n\nContext for LLMs is the additional information that the model needs to make sense of how it should respond to your question, which in coding is probably your existing code, example implementation, or specifications that you might copy-paste or pass to the model. Keep in mind that integrated assistants may not automatically include your project files as the context and may try to answer your question without looking at your code. To include the context:\n\n- **Amazon Q**: Use `@[filename]` to specify a file or `@workspace` to include the entire project.\n- **GitHub Copilot**: Click the \"Add Context\" button in the chat and manually add specific files or choose Codebase for full project context. Note that you need to set the copilot mode to \"Ask\", \"Edit\", etc based on your intended conversation.\n\n### Example Prompts to Get You Started\n\n**Explaining Code and Concepts**\n\n- \"Can you explain how this project handles sanitization of user inputs?\"\n- \"What does function `x` in file `y` do?\" (_Copy-paste code into a web-based assistant if using one._)\n- \"Can you walk me through what this regex does?\"\n\n**Adding New Features**\n\n- \"I want to add login functionality for [OAuth2 provider]. The project already includes similar logins for other providers. Can you guide me through the required changes to `app.js`, `config\u002Fpassport.js`, `models\u002FUser.js`, and the relevant views?\" \n _Pro Tip:_ If the assistant misses some changes, follow up with specific files or provide relevant documentation for better accuracy.\n- \"Can you help me design an addition to this project to do the following. I don't need any code yet, and want to work on the design and refine it before moving to an implementation. --- continue with a bullet point list of your requirements\"\n\n**Debugging or Fixing Code**\n\n- \"I modified the function `x` below to achieve `y`, but I get the following error. Can you help me fix it? --- Can have blocks afterward with a header like `==== error ====` and `==== function x ====` afterward.\"\n- \"Can you help me fix a bug in the following function or function `x`. It is supposed to return `y` when it gets input `i` but it is returning `z`.\"\n- \"Can you check my comments for spelling issues?\".\n\n## FAQ\n\n### Why do I get `403 Error: Forbidden` when submitting a form?\n\nYou need to add the following hidden input element to your form. This has been added in the [pull request #40](https:\u002F\u002Fgithub.com\u002Fsahat\u002Fhackathon-starter\u002Fpull\u002F40) as part of the CSRF protection.\n\n```\ninput(type='hidden', name='_csrf', value=_csrf)\n```\n\n**Note:** It is now possible to whitelist certain URLs. In other words, you can specify a list of routes that should bypass the CSRF verification check.\n\n**Note 2:** To whitelist dynamic URLs use regular expression tests inside the CSRF middleware to see if `req.originalUrl` matches your desired pattern.\n\n### I am getting MongoDB Connection Error, how do I fix it?\n\nThat's a custom error message defined in `app.js` to indicate that there was a problem connecting to MongoDB:\n\n```js\nmongoose.connection.on('error', (err) => {\n console.error(err);\n console.log('%s MongoDB connection error. Please make sure MongoDB is running.');\n process.exit(1);\n});\n```\n\nYou need to have a MongoDB server running before launching `app.js`. You can download MongoDB [here](https:\u002F\u002Fwww.mongodb.com\u002Ftry\u002Fdownload\u002Fcommunity), or install it via a package manager.\nWindows users, read [Install MongoDB on Windows](https:\u002F\u002Fwww.mongodb.com\u002Fdocs\u002Fmanual\u002Ftutorial\u002Finstall-mongodb-on-windows\u002F\u002F).\n\n**Tip:** If you are always connected to the internet, you could just use [MongoDB Atlas](https:\u002F\u002Fwww.mongodb.com) instead of downloading and installing MongoDB locally. You will only need to update the database credentials in the `.env` file.\n\n**NOTE:** MongoDB Atlas (cloud database) is required for vector store, index, and search features used in AI integrations. These features are NOT available in locally installed MongoDBs.\n\n### I get an error when I deploy my app, why?