Glazed

🍩 Glazed is an opinionated yet simple framework

View the Project on GitHub glazedio/glazed

Glazed Logo

Glazed is a highly opinionated, yet simple Node + Koa MVC app framework for rapidly building MVP's.

Slack Status MIT License Stability Build Status Coverage Status Standard JS Style Unicorn Approved

tldr; Freshly baked Node + Koa, MVC app framework boilerplate for rapidly building MVP's

Glazed Dependencies

Tip: While reading, you can click the Glazed logo in section headers to jump back to this index.

glazed-logo-xs Index

glazed-logo-xs What is Glazed?

Glazed is an application framework boilerplate for rapid iteration of a minimal viable product.

Thoughts

Glazed was designed to prove the viability of an idea as quick as possible, with sheer simplicity, and extremely ambitious quality level. It uses the latest standards, best practices, and is production ready.

For example, Glazed can be used to release prototypes of the following in less than 30 days:

Glazed is more of a "boilerplate" than a "framework". It's often called a framework because of keyword search popularity and the confusion between the two words. It has a very minimal codebase, which was written with ES6/ES7 (yes, it uses the new Async/Await syntax!) – and it was structured according to some loose thoughts on an MVC approach.

SPA Framework

Glazed does not use single page app ("SPA") client-side library, and does not use any special client-side framework by default (other than jQuery; though it can easily be changed to a SPA). The reason it does not use a SPA library, such as React or Angular, is because most (probably?) of software as a service start-ups (and API's in general) don't need something this fancy to start (API's don't even need a SPA). Using SPA frameworks will and have made proving the viability of an idea take even longer than it already should. Instead, Glazed uses the extremely powerful and fast rendering template language called Nunjucks. In order to render it with Koa, we use koa-nunjucks-promise.

Fake Grimlock

Before diving into the structure and how it works, it is important to share that Glazed is highly opinionated and may not be for you. If you are not comfortable or do not agree with the ideas shared in these articles, then perhaps you should not read any further into Glazed, and close this browser tab.

  1. Rapid MVP Standards by @niftylettuce
  2. Frameworks don't make much sense by @pkrumins
  3. Do Things that Don't Scale by @paulg

Showcase

Did you ship a project with Glazed? File an issue and we'll include it!.

To get you excited about using Glazed, here are projects built with it in less than a week each:

Its parent framework "Eskimo" was used to ship some very cool projects too!

App Structure

Glazed is loosely-based on MVC design, and it has the following structure (tree output below):

.
├── History.md
├── LICENSE
├── Readme.md
├── VERSION
├── gulpfile.babel.js
├── package.json
├── .env.example
├── src
│   ├── app
│   │   ├── controllers
│   │   │   ├── app
│   │   │   │   └── index.js
│   │   │   └── index.js
│   │   ├── models
│   │   │   ├── plugins
│   │   │   │   └── common.js
│   │   │   └── user.js
│   │   └── views
│   │       ├── 404.html
│   │       ├── 500.html
│   │       ├── _footer.html
│   │       ├── _nav.html
│   │       ├── about.html
│   │       ├── admin.html
│   │       ├── home.html
│   │       ├── layout.html
│   │       └── my-account.html
│   ├── assets
│   │   ├── browserconfig.xml
│   │   ├── css
│   │   │   ├── _variables.scss
│   │   │   └── app.scss
│   │   ├── favicon.ico
│   │   ├── fonts
│   │   ├── img
│   │   │   ├── android-chrome-144x144.png
│   │   │   ├── android-chrome-192x192.png
│   │   │   ├── android-chrome-36x36.png
│   │   │   ├── android-chrome-48x48.png
│   │   │   ├── android-chrome-72x72.png
│   │   │   ├── android-chrome-96x96.png
│   │   │   ├── apple-touch-icon-114x114.png
│   │   │   ├── apple-touch-icon-120x120.png
│   │   │   ├── apple-touch-icon-144x144.png
│   │   │   ├── apple-touch-icon-152x152.png
│   │   │   ├── apple-touch-icon-180x180.png
│   │   │   ├── apple-touch-icon-57x57.png
│   │   │   ├── apple-touch-icon-60x60.png
│   │   │   ├── apple-touch-icon-72x72.png
│   │   │   ├── apple-touch-icon-76x76.png
│   │   │   ├── apple-touch-icon-precomposed.png
│   │   │   ├── apple-touch-icon.png
│   │   │   ├── favicon-16x16.png
│   │   │   ├── favicon-194x194.png
│   │   │   ├── favicon-32x32.png
│   │   │   ├── favicon-96x96.png
│   │   │   ├── mstile-144x144.png
│   │   │   ├── mstile-150x150.png
│   │   │   ├── mstile-310x150.png
│   │   │   ├── mstile-310x310.png
│   │   │   ├── mstile-70x70.png
│   │   │   └── safari-pinned-tab.svg
│   │   ├── js
│   │   │   └── flash.js
│   │   └── manifest.json
│   ├── config
│   │   ├── environments
│   │   │   ├── development.js
│   │   │   ├── index.js
│   │   │   ├── production.js
│   │   │   ├── staging.js
│   │   │   └── test.js
│   │   └── index.js
│   ├── helpers
│   │   ├── dynamic-view-helpers.js
│   │   ├── error-handler.js
│   │   ├── index.js
│   │   ├── passport.js
│   │   ├── policies.js
│   │   ├── render-page.js
│   │   └── sentry.js
│   ├── index.js
│   └── routes
│       └── index.js
└── test
    ├── mocha.opts
    ├── support
    │   └── index.js
    └── unit
        └── server.test.js

