Forem: ShyGyver The latest articles on Forem by ShyGyver (@shygyver). https://forem.com/shygyver https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1144119%2F4f907664-1dff-4a60-8662-502aabc98ea0.jpg Forem: ShyGyver https://forem.com/shygyver en Build an Authorization Server with Bun, Hono, and OpenID Connect ShyGyver Sat, 18 Apr 2026 14:31:06 +0000 https://forem.com/shygyver/build-an-authorization-server-with-bun-hono-and-openid-connect-24ok https://forem.com/shygyver/build-an-authorization-server-with-bun-hono-and-openid-connect-24ok <p>Modern applications increasingly rely on OpenID Connect (OIDC) for secure, standards-based authentication. But most tutorials point you at hosted identity providers. <br> What if you need to <strong>run your own authorization server</strong> maybe for a microservices platform, an internal tool, or simply to understand how the flow works end to end?</p> <p>In this article we'll build a fully working OIDC Authorization Code Flow server from scratch using:</p> <ul> <li> <strong><a href="https://bun.sh/" rel="noopener noreferrer">Bun</a></strong> : a fast all-in-one JavaScript runtime</li> <li> <strong><a href="https://hono.dev/" rel="noopener noreferrer">Hono</a></strong> : a lightweight, edge-ready web framework</li> <li> <strong><a href="https://www.npmjs.com/package/@saurbit/hono-oauth2" rel="noopener noreferrer"><code>@saurbit/hono-oauth2</code></a></strong> : a Hono integration for OAuth 2 / OIDC flows</li> <li> <strong><a href="https://www.npmjs.com/package/@saurbit/oauth2-jwt" rel="noopener noreferrer"><code>@saurbit/oauth2-jwt</code></a></strong> : JWT signing with automatic key rotation</li> </ul> <p>By the end you'll have a server that issues signed JWTs, exposes a discovery endpoint, supports PKCE, and comes with an interactive Scalar UI for testing.</p> <h2> TL;DR </h2> <p>The full runnable example is available at <a href="https://github.com/shygyver/auth-playground" rel="noopener noreferrer">Github</a>, while the conceptual guide is found at <a href="https://saurbit.github.io/website/examples/hono-oauth2/oidc-example.html" rel="noopener noreferrer">OIDC Authorization Code Flow with Hono</a>.</p> <p> <iframe src="https://www.youtube.com/embed/86RQr5tlQ8M"> </iframe> </p> <h2> What we're building </h2> <p>The server will expose the following endpoints:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Endpoint</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td><code>GET /.well-known/openid-configuration</code></td> <td>OIDC Discovery</td> </tr> <tr> <td><code>GET /.well-known/jwks.json</code></td> <td>JSON Web Key Set</td> </tr> <tr> <td><code>GET /authorize</code></td> <td>Login page</td> </tr> <tr> <td><code>POST /authorize</code></td> <td>Login form submission</td> </tr> <tr> <td><code>POST /token</code></td> <td>Token exchange</td> </tr> <tr> <td><code>GET /userinfo</code></td> <td>Authenticated user claims</td> </tr> <tr> <td><code>GET /protected-resource</code></td> <td>Example protected endpoint</td> </tr> <tr> <td><code>GET /openapi.json</code></td> <td>OpenAPI spec</td> </tr> <tr> <td><code>GET /scalar</code></td> <td>Interactive API explorer</td> </tr> </tbody> </table></div> <h2> Prerequisites </h2> <p>Make sure you have <a href="https://bun.com/docs/installation#installation" rel="noopener noreferrer">Bun</a> installed.</p> <h2> Step 1: Create the project </h2> <p>Scaffold a new Hono project with Bun:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>bun create hono@latest auth-server </code></pre> </div> <p>When prompted, choose <strong>bun</strong> as the template. Then move into the project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>auth-server </code></pre> </div> <h2> Step 2: Install dependencies </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>bun add @saurbit/hono-oauth2 @saurbit/oauth2 @saurbit/oauth2-jwt hono-openapi @hono/standard-validator @scalar/hono-api-reference </code></pre> </div> <h2> Step 3: Write the server </h2> <p>Open <code>src/index.ts</code> and replace its contents step by step as shown below.</p> <h3> 3.1 Imports </h3> <p>Start with all the imports needed for the server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Hono</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">hono</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">cors</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">hono/cors</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">html</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">hono/html</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">HTTPException</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">hono/http-exception</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">describeRoute</span><span class="p">,</span> <span class="nx">openAPIRouteHandler</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">hono-openapi</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Scalar</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@scalar/hono-api-reference</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">HonoOIDCAuthorizationCodeFlowBuilder</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@saurbit/hono-oauth2</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createInMemoryKeyStore</span><span class="p">,</span> <span class="nx">JoseJwksAuthority</span><span class="p">,</span> <span class="nx">JwksRotator</span><span class="p">,</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@saurbit/oauth2-jwt</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AccessDeniedError</span><span class="p">,</span> <span class="nx">StrategyInsufficientScopeError</span><span class="p">,</span> <span class="nx">StrategyInternalError</span><span class="p">,</span> <span class="nx">UnauthorizedClientError</span><span class="p">,</span> <span class="nx">UnsupportedGrantTypeError</span><span class="p">,</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@saurbit/oauth2</span><span class="dl">"</span><span class="p">;</span> </code></pre> </div> <h3> 3.2 Extend <code>UserCredentials</code> </h3> <p><code>@saurbit/oauth2</code> provides a <code>UserCredentials</code> interface you can augment via module augmentation. This lets the rest of the flow know what shape your user object has:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kr">declare</span> <span class="kr">module</span> <span class="dl">"</span><span class="s2">@saurbit/oauth2</span><span class="dl">"</span> <span class="p">{</span> <span class="kr">interface</span> <span class="nx">UserCredentials</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">fullName</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">username</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 3.3 Configure JWT key management </h3> <p>Set up an in-memory JWKS key store, a signing authority, and a rotator. The authority signs and verifies JWTs; the rotator generates new keys on a schedule and removes expired ones.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">ISSUER</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">http://localhost:3000</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">DISCOVERY_ENDPOINT_PATH</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">/.well-known/openid-configuration</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// In-memory key store (swap for a persistent store in production)</span> <span class="kd">const</span> <span class="nx">jwksStore</span> <span class="o">=</span> <span class="nf">createInMemoryKeyStore</span><span class="p">();</span> <span class="c1">// Signs JWTs and exposes the public JWKS endpoint</span> <span class="kd">const</span> <span class="nx">jwksAuthority</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">JoseJwksAuthority</span><span class="p">(</span><span class="nx">jwksStore</span><span class="p">,</span> <span class="mf">8.64e6</span><span class="p">);</span> <span class="c1">// 100-day key lifetime</span> <span class="c1">// Rotates keys every 91 days and cleans up expired ones</span> <span class="kd">const</span> <span class="nx">jwksRotator</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">JwksRotator</span><span class="p">({</span> <span class="na">keyGenerator</span><span class="p">:</span> <span class="nx">jwksAuthority</span><span class="p">,</span> <span class="na">rotationTimestampStore</span><span class="p">:</span> <span class="nx">jwksStore</span><span class="p">,</span> <span class="na">rotationIntervalMs</span><span class="p">:</span> <span class="mf">7.884e9</span><span class="p">,</span> <span class="c1">// 91 days</span> <span class="p">});</span> </code></pre> </div> <blockquote> <p>In production, replace <code>createInMemoryKeyStore()</code> with a persistent store backed by a database or secrets manager so keys survive restarts. We’ll explore persistent storage options in an upcoming article.</p> </blockquote> <h3> 3.4 Define clients and users (in-memory) </h3> <p>For this example, a single client and a single user are hardcoded. In a real application, these would be read from a database.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">CLIENT</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="dl">"</span><span class="s2">example-client</span><span class="dl">"</span><span class="p">,</span> <span class="na">secret</span><span class="p">:</span> <span class="dl">"</span><span class="s2">example-secret</span><span class="dl">"</span><span class="p">,</span> <span class="na">grants</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">authorization_code</span><span class="dl">"</span><span class="p">],</span> <span class="na">redirectUris</span><span class="p">:</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">http://localhost:3000/scalar</span><span class="dl">"</span><span class="p">,</span> <span class="p">],</span> <span class="na">scopes</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">openid</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">profile</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">email</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">content:read</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">content:write</span><span class="dl">"</span><span class="p">],</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">USER</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user123</span><span class="dl">"</span><span class="p">,</span> <span class="na">fullName</span><span class="p">:</span> <span class="dl">"</span><span class="s2">John Doe</span><span class="dl">"</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user@example.com</span><span class="dl">"</span><span class="p">,</span> <span class="na">username</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user</span><span class="dl">"</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">"</span><span class="s2">crossterm</span><span class="dl">"</span><span class="p">,</span> <span class="p">};</span> <span class="c1">// Short-lived authorization code storage</span> <span class="kd">const</span> <span class="nx">codeStorage</span><span class="p">:</span> <span class="nb">Record</span><span class="o">&lt;</span> <span class="kr">string</span><span class="p">,</span> <span class="p">{</span> <span class="na">clientId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">scope</span><span class="p">:</span> <span class="kr">string</span><span class="p">[];</span> <span class="nl">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">expiresAt</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">codeChallenge</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">nonce</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="o">&gt;</span> <span class="o">=</span> <span class="p">{};</span> </code></pre> </div> <h3> 3.5 Build the OIDC flow </h3> <p><code>HonoOIDCAuthorizationCodeFlowBuilder</code> uses a fluent API. Each method registers a callback or configures an option; call <code>.build()</code> at the end to get the configured flow object.</p> <h4> Parse the authorization endpoint data </h4> <p>This callback extracts user credentials from the login form submission:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">flow</span> <span class="o">=</span> <span class="nx">HonoOIDCAuthorizationCodeFlowBuilder</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">parseAuthorizationEndpointData</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">formData</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">c</span><span class="p">.</span><span class="nx">req</span><span class="p">.</span><span class="nf">formData</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">username</span> <span class="o">=</span> <span class="nx">formData</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">username</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">password</span> <span class="o">=</span> <span class="nx">formData</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">password</span><span class="dl">"</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">username</span><span class="p">:</span> <span class="k">typeof</span> <span class="nx">username</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span> <span class="p">?</span> <span class="nx">username</span> <span class="p">:</span> <span class="kc">undefined</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="k">typeof</span> <span class="nx">password</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span> <span class="p">?</span> <span class="nx">password</span> <span class="p">:</span> <span class="kc">undefined</span><span class="p">,</span> <span class="p">};</span> <span class="p">},</span> <span class="p">})</span> </code></pre> </div> <h4> Configure endpoints and scopes </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="p">.</span><span class="nf">setSecuritySchemeName</span><span class="p">(</span><span class="dl">"</span><span class="s2">openidConnect</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">setScopes</span><span class="p">({</span> <span class="na">openid</span><span class="p">:</span> <span class="dl">"</span><span class="s2">OpenID Connect scope</span><span class="dl">"</span><span class="p">,</span> <span class="na">profile</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Access to your profile information</span><span class="dl">"</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Access to your email address</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">content:read</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Access to read content</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">content:write</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Access to write content</span><span class="dl">"</span><span class="p">,</span> <span class="p">})</span> <span class="p">.</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">"</span><span class="s2">Example OpenID Connect Authorization Code Flow</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">setDiscoveryUrl</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">ISSUER</span><span class="p">}${</span><span class="nx">DISCOVERY_ENDPOINT_PATH</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="p">.</span><span class="nf">setJwksEndpoint</span><span class="p">(</span><span class="dl">"</span><span class="s2">/.well-known/jwks.json</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">setAuthorizationEndpoint</span><span class="p">(</span><span class="dl">"</span><span class="s2">/authorize</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">setTokenEndpoint</span><span class="p">(</span><span class="dl">"</span><span class="s2">/token</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">setUserInfoEndpoint</span><span class="p">(</span><span class="dl">"</span><span class="s2">/userinfo</span><span class="dl">"</span><span class="p">)</span> </code></pre> </div> <h4> Set client authentication methods </h4> <p>Support both private clients (client secret) and public clients (PKCE, no secret):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="p">.</span><span class="nf">clientSecretPostAuthenticationMethod</span><span class="p">()</span> <span class="p">.</span><span class="nf">noneAuthenticationMethod</span><span class="p">()</span> </code></pre> </div> <h4> Token lifetime and OIDC metadata </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="p">.</span><span class="nf">setAccessTokenLifetime</span><span class="p">(</span><span class="mi">3600</span><span class="p">)</span> <span class="p">.</span><span class="nf">setOpenIdConfiguration</span><span class="p">({</span> <span class="na">claims_supported</span><span class="p">:</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">sub</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">aud</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">iss</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">exp</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">iat</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">nbf</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">name</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">email</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">username</span><span class="dl">"</span><span class="p">,</span> <span class="p">],</span> <span class="p">})</span> </code></pre> </div> <h4> Authenticate the client at the authorization endpoint </h4> <p>This runs before the login page is shown and validates that the client ID and redirect URI are known:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="p">.</span><span class="nf">getClientForAuthentication</span><span class="p">((</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span> <span class="nx">data</span><span class="p">.</span><span class="nx">clientId</span> <span class="o">===</span> <span class="nx">CLIENT</span><span class="p">.</span><span class="nx">id</span> <span class="o">&amp;&amp;</span> <span class="nx">CLIENT</span><span class="p">.</span><span class="nx">redirectUris</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">redirectUri</span><span class="p">)</span> <span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">CLIENT</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">grants</span><span class="p">:</span> <span class="nx">CLIENT</span><span class="p">.</span><span class="nx">grants</span><span class="p">,</span> <span class="na">redirectUris</span><span class="p">:</span> <span class="nx">CLIENT</span><span class="p">.</span><span class="nx">redirectUris</span><span class="p">,</span> <span class="na">scopes</span><span class="p">:</span> <span class="nx">CLIENT</span><span class="p">.</span><span class="nx">scopes</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> <span class="p">})</span> </code></pre> </div> <h4> Authenticate the user </h4> <p>Validate the submitted username and password. Return an <code>{ type: "authenticated", user }</code> object on success, or <code>undefined</code> to reject:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="p">.