express-server-app
A minimal opinionated set of tools to create Web and REST servers. On top of 🚀Express, it provides: 🛠 CLI, 📖 logging, ✅ JSON Schema validation, ️⚠️ HTTP errors management, 🎚 project configuration, ⛑ HTTP security ...
Philosophy
It does not aim to cover every needs of a Web or REST API server. It only aims to provide a stable base of development.
We do not want to recreate everything ! But to provide a set of existing libraries which are already used by many.
It mainly uses the following modules:
Features
🎚 Config
Reads server configuration from .env and config/config-<NODE_ENV>.js files.
📖 Logging
Creates a default logger using pinojs and add it to express server.
⛑ Basic security
The server adds by default the cors and helmet middlewares, and forces HTTPS protocol in production environment.
✅ JSON Schema request validation
Requests params can be validated using Ajv and JSON Schema.
🛠 Async middlewares helpers
Allows to write middlewares using async/await and promises.
⚠️ Error formatting for REST APIs
Errors are formatted using Boom and sent back as JSON with correct errors codes.
🛠 CLI tools to run and debug the app
The following commands are available:
debug: run your server with node inspect to allow debuggingdist: run your server for production (NODE_ENV=production is not added automatically)start: run your server for development without debuggertest: test your server
Getting started
Installation
Using npm
npm install express-server-appUsing yarn
yarn add express-server-appUsage
See the example in the repo.
The entry point of your server must be the file server.js
Create a simple server
// server.jsconst application = ; // Initializes express application and add minimum middlewares (security, request parsing, logging)// Application should be unique.// If you need to create sub apps or routers, use express as usual !// See .application() documentation in the following for an example.const app = ; // Add your own routes using express apiapp; // Start the server on the default port (3000)appstart;Create a REST API
const application = ; const app = ; // .. Write your own routes and middlewares ... app // Add the route /healthy for health control of the server // Add middlewares for REST API start;Logging
// Require the default loggerconst log = ; // Log on info level (see pino api for details)// Note that log() is a function!;Config
# .env PORT=9000// config/config-development.jsmoduleexports = serverPort: processenvPORT;// server.jsconst application config = ;// ...appstartconfigserverPort;Request validation
const application validator = ; const app = ; app; app start;REST API errors
const application = ;const Boom = ; // Require Boom ! const app = ; app; app start;Express async handlers
const application wrapAsync = ; const Person = ; const app = ; app; app start;Launch the server
In development:
express-server-app startIn production:
NODE_ENV=production express-server-app distCLI
debug
Run the server using nodemon with the --inspect-brk flag to allow livereload and debuggers. It also pipes output to pino-pretty to render JSON logs more friendly.
Example (using npx):
npx express-server-app debugYou may also add scripts to your package.json:
Example:
..."scripts": ...dist
Run the server using node only. It does not set the env variables NODE_ENV to production so you may have to!
Example: (using package.json scripts)
NODE_ENV=production npm run diststart
Run the server using nodemon and pino-pretty.
Example: (using package.json scripts)
npm starttest
Test the server using jest.
Example: (using package.json scripts)
npm testAPI
express-server-app
An object containing the following tools:
application // create server config // get config log // global logger middlewares // defaults middlewares validator // JSON Schema request validator wrapAsync // helper for request async handlers = ;.application
.application()
It returns ApplicationInstance, an express application augmented with the following methods:
- start
- trustProxy
- useApiFinalMiddlewares
- useHealthyRoute
- useInitialMiddlewares
- useRootRoute
Example:
const application = ;const app = ;Usage of routers
ApplicationInstance should be unique.
If you want sub express applications or routers use express api directly
(as you would do without express-server-app).
Example:
// route.jsconst express = ; const router = express; // An express Router// ... add your routes using router.get() etc... moduleexports = router;// app.jsconst application = ; const router = ; const app = ; // Use your router as usualapp; appstart;.application.start(app, [port])
Start the application passed as parameter optionnaly on port [port]. Default port is 3000
.application.trustProxy(app, [value])
Call express.set('trust proxy') to allow proxy "forward" headers.
See express documentation for details.
Default trusted proxy ip is 127.0.0.1
ApplicationInstance.start([port])
Start the server optionnaly on port passed as parameter.
Example:
const application = ;const app = ;appstart80;ApplicationInstance.trustProxy(value)
Trusts proxy passed as parameter. See express documentation for details.
Example:
const application = ;const app = ;app;ApplicationInstance.useApiFinalMiddlewares([options])
Add middlewares for REST API application.
Those "final" middlewares must be at the end of the chain.
Call this method just before start().
See .middlewares.getApiFinalMiddlewares([options]) for details.
Example:
const application = ;const app = ;// ... add your routesappstart;ApplicationInstance.useHealthyRoute()
Add the route /healthy.
See .middlewares.healthy for details.
