
Security News
TypeScript is Porting Its Compiler to Go for 10x Faster Builds
TypeScript is porting its compiler to Go, delivering 10x faster builds, lower memory usage, and improved editor performance for a smoother developer experience.
bedrock-express
Advanced tools
A bedrock module that integrates express with bedrock to provide a routing framework and other features for writing Web applications. It uses the bedrock event system to emit a number of configuration events that dependent modules may use to add features to a core express server.
npm install bedrock-express
var bedrock = require('bedrock');
bedrock.events.on('bedrock-express.configure.routes', addRoutes);
function addRoutes(app) {
app.get('/', function(req, res) {
res.send('Hello World!');
});
}
For documentation on configuration, see config.js.
bedrock-express exposes an express server over TLS, using the
bedrock-server module. It takes the approach that most applications built
on express set it up in very similar ways. Therefore, bedrock-express sets
up a default express server using very common options and middleware, but lets
other modules decide which parts to change or turn off. For simple changes,
modules can use bedrock.config.express
to configure the express server. For
more complex changes or to cancel chosen default behavior entirely, modules
can use the events that bedrock-express emits.
bedrock-express will begin setting up the express server and emitting its
events when the core bedrock.start
event is emitted. When the bedrock.ready
event is emitted, bedrock-express will attach the express server to
the bedrock-server
HTTPS server to begin accepting requests.
By default, bedrock-server
will only serve requests over HTTPS; if any
HTTP requests arrive, they will be redirected to HTTPS. If you want to
enable HTTP requests, do the following:
var brServer = require('bedrock-server');
var brExpress = require('bedrock-express');
// track when bedrock is ready to attach express
bedrock.events.on('bedrock.ready', function() {
// attach express app to regular http
brServer.servers.http.on('request', brExpress.app);
});
bedrock-express emits several events that modules may listen for. Most of
these events are emitted during the setup process of a default express server,
allowing modules to change only the behavior they are interested in
customizing. Every event emitted will pass the express server object as the
first parameter to the listener function. The most commonly used event is
bedrock-express.configure.routes
, which allows modules to attach new routes
to express to provide, for example, a REST API.
combined
server
access information to bedrock's access
logger. This event can be used to
log server access in another way and/or it can be canceled to prevent
logging to bedrock's access
logger.application/json
message bodies into JavaScript objects. It
will not parse application/x-www-form-urlencoded
as a minor attempt to
help prevent CSRF attacks on handlers that expect parsed JSON but may
receive parsed application/x-www-form-urlencoded
messages instead.
Listeners of this event can change default parsing behavior or turn it off
by canceling this event.bedrock.config.express.session.secret
configuration value. Listeners
can use this event to replace or simply cancel this behavior.bedrock.config.express.session
configuration object. Listeners can use
this event to initialize session storage or to replace or cancel the
default session handling behavior entirely.bedrock.config.express.static
array will be registered with express.
Route configurations may specify files or entire paths to serve, and
whether or not CORS should be enabled. The handlers will be added in the
reverse order of the array. This gives priority to route configurations
that were pushed onto the array last, should there be more than one handler
for a particular route. This means that when a request is received by
express that matches a particular route, the handler that will be given
the first opportunity to respond will be the last in the array that matches
the route. If that handler cannot find a file to send, then the
second-to-last handler created with a matching route will be executed, and
so forth. The approach allows projects to easily override which static
files are sent for a particular route via the configuration system.bedrock-express.configure.static
and before the default
cache handler for dynamic content is installed. By default, caching for
dynamic content is disabled by setting these headers:
bedrock-express.configure.router
to allow modules to
add routes to express. This is the most common event for modules to bind
to. A module should attach a listener to this event to expose, for example,
a REST API.bedrock-express.configure.routes
to handle any errors that
routes may have generated. Listeners can use this event to attach custom
error handlers.bedrock-express.configure.errorHandlers
to attach a
handler for any unhandled errors. By default, an unhandled error handler
is installed that changes its behavior based on whether or not
bedrock.config.express.dumpExceptions
is true
. If it is true
, then an
error and stack trace will be displayed in html or sent via JSON, depending
on the client's request. If it is not set, then an unhandled error handler
is attached that will send a 500 Internal Server Error
in text/plain
unless the error itself specifies a different message and/or status code
to send.bedrock-express.ready
to allow listeners to perform any
custom behavior prior to the express server announcing it is ready.bedrock-express.start
, indicating that all listeners
should have already completed any special custom behavior on start up.FAQs
Bedrock express module
We found that bedrock-express demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
TypeScript is porting its compiler to Go, delivering 10x faster builds, lower memory usage, and improved editor performance for a smoother developer experience.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.