\n\nChances are you haven't changed the _Database URI_ in `.env`. If `MONGODB` is set to `localhost`, it will only work on your machine as long as MongoDB is running. When you deploy to Render, OpenShift, or some other provider, you will not have MongoDB running on `localhost`. You need to create an account with [MongoDB Atlas](https:\u002F\u002Fwww.mongodb.com), then create a free tier database.\nSee [Deployment](#deployment) for more information on how to set up an account and a new database step-by-step with MongoDB Atlas.\n\n### Why do you have all routes defined in app.js?\n\nFor the sake of simplicity. While there might be a better approach, such as passing `app` context to each controller as outlined in this [blog](http:\u002F\u002Ftimstermatic.github.io\u002Fblog\u002F2013\u002F08\u002F17\u002Fa-simple-mvc-framework-with-node-and-express\u002F), I find such a style to be confusing for beginners. It took me a long time to grasp the concept of `exports` and `module.exports`, let alone having a global `app` reference in other files. That to me is backward thinking.\nThe `app.js` is the \"heart of the app\", it should be the one referencing models, routes, controllers, etc.\nWhen working solo on small projects, I prefer to have everything inside `app.js` as is the case with [this](\u003C(https:\u002F\u002Fgithub.com\u002Fsahat\u002Fember-sass-express-starter\u002Fblob\u002Fmaster\u002Fapp.js)>) REST API server.\n\n## How It Works (mini guides)\n\nThis section is intended for giving you a detailed explanation of how a particular functionality works. Maybe you are just curious about how it works, or perhaps you are lost and confused while reading the code, I hope it provides some guidance to you.\n\n### Custom HTML and CSS Design 101\n\n[HTML5 UP](http:\u002F\u002Fhtml5up.net\u002F) has many beautiful templates that you can download for free.\n\nWhen you download the ZIP file, it will come with _index.html_, _images_, _CSS_ and _js_ folders. So, how do you integrate it with Hackathon Starter? Hackathon Starter uses the Bootstrap CSS framework, but these templates do not.\nTrying to use both CSS files at the same time will likely result in undesired effects.\n\n**Note:** Using the custom templates approach, you should understand that you cannot reuse any of the views I have created: layout, the home page, API browser, login, signup, account management, contact. Those views were built using Bootstrap grid and styles. You will have to manually update the grid using a different syntax provided in the template. **Having said that, you can mix and match if you want to do so: Use Bootstrap for the main app interface, and a custom template for a landing page.**\n\nLet's start from the beginning. For this example I will use [Escape Velocity](http:\u002F\u002Fhtml5up.net\u002Fescape-velocity\u002F) template:\n![Alt](http:\u002F\u002Fhtml5up.net\u002Fuploads\u002Fimages\u002Fescape-velocity.jpg)\n\n**Note:** For the sake of simplicity I will only consider `index.html`, and skip `left-sidebar.html`,\n`no-sidebar.html`, `right-sidebar.html`.\n\nMove all JavaScript files from `html5up-escape-velocity\u002Fjs` to `public\u002Fjs`. Then move all CSS files from `html5up-escape-velocity\u002Fcss` to `public\u002Fcss`. And finally, move all images from `html5up-escape-velocity\u002Fimages` to `public\u002Fimages`. You could move it to the existing **img** folder, but that would require manually changing every `img` reference. Grab the contents of `index.html` and paste it into [HTML To Pug](https:\u002F\u002Fhtml-to-pug.com\u002F).\n\n**Note:** Do not forget to update all the CSS and JS paths accordingly.\n\nCreate a new file `escape-velocity.pug` and paste the Pug markup in `views` folder.\nWhenever you see the code `res.render('account\u002Flogin')` - that means it will search for `views\u002Faccount\u002Flogin.pug` file.\n\nLet's see how it looks. Create a new controller **escapeVelocity** inside `controllers\u002Fhome.js`:\n\n```js\nexports.escapeVelocity = (req, res) => {\n res.render('escape-velocity', {\n title: 'Landing Page',\n });\n};\n```\n\nAnd then create a route in `app.js`. I placed it right after the index controller:\n\n```js\napp.get('\u002Fescape-velocity', homeController.escapeVelocity);\n```\n\nRestart the server (if you are not using **nodemon**); then you should see the new template at `http:\u002F\u002Flocalhost:8080\u002Fescape-velocity`\n\nI will stop right here, but if you would like to use this template as more than just a single page, take a look at how these Pug templates work: `layout.pug` - base template, `index.pug` - home page, `partials\u002Fheader.pug` - Bootstrap navbar, `partials\u002Ffooter.pug` - sticky footer. You will have to manually break it apart into smaller pieces. Figure out which part of the template you want to keep the same on all pages - that's your new `layout.pug`.