Back-end with Koa + Async/Await

We use Koa for the back-end, and if you previously used Express, you might want to understand the differences; see this article.

To rid of callback hell, we use a new JavaScript language feature called Async/Await.

For example, here are two blocks of code that compare before and after...

This is how one might write a Mongoose save with callbacks:

// find the user that belongs to the @glazed organization
// and make their user group have "admin" status
function updateUser(req, res, next) {
  Users.findOne({ org: 'glazed' }, function(err, user) {
    if (err) return next(err);
    if (!user) return next(new Error('User does not exist'));
    user.group = 'admin';
    user.save(function(err, user) {
      if (err) return next(err);
      res.json(user);
    });
  });
}

This is how one might write a Mongoose save with Async/Await:

// find the user that belongs to the @glazed organization
// and make their user group have "admin" status
static async updateUser(ctx) {
  let user = await User.findOne({ org: 'glazed' });
  user.group = 'admin';
  ctx.body = await user.save();
}

Glazed has custom built-in error handling – so actually you don't even need to wrap the Async/Await function with a try {} catch (e) {} statement – but be careful, because in other cases you might want to!

Other scenarios where Async/Await is resourceful:

Front-end with jQuery + Bootstrap

By default, the latest Bootstrap version 4 alpha is used (it uses SCSS for its CSS pre-processor).

However, you can swap out Bootstrap to another version, or entirely for something else. You can also switch SCSS to use LESS or plain CSS.

Also included are the front-end packages jQuery and Sweetalert.

You don't need Bower anymore, since you can simply import libraries through our Browserify setup!

Job Scheduler

Job scheduling is built on top of Agenda. See the src/agenda.js file and also src/jobs folder for how it works and is set up.

There is one sample job scheduler built-in, which is in the post('save') hook for when a user is created. The user gets a welcome email.

You can see the content and template of the email in the src/emails/welcome folder. Emails are sent using Postmark and the package email-templates.

Database & ORM

MongoDB and Mongoose are built in, but you can swap them out with your preferred database and ORM glue. If you need help setting up Postgres and Bookshelf, then we suggest you to change your mind! It will slow you down – but if you insist, we can put you in the right direction.

To better beautify validation error messages we use mongoose-beautiful-unique-validation

To enhance security and allow you to have selective JSON output from query results (e.g. never return a user's refresh_token, access_token, hash, or password fields) we use mongoose-json-select.

We automatically strip the default provided tokens/hash/password fields from JSON output, don't worry! See the default user model in app/models/user.js for insight.

Sessions & Auth

Redis and Passport are used for session storage and authentication.

Out of the box, we provide (2) means of authentication for restricted routes:

  1. Google OAuth Strategy - uses passport-google-oauth (your users can "Log in with Google")
  2. Glazed API token - an api_token field is populated for each user in the database after their first log-in, and this can be passed as the user in user:pass with BasicAuth headers – password is blank for simplicity). This is very useful for API access if you are building an iOS/Android or client-side focused app. See the API Example below for more information on this and how to test it out.

If you need to add additional strategies, you can literally clone the Google Strategy code and use another passport package for your auth provider. Don't be afraid to join our Slack channel and ask us for help!

API Example

Using the user's api_token field value (which is automatically generated upon user creation, see src/app/models/user.js), you can pass the test of the policy Policies.ensureApiToken.

