the force awakens

.env-sample

@@ -0,0 +1 @@
+SMTP_PASSWORD=secret

.gitignore

@@ -1,3 +1,3 @@
 node_modules/*
 test/artifacts/*
-/config.js
+.env

.travis.yml

@@ -1,15 +1,14 @@
+sudo: false
 language: node_js
 node_js:
   - "6"
 services:
   - mongodb
 env:
-  - NODE_ENV=test CC=clang CXX=clang++ npm_config_clang=1
-before_install:
-  - "sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10"
-  - "echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list"
-  - "sudo apt-get update"
-  - "sudo apt-get install mongodb-org-server"
-before_script:
-  - "until nc -z localhost 27017; do echo Waiting for MongoDB; sleep 1; done"
-  - npm run setup
+  - NODE_ENV=test CXX=g++-4.8
+addons:
+  apt:
+    sources:
+      - ubuntu-toolchain-r-test
+    packages:
+      - g++-4.8

Procfile

@@ -0,0 +1 @@
+web: node server.js

README.md

@@ -1,41 +1,50 @@
 # Frame
 
-A user system API for Node.js. Bring your own front-end.
+A user system API starter. Bring your own front-end.
 
 [![Build Status](https://travis-ci.org/jedireza/frame.svg?branch=master)](https://travis-ci.org/jedireza/frame)
 [![Dependency Status](https://david-dm.org/jedireza/frame.svg?style=flat)](https://david-dm.org/jedireza/frame)
 [![devDependency Status](https://david-dm.org/jedireza/frame/dev-status.svg?style=flat)](https://david-dm.org/jedireza/frame#info=devDependencies)
 
 
+## Features
+
+ - Login system with forgot password and reset password
+ - Abusive login attempt detection
+ - User roles for accounts and admins
+ - Admins only notes and status history for accounts
+ - Admin groups with shared permissions
+ - Admin level permissions that override group permissions
+
+
 ## Technology
 
-__Primary goal:__ include as few dependencies as possible
+Frame is built with the [hapi](https://hapijs.com/) framework. We're
+using [MongoDB](http://www.mongodb.org/) as a data store.
+
 
-Frame is built with the [hapi.js framework](https://github.com/hapijs/hapi) and
-[toolset](https://github.com/hapijs). We're using
-[MongoDB](https://github.com/mongodb/node-mongodb-native/) as a data store. We
-also use [Nodemailer](https://github.com/andris9/Nodemailer) for email
-transport.
+## Bring your own front-end
+
+Frame is only a restful JSON API. If you'd like a ready made front-end,
+checkout [Aqua](https://github.com/jedireza/aqua). Or better yet, fork
+this repo and build one on top of Frame.
 
 
 ## Live demo
 
-| endpoint                                                                 | username | password |
-|:------------------------------------------------------------------------ |:-------- |:-------- |
-| [https://hapiframe.herokuapp.com/](https://hapiframe.herokuapp.com/docs) | root     | root     |
+| url                                                                        | username | password |
+|:-------------------------------------------------------------------------- |:-------- |:-------- |
+| [https://getframe.herokuapp.com/](https://getframe.herokuapp.com/)         | root     | root     |
+| [https://getframe.herokuapp.com/docs](https://getframe.herokuapp.com/docs) | ----     | ----     |
 
 [Postman](http://www.getpostman.com/) is a great tool for testing and
 developing APIs. See the wiki for details on [how to
 login](https://github.com/jedireza/frame/wiki/How-to-login).
 
-__Note:__ The live demo has been modified so you cannot change the root user,
-the root user's linked admin role or the root admin group. This was done in
-order to keep the API ready to use at all times.
-
 
 ## Requirements
 
-You need [Node.js](http://nodejs.org/download/) and
+You need [Node.js](http://nodejs.org/download/) installed and you'll need
 [MongoDB](http://www.mongodb.org/downloads) installed and running.
 
 We use [`bcrypt`](https://github.com/ncb000gt/node.bcrypt.js) for hashing
@@ -47,32 +56,42 @@ page](https://github.com/jedireza/frame/wiki/bcrypt-Installation-Trouble).
 ## Installation
 
 ```bash
-$ git clone [email protected]:jedireza/frame.git && cd ./frame
+$ git clone [email protected]:jedireza/frame.git
+$ cd frame
 $ npm install
 ```
 
 
-## Setup
+## Configuration
+
+Simply edit `config.js`. The configuration uses
+[`confidence`](https://github.com/hapijs/confidence) which makes it easy to
+manage configuration settings across environments. __Don't store secrets in
+this file or commit them to your repository.__
+
+__Instead, access secrets via environment variables.__ We use
+[`dotenv`](https://github.com/motdotla/dotenv) to help make setting local
+environment variables easy (not to be used in production).
+
+Simply copy `.env-sample` to `.env` and edit as needed. __Don't commit `.env`
+to your repository.__
 