</span><span class="nf">getUserForAuthentication</span><span class="p">((</span><span class="nx">_ctxt</span><span class="p">,</span> <span class="nx">parsedData</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">parsedData</span><span class="p">.</span><span class="nx">username</span> <span class="o">===</span> <span class="nx">USER</span><span class="p">.</span><span class="nx">username</span> <span class="o">&amp;&amp;</span> <span class="nx">parsedData</span><span class="p">.</span><span class="nx">password</span> <span class="o">===</span> <span class="nx">USER</span><span class="p">.</span><span class="nx">password</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">authenticated</span><span class="dl">"</span><span class="p">,</span> <span class="na">user</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">USER</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">fullName</span><span class="p">:</span> <span class="nx">USER</span><span class="p">.</span><span class="nx">fullName</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">USER</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">username</span><span class="p">:</span> <span class="nx">USER</span><span class="p">.</span><span class="nx">username</span><span class="p">,</span> <span class="p">},</span> <span class="p">};</span> <span class="p">}</span> <span class="p">})</span> </code></pre> </div> <h4> Generate an authorization code </h4> <p>Create a random code, store it with a 60-second TTL, and return it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="p">.</span><span class="nf">generateAuthorizationCode</span><span class="p">((</span><span class="nx">grantContext</span><span class="p">,</span> <span class="nx">user</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">undefined</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">code</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomUUID</span><span class="p">();</span> <span class="nx">codeStorage</span><span class="p">[</span><span class="nx">code</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span> <span class="na">clientId</span><span class="p">:</span> <span class="nx">grantContext</span><span class="p">.</span><span class="nx">client</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">scope</span><span class="p">:</span> <span class="nx">grantContext</span><span class="p">.</span><span class="nx">scope</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">expiresAt</span><span class="p">:</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">+</span> <span class="mi">60000</span><span class="p">,</span> <span class="na">codeChallenge</span><span class="p">:</span> <span class="nx">grantContext</span><span class="p">.</span><span class="nx">codeChallenge</span><span class="p">,</span> <span class="na">nonce</span><span class="p">:</span> <span class="nx">grantContext</span><span class="p">.</span><span class="nx">nonce</span><span class="p">,</span> <span class="p">};</span> <span class="k">return</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">code</span><span class="dl">"</span><span class="p">,</span> <span class="nx">code</span> <span class="p">};</span> <span class="p">})</span> </code></pre> </div> <h4> Exchange the authorization code at the token endpoint </h4> <p><code>getClient</code> is called when a client POSTs to <code>/token</code>. Validate the code, check expiry, and verify either the client secret or the PKCE <code>code_verifier</code>. Return an enriched client object whose <code>metadata</code> is forwarded to the token generator:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="p">.</span><span class="nf">getClient</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">tokenRequest</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span> <span class="nx">tokenRequest</span><span class="p">.</span><span class="nx">grantType</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">authorization_code</span><span class="dl">"</span> <span class="o">&amp;&amp;</span> <span class="nx">tokenRequest</span><span class="p">.</span><span class="nx">clientId</span> <span class="o">===</span> <span class="nx">CLIENT</span><span class="p">.</span><span class="nx">id</span> <span class="o">&amp;&amp;</span> <span class="nx">tokenRequest</span><span class="p">.</span><span class="nx">code</span> <span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">codeData</span> <span class="o">=</span> <span class="nx">codeStorage</span><span class="p">[</span><span class="nx">tokenRequest</span><span class="p">.</span><span class="nx">code</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">codeData</span><span class="p">)</span> <span class="k">return</span> <span class="kc">undefined</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">codeData</span><span class="p">.</span><span class="nx">clientId</span> <span class="o">!==</span> <span class="nx">tokenRequest</span><span class="p">.</span><span class="nx">clientId</span><span class="p">)</span> <span class="k">return</span> <span class="kc">undefined</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">codeData</span><span class="p">.</span><span class="nx">expiresAt</span> <span class="o">&lt;</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">())</span> <span class="p">{</span> <span class="k">delete</span> <span class="nx">codeStorage</span><span class="p">[</span><span class="nx">tokenRequest</span><span class="p">.</span><span class="nx">code</span><span class="p">];</span> <span class="k">return</span> <span class="kc">undefined</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">tokenRequest</span><span class="p">.</span><span class="nx">clientSecret</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Private client - verify the secret</span> <span class="k">if </span><span class="p">(</span><span class="nx">tokenRequest</span><span class="p">.</span><span class="nx">clientSecret</span> <span class="o">!==</span> <span class="nx">CLIENT</span><span class="p">.</span><span class="nx">secret</span><span class="p">)</span> <span class="k">return</span> <span class="kc">undefined</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">tokenRequest</span><span class="p">.</span><span class="nx">codeVerifier</span> <span class="o">&amp;&amp;</span> <span class="nx">codeData</span><span class="p">.</span><span class="nx">codeChallenge</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Public client - verify PKCE code_verifier against the stored code_challenge</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">TextEncoder</span><span class="p">().</span><span class="nf">encode</span><span class="p">(</span><span class="nx">tokenRequest</span><span class="p">.</span><span class="nx">codeVerifier</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">hashBuffer</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">crypto</span><span class="p">.</span><span class="nx">subtle</span><span class="p">.</span><span class="nf">digest</span><span class="p">(</span><span class="dl">"</span><span class="s2">SHA-256</span><span class="dl">"</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">hashArray</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Uint8Array</span><span class="p">(</span><span class="nx">hashBuffer</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">base64url</span> <span class="o">=</span> <span class="nf">btoa</span><span class="p">(</span><span class="nb">String</span><span class="p">.</span><span class="nf">fromCharCode</span><span class="p">(...</span><span class="nx">hashArray</span><span class="p">))</span> <span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="sr">/</span><span class="se">\+</span><span class="sr">/g</span><span class="p">,</span> <span class="dl">"</span><span class="s2">-</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="sr">/</span><span class="se">\/</span><span class="sr">/g</span><span class="p">,</span> <span class="dl">"</span><span class="s2">_</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="sr">/=+$/</span><span class="p">,</span> <span class="dl">""</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">base64url</span> <span class="o">!==</span> <span class="nx">codeData</span><span class="p">.</span><span class="nx">codeChallenge</span><span class="p">)</span> <span class="k">return</span> <span class="kc">undefined</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">undefined</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">CLIENT</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">grants</span><span class="p">:</span> <span class="nx">CLIENT</span><span class="p">.</span><span class="nx">grants</span><span class="p">,</span> <span class="na">redirectUris</span><span class="p">:</span> <span class="nx">CLIENT</span><span class="p">.</span><span class="nx">redirectUris</span><span class="p">,</span> <span class="na">scopes</span><span class="p">:</span> <span class="nx">CLIENT</span><span class="p">.</span><span class="nx">scopes</span><span class="p">,</span> <span class="na">metadata</span><span class="p">:</span> <span class="p">{</span> <span class="na">accessScope</span><span class="p">:</span> <span class="nx">codeData</span><span class="p">.</span><span class="nx">scope</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">codeData</span><span class="p">.</span><span class="nx">userId</span><span class="p">,</span> <span class="na">username</span><span class="p">:</span> <span class="nx">USER</span><span class="p">.</span><span class="nx">username</span><span class="p">,</span> <span class="na">userEmail</span><span class="p">:</span> <span class="nx">USER</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">userFullName</span><span class="p">:</span> <span class="nx">USER</span><span class="p">.</span><span class="nx">fullName</span><span class="p">,</span> <span class="na">nonce</span><span class="p">:</span> <span class="nx">codeData</span><span class="p">.</span><span class="nx">nonce</span><span class="p">,</span> <span class="p">},</span> <span class="p">};</span> <span class="p">}</span> <span class="p">})</span> </code></pre> </div> <p>The <code>metadata</code> field is a free-form record. Use it to pass context (user info, granted scopes) from this callback to <code>generateAccessToken</code>.</p> <h4> Generate access and ID tokens </h4> <p>Sign both tokens with the JWKS authority and return them:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="p">.</span><span class="nf">generateAccessToken</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">grantContext</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">accessScope</span> <span class="o">=</span> <span class="nb">Array</span><span class="p">.</span><span class="nf">isArray</span><span class="p">(</span><span class="nx">grantContext</span><span class="p">.</span><span class="nx">client</span><span class="p">.</span><span class="nx">metadata</span><span class="p">?.</span><span class="nx">accessScope</span><span class="p">)</span> <span class="p">?</span> <span class="nx">grantContext</span><span class="p">.</span><span class="nx">client</span><span class="p">.</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">accessScope</span> <span class="p">:</span> <span class="p">[];</span> <span class="kd">const</span> <span class="nx">registeredClaims</span> <span class="o">=</span> <span class="p">{</span> <span class="na">exp</span><span class="p">:</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">floor</span><span class="p">(</span><span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">/</span> <span class="mi">1000</span><span class="p">)</span> <span class="o">+</span> <span class="nx">grantContext</span><span class="p">.</span><span class="nx">accessTokenLifetime</span><span class="p">,</span> <span class="na">iat</span><span class="p">:</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">floor</span><span class="p">(</span><span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">/</span> <span class="mi">1000</span><span class="p">),</span> <span class="na">nbf</span><span class="p">:</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">floor</span><span class="p">(</span><span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">/</span> <span class="mi">1000</span><span class="p">),</span> <span class="na">iss</span><span class="p">:</span> <span class="nx">ISSUER</span><span class="p">,</span> <span class="na">aud</span><span class="p">:</span> <span class="nx">grantContext</span><span class="p">.</span><span class="nx">client</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">jti</span><span class="p">:</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomUUID</span><span class="p">(),</span> <span class="na">sub</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">grantContext</span><span class="p">.</span><span class="nx">client</span><span class="p">.</span><span class="nx">metadata</span><span class="p">?.</span><span class="nx">userId</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">token</span><span class="p">:</span> <span class="nx">accessToken</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">jwksAuthority</span><span class="p">.</span><span class="nf">sign</span><span class="p">({</span> <span class="na">scope</span><span class="p">:</span> <span class="nx">accessScope</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="dl">"</span><span class="s2"> </span><span class="dl">"</span><span class="p">),</span> <span class="p">...</span><span class="nx">registeredClaims</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">token</span><span class="p">:</span> <span class="nx">idToken</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">jwksAuthority</span><span class="p">.</span><span class="nf">sign</span><span class="p">({</span> <span class="na">username</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">grantContext</span><span class="p">.</span><span class="nx">client</span><span class="p">.</span><span class="nx">metadata</span><span class="p">?.</span><span class="nx">username</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">accessScope</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">"</span><span class="s2">profile</span><span class="dl">"</span><span class="p">)</span> <span class="p">?</span> <span class="s2">`</span><span class="p">${</span><span class="nx">grantContext</span><span class="p">.</span><span class="nx">client</span><span class="p">.</span><span class="nx">metadata</span><span class="p">?.</span><span class="nx">userFullName</span><span class="p">}</span><span class="s2">`</span> <span class="p">:</span> <span class="kc">undefined</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">accessScope</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">"</span><span class="s2">email</span><span class="dl">"</span><span class="p">)</span> <span class="p">?</span> <span class="s2">`</span><span class="p">${</span><span class="nx">grantContext</span><span class="p">.</span><span class="nx">client</span><span class="p">.</span><span class="nx">metadata</span><span class="p">?.</span><span class="nx">userEmail</span><span class="p">}</span><span class="s2">`</span> <span class="p">:</span> <span class="kc">undefined</span><span class="p">,</span> <span class="na">nonce</span><span class="p">:</span> <span class="nx">grantContext</span><span class="p">.</span><span class="nx">client</span><span class="p">.</span><span class="nx">metadata</span><span class="p">?.</span><span class="nx">nonce</span> <span class="p">?</span> <span class="s2">`</span><span class="p">${</span><span class="nx">grantContext</span><span class="p">.</span><span class="nx">client</span><span class="p">.</span><span class="nx">metadata</span><span class="p">?.</span><span class="nx">nonce</span><span class="p">}</span><span class="s2">`</span> <span class="p">:</span> <span class="kc">undefined</span><span class="p">,</span> <span class="p">...</span><span class="nx">registeredClaims</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">accessToken</span><span class="p">,</span> <span class="na">scope</span><span class="p">:</span> <span class="nx">accessScope</span><span class="p">,</span> <span class="nx">idToken</span><span class="p">,</span> <span class="p">};</span> <span class="p">})</span> </code></pre> </div> <h4> Verify access tokens </h4> <p>Called by <code>authorizeMiddleware</code> on every protected route. Verify the JWT signature and return the resolved credentials:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="p">.</span><span class="nf">tokenVerifier</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">_c</span><span class="p">,</span> <span class="p">{</span> <span class="nx">token</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">jwksAuthority</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">payload</span> <span class="o">&amp;&amp;</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">sub</span> <span class="o">===</span> <span class="nx">USER</span><span class="p">.</span><span class="nx">id</span> <span class="o">&amp;&amp;</span> <span class="k">typeof</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">scope</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">isValid</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="p">{</span> <span class="na">user</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">USER</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">fullName</span><span class="p">:</span> <span class="nx">USER</span><span class="p">.</span><span class="nx">fullName</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">USER</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">username</span><span class="p">:</span> <span class="nx">USER</span><span class="p">.</span><span class="nx">username</span><span class="p">,</span> <span class="p">},</span> <span class="na">scope</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">scope</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2"> </span><span class="dl">"</span><span class="p">),</span> <span class="p">},</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Token verification error:</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span> <span class="k">instanceof</span> <span class="nb">Error</span> <span class="p">?</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="p">}</span> <span class="p">:</span> <span class="nx">error</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">isValid</span><span class="p">:</span> <span class="kc">false</span> <span class="p">};</span> <span class="p">})</span> </code></pre> </div> <h4> Handle authorization failures </h4> <p>Customize the HTTP response when <code>authorizeMiddleware</code> rejects a request:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="p">.</span><span class="nf">failedAuthorizationAction</span><span class="p">((</span><span class="nx">_</span><span class="p">,</span> <span class="nx">error</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Authorization failed:</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span> <span class="k">instanceof</span> <span class="nx">StrategyInternalError</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="mi">500</span><span class="p">,</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Internal server error</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span> <span class="k">instanceof</span> <span class="nx">StrategyInsufficientScopeError</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="mi">403</span><span class="p">,</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Forbidden</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="mi">401</span><span class="p">,</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Unauthorized</span><span class="dl">"</span> <span class="p">});</span> <span class="p">})</span> <span class="p">.</span><span class="nf">build</span><span class="p">();</span> </code></pre> </div> <h3> 3.6 Create the Hono app and register routes </h3> <p>Now wire everything up:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Hono</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="dl">"</span><span class="s2">/*</span><span class="dl">"</span><span class="p">,</span> <span class="nf">cors</span><span class="p">());</span> </code></pre> </div> <p><strong>OIDC discovery endpoint</strong> returns the server's configuration so clients can discover endpoints automatically:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">DISCOVERY_ENDPOINT_PATH</span><span class="p">,</span> <span class="p">(</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="nx">flow</span><span class="p">.</span><span class="nf">getDiscoveryConfiguration</span><span class="p">(</span><span class="nx">c</span><span class="p">.</span><span class="nx">req</span><span class="p">.</span><span class="nx">raw</span><span class="p">);</span> <span class="k">return</span> <span class="nx">c</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">config</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p><strong>JWKS endpoint</strong> returns the server's public keys so resource servers can verify tokens:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">flow</span><span class="p">.</span><span class="nf">getJwksEndpoint</span><span class="p">(),</span> <span class="k">async </span><span class="p">(</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">c</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="k">await</span> <span class="nx">jwksAuthority</span><span class="p">.</span><span class="nf">getJwksEndpointResponse</span><span class="p">());</span> <span class="p">});</span> </code></pre> </div> <p><strong>Authorization endpoint (GET)</strong> validates the client, then renders the login form:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">flow</span><span class="p">.</span><span class="nf">getAuthorizationEndpoint</span><span class="p">(),</span> <span class="k">async </span><span class="p">(</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">flow</span><span class="p">.</span><span class="nf">hono</span><span class="p">().</span><span class="nf">initiateAuthorization</span><span class="p">(</span><span class="nx">c</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">c</span><span class="p">.</span><span class="nf">html</span><span class="p">(</span> <span class="nc">HtmlFormContent</span><span class="p">({</span> <span class="na">usernameField</span><span class="p">:</span> <span class="dl">"</span><span class="s2">username</span><span class="dl">"</span><span class="p">,</span> <span class="na">passwordField</span><span class="p">:</span> <span class="dl">"</span><span class="s2">password</span><span class="dl">"</span> <span class="p">}),</span> <span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">c</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">invalid_request</span><span class="dl">"</span> <span class="p">},</span> <span class="mi">400</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p><strong>Authorization endpoint (POST)</strong> processes the login submission:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="nx">flow</span><span class="p">.</span><span class="nf">getAuthorizationEndpoint</span><span class="p">(),</span> <span class="k">async </span><span class="p">(</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">flow</span><span class="p">.</span><span class="nf">hono</span><span class="p">().</span><span class="nf">processAuthorization</span><span class="p">(</span><span class="nx">c</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="kd">type</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">error</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">error</span> <span class="o">=</span> <span class="nx">result</span><span class="p">.</span><span class="nx">error</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">redirectable</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">qs</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">`error=</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span> <span class="nx">error</span> <span class="k">instanceof</span> <span class="nx">AccessDeniedError</span> <span class="p">?</span> <span class="nx">error</span><span class="p">.</span><span class="nx">errorCode</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">invalid_request</span><span class="dl">"</span> <span class="p">)}</span><span class="s2">`</span><span class="p">,</span> <span class="s2">`error_description=</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span> <span class="nx">error</span> <span class="k">instanceof</span> <span class="nx">AccessDeniedError</span> <span class="p">?</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">Invalid request</span><span class="dl">"</span> <span class="p">)}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">result</span><span class="p">.</span><span class="nx">state</span> <span class="p">?</span> <span class="s2">`state=</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">state</span><span class="p">)}</span><span class="s2">`</span> <span class="p">:</span> <span class="kc">null</span><span class="p">,</span> <span class="p">].</span><span class="nf">filter</span><span class="p">(</span><span class="nb">Boolean</span><span class="p">).</span><span class="nf">join</span><span class="p">(</span><span class="dl">"</span><span class="s2">&amp;</span><span class="dl">"</span><span class="p">);</span> <span class="k">return</span> <span class="nx">c</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">result</span><span class="p">.</span><span class="nx">redirectUri</span><span class="p">}</span><span class="s2">?</span><span class="p">${</span><span class="nx">qs</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">c</span><span class="p">.</span><span class="nf">html</span><span class="p">(</span> <span class="nc">HtmlFormContent</span><span class="p">({</span> <span class="na">usernameField</span><span class="p">:</span> <span class="dl">"</span><span class="s2">username</span><span class="dl">"</span><span class="p">,</span> <span class="na">passwordField</span><span class="p">:</span> <span class="dl">"</span><span class="s2">password</span><span class="dl">"</span><span class="p">,</span> <span class="na">errorMessage</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">,</span> <span class="p">}),</span> <span class="mi">400</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="kd">type</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">code</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">code</span><span class="p">,</span> <span class="na">context</span><span class="p">:</span> <span class="p">{</span> <span class="nx">state</span><span class="p">,</span> <span class="nx">redirectUri</span> <span class="p">}</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">result</span><span class="p">.</span><span class="nx">authorizationCodeResponse</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">searchParams</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">();</span> <span class="nx">searchParams</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">"</span><span class="s2">code</span><span class="dl">"</span><span class="p">,</span> <span class="nx">code</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">state</span><span class="p">)</span> <span class="nx">searchParams</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">"</span><span class="s2">state</span><span class="dl">"</span><span class="p">,</span> <span class="nx">state</span><span class="p">);</span> <span class="k">return</span> <span class="nx">c</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">redirectUri</span><span class="p">}</span><span class="s2">?</span><span class="p">${</span><span class="nx">searchParams</span><span class="p">.</span><span class="nf">toString</span><span class="p">()}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="kd">type</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">unauthenticated</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">c</span><span class="p">.</span><span class="nf">html</span><span class="p">(</span> <span class="nc">HtmlFormContent</span><span class="p">({</span> <span class="na">usernameField</span><span class="p">:</span> <span class="dl">"</span><span class="s2">username</span><span class="dl">"</span><span class="p">,</span> <span class="na">passwordField</span><span class="p">:</span> <span class="dl">"</span><span class="s2">password</span><span class="dl">"</span><span class="p">,</span> <span class="na">errorMessage</span><span class="p">:</span> <span class="nx">result</span><span class="p">.</span><span class="nx">message</span> <span class="o">||</span> <span class="dl">"</span><span class="s2">Authentication failed. Please try again.</span><span class="dl">"</span><span class="p">,</span> <span class="p">}),</span> <span class="mi">400</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Unexpected error at authorization endpoint:</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span> <span class="k">instanceof</span> <span class="nb">Error</span> <span class="p">?</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="p">}</span> <span class="p">:</span> <span class="nx">error</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">c</span><span class="p">.</span><span class="nf">html</span><span class="p">(</span> <span class="nc">HtmlFormContent</span><span class="p">({</span> <span class="na">usernameField</span><span class="p">:</span> <span class="dl">"</span><span class="s2">username</span><span class="dl">"</span><span class="p">,</span> <span class="na">passwordField</span><span class="p">:</span> <span class="dl">"</span><span class="s2">password</span><span class="dl">"</span><span class="p">,</span> <span class="na">errorMessage</span><span class="p">:</span> <span class="dl">"</span><span class="s2">An unexpected error occurred. Please try again later.</span><span class="dl">"</span><span class="p">,</span> <span class="p">}),</span> <span class="mi">500</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>The <code>processAuthorization</code> result has four possible types:</p> <ul> <li> <strong><code>code</code></strong> : authentication succeeded; redirect to the client with the authorization code.</li> <li> <strong><code>error</code></strong> : something went wrong; check <code>result.redirectable</code> to decide whether to redirect or re-render the form.</li> <li> <strong><code>continue</code></strong> : used for a consent/approval step (not implemented here).</li> <li> <strong><code>unauthenticated</code></strong> : wrong credentials; re-render the login form with an error.</li> </ul> <p><strong>Token endpoint</strong> exchanges the authorization code for access and ID tokens:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="nx">flow</span><span class="p">.</span><span class="nf">getTokenEndpoint</span><span class="p">(),</span> <span class="k">async </span><span class="p">(</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">flow</span><span class="p">.</span><span class="nf">hono</span><span class="p">().</span><span class="nf">token</span><span class="p">(</span><span class="nx">c</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">c</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">tokenResponse</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">error</span> <span class="o">=</span> <span class="nx">result</span><span class="p">.</span><span class="nx">error</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span> <span class="nx">error</span> <span class="k">instanceof</span> <span class="nx">UnsupportedGrantTypeError</span> <span class="o">||</span> <span class="nx">error</span> <span class="k">instanceof</span> <span class="nx">UnauthorizedClientError</span> <span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">c</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">errorCode</span><span class="p">,</span> <span class="na">errorDescription</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="p">},</span> <span class="mi">400</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">c</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">invalid_request</span><span class="dl">"</span> <span class="p">},</span> <span class="mi">400</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p><strong>User info endpoint</strong> protected with the <code>openid</code> scope; returns standard claims:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="nx">flow</span><span class="p">.</span><span class="nf">getUserInfoEndpoint</span><span class="p">()</span> <span class="o">||</span> <span class="dl">"</span><span class="s2">/userinfo</span><span class="dl">"</span><span class="p">,</span> <span class="nx">flow</span><span class="p">.</span><span class="nf">hono</span><span class="p">().</span><span class="nf">authorizeMiddleware</span><span class="p">([</span><span class="dl">"</span><span class="s2">openid</span><span class="dl">"</span><span class="p">]),</span> <span class="nf">describeRoute</span><span class="p">({</span> <span class="na">summary</span><span class="p">:</span> <span class="dl">"</span><span class="s2">User Info</span><span class="dl">"</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Returns claims about the authenticated end-user.</span><span class="dl">"</span><span class="p">,</span> <span class="na">security</span><span class="p">:</span> <span class="p">[</span><span class="nx">flow</span><span class="p">.</span><span class="nf">toOpenAPIPathItem</span><span class="p">([</span><span class="dl">"</span><span class="s2">openid</span><span class="dl">"</span><span class="p">])],</span> <span class="na">responses</span><span class="p">:</span> <span class="p">{</span> <span class="mi">200</span><span class="p">:</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="dl">"</span><span class="s2">User claims.</span><span class="dl">"</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="na">example</span><span class="p">:</span> <span class="p">{</span> <span class="na">sub</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user123</span><span class="dl">"</span><span class="p">,</span> <span class="na">username</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user</span><span class="dl">"</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">John Doe</span><span class="dl">"</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user@example.com</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">}),</span> <span class="p">(</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">credentials</span> <span class="o">=</span> <span class="nx">c</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">credentials</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">credentials</span><span class="p">?.</span><span class="nx">user</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">scope</span> <span class="o">=</span> <span class="nx">credentials</span><span class="p">?.</span><span class="nx">scope</span> <span class="o">||</span> <span class="p">[];</span> <span class="k">return</span> <span class="nx">c</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">sub</span><span class="p">:</span> <span class="nx">user</span><span class="p">?.</span><span class="nx">id</span><span class="p">,</span> <span class="na">username</span><span class="p">:</span> <span class="nx">user</span><span class="p">?.</span><span class="nx">username</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">scope</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">"</span><span class="s2">profile</span><span class="dl">"</span><span class="p">)</span> <span class="p">?</span> <span class="nx">user</span><span class="p">?.</span><span class="nx">fullName</span> <span class="p">:</span> <span class="kc">undefined</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">scope</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">"</span><span class="s2">email</span><span class="dl">"</span><span class="p">)</span> <span class="p">?</span> <span class="nx">user</span><span class="p">?.</span><span class="nx">email</span> <span class="p">:</span> <span class="kc">undefined</span><span class="p">,</span> <span class="p">});</span> <span class="p">},</span> <span class="p">);</span> </code></pre> </div> <p><strong>Protected resource</strong> requires the <code>content:read</code> scope:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="dl">"</span><span class="s2">/protected-resource</span><span class="dl">"</span><span class="p">,</span> <span class="nx">flow</span><span class="p">.</span><span class="nf">hono</span><span class="p">().</span><span class="nf">authorizeMiddleware</span><span class="p">([</span><span class="dl">"</span><span class="s2">content:read</span><span class="dl">"</span><span class="p">]),</span> <span class="nf">describeRoute</span><span class="p">({</span> <span class="na">summary</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Protected Resource</span><span class="dl">"</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Requires a valid access token with the 'content:read' scope.</span><span class="dl">"</span><span class="p">,</span> <span class="na">security</span><span class="p">:</span> <span class="p">[</span><span class="nx">flow</span><span class="p">.</span><span class="nf">toOpenAPIPathItem</span><span class="p">([</span><span class="dl">"</span><span class="s2">content:read</span><span class="dl">"</span><span class="p">])],</span> <span class="na">responses</span><span class="p">:</span> <span class="p">{</span> <span class="mi">200</span><span class="p">:</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Protected resource data.