@200systems/mf-express-adapter
Advanced tools
Express.js integration adapter with middleware, controllers, and error handling
Express.js integration adapter para o microframework TypeScript com middleware estruturado, controllers base e tratamento de erros.
npm install @200systems/mf-express-adapter
npm install express cors helmet compression express-rate-limit jsonwebtoken
npm install --save-dev @types/express @types/cors @types/compression @types/jsonwebtoken
// src/server.ts
import { ExpressApp } from '@200systems/mf-express-adapter';
import { createLogger } from '@200systems/mf-logger';
const app = new ExpressApp({
port: 3000,
host: '0.0.0.0',
cors: {
origin: process.env.CORS_ORIGIN || 'http://localhost:5173',
credentials: true
},
trustProxy: true,
security: {
helmet: true,
rateLimit: {
windowMs: 15 * 60 * 1000,
max: 100
}
}
});
app.start().then(() => {
console.log('Server started successfully');
});
// src/middleware/auth.ts
import { JwtMiddleware } from '@200systems/mf-express-adapter';
import { createLogger } from '@200systems/mf-logger';
const logger = createLogger({ context: 'auth' });
export const jwtAuth = new JwtMiddleware({
secret: process.env.JWT_SECRET || 'your-secret-key',
algorithms: ['HS256'],
skipPaths: ['/auth/login', '/auth/register', '/health'],
headerName: 'authorization',
cookieName: 'token'
}, logger);
// Usage in routes
import { Router } from 'express';
const router = Router();
// Protected route
router.get('/profile', jwtAuth.authenticate, userController.getProfile);
// Optional auth (user context if token present)
router.get('/public', jwtAuth.optional, contentController.getPublicContent);
// Role-based access
router.delete('/admin/users/:id',
jwtAuth.authenticate,
jwtAuth.requireRole(['admin', 'super-admin']),
adminController.deleteUser
);
// src/controllers/UserController.ts
import { Request, Response, NextFunction } from 'express';
import { BaseController, AuthenticatedRequest } from '@200systems/mf-express-adapter';
import { Logger } from '@200systems/mf-logger';
import { ServiceResult } from '@200systems/mf-service-base';
export class UserController extends BaseController {
constructor(logger: Logger, private userService: UserService) {
super(logger);
}
getProfile = this.asyncHandler(async (req: AuthenticatedRequest, res: Response): Promise<ServiceResult<User>> => {
const userId = req.user!.userId; // Safe because of JWT middleware
const user = await this.userService.getUserById(userId);
return ServiceResult.success(user);
});
login = this.asyncHandler(async (req: Request, res: Response): Promise<ServiceResult<LoginResponse>> => {
const { email, password } = req.body;
const user = await this.userService.authenticateUser(email, password);
const token = JwtMiddleware.generateToken(
{ userId: user.id, email: user.email, roles: user.roles },
process.env.JWT_SECRET!,
'24h'
);
return ServiceResult.success({ user, token });
});
}
// src/controllers/AuthController.ts
export class AuthController extends BaseController {
login = this.asyncHandler(async (req: Request, res: Response): Promise<void> => {
const { email, password } = req.body;
const user = await this.authService.login(email, password);
const token = JwtMiddleware.generateToken(
{
userId: user.id,
email: user.email,
roles: user.roles || []
},
process.env.JWT_SECRET!,
'24h'
);
// Set as cookie (optional)
res.cookie('token', token, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
maxAge: 24 * 60 * 60 * 1000 // 24 hours
});
res.json({
success: true,
data: { user, token },
meta: { timestamp: new Date().toISOString() }
});
});
logout = this.asyncHandler(async (req: Request, res: Response): Promise<void> => {
res.clearCookie('token');
res.json({
success: true,
message: 'Logged out successfully',
meta: { timestamp: new Date().toISOString() }
});
});
}
interface JwtMiddlewareConfig {
secret?: string;
algorithms?: string[];
skipPaths?: string[];
cookieName?: string;
headerName?: string;
onTokenExpired?: (req: Request, res: Response) => void;
onTokenInvalid?: (req: Request, res: Response) => void;
}
class JwtMiddleware {
constructor(config: JwtMiddlewareConfig, logger: Logger);
// Required authentication
authenticate: RequestHandler;
// Optional authentication
optional: RequestHandler;
// Role-based access control
requireRole(roles: string | string[]): RequestHandler;
// Static helpers
static generateToken(payload: JwtPayload, secret: string, expiresIn?: string): string;
static decodeToken(token: string): JwtPayload | null;
}
interface JwtPayload {
userId: number;
email: string;
roles?: string[];
[key: string]: unknown;
}
// 1. Basic protected route
router.get('/protected', jwtAuth.authenticate, controller.method);
// 2. Optional authentication
