@emartech/boar-koa-server
v3.0.1
Published
## Example usage for app
Downloads
420
Maintainers
Keywords
Readme
Boar Koa Server
Example usage for app
put these lines in your server.js
const Koa = require('koa');
const path = require('path');
const koaApp = module.exports = new Koa();
const config = require('./config');
const App = require('@emartech/boar-koa-server').app;
const app = new App(koaApp);
app.loadControllers(path.join(config.root, 'controllers'));
if (!module.parent) { app.listen(config.port); }
Add middleware for your app
const cors = require('koa-cors');
const app = new App(koaApp);
app.addMiddleware(cors());
Build-in Middlewares
Cors Support (@koa/cors)
app.addCorsSupportMiddleware();
Allowed settings :
app.addCorsSupportMiddleware({
allowOrigin: '*', // `Access-Control-Allow-Origin`, * or a regex to filter allowed origins (for instance /emarsys.(com|net)$/)
allowMethods: 'GET,HEAD,PUT,POST,DELETE,PATCH', // `Access-Control-Allow-Methods`
});
⚠️ WARNING ⚠️ :
Not specifying an allowed origin made the middleware always return an Access-Control-Allow-Origin
header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware.
Since version 2.0.0
, the package is based @koa/[email protected]
which
disables this behavior.
It is highly recommended to specify a list of allowed origins.
Method Override (koa-methodoverwrite)
app.addMethodOverrideMiddleware();
Body Parse (koa-bodyparser)
| Param | Type | Description |
| ----- | ----- | ----------- |
| options | Object
| More info. |
app.addBodyParseMiddleware(options);
Request Id (koa-requestid)
| Param | Type | Description |
| ----- | ----- | ----------- |
| options | Object
| optional |
| ↳header | String
| The name of the header to read the id on the request, false
to disable. |
| ↳query | String
| The name of the header to read the id on the query string, false
to disable. |
| ↳expose | String
| The name of the header to expose the id on the response, false
to disable. |
app.addRequestIdmiddleware(options);
Enforce SSL (koa-ssl)
| Param | Type | Description |
| ----- | ----- | ----------- |
| options | Object
| More info. |
app.addEnforceSSLMiddleware();
If your application is running behind reverse proxy (like Heroku) you should set the trustProxy configuration option to true in order to process the x-forwarded-proto header.
const app = new App(koaApp);
app.addEnforceSSLMiddleware({ trustProxy: true });
Note: if you use this middleware EnforceSSL middleware should be the first you add.
Security
Provides middlewares for setting up various security related HTTP headers.
| Param | Type | Description |
| ----- | ----- | ----------- |
| options | Object
| |
| ↳csp | Object
| More info. Learn more: CSP quick reference |
| ↳hsts | Object
| More info. Learn more: OWASP HSTS page |
| ↳useXssFilter | Boolean
| If true
, x-xss-protection middleware will be included. Default: true
|
| ↳useNoSniff | Boolean
| If true
, dont-sniff-mimetype middleware will be included. Default: true
|
| ↳referrerPolicy| Boolean,Object
| If{ policy: 'same-origin'}
, referrer-policy middleware will be included. Default false
|
app.addSecurityMiddlewares(options);
Default configuration
{
csp: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'"],
styleSrc: ["'self'"],
imgSrc: ["'self'"],
frameAncestors: ["'self'"],
reportUri: 'about:blank'
},
reportOnly: true
},
hsts: {
maxAge: 30,
includeSubDomains: true,
preload: false
},
useXssFilter: true,
useNoSniff: true,
referrerPolicy: false
}
Libraries
ControllerFactory
var ControllerFactory = require('@emartech/boar-koa-server').lib.controllerFactory;
module.exports = ControllerFactory.create(function(router) {
router.get('/', ControllerFactory.load('main/actions/get'));
router.get('/healthcheck', ControllerFactory.load('main/actions/healthcheck/get'));
router.get('/list', ControllerFactory.loadByAcceptType('main/actions/list/get'));
});