</span><span class="dl">"</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="na">example</span><span class="p">:</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Hello, John Doe! You have accessed a protected resource.</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="mi">401</span><span class="p">:</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Unauthorized.</span><span class="dl">"</span> <span class="p">},</span> <span class="mi">403</span><span class="p">:</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Forbidden - insufficient scope.</span><span class="dl">"</span> <span class="p">},</span> <span class="p">},</span> <span class="p">}),</span> <span class="p">(</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">c</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">credentials</span><span class="dl">"</span><span class="p">)?.</span><span class="nx">user</span><span class="p">;</span> <span class="k">return</span> <span class="nx">c</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="s2">`Hello, </span><span class="p">${</span><span class="nx">user</span><span class="p">?.</span><span class="nx">fullName</span><span class="p">}</span><span class="s2">! You have accessed a protected resource.`</span><span class="p">,</span> <span class="p">});</span> <span class="p">},</span> <span class="p">);</span> </code></pre> </div> <p><strong>OpenAPI spec and Scalar UI:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="dl">"</span><span class="s2">/openapi.json</span><span class="dl">"</span><span class="p">,</span> <span class="nf">openAPIRouteHandler</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="p">{</span> <span class="na">documentation</span><span class="p">:</span> <span class="p">{</span> <span class="na">info</span><span class="p">:</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Auth Server API</span><span class="dl">"</span><span class="p">,</span> <span class="na">version</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0.1.0</span><span class="dl">"</span> <span class="p">},</span> <span class="na">components</span><span class="p">:</span> <span class="p">{</span> <span class="na">securitySchemes</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">flow</span><span class="p">.</span><span class="nf">toOpenAPISecurityScheme</span><span class="p">()</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">}),</span> <span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">/scalar</span><span class="dl">"</span><span class="p">,</span> <span class="nc">Scalar</span><span class="p">({</span> <span class="na">url</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/openapi.json</span><span class="dl">"</span> <span class="p">}));</span> </code></pre> </div> <h3> 3.7 Key rotation and login form </h3> <p>Rotate keys on startup, then schedule hourly checks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">jwksRotator</span><span class="p">.</span><span class="nf">checkAndRotateKeys</span><span class="p">();</span> <span class="nf">setInterval</span><span class="p">(</span><span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">jwksRotator</span><span class="p">.</span><span class="nf">checkAndRotateKeys</span><span class="p">();</span> <span class="p">},</span> <span class="mf">3.6e6</span><span class="p">);</span> </code></pre> </div> <p>Finally, add the <code>HtmlFormContent</code> helper and the default export:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">HtmlFormContent</span><span class="p">(</span><span class="nx">props</span><span class="p">:</span> <span class="p">{</span> <span class="nl">errorMessage</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">usernameField</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">passwordField</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">})</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">html</span><span class="s2">` &lt;!DOCTYPE html&gt; &lt;html lang="en"&gt; &lt;head&gt; &lt;meta charset="UTF-8" /&gt; &lt;title&gt;Sign in&lt;/title&gt; &lt;meta name="viewport" content="width=device-width, initial-scale=1.0" /&gt; &lt;/head&gt; &lt;body&gt; &lt;h1&gt;Sign in&lt;/h1&gt; </span><span class="p">${</span><span class="nx">props</span><span class="p">.</span><span class="nx">errorMessage</span> <span class="p">?</span> <span class="nx">html</span><span class="s2">`&lt;p style="color:red"&gt;</span><span class="p">${</span><span class="nx">props</span><span class="p">.</span><span class="nx">errorMessage</span><span class="p">}</span><span class="s2">&lt;/p&gt;`</span> <span class="p">:</span> <span class="dl">""</span><span class="p">}</span><span class="s2"> &lt;form method="POST"&gt; &lt;label for="</span><span class="p">${</span><span class="nx">props</span><span class="p">.</span><span class="nx">usernameField</span><span class="p">}</span><span class="s2">"&gt;</span><span class="p">${</span><span class="nx">props</span><span class="p">.</span><span class="nx">usernameField</span><span class="p">}</span><span class="s2">&lt;/label&gt; &lt;input id="</span><span class="p">${</span><span class="nx">props</span><span class="p">.</span><span class="nx">usernameField</span><span class="p">}</span><span class="s2">" name="</span><span class="p">${</span><span class="nx">props</span><span class="p">.</span><span class="nx">usernameField</span><span class="p">}</span><span class="s2">" type="text" autocomplete="username" required /&gt; &lt;label for="</span><span class="p">${</span><span class="nx">props</span><span class="p">.</span><span class="nx">passwordField</span><span class="p">}</span><span class="s2">"&gt;</span><span class="p">${</span><span class="nx">props</span><span class="p">.</span><span class="nx">passwordField</span><span class="p">}</span><span class="s2">&lt;/label&gt; &lt;input id="</span><span class="p">${</span><span class="nx">props</span><span class="p">.</span><span class="nx">passwordField</span><span class="p">}</span><span class="s2">" name="</span><span class="p">${</span><span class="nx">props</span><span class="p">.</span><span class="nx">passwordField</span><span class="p">}</span><span class="s2">" type="password" autocomplete="current-password" required /&gt; &lt;button type="submit"&gt;Sign in&lt;/button&gt; &lt;/form&gt; &lt;/body&gt; &lt;/html&gt;`</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">app</span><span class="p">;</span> </code></pre> </div> <h2> Step 4: Run the server </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>bun dev </code></pre> </div> <p>Open <code>http://localhost:3000/scalar</code> in your browser. You'll see the Scalar interactive API explorer pre-configured with the OpenID Connect security scheme.</p> <p><strong>Test credentials:</strong></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>Client ID</td> <td><code>example-client</code></td> </tr> <tr> <td>Client Secret</td> <td> <code>example-secret</code> (or use PKCE with no secret)</td> </tr> <tr> <td>Credentials Location</td> <td><code>body</code></td> </tr> <tr> <td>Username</td> <td><code>user</code></td> </tr> <tr> <td>Password</td> <td><code>crossterm</code></td> </tr> </tbody> </table></div> <p>Click <strong>Authorize</strong>, complete the login form, and then try <code>GET /protected-resource</code> or <code>GET /userinfo</code>.</p> <h2> Protecting a separate resource server </h2> <p>In a microservices architecture, your resource servers are separate processes. They don't need the full OAuth2 library. They just need to verify the JWT each request carries.</p> <p><strong>Option A: Hono's built-in JWK middleware</strong></p> <p>Hono ships a <a href="https://hono.dev/docs/middleware/builtin/jwk" rel="noopener noreferrer"><code>hono/jwk</code></a> middleware that fetches the public keys from the JWKS endpoint and verifies incoming bearer tokens automatically:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">jwk</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">hono/jwk</span><span class="dl">"</span><span class="p">;</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span> <span class="dl">"</span><span class="s2">/api/*</span><span class="dl">"</span><span class="p">,</span> <span class="nf">jwk</span><span class="p">({</span> <span class="na">jwks_uri</span><span class="p">:</span> <span class="dl">"</span><span class="s2">http://localhost:3000/.well-known/jwks.json</span><span class="dl">"</span><span class="p">,</span> <span class="na">alg</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">RS256</span><span class="dl">'</span><span class="p">],</span> <span class="p">}),</span> <span class="p">);</span> </code></pre> </div> <p><strong>Option B: <code>jwks-rsa</code> for Node.js or other runtimes</strong></p> <p>If you're running a Node.js service (Express, Fastify, etc.), use <a href="https://www.npmjs.com/package/jwks-rsa" rel="noopener noreferrer"><code>jwks-rsa</code></a> to pull public keys from the JWKS endpoint and verify tokens with a JWT library like <code>jsonwebtoken</code> or <code>jose</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">jwksClient</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">jwks-rsa</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="nf">jwksClient</span><span class="p">({</span> <span class="na">jwksUri</span><span class="p">:</span> <span class="dl">"</span><span class="s2">http://localhost:3000/.well-known/jwks.json</span><span class="dl">"</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>Both approaches mean your resource servers remain stateless and never share a database with the authorization server.</p> <h2> What's next </h2> <ul> <li>Replace in-memory stores with a database (PostgreSQL, Redis, etc.)</li> <li>Add a consent screen for multi-tenant applications</li> <li>Support the <code>refresh_token</code> grant to issue long-lived tokens</li> </ul> bun hono oauth2 openid Building Modern Backends with Kaapi: Messaging with Kafka ShyGyver Sat, 24 Jan 2026 14:31:20 +0000 https://forem.com/shygyver/building-modern-backends-with-kaapi-messaging-with-kafka-2e19 https://forem.com/shygyver/building-modern-backends-with-kaapi-messaging-with-kafka-2e19 <blockquote> <p>Kaapi: A flexible, extensible backend framework for modern APIs with messaging, documentation, and type safety built right in.<br><br> This series is written for backend developers who love TypeScript and can appreciate Hapi's design philosophy.</p> </blockquote> <h2> Messaging? </h2> <p>What does <em>“messaging”</em> actually mean in this context?</p> <blockquote> <p>Messaging is an asynchronous communication pattern where applications exchange data by sending messages through a broker, rather than calling each other directly. This decouples systems, improves scalability and reliability, and allows components to process messages independently and at their own pace.</p> <p>— ChatGPT</p> </blockquote> <p>That definition is correct… but also not very helpful if you’ve never <em>felt</em> the problem it solves.</p> <p>So let me give you a real-world example from my own experience at work about six years ago (yes, I’m feeling old).</p> <p>It started with a simple requirement: <em>“When a user signs up, send them a welcome email.”</em></p> <p>Easy enough. I put it directly in the signup handler: call the email service, wait for the response, return success.</p> <p>Then someone asked:</p> <blockquote> <p>“Can we also send a Slack notification to the sales team?”</p> </blockquote> <p>Then another request followed:</p> <blockquote> <p>“Can we log this to our analytics pipeline?”</p> </blockquote> <p>Before long, the signup handler was doing five different things and if <em>any</em> one of them failed, the entire signup failed.</p> <p>That’s when it became clear: <strong>some things don’t need to happen <em>right now</em>. They just need to happen.</strong></p> <h2> Kafka: the elephant in the room </h2> <p>There are many ways to do async messaging. Redis Pub/Sub. RabbitMQ. AWS SQS.</p> <p>But if you're building something that needs to scale, handle millions of events, and never lose a message... you're probably looking at <strong>Kafka</strong>.</p> <p>The problem? KafkaJS is powerful, but it's <em>verbose</em>. Producers, consumers, admin clients, group IDs, partitions, offsets... it's a lot of ceremony just to send a JSON object from A to B.</p> <p>Kaapi's <code>@kaapi/kafka-messaging</code> package wraps all of that into something you can actually reason about.</p> <h2> Setting up Kafka locally </h2> <p>Before we write any code, let's get Kafka running.</p> <p>One command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-d</span> <span class="nt">--name</span> kafka <span class="nt">-p</span> 9092:9092 apache/kafka:latest </code></pre> </div> <p>That's it. You now have a Kafka broker at <code>localhost:9092</code>.</p> <h2> The scenario </h2> <p>We're building two services:</p> <ol> <li>User API: handles signup, publishes a user.created event</li> <li>Notification Service: listens for user.created, sends a welcome email</li> </ol> <p>Two apps. One Kafka topic. Fully decoupled.</p> <h2> The User API </h2> <p>Let's start with the API that handles signups.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @kaapi/kaapi @kaapi/kafka-messaging </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Kaapi</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">KafkaMessaging</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kafka-messaging</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">messaging</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">KafkaMessaging</span><span class="p">({</span> <span class="na">clientId</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user-api</span><span class="dl">'</span><span class="p">,</span> <span class="na">brokers</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">localhost:9092</span><span class="dl">'</span><span class="p">],</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user-api</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="na">port</span><span class="p">:</span> <span class="mi">3000</span><span class="p">,</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">localhost</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nx">route</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">Payload</span><span class="p">:</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">({</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/signup</span><span class="dl">'</span><span class="p">,</span> <span class="na">handler</span><span class="p">:</span> <span class="k">async </span><span class="p">({</span> <span class="nx">payload</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomUUID</span><span class="p">(),</span> <span class="na">email</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">createdAt</span><span class="p">:</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">(),</span> <span class="p">};</span> <span class="c1">// Save to database (pretend this happened)</span> <span class="c1">// Publish the event</span> <span class="k">await</span> <span class="nx">messaging</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span><span class="dl">'</span><span class="s1">user.created</span><span class="dl">'</span><span class="p">,</span> <span class="nx">user</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">};</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">start</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">🚀 User API running at</span><span class="dl">'</span><span class="p">,</span> <span class="nx">app</span><span class="p">.</span><span class="nf">base</span><span class="p">().</span><span class="nx">info</span><span class="p">.</span><span class="nx">uri</span><span class="p">);</span> <span class="p">};</span> <span class="nf">start</span><span class="p">();</span> </code></pre> </div> <p>That's your entire producer.</p> <p>When a user signs up, we publish to <code>user.created</code>. The API doesn't know or care who's listening. It just announces what happened.</p> <h2> Plugging into Kaapi's lifecycle </h2> <p>You can use <code>KafkaMessaging</code> standalone (like we just did). But if you register it with your Kaapi app, you get lifecycle management for free:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">messaging</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">KafkaMessaging</span><span class="p">({</span> <span class="na">clientId</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user-api</span><span class="dl">'</span><span class="p">,</span> <span class="na">brokers</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">localhost:9092</span><span class="dl">'</span><span class="p">],</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user-api</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="na">port</span><span class="p">:</span> <span class="mi">3000</span><span class="p">,</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">localhost</span><span class="dl">'</span><span class="p">,</span> <span class="nx">messaging</span><span class="p">,</span> <span class="c1">// 👈 register it here</span> <span class="p">});</span> </code></pre> </div> <p>Now when you call <code>await app.stop()</code>, Kaapi automatically calls <code>await messaging.shutdown()</code>.</p> <p>No manual cleanup. No forgotten connections. The messaging service follows the app's lifecycle.</p> <p>You also get shortcuts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// These are equivalent:</span> <span class="k">await</span> <span class="nx">messaging</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span><span class="dl">'</span><span class="s1">user.created</span><span class="dl">'</span><span class="p">,</span> <span class="nx">user</span><span class="p">);</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span><span class="dl">'</span><span class="s1">user.created</span><span class="dl">'</span><span class="p">,</span> <span class="nx">user</span><span class="p">);</span> <span class="k">await</span> <span class="nx">messaging</span><span class="p">.</span><span class="nf">subscribe</span><span class="p">(</span><span class="dl">'</span><span class="s1">user.created</span><span class="dl">'</span><span class="p">,</span> <span class="nx">handler</span><span class="p">);</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">subscribe</span><span class="p">(</span><span class="dl">'</span><span class="s1">user.created</span><span class="dl">'</span><span class="p">,</span> <span class="nx">handler</span><span class="p">);</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// signup route</span> <span class="nx">app</span><span class="p">.</span><span class="nf">route</span><span class="p">({</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/signup</span><span class="dl">'</span><span class="p">,</span> <span class="na">handler</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="p">{</span> <span class="c1">//... </span> <span class="p">};</span> <span class="c1">// shortcut to publish messages</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span><span class="dl">'</span><span class="s1">user.created</span><span class="dl">'</span><span class="p">,</span> <span class="nx">user</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span> <span class="p">};</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <p>Use whichever feels right. The behavior is identical.</p> <h2> The Notification Service </h2> <p>Now let's build the service that reacts to those events.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">KafkaMessaging</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kafka-messaging</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">messaging</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">KafkaMessaging</span><span class="p">({</span> <span class="na">clientId</span><span class="p">:</span> <span class="dl">'</span><span class="s1">notification-service</span><span class="dl">'</span><span class="p">,</span> <span class="na">brokers</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">localhost:9092</span><span class="dl">'</span><span class="p">],</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">notification-service</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="kr">interface</span> <span class="nx">UserCreatedEvent</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">createdAt</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">start</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">messaging</span><span class="p">.</span><span class="nx">subscribe</span><span class="o">&lt;</span><span class="nx">UserCreatedEvent</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">user.created</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="nx">ctx</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`📧 Sending welcome email to </span><span class="p">${</span><span class="nx">user</span><span class="p">.</span><span class="nx">email</span><span class="p">}</span><span class="s2">...`</span><span class="p">);</span> <span class="c1">// await emailService.sendWelcome(user.email, user.name);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`✅ Email sent (offset: </span><span class="p">${</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">offset</span><span class="p">}</span><span class="s2">)`</span><span class="p">);</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">👂 Notification service listening...</span><span class="dl">'</span><span class="p">);</span> <span class="p">};</span> <span class="nf">start</span><span class="p">();</span> </code></pre> </div> <p>Run both services. Hit <code>/signup</code>. Watch the notification service pick up the event.</p> <p>No polling. No webhooks. No coupling.</p> <h2> What's happening under the hood </h2> <p>When you call <code>subscribe()</code>, Kaapi:</p> <ol> <li>Creates a consumer with an auto-generated group ID (<code>notification-service.user.created</code>)</li> <li>Connects to Kafka</li> <li>Starts consuming messages</li> <li>Parses JSON automatically</li> <li>Passes typed messages to your handler</li> </ol> <p>When you call <code>publish()</code>, Kaapi:</p> <ol> <li>Gets (or creates) a shared producer</li> <li>Serializes your message to JSON</li> <li>Adds metadata headers (service name, address)</li> <li>Sends it to the topic</li> </ol> <p>You don't manage connections. You don't serialize anything. You just publish and subscribe.</p> <h2> When things go wrong </h2> <p>What happens if your email service is down?</p> <p>By default, Kaapi logs the error and moves on. But sometimes you want more control.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">messaging</span><span class="p">.</span><span class="nx">subscribe</span><span class="o">&lt;</span><span class="nx">UserCreatedEvent</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">user.created</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="nx">ctx</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">emailService</span><span class="p">.</span><span class="nf">sendWelcome</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">name</span><span class="p">);</span> <span class="p">},</span> <span class="p">{</span> <span class="na">onError</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="nx">error</span><span class="p">,</span> <span class="nx">message</span><span class="p">,</span> <span class="nx">ctx</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="s2">`❌ Failed to process message at offset </span><span class="p">${</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">offset</span><span class="p">}</span><span class="s2">:`</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="c1">// Send to dead-letter queue, alert ops, etc.</span> <span class="k">await</span> <span class="nx">alerting</span><span class="p">.</span><span class="nf">notify</span><span class="p">(</span><span class="dl">'</span><span class="s1">notification-service</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="p">},</span> <span class="p">}</span> <span class="p">);</span> </code></pre> </div> <p>The <code>onError</code> callback gives you the error, the original message, and the context. <br> Do whatever you need, retry, log, alert, forward to a dead-letter topic.</p> <h2> Consumer groups: who gets what </h2> <p>By default, Kaapi generates a group ID based on your service name and the topic:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>notification-service.user.created </code></pre> </div> <p>This means if you spin up 3 instances of the notification service, Kafka will distribute messages across them. Each message is processed by <em>one</em> instance, not all of them.</p> <p>Need a custom group ID? Easy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">messaging</span><span class="p">.</span><span class="nf">subscribe</span><span class="p">(</span><span class="dl">'</span><span class="s1">user.created</span><span class="dl">'</span><span class="p">,</span> <span class="nx">handler</span><span class="p">,</span> <span class="p">{</span> <span class="na">groupId</span><span class="p">:</span> <span class="dl">'</span><span class="s1">custom-notification-group</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>Or just customize the prefix:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">messaging</span><span class="p">.</span><span class="nf">subscribe</span><span class="p">(</span><span class="dl">'</span><span class="s1">user.created</span><span class="dl">'</span><span class="p">,</span> <span class="nx">handler</span><span class="p">,</span> <span class="p">{</span> <span class="na">groupIdPrefix</span><span class="p">:</span> <span class="dl">'</span><span class="s1">emails</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// → emails.user.created</span> <span class="p">});</span> </code></pre> </div> <h2> Shutting down gracefully </h2> <p>When your service stops, you want to disconnect cleanly.</p> <p>If you registered messaging with your Kaapi app, this happens automatically when you call <code>app.stop()</code>.</p> <p>For standalone usage, handle it yourself:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">process</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">SIGTERM</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">messaging</span><span class="p">.</span><span class="nf">shutdown</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Disconnected </span><span class="p">${</span><span class="nx">result</span><span class="p">.</span><span class="nx">successConsumers</span><span class="p">}</span><span class="s2"> consumers, </span><span class="p">${</span><span class="nx">result</span><span class="p">.</span><span class="nx">successProducers</span><span class="p">}</span><span class="s2"> producers`</span><span class="p">);</span> <span class="nx">process</span><span class="p">.</span><span class="nf">exit</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Kaapi tracks all producers, consumers, and admin clients you've created. <code>shutdown()</code> disconnects them all and tells you what happened.</p> <h2> What we didn't cover (on purpose) </h2> <p>This article focused on the essentials:</p> <ul> <li> <code>publish()</code>: send a message</li> <li> <code>subscribe()</code>: receive messages</li> <li> <code>onError</code>: handle failures</li> <li> <code>shutdown()</code>: clean disconnect</li> </ul> <p>But <code>@kaapi/kafka-messaging</code> can do more:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>What it does</th> </tr> </thead> <tbody> <tr> <td><code>publishBatch()</code></td> <td>Send multiple messages in one call</td> </tr> <tr> <td><code>createTopic()</code></td> <td>Programmatically create topics</td> </tr> <tr> <td><code>fetchTopicOffsets()</code></td> <td>Check partition offsets</td> </tr> <tr> <td> <code>createProducer()</code> / <code>createConsumer()</code> </td> <td>Manual control when you need it</td> </tr> </tbody> </table></div> <p>See the README: <a href="https://www.npmjs.com/package/@kaapi/kafka-messaging" rel="noopener noreferrer">https://www.npmjs.com/package/@kaapi/kafka-messaging</a></p> <h2> Wrapping up </h2> <p>You started with a monolith. You ended with two decoupled services talking over Kafka.</p> <p>No boilerplate. No manual serialization. No connection juggling.</p> <p>Just <code>publish()</code> and <code>subscribe()</code>.</p> <p>That's what messaging should feel like.</p> <h2> Source Code </h2> <p>Want to run the full example?</p> <p>👉 <strong><a href="https://github.com/shygyver/kaapi-monorepo-playground" rel="noopener noreferrer">github.com/shygyver/kaapi-monorepo-playground</a></strong><br> The example lives under <strong>user-api</strong> and <strong>notification-app</strong>.<br> You can run the applications and the kafka broker in docker:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker compose up <span class="nt">--build</span> <span class="nt">-d</span> user-api notification-app kafka </code></pre> </div> <p>More Kaapi articles are coming! It has plenty more tricks up its sleeve.</p> <p>📦 <strong>Get started now</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @kaapi/kafka-messaging kafkajs </code></pre> </div> <p>🔗 <strong>Learn more:</strong> <a href="https://github.com/demingongo/kaapi/wiki/KafkaMessaging" rel="noopener noreferrer">https://github.com/demingongo/kaapi/wiki/KafkaMessaging</a></p> typescript node backend kafka Building Modern Backends with Kaapi: Request validation Part 2 ShyGyver Sun, 11 Jan 2026 19:33:29 +0000 https://forem.com/shygyver/building-modern-backends-with-kaapi-request-validation-part-2-2ha5 https://forem.com/shygyver/building-modern-backends-with-kaapi-request-validation-part-2-2ha5 <blockquote> <p>Kaapi: A flexible, extensible backend framework for modern APIs with messaging, documentation, and type safety built right in.<br><br> This series is written for backend developers who love TypeScript and can appreciate Hapi’s design philosophy.</p> </blockquote> <h2> Validation… again? </h2> <p>Maybe you followed along with the <a href="https://dev.to/shygyver/building-modern-backends-with-kaapi-request-validation-4dal">previous article on request validation</a> using Joi, ArkType, Valibot, or Zod.</p> <p>You’ve got a shiny Kaapi app, routes are clean, validation is solid. Everything felt neat and reassuring.</p> <p>You probably started with something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">z</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zod</span><span class="dl">'</span><span class="p">;</span> <span class="nx">app</span> <span class="p">.</span><span class="nf">base</span><span class="p">()</span> <span class="p">.</span><span class="nf">zod</span><span class="p">({</span> <span class="na">params</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">3</span><span class="p">).</span><span class="nf">max</span><span class="p">(</span><span class="mi">10</span><span class="p">)</span> <span class="p">})</span> <span class="p">})</span> <span class="p">.</span><span class="nf">route</span><span class="p">({</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/hello/{name}</span><span class="dl">'</span><span class="p">,</span> <span class="na">handler</span><span class="p">:</span> <span class="nf">function </span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">h</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`Hello </span><span class="p">${</span><span class="nx">request</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="s2">!`</span><span class="p">;</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>And honestly?<br> That works perfectly fine.</p> <p>Until the day your app stops being <em>small</em>.</p> <p>At some point, routes start multiplying. You stop defining them inline. They live in their own files, grouped by feature. And suddenly, that nice little chain you had doesn’t quite fit anymore.</p> <p>So the question becomes:</p> <blockquote> <p><strong>How do you keep validation close to your routes… when routes are no longer close to your app?</strong></p> </blockquote> <p>That’s what we’re solving here.</p> <h2> The new setup (you’ve probably done this already) </h2> <p>You want two things:</p> <ul> <li>routes defined independently</li> <li>a single place where they’re registered with <code>app.route(...)</code> </li> </ul> <p>And you still want:</p> <ul> <li>validation</li> <li>type safety</li> <li>freedom to choose your favorite validator</li> </ul> <p>Let’s walk through it, one validator at a time.</p> <h2> Joi: the familiar path </h2> <p>If you’re using <strong>Joi</strong>, nothing changes. That’s intentional.</p> <p>Install it:</p> <ul> <li><code>joi</code></li> </ul> <p>Then define a route the same way you would with Hapi:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Kaapi</span><span class="p">,</span> <span class="nx">KaapiServerRoute</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">Joi</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">joi</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="cm">/* ... */</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">route</span><span class="p">:</span> <span class="nx">KaapiServerRoute</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">Params</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span> <span class="p">}</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/hello/{name}</span><span class="dl">'</span><span class="p">,</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="na">validate</span><span class="p">:</span> <span class="p">{</span> <span class="na">params</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">3</span><span class="p">).</span><span class="nf">max</span><span class="p">(</span><span class="mi">10</span><span class="p">).</span><span class="nf">required</span><span class="p">()</span> <span class="p">}),</span> <span class="p">},</span> <span class="p">},</span> <span class="na">handler</span><span class="p">:</span> <span class="nf">function </span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">h</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`Hello </span><span class="p">${</span><span class="nx">request</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="s2">!`</span><span class="p">;</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>No magic. No surprises.<br> If you’ve used Hapi before, this should feel like coming home.</p> <h2> Zod: validation that talks to TypeScript </h2> <p>Now let’s say you want <strong>strong type inference</strong>, without juggling generics.</p> <p>Install:</p> <ul> <li><code>zod</code></li> <li><code>@kaapi/validator-zod</code></li> </ul> <p>First, extend Kaapi:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Kaapi</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">validatorZod</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/validator-zod</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="cm">/* ... */</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">start</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">extend</span><span class="p">(</span><span class="nx">validatorZod</span><span class="p">);</span> <span class="p">};</span> <span class="nf">start</span><span class="p">();</span> </code></pre> </div> <p>Now define your route:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">withSchema</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/validator-zod</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">z</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zod</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">route</span> <span class="o">=</span> <span class="nf">withSchema</span><span class="p">({</span> <span class="na">params</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">3</span><span class="p">).</span><span class="nf">max</span><span class="p">(</span><span class="mi">10</span><span class="p">)</span> <span class="p">})</span> <span class="p">}).</span><span class="nf">route</span><span class="p">({</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/hello/{name}</span><span class="dl">'</span><span class="p">,</span> <span class="na">handler</span><span class="p">:</span> <span class="nf">function </span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">h</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`Hello </span><span class="p">${</span><span class="nx">request</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="s2">!`</span><span class="p">;</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>No generics.<br> Your types come straight from the schema.</p> <p>You write validation once and TypeScript follows along.</p> <h2> Valibot: same idea, different flavor </h2> <p>Valibot plays in the same league as Zod, with a slightly different syntax.</p> <p>Install:</p> <ul> <li><code>valibot</code></li> <li><code>@kaapi/validator-valibot</code></li> </ul> <p>Extend Kaapi:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Kaapi</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">validatorValibot</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/validator-valibot</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="cm">/* ... */</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">start</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">extend</span><span class="p">(</span><span class="nx">validatorValibot</span><span class="p">);</span> <span class="p">};</span> <span class="nf">start</span><span class="p">();</span> </code></pre> </div> <p>Then define the route:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">withSchema</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/validator-valibot</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">v</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">valibot</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">route</span> <span class="o">=</span> <span class="nf">withSchema</span><span class="p">({</span> <span class="na">params</span><span class="p">:</span> <span class="nx">v</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="nx">v</span><span class="p">.