router.get('/mixed', jwtAuth.optional, (req: AuthenticatedRequest, res) => {
if (req.user) {
// User is authenticated
} else {
// Anonymous access
}
});
// 3. Role-based access
router.post('/admin',
jwtAuth.authenticate,
jwtAuth.requireRole('admin'),
adminController.method
);
// 4. Multiple roles
router.delete('/resource/:id',
jwtAuth.authenticate,
jwtAuth.requireRole(['admin', 'moderator']),
controller.method
);
interface ExpressConfig {
port?: number;
host?: string;
cors?: {
origin?: string | string[] | boolean;
credentials?: boolean;
methods?: string[];
allowedHeaders?: string[];
};
security?: {
helmet?: boolean;
rateLimit?: {
windowMs?: number;
max?: number;
message?: string;
};
};
compression?: boolean;
bodyParser?: {
json?: { limit?: string };
urlencoded?: { limit?: string; extended?: boolean };
};
logger?: Partial<LoggerConfig>;
trustProxy?: boolean;
}
abstract class BaseController {
constructor(logger: Logger);
protected asyncHandler(handler: RouteHandler): RouteHandler;
protected getIdFromParams(req: Request, paramName?: string): string;
protected getQueryParam(req: Request, paramName: string, defaultValue?: string): string | undefined;
protected getQueryParamAsNumber(req: Request, paramName: string, defaultValue?: number): number | undefined;
protected getPaginationParams(req: Request): { page: number; limit: number; offset: number };
}
// Success responses
ResponseHelper.success(res, data, 'Operation successful');
ResponseHelper.created(res, newUser, 'User created');
ResponseHelper.noContent(res);
// Error responses
ResponseHelper.error(res, 'Something went wrong', 400);
ResponseHelper.notFound(res, 'User not found');
ResponseHelper.unauthorized(res, 'Invalid credentials');
ResponseHelper.forbidden(res, 'Access denied');
// Authentication responses
ResponseHelper.unauthorized(res); // 401
ResponseHelper.forbidden(res); // 403
JWT middleware returns standardized error responses:
// No token provided
{
"success": false,
"error": {
"message": "No token provided",
"code": "NO_TOKEN"
},
"meta": {
"timestamp": "2024-01-15T10:30:00.000Z",
"requestId": "abc123"
}
}
// Token expired
{
"success": false,
"error": {
"message": "Token has expired",
"code": "TOKEN_EXPIRED"
}
}
// Invalid token
{
"success": false,
"error": {
"message": "Invalid token",
"code": "TOKEN_INVALID"
}
}
// Insufficient permissions
{
"success": false,
"error": {
"message": "Insufficient permissions",
"code": "INSUFFICIENT_PERMISSIONS",
"details": {
"requiredRoles": ["admin"],
"userRoles": ["user"]
}
}
}
A classe ExpressApp configura automaticamente:
// src/server.ts
import { ExpressApp, JwtMiddleware } from '@200systems/mf-express-adapter';
import { createLogger } from '@200systems/mf-logger';
import { UserController } from './controllers/UserController';
import { AuthController } from './controllers/AuthController';
const logger = createLogger({ context: 'api-server' });
// JWT Setup
const jwtAuth = new JwtMiddleware({
secret: process.env.JWT_SECRET!,
skipPaths: ['/auth/login', '/auth/register', '/health'],
algorithms: ['HS256']
}, logger);
// Express App
const app = new ExpressApp({
port: 3000,
cors: { origin: true, credentials: true },
trustProxy: true
});
// Auth routes (no JWT required)
app.addRoutes([
{ method: 'post', path: '/auth/login', handler: authController.login },
{ method: 'post', path: '/auth/register', handler: authController.register },
{ method: 'post', path: '/auth/logout', handler: authController.logout }
]);
// Protected routes
app.addRoutes([
{
method: 'get',
path: '/api/profile',
handler: userController.getProfile,
middleware: [jwtAuth.authenticate]
},
{
method: 'get',
path: '/api/admin/users',
handler: userController.getAllUsers,
middleware: [jwtAuth.authenticate, jwtAuth.requireRole('admin')]
}
]);
app.start();
Este adapter funciona perfeitamente com:
@200systems/mf-logger - Sistema de logging (obrigatório)@200systems/mf-service-base - Base classes para services (obrigatório)@200systems/mf-db-core - Abstração de banco de dados@200systems/mf-logger - Logging functionality@200systems/mf-service-base - Service base classes@200systems/mf-db-core - Database core abstractionsexpress - Express.js frameworkcors - CORS middlewarehelmet - Security middlewarecompression - Response compressionexpress-rate-limit - Rate limitingjsonwebtoken - JWT token handlingMIT
FAQs
Express.js integration adapter with middleware, controllers, and error handling
The npm package @200systems/mf-express-adapter receives a total of 19 weekly downloads. As such, @200systems/mf-express-adapter popularity was classified as not popular.
We found that @200systems/mf-express-adapter demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
Research
/Security News
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers