Security News
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
Express.js application bootstrapper. Simplicity, brevity, flexibility.
npm i bex --save
var config = require('./config').web;
var ong = require('ong').init();
require('bex').createApp({
basedir: __dirname,
bodyParser: { limit: '1mb' },
viewEngine: require('express-dot').__express,
hooks: { after: initialize }
}).listen(config.port);
function initialize (app) {
ong.register('db', require('knex')(config.db));
ong.register(this.requireAll(__dirname + '/modules'));
}
module.exports = {
create: _.flow($.sanitize, $.validate, $.authorize, function (params) {
return $.db('items').insert(params).then(this.json);
}),
'&/:id/render': function (params) {
return Promise
.props({ item: $.db('items').where('id', params.id).first() })
.then(_.partial(this.view, 'items/index'));
},
'PUT items/:id/star': _.flow($.authorize, function (params) {
return $.db('items').where('id', params.id).update('is_starred', 1).then(this.json);
})
};
As you probably noted, there are 2 ways of specifying the route-handler pair:
list
(GET resource
), view
(GET resource/:id
), create
(POST resource
), update
(PUT resource/:id
) and remove
(DELETE resource/:id
)GET resource/:from/:to
) or exact route with resource name placeholder (GET &/:id
) where kebab-cased controller's name will be substitutedIn case of explicit route, you can omit GET
verb, it is being used by default (&/:id
is the same as GET &/:id
or get &/:id
).
express.js
appbefore
), if it is passed via hooks
param'trust proxy'
to true
(very often node.js
app is hosted behind nginx
)views: false
body-parser
(almost every express.js
-based project needs this)controllers
param is passedafter
), if it is passed via hooks
paramreturn this.json({ my: 'data' });
view(name, data)
(ends with rendering of name
view with data
), redirect(url)
and json(data)
this
inside route handler: bex.registerResult('myresult', function (anyarg) { return { type: 'myresult', arg: anyarg }; });
- minimal requirement for result constructor is to return result object with mandatory type
propertytype
is obtained from any of your route handlers: bex.registerHandler('myresult', function (req, res, result) { res.send(result.anyarg); });
There are 2 special results
exception
- generated when exception occurs inside route handler (default handler will cause empty response with 500
code)undefined
- generated when no view result is returned from route handler (its default handler will cause empty response with 404
status)You can override how bex
reacts to these 2 special results (as well as other "ordinary" results) via overwriting their handlers: bex.registerHandler('exception', function (req, res, exception) { logstash.send(req.url, exception); }, true);
.
before
(called just after express.js
app is created, but nothing was performed with it) and after
(called after everything is done and bex
is ready to return bootstrapped app)this
populated with utility methods: requireAll
, registerResult
, registerHandler
, createRouter
Requires all modules which exist inside specified folder (see require-all docs for details).
Registers view result(s).
Registers view result handler(s).
Loads everything from specified path
and maps converts to route-handler pairs, applying them to express.Router
. Returns express.Router
instance ready to be used by express.js
app. Also accepts object as argument, each property-value of which will be treated as controllerName
-controllerInstance
pairs.
MIT
FAQs
Express.js application bootstrapper. Simplicity, brevity, flexibility.
We found that bex demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.