@emartech/boar-koa-server

3.0.0 • Public • Published

Boar Koa Server

Example usage for app

put these lines in your server.js

  const Koa = require('koa');
  const path = require('path');
  const koaApp = module.exports = new Koa();
  const config = require('./config');
  const App = require('@emartech/boar-koa-server').app;

  const app = new App(koaApp);
  app.loadControllers(path.join(config.root, 'controllers'));

  if (!module.parent) { app.listen(config.port); }

Add middleware for your app

  const cors = require('koa-cors');
  const app = new App(koaApp);
  app.addMiddleware(cors());

Build-in Middlewares

Cors Support (@koa/cors)

  app.addCorsSupportMiddleware();

Allowed settings :

  app.addCorsSupportMiddleware({
    allowOrigin: '*', // `Access-Control-Allow-Origin`, * or a regex to filter allowed origins (for instance /emarsys.(com|net)$/)
    allowMethods: 'GET,HEAD,PUT,POST,DELETE,PATCH', // `Access-Control-Allow-Methods`
  });

⚠️ WARNING ⚠️ : Not specifying an allowed origin made the middleware always return an Access-Control-Allow-Origin header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware.

Since version 2.0.0, the package is based @koa/cors@5.0.0 which disables this behavior. It is highly recommended to specify a list of allowed origins.

Method Override (koa-methodoverwrite)

  app.addMethodOverrideMiddleware();

Body Parse (koa-bodyparser)

Param Type Description
options Object More info.
  app.addBodyParseMiddleware(options);

Request Id (koa-requestid)

Param Type Description
options Object optional
↳header String The name of the header to read the id on the request, false to disable.
↳query String The name of the header to read the id on the query string, false to disable.
↳expose String The name of the header to expose the id on the response, false to disable.
  app.addRequestIdmiddleware(options);

Enforce SSL (koa-ssl)

Param Type Description
options Object More info.
  app.addEnforceSSLMiddleware();

If your application is running behind reverse proxy (like Heroku) you should set the trustProxy configuration option to true in order to process the x-forwarded-proto header.

  const app = new App(koaApp);
  app.addEnforceSSLMiddleware({ trustProxy: true });

Note: if you use this middleware EnforceSSL middleware should be the first you add.

Security

Provides middlewares for setting up various security related HTTP headers.

Param Type Description
options Object
↳csp Object More info. Learn more: CSP quick reference
↳hsts Object More info. Learn more: OWASP HSTS page
↳useXssFilter Boolean If true, x-xss-protection middleware will be included. Default: true
↳useNoSniff Boolean If true, dont-sniff-mimetype middleware will be included. Default: true
↳referrerPolicy Boolean,Object If{ policy: 'same-origin'}, referrer-policy middleware will be included. Default false
  app.addSecurityMiddlewares(options);

Default configuration

  {
    csp: {
      directives: {
        defaultSrc: ["'self'"],
        scriptSrc: ["'self'"],
        styleSrc: ["'self'"],
        imgSrc: ["'self'"],
        frameAncestors: ["'self'"],
        reportUri: 'about:blank'
      },
      reportOnly: true
    },
    hsts: {
      maxAge: 30,
      includeSubDomains: true,
      preload: false
    },
    useXssFilter: true,
    useNoSniff: true,
    referrerPolicy: false
  }

Libraries

ControllerFactory

  var ControllerFactory = require('@emartech/boar-koa-server').lib.controllerFactory;

  module.exports = ControllerFactory.create(function(router) {
    router.get('/', ControllerFactory.load('main/actions/get'));
    router.get('/healthcheck', ControllerFactory.load('main/actions/healthcheck/get'));
    router.get('/list', ControllerFactory.loadByAcceptType('main/actions/list/get'));
  });

Dependents (0)