</span><span class="nf">pipe</span><span class="p">(</span><span class="nx">v</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">minLength</span><span class="p">(</span><span class="mi">3</span><span class="p">),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">maxLength</span><span class="p">(</span><span class="mi">10</span><span class="p">))</span> <span class="p">})</span> <span class="p">}).</span><span class="nf">route</span><span class="p">({</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/hello/{name}</span><span class="dl">'</span><span class="p">,</span> <span class="na">handler</span><span class="p">:</span> <span class="nf">function </span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">h</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`Hello </span><span class="p">${</span><span class="nx">request</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="s2">!`</span><span class="p">;</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <h2> ArkType: schemas you can <em>read</em> </h2> <p>Install:</p> <ul> <li><code>arktype</code></li> <li><code>@kaapi/validator-arktype</code></li> </ul> <p>Extend Kaapi:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Kaapi</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">validatorArk</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/validator-arktype</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="cm">/* ... */</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">start</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">extend</span><span class="p">(</span><span class="nx">validatorArk</span><span class="p">);</span> <span class="p">};</span> <span class="nf">start</span><span class="p">();</span> </code></pre> </div> <p>Now the route:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">withSchema</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/validator-arktype</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="kd">type</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">arktype</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">route</span> <span class="o">=</span> <span class="nf">withSchema</span><span class="p">({</span> <span class="na">params</span><span class="p">:</span> <span class="nf">type</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">3 &lt;= string &lt;= 10</span><span class="dl">'</span> <span class="p">})</span> <span class="p">}).</span><span class="nf">route</span><span class="p">({</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/hello/{name}</span><span class="dl">'</span><span class="p">,</span> <span class="na">handler</span><span class="p">:</span> <span class="nf">function </span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">h</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`Hello </span><span class="p">${</span><span class="nx">request</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="s2">!`</span><span class="p">;</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <h2> What actually matters here </h2> <p>Regardless of the validator:</p> <ul> <li>Routes are defined independently</li> <li>Each route picks the validator it wants</li> <li>Registration stays dead simple: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">route</span><span class="p">(</span><span class="nx">route</span><span class="p">);</span> </code></pre> </div> <p>Joi works out of the box.<br> Zod, Valibot, and ArkType plug in via <code>withSchema</code>.</p> <p>Same app. Same API. Different tools.</p> <h2> So… which validator should <em>you</em> use? </h2> <p>Quick recap:</p> <ul> <li> <strong>Minimal code?</strong> → Joi or ArkType</li> <li> <strong>Strong type inference without generics?</strong> → Zod or Valibot</li> <li> <strong>Human-readable schemas?</strong> → ArkType</li> <li> <strong>Great auto-docs?</strong> → Zod, Valibot, or Joi</li> </ul> <p>Kaapi doesn’t force a choice.</p> <p><strong>It gives you the whole toolbox. Pick the screwdriver you like using.</strong></p> <h2> Source code </h2> <p>Want the full example?</p> <p>👉 <strong><a href="https://github.com/shygyver/kaapi-monorepo-playground" rel="noopener noreferrer">github.com/shygyver/kaapi-monorepo-playground</a></strong><br> The example lives under <strong><code>validation-app</code></strong>.<br> Check the README for run instructions.</p> <p>More Kaapi articles are coming.<br> This one was just about keeping validation where it belongs.</p> <p>📦 <strong>Get started now</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @kaapi/kaapi </code></pre> </div> <p>🔗 <strong>Learn more:</strong> <a href="https://github.com/demingongo/kaapi/wiki" rel="noopener noreferrer">https://github.com/demingongo/kaapi/wiki</a></p> typescript node opensource showdev Building Modern Backends with Kaapi: Authorization ShyGyver Thu, 01 Jan 2026 15:40:52 +0000 https://forem.com/shygyver/building-modern-backends-with-kaapi-authorization-1cg0 https://forem.com/shygyver/building-modern-backends-with-kaapi-authorization-1cg0 <blockquote> <p>Kaapi: A flexible, extensible backend framework for modern APIs with messaging, documentation, and type safety built right in.<br><br> This series is written for backend developers who love TypeScript and can appreciate Hapi’s design philosophy.</p> </blockquote> <h2> Authorization? </h2> <p>I hesitated for a long time before writing this article.</p> <p>Not because authentication and authorization are boring, quite the opposite. The problem is that they’re <em>big</em>. There are too many angles, too many trade-offs, and too many <em>"it depends"</em> moments to squeeze everything into a single post without turning it into a textbook.</p> <p>At some point I stopped overthinking it and decided to do what backend engineers do best: split the problem into smaller pieces.</p> <p>This series will grow over time. Eventually, we’ll get into Kaapi’s <strong>AuthDesign plugins</strong>, build a real authentication provider, and walk through OAuth2 and OIDC flows. But today, we’ll start simple and focus on the basics and wire up authentication and authorization using good old <strong>cookies</strong>.</p> <p>No magic. No black boxes. Just Kaapi, Hapi, and a clear flow you can reason about.</p> <h2> Auth Designs: Kaapi’s way of thinking about auth </h2> <p>In Kaapi, authorization is organized around a concept called an <strong>Auth Design</strong>.</p> <p>Think of an Auth Design as a reusable, self-contained authorization module that sits on top of Hapi’s auth system. It doesn’t just validate credentials, it defines <em>how</em> authentication works across your app.</p> <p>An Auth Design can:</p> <ul> <li>Register its own <strong><a href="https://hapi.dev/tutorials/auth/" rel="noopener noreferrer">Hapi auth scheme and strategy</a></strong> </li> <li>Plug seamlessly into Kaapi routes</li> <li>Automatically describe itself in <strong><a href="https://dev.to/shygyver/building-modern-backends-with-kaapi-api-documentation-generation-57f2">OpenAPI documentation</a></strong> </li> </ul> <p>Kaapi ships with several built-in designs (Bearer, Basic, API Key), but the real power comes from being able to extend or replace them.</p> <p>Enough theory though, let’s start by wiring things up using the built-ins and see how it feels in practice.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8kdsuyrrnkfzgy82wmhj.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8kdsuyrrnkfzgy82wmhj.jpg" alt=" " width="200" height="200"></a></p> <h2> Bearer tokens: the “hello world” of APIs </h2> <p>Bearer authentication is usually the first stop. It works well for JWTs, API tokens, and anything that fits neatly into an <code>Authorization</code> header.</p> <p>Here’s what it looks like in Kaapi.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Kaapi</span><span class="p">,</span> <span class="nx">BearerAuthDesign</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">bearerAuth</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">BearerAuthDesign</span><span class="p">({</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="k">async</span> <span class="nf">validate</span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">token</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">secret</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">isValid</span><span class="p">:</span> <span class="kc">false</span> <span class="p">};</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">isValid</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="p">{</span> <span class="na">user</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span> <span class="p">}</span> <span class="p">},</span> <span class="p">};</span> <span class="p">},</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="na">port</span><span class="p">:</span> <span class="mi">3000</span><span class="p">,</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">localhost</span><span class="dl">'</span><span class="p">,</span> <span class="na">extend</span><span class="p">:</span> <span class="p">[</span><span class="nx">bearerAuth</span><span class="p">],</span> <span class="na">routes</span><span class="p">:</span> <span class="p">{</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">strategy</span><span class="p">:</span> <span class="nx">bearerAuth</span><span class="p">.</span><span class="nf">getStrategyName</span><span class="p">(),</span> <span class="na">mode</span><span class="p">:</span> <span class="dl">'</span><span class="s1">try</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">route</span><span class="p">(</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/profile</span><span class="dl">'</span><span class="p">,</span> <span class="na">auth</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// shorthand for "mode: required"</span> <span class="p">},</span> <span class="p">({</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">credentials</span><span class="p">:</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="p">}</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="s2">`Hello </span><span class="p">${</span><span class="nx">user</span><span class="p">?.</span><span class="nx">name</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">Guest</span><span class="dl">'</span><span class="p">}</span><span class="s2">!`</span> <span class="p">);</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">();</span> </code></pre> </div> <p>Once this is running, you can hit <code>/profile</code> with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Authorization: Bearer secret </code></pre> </div> <p>If the token matches, you’re authenticated. If not, Kaapi quietly falls back to “guest mode”. Simple, explicit, predictable.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foxkl22jeivg6xm0q40vj.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foxkl22jeivg6xm0q40vj.jpg" alt=" " width="200" height="200"></a></p> <h2> Basic auth: boring, but sometimes perfect </h2> <p>Basic authentication isn’t glamorous, but it’s still incredibly useful especially for internal tools, admin panels, or quick prototypes.</p> <p>Kaapi includes a <code>BasicAuthDesign</code> out of the box, and setting it up feels almost suspiciously straightforward.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Kaapi</span><span class="p">,</span> <span class="nx">BasicAuthDesign</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">basicAuth</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">BasicAuthDesign</span><span class="p">({</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="k">async</span> <span class="nf">validate</span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">username</span><span class="p">,</span> <span class="nx">password</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">username</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="nx">password</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">password</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">isValid</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="p">{</span> <span class="na">user</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="nx">username</span> <span class="p">}</span> <span class="p">}</span> <span class="p">};</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">isValid</span><span class="p">:</span> <span class="kc">false</span> <span class="p">};</span> <span class="p">},</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="na">port</span><span class="p">:</span> <span class="mi">3000</span><span class="p">,</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">localhost</span><span class="dl">'</span><span class="p">,</span> <span class="na">extend</span><span class="p">:</span> <span class="p">[</span><span class="nx">basicAuth</span><span class="p">],</span> <span class="na">routes</span><span class="p">:</span> <span class="p">{</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">strategy</span><span class="p">:</span> <span class="nx">basicAuth</span><span class="p">.</span><span class="nf">getStrategyName</span><span class="p">(),</span> <span class="na">mode</span><span class="p">:</span> <span class="dl">'</span><span class="s1">try</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">route</span><span class="p">(</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/profile</span><span class="dl">'</span><span class="p">,</span> <span class="na">auth</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="p">({</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">credentials</span><span class="p">:</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="p">}</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="s2">`Hello </span><span class="p">${</span><span class="nx">user</span><span class="p">?.</span><span class="nx">name</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">Guest</span><span class="dl">'</span><span class="p">}</span><span class="s2">!`</span> <span class="p">);</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">();</span> </code></pre> </div> <p>Send a standard HTTP Basic header at <code>/profile</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Authorization: Basic YWRtaW46cGFzc3dvcmQ= </code></pre> </div> <p>No ceremony. No extra wiring. It does exactly what you’d expect.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuhb0culubkxr68tfkz8y.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuhb0culubkxr68tfkz8y.jpg" alt=" " width="200" height="200"></a></p> <h2> API keys: headers, queries, cookies </h2> <p>Sometimes you don’t want usernames and passwords. Sometimes you just want a token passed via a header, a query parameter, or a cookie.</p> <p>That’s where <code>APIKeyAuthDesign</code> comes in.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Kaapi</span><span class="p">,</span> <span class="nx">APIKeyAuthDesign</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">apiKeyAuth</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">APIKeyAuthDesign</span><span class="p">({</span> <span class="na">key</span><span class="p">:</span> <span class="dl">'</span><span class="s1">authorization</span><span class="dl">'</span><span class="p">,</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="k">async</span> <span class="nf">validate</span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">token</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">secret</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">isValid</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="p">{</span> <span class="na">user</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span> <span class="p">}</span> <span class="p">},</span> <span class="p">};</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">isValid</span><span class="p">:</span> <span class="kc">false</span> <span class="p">};</span> <span class="p">},</span> <span class="na">headerTokenType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Session</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">})</span> <span class="p">.</span><span class="nf">inHeader</span><span class="p">()</span> <span class="c1">// default</span> <span class="p">.</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">'</span><span class="s1">Session token type</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="na">port</span><span class="p">:</span> <span class="mi">3000</span><span class="p">,</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">localhost</span><span class="dl">'</span><span class="p">,</span> <span class="na">extend</span><span class="p">:</span> <span class="p">[</span><span class="nx">apiKeyAuth</span><span class="p">],</span> <span class="na">routes</span><span class="p">:</span> <span class="p">{</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">strategy</span><span class="p">:</span> <span class="nx">apiKeyAuth</span><span class="p">.</span><span class="nf">getStrategyName</span><span class="p">(),</span> <span class="na">mode</span><span class="p">:</span> <span class="dl">'</span><span class="s1">try</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">route</span><span class="p">(</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/profile</span><span class="dl">'</span><span class="p">,</span> <span class="na">auth</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="p">({</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">credentials</span><span class="p">:</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="p">}</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="s2">`Hello </span><span class="p">${</span><span class="nx">user</span><span class="p">?.</span><span class="nx">name</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">Guest</span><span class="dl">'</span><span class="p">}</span><span class="s2">!`</span> <span class="p">);</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">();</span> </code></pre> </div> <p>By default, it reads from headers, but you can just as easily switch to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">apiKeyAuth</span><span class="p">.</span><span class="nf">inQuery</span><span class="p">();</span> <span class="nx">apiKeyAuth</span><span class="p">.</span><span class="nf">inCookie</span><span class="p">();</span> </code></pre> </div> <p>The important detail here is that Kaapi normalizes everything for you. Your <code>validate</code> function receives the token <em>without</em> the prefix, regardless of where it came from.</p> <p>At this point, we’ve covered the built-ins. Useful, flexible but still generic.</p> <p>Now let’s do something more interesting.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu8i1hmqnjm9tqzwcprak.