-__WARNING:__ This will clear all data in existing `users`, `admins` and
-`adminGroups` MongoDB collections. It will also overwrite `/config.js` if one
-exists.
+
+## First time setup
+
+__WARNING__: This will clear all data in the following MongoDB collections if
+they exist: `accounts`, `adminGroups`, `admins`, `authAttempts`, `sessions`,
+`statuses`, and `users`.
 
 ```bash
-$ npm run setup
+$ npm run first-time-setup
 
-# > [email protected] setup /Users/jedireza/projects/frame
-# > ./setup.js
+# > [email protected] first-time-setup /home/jedireza/projects/frame
+# > node first-time-setup.js
 
-# Project name: (Frame)
 # MongoDB URL: (mongodb://localhost:27017/frame)
 # Root user email: [email protected]
 # Root user password:
-# System email: ([email protected])
-# SMTP host: (smtp.gmail.com)
-# SMTP port: (465)
-# SMTP username: ([email protected])
-# SMTP password:
 # Setup complete.
 ```
 
@@ -85,73 +104,50 @@ $ npm start
 # > [email protected] start /Users/jedireza/projects/frame
 # > ./node_modules/nodemon/bin/nodemon.js -e js,md server
 
-# 20 Sep 03:47:15 - [nodemon] v1.2.1
-# 20 Sep 03:47:15 - [nodemon] to restart at any time, enter `rs`
-# 20 Sep 03:47:15 - [nodemon] watching: *.*
-# 20 Sep 03:47:15 - [nodemon] starting `node server index.js`
-# Started the plot device.
+# 09 Sep 03:47:15 - [nodemon] v1.10.2
+# ...
 ```
 
-This will start the app using [`nodemon`](https://github.com/remy/nodemon).
-`nodemon` will watch for changes and restart the app as needed.
+Now you should be able to point your browser to http://127.0.0.1:9000/ and
+see the welcome message.
 
+[`nodemon`](https://github.com/remy/nodemon) watches for changes in server
+code and restarts the app automatically.
 
-## Philosophy
+We also pass the `--inspect` flag to Node so you have a debugger available.
+Watch the output of `$ npm start` and look for the debugging URL and open it in
+Chrome. It looks something like this:
 
- - Create a user system API
- - Don't include a front-end
- - Follow the [hapi coding conventions](http://hapijs.com/styleguide)
- - 100% test coverage
- - It's just JavaScript
+`chrome-devtools://devtools/remote/serve_file/@62cd277117e6f8ec53e31b1be58290a6f7ab42ef/inspector.html?experiments=true&v8only=true&ws=localhost:9229/node`
 
 
-## Features
+## Running in production
 
- - Login system with forgot password and reset password
- - Abusive login attempt detection
- - User roles for accounts and admins
- - Facilities for notes and status updates
- - Admin groups with shared permissions
- - Admin level permissions that override group permissions
+```bash
+$ node server.js
+```
 
+Unlike `$ npm start` this doesn't watch for file changes. Also be sure to
+set the `NODE_ENV` environment variable to `production`.
 
-## Questions and contributing
 
-Any issues or questions (no matter how basic), open an issue. Please take the
-initiative to include basic debugging information like operating system
-and relevant version details such as:
+## Have a question?
 
-```bash
-$ npm version
-
-# { http_parser: '1.0',
-#   node: '0.10.29',
-#   v8: '3.14.5.9',
-#   ares: '1.9.0-DEV',
-#   uv: '0.10.27',
-#   zlib: '1.2.3',
-#   modules: '11',
-#   openssl: '1.0.1h',
-#   npm: '1.4.20',
-#   frame: '0.0.0' }
-```
+Any issues or questions (no matter how basic), open an issue. Please take the
+initiative to read relevant documentation and be pro-active with debugging.
 
-Contributions welcome. Your code should:
 
- - include 100% test coverage
- - follow the [hapi.js coding conventions](http://hapijs.com/styleguide)
+## Want to contribute?
 
-If you're changing something non-trivial, you may want to submit an issue
-first.
+Contributions are welcome. If you're changing something non-trivial, you may
+want to submit an issue before creating a large pull request.
 
 
 ## Running tests
 
-[Lab](https://github.com/hapijs/lab) is part of the hapi.js toolset and what we
+[Lab](https://github.com/hapijs/lab) is part of the hapi ecosystem and what we
 use to write all of our tests.
 
-For command line output:
-
 ```bash
 $ npm test
 
@@ -163,31 +159,20 @@ $ npm test
 # ..................................................
 # ..................................................
 # ..................................................
-# .............................
+# ........
 
-# 249 tests complete
-# Test duration: 4628 ms
+# 258 tests complete
+# Test duration: 2398 ms
 # No global variable leaks detected
 # Coverage: 100.00%
+# Linting results: No issues
 ```
 
-With html code coverage report:
-
-```bash
-$ npm run test-cover
-
-# > [email protected] test-cover /Users/jedireza/projects/frame
-# > ./node_modules/lab/bin/lab -c -r html -o ./test/artifacts/coverage.html && open ./test/artifacts/coverage.html
-```
-
-This will run the tests and open a web browser to the visual code coverage
-artifacts. The generated source can be found in `/tests/artifacts/coverage.html`.
-
-
 ## License
 
 MIT
 
+
 ## Don't forget
 
 What you build with Frame is more important than Frame.