\nThen, each page that changes, be it `index.pug`, `about.pug`, `contact.pug`\nwill be embedded in your new `layout.pug` via `block content`. Use existing templates as a reference.\n\nThis is a rather lengthy process, and templates you get from elsewhere might have yet another grid system. That's why I chose _Bootstrap_ for the Hackathon Starter.\nMany people are already familiar with _Bootstrap_, plus it's easy to get started with it if you have never used _Bootstrap_.\nYou can also buy many beautifully designed _Bootstrap_ themes at various vendors, and use them as a drop-in replacement for Hackathon Starter, just make sure they support the latest version of Bootstrap. However, if you would like to go with a completely custom HTML\u002FCSS design, this should help you to get started!\n\n\u003Chr>\n\n### How do flash messages work in this project?\n\nFlash messages allow you to display a message at the end of the request and access it on the next request and only the next request. For instance, on a failed login attempt, you would display an alert with some error message, but as soon as you refresh that page or visit a different page and come back to the login page, that error message will be gone. It is only displayed once.\nThis project uses a middleware for displaying flash messages. You don't have to explicitly send a flash message to every view inside `res.render()`.\nAll flash messages are available in your views via `messages` object by default.\n\nFlash messages have a two-step process. You use `req.flash('errors', { msg: 'Error messages goes here' }`\nto create a flash message in your controllers, and then display them in your views:\n\n```pug\nif messages.errors\n .alert.alert-danger.fade.in\n each error in messages.errors\n div= error.msg\n```\n\nIn the first step, `'errors'` is the name of a flash message, which should match the name of the property on `messages` object in your views. You place alert messages inside `if message.errors` because you don't want to show them flash messages are present.\nThe reason why you pass an error like `{ msg: 'Error message goes here' }` instead of just a string - `'Error message goes here'`, is for the sake of consistency.\nTo clarify that, _express-validator_ module which is used for validating and sanitizing user's input, returns all errors as an array of objects, where each object has a `msg` property with a message why an error has occurred. Here is a more general example of what express-validator returns when there are errors present:\n\n```js\n[\n { param: 'name', msg: 'Name is required', value: '\u003Creceived input>' },\n { param: 'email', msg: 'A valid email is required', value: '\u003Creceived input>' },\n];\n```\n\nTo keep consistent with that style, you should pass all flash messages as `{ msg: 'My flash message' }` instead of a string. Otherwise, you will see an alert box without an error message. That is because in **partials\u002Fflash.pug** template it will try to output `error.msg` (i.e. `\"My flash message\".msg`), in other words, it will try to call a `msg` method on a _String_ object, which will return _undefined_. Everything I just mentioned about errors, also applies to \"info\" and \"success\" flash messages, and you could even create a new one yourself, such as:\n\n**Data Usage Controller (Example)**\n\n```\nreq.flash('warning', { msg: 'You have exceeded 90% of your data usage' });\n```\n\n**User Account Page (Example)**\n\n```pug\nif messages.warning\n .alert.alert-warning.fade.in\n each warning in messages.warning\n div= warning.msg\n```\n\n`partials\u002Fflash.pug` is a partial template that contains how flash messages are formatted. Previously, flash messages were scattered throughout each view that used flash messages (contact, login, signup, profile), but now, thankfully it uses a _DRY_ approach.