appy-backend 正在参加 2021 年度 OSC 中国开源项目评选,请投票支持!
appy-backend 在 2021 年度 OSC 中国开源项目评选 中已获得 {{ projectVoteCount }} 票,请投票支持!
2021 年度 OSC 中国开源项目评选 正在火热进行中,快来投票支持你喜欢的开源项目!
2021 年度 OSC 中国开源项目评选 >>> 中场回顾
appy-backend 获得 2021 年度 OSC 中国开源项目评选「最佳人气项目」 !
授权协议 MIT License
开发语言 JavaScript
操作系统 跨平台
软件类型 开源软件
所属分类 Web应用开发Web框架
地区 不详
投 递 者 首席测试
适用人群 未知
收录时间 2021-11-30


appy logo

A user system leveraging rest-hapi to bootstrap your app.

appy-backend is the server portion of the appy project. It provides a boilerplate user system that leverages the powerful rest-hapi API generator. Inspired by the frame user system, the goal of appy-backend is to provide an easy to use user API that is also capable of supporting a wide range of applications. appy-backend is a great resource for starting almost any app. By leveraging rest-hapi, adding new endpoints is as simple as defining a new model, and model associations are a snap. Bootstrapping your app has never been easier!


  • Registration and account activation flows
  • Login system with forgot password and reset password
  • Social login
  • Abusive login attempt detection
  • User permissions based on roles and groups
  • Three optional authentication strategies
  • Websocket chat via @hapi/nes
  • File upload api
  • Endpoint validation and query support
  • Swagger docs for easy endpoint access


appy-backend implements a hapi framework server. appy-backend's RESTful API endpoints are generated through rest-hapi, which means models are based off of mongoose and data is stored in MongoDB.


View the swagger docs for the live demo:

Starting appy-backend


Logging in


GET /users


Filter Query and Populate Relationship


Readme contents


Just Docker


You need Node.js installed (>=12.14.1) and you'll need MongoDB installed and running.

Back to top

Getting Started

Download from GitHub:

$ git clone
$ cd appy-backend


Using Docker

None required.

Without Docker

$ npm install

Back to top


appy configuration follows frame's configuration flow:

Simply edit config/index.js. The configuration uses confidence which makes it easy to manage configuration settings across environments. Don't store secrets in this file or commit them to your repository.

Instead, access secrets via environment variables. We use dotenv to help make setting local environment variables easy (not to be used in production).

Using Docker

Simply copy .env-docker-sample to .env-docker and edit as needed. Don't commit .env-docker to your repository.

Without Docker

Simply copy .env-sample to .env and edit as needed. Don't commit .env to your repository.

First time setup

WARNING: This will clear all data in the MongoDB database defined in restHapiConfig.mongo.URI (default mongodb://localhost/appy).

If you would like to seed your database with some data, run:

Using Docker

$ sh

Without Docker

$ npm run seed

NOTE: The password for all seed users is root.

Back to top

Running appy-backend

To quickly run the app locally, simply run:

Using Docker

$ sh

Without Docker

$ npm start

Once the app is running point your browser to http://localhost:8080/ to view the Swagger docs.

Back to top


For detailed explanations on many of the topics covered in this readme, including authentication, authorization, and logging in and testing endpoints, please refer to the wiki pages.

Back to top

Swagger documentation

Swagger documentation is automatically generated for all endpoints and can be viewed by pointing a browser at the server URL. By default this will be http://localhost:8080/. The swagger docs provide quick access to testing your endpoints along with model schema descriptions and query options.

Back to top


There are three optional authentication strategies in appy and each make use of javascript web tokens (JWT) and the hapi-auth-jwt2 scheme. The three strategies are:

  1. Standard token
  2. Session
  3. Session with refresh token

The strategy used is determined by the restHapiConfig.authStrategy config property.

For a more in-depth description of these strategies, please view the wiki.

Back to top


Authorization in appy is enforced via the hapi scope endpoint property. Endpoints generated through rest-hapi come prepopulated with scope values. See the rest-hapi docs for more info.

User scope values are populated based on appy's permission system. User's gain permissions based on three associations:

  1. User defined permissions
  2. Group defined permissions
  3. Role defined permissions

Users must belong to at least one role and can belong to multiple groups. Each permission association carries with it a state property that can be set to Included, Excluded, or Forbidden. This property allows permissions to override each other based on priority. User permissions have the highest priority, followed by Group permissions and lastly Role permissions:


This allows easy and specific configuration of user endpoint access. In general, a user will gain the majority of it's permissions through it's role. Those permissions will be further defined by any groups the user belongs to. Finally a user might have a few specific permissions assigned directly to them. A user's scope final scope is a combination of the user's role, groups, and effective permissions. See below for an example:

User: '' Role: 'Admin' Role Permissions:

  { name:'readUser', state:'Included' },
  { name:'updateUser', state:'Included' },
  { name:'addUserPermissions', state:'Included' },
  { name:'removeUserPermissions', state:'Included' }

User's Groups: ['Managers'] Group Permissions:

  { name:'updateUser', state:'Excluded' },

User Permissions:

  { name:'removeUserPermissions', state:'Excluded' },

Final User Scope:


For a more in-depth description of authorization within appy, please view the wiki

Back to top



Back to top


If you have any questions/issues/feature requests, please feel free to open an issue. We'd love to hear from you!

Back to top


Please reference the contributing doc:

Back to top


We hope you enjoy appy-backend!



评论 (0)

2013/10/16 19:10


typedef struct backend_tag Backend; struct backend_tag { const char *(*init) (void *frontend_handle, void **backend_handle, Conf *conf, char *host, int port, char **realhost, int nodelay, int keepalive); void (*free) (void *handle); /* back->reconfig() passes in a replacement configuration. */ void (*reconfig) (void *handle, Conf *conf); /* back->send() returns the current amount of buffered da...

2019/12/03 13:58

Backend cache is always enabled

Created by Wang, Jerry on Sep 21, 2015 本文分享 CSDN - 汪子熙。 如有侵权,请联系 删除。 本文参与“OSC源创计划”,欢迎正在阅读的你也加入,一起分享。

0 评论
0 收藏