Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

JavaScript

Looking for a practical approach to building an Admin section in Node.js / Express.js

So this is a massive question and I have been combing through the internet to find such things / attempting to deconstruct already existing CMS' like Keystone.js and Enduro.js. I will be using Express.js and MongoDB as a database (connecting with Mongoose ODM).

All in all, I have my reasoning for building a custom CMS and I have laid out all the schema's I will need for the site but for some reason, creating a secure admin is evading me. Maybe I am overcomplicating it.

So my questions...

1) Would love to learn the basic file structure on how to create an admin section to a website. I have quite a few cases where the developer creates separate admin folder with an entirely separate server for the admin (that has the application server included as 'required'). All in all, how would I make this file structure run? Having 2 servers for the same site seems rather confusing to me.

2) When using Keystone.js or Enduro.js, upon first running, they prompt for an initial admin to register and then from the dashboard, is where you can invite additional users. All in all, how might one go about creating a prompt for an initial admin, then disable that registration page for the future (preventing others from randomly registering for an admin account). An idea I just had was creating an if statement checking the 'admin' collection length and then redirecting if the length is greater than 0. Is this maybe along the right track?

3) When inviting new users, how would you keep that process safe? Another idea just to run by the community and would love to hear if I am on the right track... Possibly generate a random string token associated with the invited user that will expire after set amount of time and then, with that token, send the invited user an email with a link to a password creation website, with the token as a query parameter to ensure it is the user? Wow... that was the longest sentence but hopefully it made sense.

Once I figure these major three out, then I can probably get a major start on this CMS idea / design. I appreciate any insights one can give me on this as, to be honest, the tutorials / insights on a topic like this are far and few between.