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu8i1hmqnjm9tqzwcprak.jpg" alt=" " width="200" height="200"></a></p> <h2> Rolling our own: a cookie-based session Auth Design </h2> <p>What we want now is a <strong>complete flow</strong>:</p> <ul> <li>A login page</li> <li>Session-based authentication</li> <li>Authorization via cookies</li> <li>A logout endpoint</li> </ul> <p>And we want all of that encapsulated inside a single Auth Design.</p> <p>To keep things simple, we’ll use:</p> <ul> <li> <code>@hapi/yar</code> for session cookies</li> <li>A tiny in-memory user “database”</li> <li>Plain HTML strings instead of a template engine</li> </ul> <p>This isn’t about production hardening, it’s about understanding the architecture.</p> <h3> A tiny fake database </h3> <p>We’ll start with a mocked list of users.</p> <p>Yes, the password is stored in clear text. No, that’s not the point here. Please forgive me.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kr">interface</span> <span class="nx">User</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">username</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">password</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">REGISTERED_USERS</span><span class="p">:</span> <span class="nx">User</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user-1</span><span class="dl">'</span><span class="p">,</span> <span class="na">username</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user</span><span class="dl">'</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">'</span><span class="s1">crossterm</span><span class="dl">'</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user@email.com</span><span class="dl">'</span> <span class="p">},</span> <span class="p">];</span> </code></pre> </div> <h3> Wiring up session cookies with <code>yar</code> </h3> <p>Because we’re relying on cookies, we need to register <code>yar</code> as a Kaapi plugin. This gives us encrypted, HTTP-only session storage with almost no effort.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">yar</span><span class="p">,</span> <span class="p">{</span> <span class="nx">YarOptions</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@hapi/yar</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">KaapiPlugin</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">COOKIE_NAME</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">sid-auth-app</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">yarOptions</span><span class="p">:</span> <span class="nx">YarOptions</span> <span class="o">=</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="nx">COOKIE_NAME</span><span class="p">,</span> <span class="na">maxCookieSize</span><span class="p">:</span> <span class="mi">1024</span><span class="p">,</span> <span class="na">storeBlank</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">cookieOptions</span><span class="p">:</span> <span class="p">{</span> <span class="na">password</span><span class="p">:</span> <span class="dl">'</span><span class="s1">the-password-must-be-at-least-32-characters-long</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="na">isSameSite</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Strict</span><span class="dl">'</span><span class="p">,</span> <span class="na">isSecure</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">production</span><span class="dl">'</span><span class="p">,</span> <span class="na">isHttpOnly</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">clearInvalid</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">ignoreErrors</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">ttl</span><span class="p">:</span> <span class="mf">4.32e7</span><span class="p">,</span> <span class="c1">// 12 hours</span> <span class="p">},</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">yarPlugin</span><span class="p">:</span> <span class="nx">KaapiPlugin</span> <span class="o">=</span> <span class="p">{</span> <span class="k">async</span> <span class="nf">integrate</span><span class="p">(</span><span class="nx">t</span><span class="p">)</span> <span class="p">{</span> <span class="nx">t</span><span class="p">.</span><span class="nx">server</span><span class="p">.</span><span class="nf">register</span><span class="p">({</span> <span class="na">plugin</span><span class="p">:</span> <span class="nx">yar</span><span class="p">,</span> <span class="na">options</span><span class="p">:</span> <span class="nx">yarOptions</span><span class="p">,</span> <span class="p">});</span> <span class="p">},</span> <span class="p">};</span> </code></pre> </div> <p>Once this plugin is registered, <code>req.yar</code> becomes available everywhere including inside our Auth Design.</p> <h3> HTML without a template engine (on purpose) </h3> <p>To keep the example focused, we’ll generate HTML directly from strings:</p> <ul> <li>One page for the login form</li> <li>One page for a successful login</li> </ul> <p>This keeps the moving parts to a minimum and makes the flow easy to follow.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">generateFormHtml</span><span class="p">(</span><span class="nx">errorMessage</span><span class="p">?:</span> <span class="kr">string</span><span class="p">):</span> <span class="kr">string</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">` &lt;!DOCTYPE html&gt; &lt;html lang="en"&gt; &lt;head&gt; &lt;meta charset="UTF-8" /&gt; &lt;meta name="viewport" content="width=device-width, initial-scale=1.0"/&gt; &lt;title&gt;Sign in&lt;/title&gt; &lt;style&gt; :root { --bg: #0f172a; --card: #111827; --accent: #6366f1; --text: #e5e7eb; --muted: #9ca3af; --ring: rgba(99,102,241,.35); } * { box-sizing: border-box; } body { margin: 0; min-height: 100vh; display: grid; place-items: center; background: radial-gradient(1200px 600px at 20% 0%, #1f2937, var(--bg)); font-family: system-ui, -apple-system, Segoe UI, Roboto, "Helvetica Neue", Arial, sans-serif; color: var(--text); } .card { width: 92%; max-width: 380px; padding: 26px 24px; border-radius: 16px; background: linear-gradient(180deg, rgba(255,255,255,.04), rgba(255,255,255,.02)); border: 1px solid rgba(255,255,255,.08); box-shadow: 0 20px 50px rgba(0,0,0,.35); backdrop-filter: blur(8px); } .error { background: rgba(239,68,68,.15); color: #f87171; border: 1px solid rgba(239,68,68,.4); padding: 10px 14px; border-radius: 10px; font-size: .9rem; margin-bottom: 14px; } .title { font-size: 1.25rem; font-weight: 600; letter-spacing: .2px; margin: 0 0 8px; } .subtitle { color: var(--muted); font-size: .95rem; margin: 0 0 18px; } label { display: block; font-size: .85rem; color: var(--muted); margin: 12px 0 8px; } .field { display: flex; align-items: center; gap: 8px; background: #0b1220; border: 1px solid rgba(255,255,255,.08); padding: 12px 14px; border-radius: 12px; transition: border-color .2s, box-shadow .2s, transform .05s; } .field:focus-within { border-color: var(--accent); box-shadow: 0 0 0 4px var(--ring); } .field input { all: unset; flex: 1; color: var(--text); caret-color: var(--accent); } .icon { width: 18px; height: 18px; opacity: .7; filter: drop-shadow(0 1px 0 rgba(0,0,0,.35)); } .actions { margin-top: 18px; display: flex; align-items: center; justify-content: space-between; } .btn { appearance: none; border: none; cursor: pointer; background: linear-gradient(135deg, #7c3aed, var(--accent)); color: white; padding: 12px 16px; border-radius: 12px; font-weight: 600; box-shadow: 0 10px 20px rgba(99,102,241,.35); transition: transform .05s, filter .2s; } .btn:hover { filter: brightness(1.05); } .btn:active { transform: translateY(1px); } .meta { font-size: .85rem; color: var(--muted); } .link { color: var(--text); text-decoration: none; border-bottom: 1px dashed rgba(255,255,255,.2); } .link:hover { color: var(--accent); border-bottom-color: var(--accent); } &lt;/style&gt; &lt;/head&gt; &lt;body&gt; &lt;form class="card" action="/login" method="post"&gt; &lt;h1 class="title"&gt;Welcome back&lt;/h1&gt; &lt;p class="subtitle"&gt;Sign in to continue&lt;/p&gt; &lt;!-- Error message placeholder --&gt; </span><span class="p">${</span><span class="nx">errorMessage</span> <span class="p">?</span> <span class="s2">`&lt;p class="error" id="error-message"&gt; </span><span class="p">${</span><span class="nx">errorMessage</span><span class="p">}</span><span class="s2"> &lt;/p&gt;`</span> <span class="p">:</span> <span class="dl">''</span> <span class="p">}</span><span class="s2"> &lt;label for="username"&gt;Username&lt;/label&gt; &lt;div class="field"&gt; &lt;svg class="icon" viewBox="0 0 24 24" fill="currentColor" aria-hidden="true"&gt; &lt;path d="M12 12a5 5 0 1 0-5-5 5 5 0 0 0 5 5Zm0 2c-4.42 0-8 2.18-8 4.87V21h16v-2.13C20 16.18 16.42 14 12 14Z"/&gt; &lt;/svg&gt; &lt;input id="username" name="username" type="text" placeholder="yourname" required autocomplete="username"/&gt; &lt;/div&gt; &lt;label for="password"&gt;Password&lt;/label&gt; &lt;div class="field"&gt; &lt;svg class="icon" viewBox="0 0 24 24" fill="currentColor" aria-hidden="true"&gt; &lt;path d="M17 8V7a5 5 0 0 0-10 0v1H5v12h14V8Zm-8 0V7a3 3 0 0 1 6 0v1Z"/&gt; &lt;/svg&gt; &lt;input id="password" name="password" type="password" placeholder="••••••••" required autocomplete="current-password"/&gt; &lt;/div&gt; &lt;div class="actions"&gt; &lt;button class="btn" type="submit"&gt;Sign in&lt;/button&gt; &lt;span class="meta"&gt;&lt;a class="link" href="#"&gt;Forgot password?&lt;/a&gt;&lt;/span&gt; &lt;/div&gt; &lt;/form&gt; &lt;/body&gt; &lt;/html&gt; `</span><span class="p">;</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">generateSuccessHtml</span><span class="p">():</span> <span class="kr">string</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">` &lt;!DOCTYPE html&gt; &lt;html lang="en"&gt; &lt;head&gt; &lt;meta charset="UTF-8"/&gt; &lt;meta name="viewport" content="width=device-width, initial-scale=1.0"/&gt; &lt;title&gt;Login Successful&lt;/title&gt; &lt;style&gt; :root { --bg: #0f172a; --card: #111827; --accent: #22c55e; --danger: #ef4444; --text: #e5e7eb; --muted: #9ca3af; } * { box-sizing: border-box; } body { margin: 0; min-height: 100vh; display: grid; place-items: center; background: radial-gradient(1200px 600px at 20% 0%, #1f2937, var(--bg)); font-family: system-ui, -apple-system, Segoe UI, Roboto, "Helvetica Neue", Arial, sans-serif; color: var(--text); } .card { width: 92%; max-width: 420px; padding: 32px 28px; border-radius: 18px; background: linear-gradient(180deg, rgba(255,255,255,.04), rgba(255,255,255,.02)); border: 1px solid rgba(255,255,255,.08); box-shadow: 0 20px 50px rgba(0,0,0,.35); backdrop-filter: blur(8px); text-align: center; } .icon { width: 64px; height: 64px; margin-bottom: 20px; color: var(--accent); filter: drop-shadow(0 4px 6px rgba(34,197,94,.35)); } h1 { font-size: 1.6rem; margin: 0 0 12px; } p { font-size: 1rem; color: var(--muted); margin: 0 0 24px; } .btn { appearance: none; border: none; cursor: pointer; padding: 14px 20px; border-radius: 12px; font-weight: 600; box-shadow: 0 10px 20px rgba(0,0,0,.25); transition: transform .05s, filter .2s; margin: 6px; } .btn:hover { filter: brightness(1.05); } .btn:active { transform: translateY(1px); } .btn-success { background: linear-gradient(135deg, #16a34a, var(--accent)); color: white; box-shadow: 0 10px 20px rgba(34,197,94,.35); } .btn-danger { background: linear-gradient(135deg, #dc2626, var(--danger)); color: white; box-shadow: 0 10px 20px rgba(239,68,68,.35); } &lt;/style&gt; &lt;/head&gt; &lt;body&gt; &lt;div class="card"&gt; &lt;!-- Success checkmark icon --&gt; &lt;svg class="icon" viewBox="0 0 24 24" fill="currentColor" aria-hidden="true"&gt; &lt;path d="M12 2a10 10 0 1 0 10 10A10 10 0 0 0 12 2Zm-1 15-5-5 1.41-1.41L11 14.17l6.59-6.59L19 9l-8 8Z"/&gt; &lt;/svg&gt; &lt;h1&gt;Login Successful 🎉&lt;/h1&gt; &lt;p&gt;Welcome back! You’ve successfully signed in.&lt;/p&gt; &lt;div&gt; &lt;button class="btn btn-success" onclick="window.location.href='/docs/api'"&gt;Go to Dashboard&lt;/button&gt; &lt;button class="btn btn-danger" onclick="window.location.href='/logout'"&gt;Log Out&lt;/button&gt; &lt;/div&gt; &lt;/div&gt; &lt;/body&gt; &lt;/html&gt; `</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> Building the Auth Design itself </h2> <p>Now for the interesting part.</p> <p>Instead of starting from scratch, we extend Kaapi’s <code>APIKeyAuthDesign</code>. Why? Because it already knows how to read credentials from cookies and we don’t need to reinvent that wheel.</p> <p>Our custom design will:</p> <ul> <li>Force authentication to happen <strong>only via cookies</strong> </li> <li>Disable OpenAPI documentation (this is an internal mechanism)</li> <li>Register <code>/login</code> and <code>/logout</code> routes as part of the design itself </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">yar</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@hapi/yar</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">APIKeyAuthArg</span><span class="p">,</span> <span class="nx">APIKeyAuthDesign</span><span class="p">,</span> <span class="nx">KaapiTools</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">CookieSessionAuthDesign</span> <span class="kd">extends</span> <span class="nc">APIKeyAuthDesign</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">settings</span><span class="p">:</span> <span class="nx">APIKeyAuthArg</span><span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">(</span><span class="nx">settings</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nf">inCookie</span><span class="p">();</span> <span class="p">}</span> <span class="cm">/** * @override * This override disables OpenAPI generation for this security scheme. */</span> <span class="nf">docs</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">undefined</span><span class="p">;</span> <span class="p">}</span> <span class="cm">/** * @override * This method has no effect for this subclass. */</span> <span class="nf">inHeader</span><span class="p">():</span> <span class="k">this</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">;</span> <span class="p">}</span> <span class="cm">/** * @override * This method has no effect for this subclass. */</span> <span class="nf">inQuery</span><span class="p">():</span> <span class="k">this</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">;</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">integrateHook</span><span class="p">(</span><span class="nx">t</span><span class="p">:</span> <span class="nx">KaapiTools</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="k">super</span><span class="p">.</span><span class="nf">integrateHook</span><span class="p">(</span><span class="nx">t</span><span class="p">);</span> <span class="nx">t</span><span class="p">.</span><span class="nf">route</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/logout</span><span class="dl">'</span><span class="p">,</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="na">cors</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">plugins</span><span class="p">:</span> <span class="p">{</span> <span class="na">kaapi</span><span class="p">:</span> <span class="p">{</span> <span class="na">docs</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="na">handler</span><span class="p">:</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">h</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">req</span><span class="p">.</span><span class="nx">yar</span><span class="p">.</span><span class="nf">reset</span><span class="p">();</span> <span class="k">return</span> <span class="nx">h</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">);</span> <span class="p">},</span> <span class="p">});</span> <span class="nx">t</span><span class="p">.</span><span class="nx">route</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">Payload</span><span class="p">:</span> <span class="p">{</span> <span class="nx">username</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">password</span><span class="p">?:</span> <span class="kr">string</span> <span class="p">};</span> <span class="nl">AuthUser</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="na">method</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">],</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">mode</span><span class="p">:</span> <span class="dl">'</span><span class="s1">try</span><span class="dl">'</span><span class="p">,</span> <span class="na">strategy</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">strategyName</span><span class="p">,</span> <span class="p">},</span> <span class="na">cors</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">plugins</span><span class="p">:</span> <span class="p">{</span> <span class="na">kaapi</span><span class="p">:</span> <span class="p">{</span> <span class="na">docs</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="na">handler</span><span class="p">:</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">h</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">errorMessage</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">statusCode</span> <span class="o">=</span> <span class="mi">200</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">credentials</span><span class="p">?.</span><span class="nx">user</span><span class="p">?.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">generateSuccessHtml</span><span class="p">();</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">method</span><span class="p">.</span><span class="nf">toUpperCase</span><span class="p">()</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">REGISTERED_USERS</span><span class="p">.</span><span class="nf">find</span><span class="p">((</span><span class="nx">u</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">u</span><span class="p">.</span><span class="nx">username</span> <span class="o">===</span> <span class="nx">req</span><span class="p">.</span><span class="nx">payload</span><span class="p">.</span><span class="nx">username</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span> <span class="o">&amp;&amp;</span> <span class="nx">user</span><span class="p">.</span><span class="nx">password</span> <span class="o">===</span> <span class="nx">req</span><span class="p">.</span><span class="nx">payload</span><span class="p">.</span><span class="nx">password</span><span class="p">)</span> <span class="p">{</span> <span class="nx">req</span><span class="p">.</span><span class="nx">yar</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">userId</span><span class="dl">'</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">return</span> <span class="nf">generateSuccessHtml</span><span class="p">();</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">statusCode</span> <span class="o">=</span> <span class="mi">401</span><span class="p">;</span> <span class="nx">errorMessage</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">Invalid username or password</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">h</span><span class="p">.