npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@rjmunhoz/expresso

v0.11.3

Published

Very opinated express bootstrap as a module

Downloads

8

Readme

Expresso

Simple yet useful opinated express boilerplate as a module

Codacy Badge node npm npm NpmLicense Maintenance js-standard-style Telegram

Summary

What is Expresso

Expresso is a Express wrapper. It contains several pre-built configurations which allows the developer to stop thinking about starter boilerplates and start thinking about routes and logic.

Why expresso

See this?

With Expresso, that, becomes this:

Interested? See below.

What does Expresso include

Getting Started

Expresso exposes a function, this functions receives another function with two arguments, the first argument is an Express app and the second is a configuration object. Then it returns a factory function which will receive an options object and a string containing your current environment name (e.g: production):

const expresso = require('@rjmunhoz/expresso')

const apiFactory = expresso((app, config) => {
  app.post('/your-path/:with-params', middleware, middleware, middleware)
})

apiFactory(options, environment)
  .then(app => app.listen(8080))

The config object

This object is an object containing all user configurations you might wanna set. It can be anything, and it'll be passed to your app inside the function.

const expresso = require('@rjmunhoz/expresso')

const apiFactory = expresso((app, config) => {
  const myUsefulConfig = config.myProp.myValue

  app.post('/your-path/:with-params', middleware, middleware, middleware(myUsefulConfig))
})

apiFactory(options, environment)
  .then(app => app.listen(8080))

Option object

The option object is a simple object containing the application configuration that is gonna be passed to the whole express application:

  • name: Is the name of your application. It'll be used as the default name for logging
    • Type: string
    • Default: process.env.APP_NAME || process.env.npm_package_name || app
  • version: The version of your app
    • Type: string
    • Default: process.env.GIT_RELEASE
  • server (Required if you are using the built-in server): Webserver configuration options
    • Type: Object
    • Properties:
      • binding.ip: IP on which the server will be bound to
        • Type: string
        • Default: process.env.SERVER_BINDING_IP || 0.0.0.0
      • binding.port: Port to bind the server to
        • Type: number
        • Default: process.env.SERVER_BINDING_PORT || 3000
  • deeptrace: Deeptrace configuration object
    • Type: object
    • Properties:
      • dsn (Required if using Deeptrace): Deeptrace API URL
        • Type: string
        • Default: undefined, it'll error if you try to use Deeptrace without setting it
      • timeout: Timeout before Deeptrace gives up on registering the sent request
        • Type: number
        • Default: process.env.DEEPTRACE_TIMEOUT || 3000
      • tags: Tags that will be applied to each registered request
        • Type: Object
        • Default:
          • environment: Environment string passed as mentioned above
          • service: process.env.DEEPTRACE_TAGS_SERVICE || name property on this same object
          • commit: process.env.DEEPTRACE_TAGS_COMMIT || process.env.GIT_COMMIT
          • release: process.env.DEEPTRACE_TAGS_RELEASE || process.env.GIT_RELEASE
  • morgan: Morgan configuration object
    • Type: Object
    • Default:
      • format: ':method :url :status :: :response-time ms :: :res[deeptrace-id]'
  • cors: CORS configuration object
    • Type: Object
    • Default:
      • origin: *
      • methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE']
      • preflightContinue: false
      • optionsSuccessStatus: 204

Any other keys will be ignored by expresso, but they'll be passed to your application anyway; all configs can be overriden by passing an object with the same keys but different values.

Tools

Expresso comes with a set of optional tools which aims to help the developer in the coding process.

Auth

The authentication tool provides full JWT authentication with RSA public key criptography.

Usage

const expresso = require('@rjmunhoz/expresso')
const { auth } = require('@rjmunhoz/expresso')

const apiFactory = expresso((app, config) => {
  const {jwt} = auth.factory(config.auth)
  app.post('/your-path/:with-params', jwt, middleware, middleware)
})

apiFactory(options, environment)
  .then(app => app.listen(8080))

Auth Options

The auth options is an object with the following structure:

  • jwks (Required): JWKS options
    • Type: Object
    • Properties:
      • uri (Required): JWKS URI to fetch a public key
        • Type: string
      • cache: Should JWKS use cache first to retrieve the public key
        • Type: Boolean
        • Default: true
      • rateLimit: Should JWKS limit the amount of calls to retrieve the public key
        • Type: Boolean
        • Default: true
      • requestsPerMinute: Amount of requests per minute to retrieve the JWKS key
        • Type: number
        • Default: 6
  • jwt (Required):
    • Type: Object
    • Properties:
      • audience (Required): The JWT audience to be used
        • Type: string
      • issuer (Required): The JWT issuer to be used
        • Type: string

Example:

const authOptions = {
  jwks: {
    uri: 'http://api.authenticator.127.0.0.1.nip.io/.well-known/jwks.json'
  },
  jwt: {
    audience: 'urn:app:yourapp',
    issuer: 'urn:authority:authenticator:env:development'
  }
}

Scopes

Scopes is a built-in tool that allows you to set user-level permissions based on multi-level scope strings, for example, let's say you have a scope called yourapp.batch.upload and another yourapp.batch.read, if your user has a scope called yourapp.batch.* and your application asks for a scope yourapp.batch.upload then the user will be allowed to perform the action, since he has all batch scopes.

However, on the other hand, if your user has the yourapp.batch.read and your application requests yourapp.batch.* will not be allowed to perform the action because your user only has one scope, and there's no way to know if yourapp.batch.read is all the batch scopes there are.

If the user is not allowed, an 401 status code will be returned.

Important Notice scopes must always be used along (and after) the jwt middleware

Usage

Single scope:

const expresso = require('@rjmunhoz/expresso')
const { auth } = require('@rjmunhoz/expresso')

const apiFactory = expresso((app, config) => {
  const {jwt, scopes} = auth.factory(config.auth)
  app.post('/your-path/:with-params', jwt, scopes('yourapp.batch.read'), middleware)
})

apiFactory(options, environment)
  .then(app => app.listen(8080))

Multi Scopes

You can request multiple scopes to be present in the same route. They will always be matched using an AND operator.

You can pass a series of space-delimited strings:

const expresso = require('@rjmunhoz/expresso')
const { auth } = require('@rjmunhoz/expresso')

const apiFactory = expresso((app, config) => {
  const {jwt, scopes} = auth.factory(config.auth)
  app.post('/your-path/:with-params', jwt, scopes('yourapp.batch.read yourapp.batch.write'), middleware)
})

apiFactory(options, environment)
  .then(app => app.listen(8080))

Or you can pass an array:

const expresso = require('@rjmunhoz/expresso')
const { auth } = require('@rjmunhoz/expresso')

const apiFactory = expresso((app, config) => {
  const {jwt, scopes} = auth.factory(config.auth)
  app.post('/your-path/:with-params', jwt, scopes(['yourapp.batch.read', 'yourapp.batch.write']), middleware)
})

apiFactory(options, environment)
  .then(app => app.listen(8080))

In both cases the user needs to have both the yourapp.batch.read AND yourapp.batch.write scopes in order for the permittion to work.

Built-in server

Expresso comes with a built-in webserver containing some preconfigured options that can be overridden following the configuration options.

Usage

const expresso = require('@rjmunhoz/expresso')
const { auth, server } = require('@rjmunhoz/expresso')

const apiFactory = expresso((app, config) => {
  const {jwt, scopes} = auth.factory(config.auth)
  app.post('/your-path/:with-params', jwt, scopes(['yourapp.batch.read', 'yourapp.batch.write']), middleware)
})

server.start(appFactory, options)