Skip to main content

A different type of HTTP server

A minimal framework for building HTTP servers in Node.js

Get startedGithub
Write code agnostic to which server or protocol is running.
Throw an error in your code and it's mapped to the correct HTTP status code.
Validate all your input directly via schemas generated from your function types.
Attach permissions logic to AND/OR different scenarios.
Deploy via serverless, express, uWS or even within nextJS.

Example Code

A simple crud operation

*There's a bit more to it, take a look at the documentation to see the full example.


interface Car {
  id: string
  ownerId: string
  licensePlate: string
  color: string
}

export type JustCarId = Pick<Car, 'id'>
export type UpdateCar = JustCarId & RequireAtLeastOne<Omit<Car, 'id'>

const updateCar: APIFunction<UpdateCar, void> = async (services, { id, ...data }, session) => {
    const oldData = await services.car.getCar(id)
    await services.car.updateCar(id, data)
    if (oldData.licensePlate !== data.licensePlate) {
        await services.email.sendLicenseChangedEmail(session.userEmail, id)
    }
}

const isCarOwner: APIPermission<JustCarId> = async (services, { id }, session) => {
    const { carOwner } = await services.car.getCar(id)
    return carOwner === session.userId
}

const updateCar: APIRoute<UpdateCar, void> = {
    // Route type
    method: 'post',
    // Route path
    route: '/car/:id',
    // Typescript schema to validate each request against
    schema: 'UpdateCar',
    // The function to run when the route is hit
    func: updateCar,
    // Whether a session is required (optional, defaults to true)
    requiresSession: true,
    // Permissions required to run this route, only one needs to pass
    permissions: {
        isCarOwner,
        isAdmin
    } 
}

export const routes = [updateCar]

Minimal features

The essential tools you need to get the job done

Type Safety

Everything is vanilla typescript with common types, potentially starting from your database and ending with the client.

Minimal APIs

Spend less time learning libraries and more time writing code. A few core concepts can take you almost all the way.

Session aware

Provide the user session to each function invocation for context. Cookies, API keys or JWT out of the box (if you want).

Permissions

Check each function invocation against a group of permissions before they even run.

Service Lookups

Each function call gets provided with both global services, as well as session services created for each call.

Validate schemas

Validate all API calls via automatically generated schemas from typescript. No more manual validation required.

Platform agnostic (or not)

Pick which server you want to deploy with. What's important is you can switch between them really easily.