Example:
const application = ;const app = ;// ... add your routesapp // last middlewares ! start;ApplicationInstance.useInitialMiddlewares([options])
Add default middlewares any server.
Those middlewares must be at the beginning of the chain.
Call this method just after create the application.
See .middlewares.useInitialMiddlewares([options]) for details.
Example:
const application = ;const app = ; // first middlewares !// ... add your routesapp // last middlewares ! start;ApplicationInstance.useRootRoute()
Set a default index route /.
See .middlewares.root for details.
Example:
const application = ;const app = ;// ... add your routesapp start;.config
An object containing the config object defined in file config/config-<NODE_ENV>.js.
When you require express-server-app, it reads the environment variables defined in .env files using dotenv.
Then you can use this variables using the process.env object.
The JavaScript config files directory can be changed using the environment variable CONFIG_DIR.
The .env config management has been copied from create-react-app. See its documentation for details.
Example:
# .env CONFIG_DIR=confLOG_LEVEL=30SECRET_ACCESS_KEY=abcdef1234// conf/config-production.jsmoduleexports = tiersApi: accessKey: processenvaccessKey ;// server.jsconst config log = ;level = processenvLOG_LEVEL;tiers;If needed you can override the .env file path using the environment variable DOTENV_PATH.
Example:
DOTENV_PATH=.secondary.env npm startThis will load the environment variables defined in the files .secondary.env.development and .secondary.env.development.local.
.log
.log()
Returns the global logger. By default it returns a Pino instance.
Example:
const log = ;const logger = ;logger;Logging of sensitive informations
Default logger removes Authorization header from logs. Its value is replaced by "***"
.log.setLogger(lg)
Override the global logger with the logger passed as parameter.
Returns the new logger.
Example:
const log = ;const logger = log;.middlewares
.middlewares.enableCors()
A middleware to enable the CORS.
By default, the environment variable CORS_ORIGIN_WHITELIST is used to set the allowed origins.
If CORS_ORIGIN_WHITELIST is not defined all origins are allowed.
# .env # one or multiple domains comma separated CORS_ORIGIN_WHITELIST=https://www.example1.comCORS_ORIGIN_WHITELIST=https://foo.com,https://bar.comCORS_ORIGIN_WHITELIST=https://www.example1.com,/\\.example2\\.com$/,https://www.53js.fr# RegExp : you have to double the slash (\ => \\) CORS_ORIGIN_WHITELIST=/localhost/CORS_ORIGIN_WHITELIST=/\\.example2\\.com$/# Boolean CORS_ORIGIN_WHITELIST=true# special values CORS_ORIGIN_WHITELIST=*For more options you can use directly your own cors middleware:
const cors = ;const middlewares = ;const initialMiddlewares = ; //....middlewares.forceHttps([port])
A middleware to force https permanent redirection in production environment only.
Pass parameter port to change default 443 port for the redirection.
.middlewares.handle404
A REST middleware that throws Boom.notFound() if route is not found.
.middlewares.handleErrors
A REST middleware that respond with errors as JSON with correct status codes and headers using Boom.
.middlewares.handleValidationErrors
A REST middleware that handles JSON Schema validation errors and throw a Boom error.
.middlewares.healthy
A route that sends a minimal json (boolean true) used to monitor the server health.
.middlewares.root
A default index route that sends a short text.
.middlewares.getInitialMiddlewares(options)
Returns an array of middlewares that should be added at the beginning of the express middleware chain.
Middlewares (order is important):
- helmet
- forceHttps
- cors
- logger
- express.json
- express.urlencoded
It is possible to override default middlewares using the options parameter :
options
An object containing middlewares :
cors // default: .middlewares.enableCors() forceHttps // default: .middlewares.forceHttps() helmet // default: helmet() json // default: express.json() logger // default: pinoMiddleware({ logger: log() }) urlencoded // default: express.urlencoded({ extended: true })Set a middleware to false to disable it.
Example:
const middlewares = ;const initialMiddlewares = ;.middlewares.getApiFinalMiddlewares(options)
Returns an array of middlewares that should be added at the end of the express middleware chain.
Middlewares (order is important):
- notFound
- validationErrors
- errors
options
An object containing middlewares :
errors // default: .middlewares.handleErrors notFound // default: .middlewares.handle404 validationErrors // default: .middlewares.handleValidationErrorsSet a middleware to false to disable it.
Example:
const middlewares = ;const finalMiddlewares = .validator
.validator()
Returns the global JSON Schema validator.
See express-json-validator-middleware, ajv, JSON Schema for details.
Example:
const validator = ;app;.validator.setValidator(vtor)
Override the global validator with the validator passed as parameter.
Returns the new validator.
Example:
const validator = ;validator;.wrapAsync
.wrapAsync(fn)
Wraps the fn request handler to allow async/await and Promise handlers.
Returns the wrapped middleware.
Example:
const wrapAsync = ;// ...app;