- To start off, go to the
apifolder withcd apiand runpython3 -m venv venv, which creates a virtual environment. - Activate the virtual environment by running
. ./venv/bin/activate - Install python dependencies by running
pip3 install -r requirements.txt - Go back to the root directory by running
cd .., and install JavaScript dependencies withnpm install
Before running the application, you'll need to set configuration variables in the api/config/config.json
| Variable | Description |
|---|---|
| PRODUCTION | A boolean representing whether or not the application is in production |
| ELASTICSEARCH_URL | The URL for the ElasticSearch instance hosting the processed JSON documents, this URL should not contain http:// or https://, just the domain URL itself |
| ELASTICSEARCH_INDEX | The main index the where the processed JSON documents are stored |
| ELASTICSEARCH_REGION | The region in which the ElasticSearch server is running |
| JWT_TOKEN_LOCATION | Where to look for a JWT when processing a request. See JWT docs for more information |
| JWT_COOKIE_SECURE | If the secure flag should be set on your JWT cookies. See JWT docs for more information |
| JWT_COOKIE_CSRF_PROTECT | Enable/disable CSRF protection when using cookies. See JWT docs for more information |
| JWT_SECRET_KEY | The secret key needed for symmetric based signing algorithms. See JWT docs for more information |
| JWT_ACCESS_TOKEN_EXPIRES | How long an access token should live before it expires (in seconds). See JWT docs for more information |
| AWS_ACCESS_KEY | The AWS access key for the entire application |
| AWS_SECRET_KEY | The AWS secret key for the entire application |
| AWS_USER_BUCKET | The name of the bucket the application should use to store user information |
| DEFAULT_ADMIN_USER | The username for the default admin account created when the app starts and no admin account already exists |
| DEFAULT_ADMIN_PASS | The password for the default admin account created when the app starts and no admin account already exists |
The application comes with webpack-dev-server, which makes it easier to test the UI. When using webpack-dev-server for the front-end, requests to the RESTFUL /auth and /api endpoints need to be proxied, as such requests can only be handled by the Flask server. Thankfully, webpack-dev-server takes care of this. If you choose to run the Flask application on a different port, be sure to change the proxy port for dev-server in /config/webpack.config.js
While this works great for testing, not all of the authentication features can be fully used when the application is being served from webpack-dev-server, because front-end endpoints cannot be protected. Sensitive backend requests will still require login, but no redirects will be made when a user accesses a page they shouldn't.
- Open two seperate terminal tabs
- Run
npm run apiin one tab, which will start the Flask backend - Run
npm run dev-serverin the other tab, which will start webpack-dev-server. It will take around a minute to compile on the first request, but this is to be expected.
Instead of using webpack-dev-server in production, we precompile the frontend using webpack.
- Run
npm run build. Wait for this to finish running and confirm that the frontend has compiled - Run
npm run api, which will handle both serving the frontend and backend API and authentication requests