For example, we have one restricted route built into Glazed, which is GET /v1/users.

As a test, try to sign in with Google OAuth at http://localhost:3000 once you start up the app.

Then, you can load the MongoDB cli with mongo and run the command use glazed_development and then db.users.findOne().api_token to get the value of the API token.

Take this value, and run the following curl command using it (replace it into where it says <apitoken> below:

curl -u "<apitoken>:" http://localhost:3000/v1/users

This should output a JSON response like the following:

{
  "id": "578ee8af0d1f58b77a4f9ad7",
  "updated_at": "2016-07-20T02:57:51.099Z",
  "created_at": "2016-07-20T02:57:51.000Z",
  "object": "user",
  "display_name": "Nick Baugh",
  "given_name": "Nick",
  "family_name": "Baugh",
  "google_profile_id": "105518868040745239689",
  "avatar_url": "https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/photo.jpg"
}

Security

With respect to security, we support the following out of the box:

Helpers

Glazed uses the following helper libraries:

glazed-logo-xs Why should I use it?

Best Practices

Latest Standards

LiveReload Built-in

Through koa-livereload and gulp-livereload your assets automatically reload as you continually change and save them.

This means you can have your editor open and a browser tab opened to your app at http://localhost:3000/ – of course you need to be running the app with gulp watch – and your changes appear in real-time! Yes, we know this is not new technology, but not many other frameworks had this built-in (at least the right way with gulp).

For example, if you make the following change to your stylesheet file and save it...

body {
-  background-color: red;
+  background-color: hotpink;
}

... then your background color on the browser tab will instantly change to hot pink.

Production Ready

Glazed comes with a robust and well-tested Gulpfile (written with Babel!). Check it out here.

What's a Gulpfile? You can read about Gulp here – but it's basically a file that has a series of build tasks defined (e.g. it's very similar to a Makefile).

In a production environment, your app's assets will be minified, compressed, gzipped, revision hashed, and uploaded to Amazon S3 and CloudFront for load balancing. To do this, we use the packages koa-manifest-rev and gulp-rev, with plugins that include:

This is the de-facto standard for hosting images, fonts, scripts, and assets in general – and it is managed properly in Glazed using asset revisioning. For example, your file named glazed-logo.png will become glazed-logo-0775041dd4.png in production (you don't have to worry about cache busting!).

Not only that, but your files will be linted and they come with sourcemaps too!

To build and publish to AWS for production, follow these simple steps:

NODE_ENV=production gulp build
NODE_ENV=production gulp publish

You can test it out with NODE_ENV=production node app.

Cross-browser Compatibility

Chrome Android Safari Internet Explorer Opera Android

Is this cross-browser compatible? Yes, 100%! What about all of your ES6/ES7 code? Yes, 100%.

However, if you stick with the default v4 Bootstrap CSS framework – it only supports IE9+ and iOS 7+.

All of your code is converted to browser-friendly ES5 vanilla JavaScript (using Browserify and Babelify)...so it's cross-browser compatible!

This means both your server-side and client-side code is built to the ./lib/ folder with ES5 syntax when the Gulpfile is run with gulp build. You never have to worry about passing some --harmony flag either to run your app. The idea here is that you can focus on writing clean, short bits of code – and never have to worry about how it runs.

Built-in User Group Permissioning

By default, all users are assigned to the "user" group. This group is defined in the user model under app/models/user.js per the property 'group'`.

This approach was inspired by classic Linux-based user-group permissioning.

We've also added a default policy helper to detect whether or not a user an admin, which you can add as a middleware before your controller logic.

For example, if you want to restrict access to all /admin routes, you can add this simple middleware:

router.all('/admin*', policies.ensureAdmin);

This simple middleware is automatically added by default for you.

If you'd like to grant yourself admin access to the /admin routes, then you can run this script (replace with your email address and database name):

mongo glazed_development --eval 'printjson(db.users.update({ email: "niftylettuce@gmail.com" }, { $set: { group: "admin" }}));'

Search Engine Indexing

Since we don't use a SPA, you don't have to worry about rendering SEO-friendly content! What you see in the browser is what the search engine crawler sees ("WYSIWTSEC" or something... haha)!

By default, we provide a simple to use configuration file that allows you to swap in page titles and descriptions for a majority of your routes.

For anything complex, you can customize them yourself by passing local variables title and description to views.

We didn't build in structured open graph tags as a default to edit, since we figure you can customize to your own.

With this setup, we have climbed to #1 on Google for various keywords, easily. Of course, you need great content and traffic!