Package Sidebar

Install

npm i @emartech/boar-koa-server

Weekly Downloads

80

Version

3.0.0

License

MIT

Unpacked Size

22.9 kB

Total Files

9

Last publish

Collaborators

  • rmafteiuscai
  • lhammerl
  • bencso
  • mfel0123
  • franziskajung
  • d056437
  • ekkovats
  • laralangnau
  • emarsys-stephen-ives
  • tothbence8
  • earlpitts
  • iabraham
  • zholler
  • balintkemenyemarsys
  • ccarrollem
  • dunaicapa
  • bobby_russel
  • sovagos
  • cyholden
  • tothmarci25
  • mariannag
  • estefanlesnjakovic
  • mrmeszaros
  • bence.toth
  • jason-nelson-01
  • drahos.istvan
  • pecc
  • birokhun
  • laszlo.ori
  • dpkemarsys
  • nathan-matthews-sap
  • troywiegand
  • nikolett.tar
  • bronika
  • cenglersap
  • mlesh-sap
  • gillyes
  • danielisap
  • sridevir
  • abieler-sap
  • aidanlesh-sap
  • tonyhsap
  • karlabrandl
  • konradschewe
  • manasbommakanti
  • dudaaslaci
  • thomaskmartin
  • emarsys-security
  • norbert-levajsics-emarsys
  • ronnykrosse
  • vszegedi
  • sap-am
  • nnieman-sap
  • ariceem
  • dwolter_emarsys
  • rcsullag
  • ttoth2
  • tbucsanszki
  • dszunomar
  • dschuppa
  • andras.sarro
  • ndomke
  • sevket-ataseven
  • plsap
  • mattfeldhake_emarsys
  • atittel
  • andrasp3a
  • mruell
  • adroszler
  • erikpetroemar
  • rimo86
  • tillmannr
  • markjarvis
  • geczirobert
  • tsiraitnpm
  • bankyadam
  • bborsi
  • zbalazs
  • ziyadg
  • pintera
  • apoon
  • ianhelmrich
  • varszegik
  • rkumari03
  • cseby92
  • bozsadam
  • jfillmore
  • viktor.szell
  • bencekadaremar
  • roxanams
  • dkocsis-emarsys
  • demajo_ems
  • marko.fritzsche
  • agrucza
  • dmorvai
  • nish343
  • kolosh
  • azorahai3904
  • skrivoo
  • mark.adorjan
  • burci
  • dimitrovn
  • ivanfroehlich
  • iulianmihai
  • xueboliang
  • greszter
  • bercziand
  • criley
  • drewhodsonsap
  • jviesersap
  • sixstep
  • sap-jjf
  • sapfs
  • attilamuller01
  • scotthetrick
  • oliverweisenburger
  • maurogreco
  • nicolaeciumac
  • asciortino1
  • pendicg24
  • marton.matusek
  • adamszabolcs
  • btalos
  • bence.uto
  • daniels1404
  • saphendricksjoerg
  • mmartin2
  • fenyopeti
  • mmothersill
  • brandon-sap
  • pjohnson02
  • mhunyady
  • faridtoubal
  • mengjiao.zhao
  • ushnpm
  • dkorpos
  • xin.he
  • viau
  • zsomborh
  • muddam
  • nvkaur2
  • jbleclerc
  • jamescocker
  • arnaud.buchholz
  • jerryrichardson
  • retfalvibence
  • akapa
  • mkls
  • probalazs
  • kaaj
  • knagy
  • rehreth
  • mhegedus
  • mmartin
  • bsoos
  • emarsys-deployer
  • draven
  • judge
  • daniel.banky
  • szeist
  • rgargya
  • marton.papp.emarsys
  • dgyenes
  • s.viktor
  • m4w4q7
  • david.barkoczi
  • qw3r
  • tamas.toth
  • gergaczd
  • gerike
  • alkra
  • epgrubmair
  • morban
  • ettancos
  • epmartini
  • gabor.balla.emarsys
  • mzsombor
  • ejpersson
  • ejwalker
  • llosonczy
  • iben12
  • kartonfarkas
  • adamoa
  • mbarna
  • peva
  • bforgacs
  • kozma
  • ngabor84
  • zerosuxx
  • edosrecki
  • eadaniel
  • selator
  • kkimak
  • gaborb
  • glendvai
  • lveraszto
  • rdoczi
  • fentosi
  • boristomic
  • mbazso
  • dmihalek
  • lhalasz
  • evspasevski
  • dsztanko
  • tbugar
  • fqqdk
  • eggarcia
  • menyhertfatyol
  • zoltanrideg-emarsys
  • sarakoll
  • mmolnar-emar
  • attila.gal
  • benjamingehl
  • tdorkaa
  • lkonya
  • gpap_ema
  • vimtaai
  • lloki-emarsys
  • borzi
  • pmaksa_emarsys
  • dfarago