TypeScript icon, indicating that this package has built-in type declarations

1.3.0 • Public • Published


Let you avoid all the boilerplates to create a crud route


npm i --save another-express-crud

Example usage

import express from 'express';
import { crud } from 'another-express-crud';

const app = express();

type CrudData = {
  id?: string,
  data: any,
  user?: any,
  files?: any,
  fancyParam?: string

const getRequestData = (req) => ({
  id: || (req.body && req.body._id),
  data: req.body || {},
  user: req.user,
  files: req.files,
  fancyParam: req.fancyParam

const operations = {
  create: (params: CrudData) => ...,
  read: (params: CrudData) => ...,
  update: (params: CrudData) => ...,
  delete: (params: CrudData) => ...,

const crudRoutes = crud({
  path: '/user',
  policy: {
    update: 'owner',
    delete: 'owner'
  hooks: {
    before: {
      create: (params: CrudData) => { success: true },
    after: {
      update: (result, req) => { message: 'update done' },
app.use('/api', crudRoutes);

This resulting app is :

operation route
create POST /api/user
read GET /api/user
read by id GET /api/user/:id
update PUT /api/user/:id
update PATCH /api/user/:id
delete DELETE /api/user/:id


A string to provide a path prefix to the route. Default is '/'.

Request data

The parameter getRequestData is a function to get data provided by the express request that will be passed to most hooks and policy checks. It should be of the form :

type CrudOptions = {
  id: string,
  data: any,
  user: any,
  files: any

const getRequestData: (req: Request) => CrudOptions

Notes: No middleware is integrated to parse the body of the requests. You could use for example

import formData from 'express-form-data';
import bodyParser from 'body-parser';
import express from 'express';

const app = express();

// multi-part form data
app.use(formData.parse({ autoFiles: true }));

// json body
app.use(bodyParser.urlencoded({ extended: true }));


You should provide an object with at least theese 4 functions:

  • create
  • read
  • update
  • delete

All 4 functions should implement the interface : (CrudOptions) => Promise<any>

Note: If you want a good REST implementation you should differentiate the case when:

  • read receives id parameters (/test/id) to return only 1 result (if the result is undefined, the route will pass an error to the next middleware with message 'NotFound')
  • read receives query parameter (/test?name=john) to return an array of result

Note2: The result of the operation should be returned in the promise (an object or a list of object). If undefined is returned, an error with a message 'NotFound' will be passed to the next middleware.



All before hooks take an object CrudOptions in parameter and should return an object indicating if everything is fine and if it's not, the error associated to pass to the next middleware: { success: boolean, error?: Error }


All after middlewares take the result of the operation and the request object. They should return a new result or undefined to pass to the afterAll middleware or the response formatter. If the result is undefined the previous result will be used.


The optional policy object should contain :

property type description
create string policy used for create operations
read string policy used for read operations
update string policy used for update operations
delete string policy used for delete operations
isAuthenticated (CrudOptions) => boolean function to determine if the request is made by an authenticated user
isOwner (CrudOptions) => boolean function to determine if a user is the owner of the ressource
isAdmin (CrudOptions) => boolean function to determine if a user has access to all contents
isDisabled boolean disable all policies (if you need to disable policies with an environment variable for example)

All arguments are optional. Just specify what you need.

You can specify 4 types of policies :

  • guest: no permission needed to use the operation
  • user: only an authenticated user can access the operation
  • owner: only the owner of the ressource can access it
  • admin: the ressource is restricted to admin privilege

You can provide isAuthenticated, isOwner and isAdmin functions to customize when the access should be granted.

You can also

By default, all policies are guest if no policy is provided.

Note: By default, if the user object is not undefined, the permission of the request will be at least user (see Request data to know how to get user from request)


  • [ ] More Policy tests
  • [ ] Response formatter tests
  • [ ] Clearer README with more examples




Package Sidebar


npm i another-express-crud

Weekly Downloads






Unpacked Size

54.8 kB

Total Files


Last publish


  • chipp972