In order to prevent duplicate content, we have added a plugin that removes trailing slashes from URL's, so /home/ will 301 redirect to /home automatically.

l18n Localization

We built-in international localization/translation support!

See the following files for an understanding of how it works:

Yes, you can customize this for international localization. But we didn't build this in by default. We're just letting you know we thought of it. If you want recommendations on services to use for this and how to integrate, then join our Slack and ask us!

Performance

For performance, you should always use the lean() method while writing your Mongoose queries.

You should also never use Mongoose hooks, virtuals, or the populate method.

If you need to asynchronously populate or waterfall chain population of database references, we suggest to use the $lookup operator or use Async/Await syntax to keep it clean. For an example of how to write a populate() method with $lookup, see this GitHub issue.

We've also included these libraries to help with performance:

Other than that, you just need to increase your server storage/bandwidth/memory/swap, add load balancing, and/or use PM2's clustering mode – and you should be able to support thousands of users. Horizontal scaling!

Check out the deployment section below for how a production environment and deployment process should be configured.

glazed-logo-xs How do I use it?

Requirements

You'll need to have the following installed on your operating system (we provide instructions below):

We also recommend that you install our preferred tools as well!

Mac OS X

  1. Install Brew:

    /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
  2. Install NVM:

    curl -o- https://raw.githubusercontent.com/creationix/nvm/master/install.sh | bash
    source ~/.bashrc
  3. Install Node with NVM:

    nvm install v6.0.0
    nvm alias default v6.0.0
  4. Install MongoDB (and make sure you read the line about launchctl after you hit ENTER):

    brew install mongo
  5. Install Redis (and make sure you read the line about launchctl after you hit ENTER):

    brew install redis

Ubuntu

  1. Install NVM:

    curl -o- https://raw.githubusercontent.com/creationix/nvm/master/install.sh | bash
    source ~/.bashrc
  2. Install Node with NVM:

    nvm install v6.0.0
    nvm alias default v6.0.0
  3. Install MongoDB:

    sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
    echo "deb http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list
    sudo apt-get update
    sudo apt-get install -y mongodb-org
    service mongod status
  4. Install Redis:

    sudo add-apt-repository ppa:chris-lea/redis-server
    sudo apt-get update
    sudo apt-get install redis-server
    redis-benchmark -q -n 1000 -c 10 -P 5
    source ~/.profile

Windows

We do not support Windows, so please use VirtualBox or Vagrant instead with Ubuntu or Linux Mint.

Installation

It's simple; there is no CLI, and you don't need to install anything with NPM. You just use git!

You have two choices for installation:

  1. You can fork this repository by clicking the "fork" icon at the top of this page (then you will need to git clone your fork locally).
  2. Or you can mirror this repository by following GitHub's instructions here. If you mirror this repository, it won't appear on your GitHub as a "forked" repository (but you can still get updates).

Configuration

How does configuration work?

We make configuration easy through a file called .env file using dotenv.

However, you'll need to modify it slightly for your own. Let's dive into how it works!

Configuration is managed by the following:

Precedence is taken by the environment configuration files, environment variables, then the .env file.

Basically dotenv won't set an environment variable if it already detects it was passed as an environment variable.

Take a look in the src/config folder contents and also at the default .env.example file.

We've provided a default file called .env.example, which you will need to rename to .env and customize yourself.

How do I configure my app to boot?

In order to set-up defaults needed for Glazed app to boot, please follow these instructions:

  1. Rename the file .env.example to .env
  2. Go to https://console.developers.google.com – Create a project (and fill out your project information – if you need a 120x120px default image, you can use this one)
  3. Under your newly created project, go to Credentials – Create credentials – OAuth client ID – Web application
  4. Set "Authorized JavaScript origins" to http://yourdomain.com (replace with your domain) and also http://localhost:3000 (for local development)
  5. Set "Authorized redirect URIs" to http://yourdomain.com/login/ok (again, replace with your domain) and also http://localhost:3000/login/ok (again, for local development)
  6. Copy and paste the newly created key pair for respective properties in your .env file (example below)

    -GOOGLE_CLIENT_ID=
    +GOOGLE_CLIENT_ID=424623312719-73vn8vb4tmh8nht96q7vdbn3mc9pd63a.apps.googleusercontent.com
    -GOOGLE_CLIENT_SECRET=
    +GOOGLE_CLIENT_SECRET=Oys6WrHleTOksqXTbEY_yi07
  7. Go to https://console.aws.amazon.com/iam/home#security_credential &dash; Access Keys – Create New Access Key