\n\nThe flash messages partial template is _included_ in the `layout.pug`, along with footer and navigation.\n\n```pug\nbody\n include partials\u002Fheader\n\n .container\n include partials\u002Fflash\n block content\n\n include partials\u002Ffooter\n```\n\nIf you have any further questions about flash messages, please feel free to open an issue, and I will update this mini-guide accordingly, or send a pull request if you would like to include something that I missed.\n\n\u003Chr>\n\n### How do I create a new page?\n\nA more correct way to say this would be \"How do I create a new route?\" The main file `app.js` contains all the routes.\nEach route has a callback function associated with it. Sometimes you will see three or more arguments for a route. In a case like that, the first argument is still a URL string, while middle arguments are what's called middleware. Think of middleware as a door. If this door prevents you from continuing forward, you won't get to your callback function. One such example is a route that requires authentication.\n\n```js\napp.get('\u002Faccount', passportConfig.isAuthenticated, userController.getAccount);\n```\n\nIt always goes from left to right. A user visits `\u002Faccount` page. Then `isAuthenticated` middleware checks if you are authenticated:\n\n```js\nexports.isAuthenticated = (req, res, next) => {\n if (req.isAuthenticated()) {\n return next();\n }\n res.redirect('\u002Flogin');\n};\n```\n\nIf you are authenticated, you let this visitor pass through your \"door\" by calling `return next();`. It then proceeds to the\nnext middleware until it reaches the last argument, which is a callback function that typically renders a template on `GET` requests or redirects on `POST` requests. In this case, if you are authenticated, you will be redirected to the _Account Management_ page; otherwise, you will be redirected to the _Login_ page.\n\n```js\nexports.getAccount = (req, res) => {\n res.render('account\u002Fprofile', {\n title: 'Account Management',\n });\n};\n```\n\nExpress.js has `app.get`, `app.post`, `app.put`, `app.delete`, but for the most part, you will only use the first two HTTP verbs, unless you are building a RESTful API.\nIf you just want to display a page, then use `GET`, if you are submitting a form, sending a file then use `POST`.\n\nHere is a typical workflow for adding new routes to your application. Let's say we are building a page that lists all books from the database.\n\n**Step 1.** Start by defining a route.\n\n```js\napp.get('\u002Fbooks', bookController.getBooks);\n```\n\n---\n\n**Note:** As of Express 4.x you can define your routes like so:\n\n```js\napp.route('\u002Fbooks').get(bookController.getBooks).post(bookController.createBooks).put(bookController.updateBooks).delete(bookController.deleteBooks);\n```\n\nAnd here is how a route would look if it required an _authentication_ and an _authorization_ middleware:\n\n```js\napp.route('\u002Fapi\u002Ftwitch').all(passportConfig.isAuthenticated).all(passportConfig.isAuthorized).get(apiController.getTwitch).post(apiController.postTwitch);\n```\n\nUse whichever style makes sense to you. Either one is acceptable. I think that chaining HTTP verbs on `app.route` is a very clean and elegant approach, but on the other hand, I can no longer see all my routes at a glance when you have one route per line.\n\n**Step 2.** Create a new schema and a model `Book.js` inside the _models_ directory.\n\n```js\nconst mongoose = require('mongoose');\n\nconst bookSchema = new mongoose.Schema({\n name: String,\n});\n\nconst Book = mongoose.model('Book', bookSchema);\nmodule.exports = Book;\n```\n\n**Step 3.** Create a new controller file called `book.js` inside the _controllers_ directory.\n\n```js\n\u002F**\n * GET \u002Fbooks\n * List all books.\n *\u002F\nconst Book = require('..\u002Fmodels\u002FBook.js');\n\nexports.getBooks = (req, res) => {\n Book.find((err, docs) => {\n res.render('books', { books: docs });\n });\n};\n```\n\n**St","Hackathon Starter 是一个用于快速启动Node.js Web应用程序的模板。它集成了多种认证方式(如OAuth2)、API示例等,使得开发者能够迅速搭建起具备基本功能的应用程序框架。项目强调简洁性与易用性,并保持了一定程度上的通用性和可复用性,适用于各种类型的Web应用开发场景,尤其是对于需要在短时间内完成初步开发工作的黑客马拉松活动来说非常实用。此外,其详尽的文档和社区支持也使得新手更容易上手学习。",2,"2026-06-11 02:45:02","top_all"]