  8. Copy and paste the newly created key pair for respective properties in your .env file (example below)

    -AWS_IAM_KEY=
    +AWS_IAM_KEY=AKIAJMH22P6W674YFC7Q
    -AWS_IAM_SECRET=
    +AWS_IAM_SECRET=9MpR1FOXwPEtPlrlU5WbHjnz2KDcKWSUcB+C5CpS
  9. Enable your API by clicking on Overview and then clicking the Enable button

  10. Go to https://console.aws.amazon.com/s3/home – Create Bucket
  11. Create a bucket and copy/paste its name for the property in .env (example below)

    -AWS_S3_BUCKET=
    +AWS_S3_BUCKET=glazed-development
  12. Go to https://console.aws.amazon.com/cloudfront/home – Create Distribution – Get Started

  13. Set "Origin Domain Name" equal to your S3 bucket name (their autocomplete drop-down will help you find it)
  14. Leave the remaining defaults as is (some fields might be blank, this is OK)
  15. Copy/paste the newly created Distribution ID and Domain Name for respective properties in your .env file (example below)

    -AWS_CF_DI=
    +AWS_CF_DI=E2IBEULE9QOPVE
    -AWS_CF_DOMAIN=
    +AWS_CF_DOMAIN=d36aditw73gdrz.cloudfront.net
  16. You can customize the favicon and touch icons – just generate a new set at https://realfavicongenerator.net and overwrite the existing in the src/assets/ folder. Just make sure that the paths match up in the src/assets/browserconfig.xml and src/assets/manifest.json files.

That's it!

Development

You should have Glazed installed and configured by now.

  1. Change directories to where you installed Glazed:

    cd /path/to/glazed/
  2. Install NPM dependencies:

    npm install
  3. Run the watch script:

    npm run watch

The watch script will automatically open a browser tab for you (with LiveReload enabled!).

Deployment

Automated Continuous Integration Deployment Setup

We've written a comprehensive tutorial for deployment, continuous integration, and how to automate everything – you can read the article here.

If you're just interested in what tools/services we recommend, then here is a brief list:

1 Baked into Glazed by default – you just need to provide credentials in the configuration step
2 You can get $10 free credit for signing up by clicking our referral link above
3 We include SIGTERM listener for graceful reloading, see src/index.js for more insight
4 You can send 150,000 free credits transactional emails if you're bootstrapped and DMARC compliant
5 You can get $100 free credit for signing up by clicking our referral link above

Advice

The only way to ship code faster is to respect these three points:

  1. Use as many tools as possible to automate your workflow.
  2. Understand that good coders code, and great reuse.
  3. Avoid anti-patterns and context-switching habits – you will easily stay focused!

Tools

Here is a brief list of recommended tools used to ship rapidly developed MVP's:

glazed-logo-xs Is there a book on Glazed?

Yes, there is a book (coming soon) called Rapid MVP's. It comes with Markdown, HTML, and PDF versions, and also accompanying source code AND screencasts! The author @niftylettuce is self-publishing, and goes in-depth to show you how to build rapid MVP's. The book will include a "How It's Made" for at least two of his new (and hopefully profitable) side-projects.

It is available for early bird pre-order right now at https://rapidmvp.com! Even if you don't buy the book, you can still get free/inspirational behind the scenes tips, tutorials, and videos! And a sticker!

Get a FREE GLAZED STICKER mailed to you: https://rapidmvp.com (no pre-order required)

glazed-logo-xs Can I get help?

Join us in Slack

Join us in Slack. Still need help? File an issue.

glazed-logo-xs How do I get updates?

We provide updates to this repository and a detailed changelog, which you can then add/merge into your project. You will need to "star" and "watch" this repository to stay active. We don't have an automated update system or a Google Group (and do not plan to). It is your duty as a Rapid MVP developer to stay updated. Lastly, it's a necessity that you join us on Slack to stay in the loop!

You can also follow us on Twitter here:

glazed-logo-xs Who built it?

Glazed v1.0.0 was released in May 2016 by @niftylettuce.

It is a modernized derivative of his project "Eskimo" (a derivative of "Expressling").

glazed-logo-xs Can we hire @glazed?

Of course! Please email Niftylettuce LLC at niftylettuce@gmail.com to get in touch with a developer team fit for your project. Even if we can't find someone for you, we'd love to help put you in the right direction. We recommend to join us in Slack first!

glazed-logo-xs License