</span><span class="nf">response</span><span class="p">(</span><span class="nf">generateFormHtml</span><span class="p">(</span><span class="nx">errorMessage</span><span class="p">)).</span><span class="nf">code</span><span class="p">(</span><span class="nx">statusCode</span><span class="p">);</span> <span class="p">},</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>A couple of things are worth calling out here:</p> <ul> <li>We override <code>docs()</code> to prevent this auth scheme from leaking into public API documentation</li> <li>We explicitly disable headers and query tokens ➜ cookies only</li> <li>Login and logout live <em>inside</em> the Auth Design, not scattered across the app</li> </ul> <p>This is the key idea: the <strong>entire authentication lifecycle</strong> is owned by the design.</p> <h2> Validating the session </h2> <p>Finally, we instantiate the design and define how session validation works.</p> <p>On every request:</p> <ul> <li>We read the session cookie via <code>yar</code> </li> <li>We look up the user</li> <li>If it exists, we authenticate and attach credentials </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">cookieSessionAuth</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">CookieSessionAuthDesign</span><span class="p">({</span> <span class="na">strategyName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">cookie-session</span><span class="dl">'</span><span class="p">,</span> <span class="na">key</span><span class="p">:</span> <span class="nx">COOKIE_NAME</span><span class="p">,</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="cm">/** * * @param req * @param _token cookie value * @returns */</span> <span class="k">async</span> <span class="nf">validate</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">_token</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">value</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">yar</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">userId</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">REGISTERED_USERS</span><span class="p">.</span><span class="nf">find</span><span class="p">((</span><span class="nx">u</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">u</span><span class="p">.</span><span class="nx">id</span> <span class="o">===</span> <span class="nx">value</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">isValid</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="p">{</span> <span class="na">user</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">},</span> <span class="na">scope</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">internal:session</span><span class="dl">'</span><span class="p">],</span> <span class="p">},</span> <span class="p">};</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">isValid</span><span class="p">:</span> <span class="kc">false</span> <span class="p">};</span> <span class="p">},</span> <span class="p">},</span> <span class="p">}).</span><span class="nf">setDescription</span><span class="p">(</span> <span class="s2">`Authentication is managed via a &lt;u&gt;secure&lt;/u&gt;, HTTP-only session cookie. The cookie is issued after login and must be included in subsequent requests. It is automatically invalidated when the session expires or the user logs out.`</span> <span class="p">);</span> </code></pre> </div> <p>At this point, login, authentication, authorization, and logout are all handled in one place.</p> <h2> Plugging everything into the app </h2> <p>The last steps are almost anticlimactic.</p> <p>We extend the app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">extend</span><span class="p">([</span><span class="nx">yarPlugin</span><span class="p">,</span> <span class="nx">cookieSessionAuth</span><span class="p">]);</span> </code></pre> </div> <p>Set a default auth strategy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">base</span><span class="p">().</span><span class="nx">auth</span><span class="p">.</span><span class="k">default</span><span class="p">({</span> <span class="na">strategies</span><span class="p">:</span> <span class="p">[</span><span class="nx">cookieSessionAuth</span><span class="p">.</span><span class="nf">getStrategyName</span><span class="p">()],</span> <span class="na">mode</span><span class="p">:</span> <span class="dl">'</span><span class="s1">try</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>And finally, protect the API documentation behind authentication:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">base</span><span class="p">().</span><span class="nf">ext</span><span class="p">(</span><span class="dl">'</span><span class="s1">onPostAuth</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">h</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// restrict access to api docs</span> <span class="k">if </span><span class="p">(</span><span class="nx">request</span><span class="p">.</span><span class="nx">path</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">/docs/</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="p">(</span><span class="nx">request</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">isAuthenticated</span> <span class="o">&amp;&amp;</span> <span class="nx">request</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">credentials</span><span class="p">.</span><span class="nx">scope</span><span class="p">?.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">internal:session</span><span class="dl">'</span><span class="p">)))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">h</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">).</span><span class="nf">takeover</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">h</span><span class="p">.</span><span class="k">continue</span><span class="p">;</span> <span class="p">});</span> </code></pre> </div> <p>If a user isn’t authenticated, they get redirected to <code>/login</code>. No middleware soup. No scattered guards.</p> <h2> Wrapping up </h2> <p>This is what Auth Designs are really about.</p> <p>They’re not just validators. They’re <strong>ownership boundaries</strong>. When done right, authentication stops being something you sprinkle across routes and starts being something you <em>plug in</em>.</p> <p>In the next part of this series, we’ll push this further: multiple providers, OAuth flows, and tighter integration with external identity systems.</p> <p>But for now, you’ve got:</p> <ul> <li>Cookie-based sessions</li> <li>Login and logout</li> <li>Route-level authorization</li> <li>And a clean mental model</li> </ul> <p>That’s a solid foundation.</p> <h2> Source Code </h2> <p>Curious to see the full app, judge the architecture, or spot a typo?</p> <p>👉 <strong><a href="https://github.com/shygyver/kaapi-monorepo-playground" rel="noopener noreferrer">github.com/shygyver/kaapi-monorepo-playground</a></strong><br> The example lives under <strong>authorization-app</strong>.<br> See the README for instructions on running it.</p> <p>More Kaapi articles are coming! It has plenty more tricks up its sleeve.</p> <p>📦 <strong>Get started now</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @kaapi/kaapi </code></pre> </div> <p>🔗 <strong>Learn more:</strong> <a href="https://github.com/demingongo/kaapi/wiki" rel="noopener noreferrer">https://github.com/demingongo/kaapi/wiki</a></p> typescript node backend auth Building Modern Backends with Kaapi: Request validation ShyGyver Sun, 07 Dec 2025 16:11:42 +0000 https://forem.com/shygyver/building-modern-backends-with-kaapi-request-validation-4dal https://forem.com/shygyver/building-modern-backends-with-kaapi-request-validation-4dal <blockquote> <p>Kaapi: A flexible, extensible backend framework for modern APIs with messaging, documentation, and type safety built right in.<br><br> This series is written for backend developers who love TypeScript and can appreciate Hapi’s design philosophy.</p> </blockquote> <h2> Validation? </h2> <p>Before we let any data wander freely into our backend (with muddy boots and questionable intentions), it’s usually a good idea to validate it.</p> <p>Kaapi is built on top of <strong><a href="https://hapi.dev/" rel="noopener noreferrer">Hapi</a></strong>, which already comes with great tools for this, thanks to <strong><a href="https://joi.dev/" rel="noopener noreferrer">Joi</a></strong>. If you want the full lecture, <a href="https://hapi.dev/tutorials/validation/" rel="noopener noreferrer">Hapi’s tutorial</a> explains everything in glorious detail.</p> <p>Here’s a tiny example from their documentation, just to remind ourselves how things look with Joi:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nx">route</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">Params</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">({</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/hello/{name}</span><span class="dl">'</span><span class="p">,</span> <span class="na">handler</span><span class="p">:</span> <span class="nf">function </span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">h</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`Hello </span><span class="p">${</span><span class="nx">request</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="s2">!`</span><span class="p">;</span> <span class="p">},</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="na">validate</span><span class="p">:</span> <span class="p">{</span> <span class="na">params</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">3</span><span class="p">).</span><span class="nf">max</span><span class="p">(</span><span class="mi">10</span><span class="p">)</span> <span class="p">})</span> <span class="p">}</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>Nothing surprising here… <strong>except Kaapi can automatically generate documentation from your validation</strong>.</p> <blockquote> <p>See: <em><a href="https://dev.to/shygyver/building-modern-backends-with-kaapi-api-documentation-generation-57f2">documentation generation article</a></em>.</p> </blockquote> <p>But Kaapi targets <strong>TypeScript</strong>, so naturally we want life to be as type-safe <em>and</em> boilerplate-free as possible.</p> <h3> So why are we still writing generic type arguments? </h3> <p>Writing <code>&lt;{ Params: { name: string } }&gt;</code> works, but feels unnecessary when the validator already <em>knows</em> the type.<br> <strong><a href="https://www.npmjs.com/package/zod" rel="noopener noreferrer">Zod</a></strong>, <strong><a href="https://www.npmjs.com/package/valibot" rel="noopener noreferrer">Valibot</a></strong> and <strong><a href="https://www.npmjs.com/package/arktype" rel="noopener noreferrer">ArkType</a></strong> provide type inference. Kaapi happily consumes that and eliminate boilerplate for you.</p> <p>Let’s take a tour through all three.</p> <h2> Integrating Validators </h2> <p>To use anything other than Joi, you install the appropriate plugin and extend your Kaapi instance.</p> <h3> Validate with <strong>Zod</strong> </h3> <p>Install:</p> <ul> <li><code>zod</code></li> <li><code>@kaapi/validator-zod</code></li> </ul> <p>Extend your app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Kaapi</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">validatorZod</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/validator-zod</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="cm">/* ... */</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">start</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">extend</span><span class="p">(</span><span class="nx">validatorZod</span><span class="p">);</span> <span class="p">};</span> <span class="nf">start</span><span class="p">();</span> </code></pre> </div> <p>And now you can do:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">z</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zod</span><span class="dl">'</span><span class="p">;</span> <span class="nx">app</span> <span class="p">.</span><span class="nf">base</span><span class="p">()</span> <span class="p">.</span><span class="nf">zod</span><span class="p">({</span> <span class="na">params</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">3</span><span class="p">).</span><span class="nf">max</span><span class="p">(</span><span class="mi">10</span><span class="p">)</span> <span class="p">})</span> <span class="p">})</span> <span class="p">.</span><span class="nf">route</span><span class="p">({</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/hello/{name}</span><span class="dl">'</span><span class="p">,</span> <span class="na">handler</span><span class="p">:</span> <span class="nf">function </span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">h</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`Hello </span><span class="p">${</span><span class="nx">request</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="s2">!`</span><span class="p">;</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>Hover over <code>request.params.name</code> in VSCode to see the magic of type inference.<br> No generics, no sadness (even without Joi).</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft53em6mv0qyc327p5n2u.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft53em6mv0qyc327p5n2u.png" alt="VSCode TypeScript Language Service type inference" width="535" height="273"></a></p> <h3> Validate with <strong>Valibot</strong> </h3> <p>Install:</p> <ul> <li><code>valibot</code></li> <li><code>@kaapi/validator-valibot</code></li> </ul> <p>Extend:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Kaapi</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">validatorValibot</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/validator-valibot</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="cm">/* ... */</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">start</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">extend</span><span class="p">(</span><span class="nx">validatorValibot</span><span class="p">);</span> <span class="p">};</span> <span class="nf">start</span><span class="p">();</span> </code></pre> </div> <p>Use it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">v</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">valibot</span><span class="dl">'</span><span class="p">;</span> <span class="nx">app</span> <span class="p">.</span><span class="nf">base</span><span class="p">()</span> <span class="p">.</span><span class="nf">valibot</span><span class="p">({</span> <span class="na">params</span><span class="p">:</span> <span class="nx">v</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="nx">v</span><span class="p">.</span><span class="nf">pipe</span><span class="p">(</span><span class="nx">v</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">minLength</span><span class="p">(</span><span class="mi">3</span><span class="p">),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">maxLength</span><span class="p">(</span><span class="mi">10</span><span class="p">))</span> <span class="p">})</span> <span class="p">})</span> <span class="p">.</span><span class="nf">route</span><span class="p">({</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/hello/{name}</span><span class="dl">'</span><span class="p">,</span> <span class="na">handler</span><span class="p">:</span> <span class="nf">function </span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">h</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`Hello </span><span class="p">${</span><span class="nx">request</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="s2">!`</span><span class="p">;</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>Valibot is extremely fast and super modular.<br> It’s like Lego bricks, if Lego bricks did runtime type checking.</p> <h3> Validate with <strong>ArkType</strong> </h3> <p>Install:</p> <ul> <li><code>arktype</code></li> <li><code>@kaapi/validator-arktype</code></li> </ul> <p>Extend:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Kaapi</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">validatorArk</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/validator-arktype</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="cm">/* ... */</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">start</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">extend</span><span class="p">(</span><span class="nx">validatorArk</span><span class="p">);</span> <span class="p">};</span> <span class="nf">start</span><span class="p">();</span> </code></pre> </div> <p>Use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="kd">type</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">arktype</span><span class="dl">'</span><span class="p">;</span> <span class="nx">app</span> <span class="p">.</span><span class="nf">base</span><span class="p">()</span> <span class="p">.</span><span class="nf">ark</span><span class="p">({</span> <span class="na">params</span><span class="p">:</span> <span class="nf">type</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">3 &lt;= string &lt;= 10</span><span class="dl">'</span> <span class="p">})</span> <span class="p">})</span> <span class="p">.</span><span class="nf">route</span><span class="p">({</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/hello/{name}</span><span class="dl">'</span><span class="p">,</span> <span class="na">handler</span><span class="p">:</span> <span class="nf">function </span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">h</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`Hello </span><span class="p">${</span><span class="nx">request</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="s2">!`</span><span class="p">;</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>ArkType is almost… poetic.<br> Where else can you write <code>'3 &lt;= string &lt;= 10'</code> and have TypeScript say "<em>Yep, that checks out</em>"?</p> <h2> A Real Example: Binomial Coefficients! </h2> <p>We’ve all written “Hello World” too many times, so let’s compute something actually useful:<br> <strong>the binomial coefficient</strong>, a.k.a. <em>n choose r</em>.</p> <p>Here’s the function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">binomialCoefficient</span><span class="p">(</span><span class="nx">n</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">r</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">r</span> <span class="o">&lt;</span> <span class="mi">0</span> <span class="o">||</span> <span class="nx">r</span> <span class="o">&gt;</span> <span class="nx">n</span><span class="p">)</span> <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">result</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">i</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="nx">i</span> <span class="o">&lt;=</span> <span class="nx">r</span><span class="p">;</span> <span class="nx">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="nx">result</span> <span class="o">=</span> <span class="nx">result</span> <span class="o">*</span> <span class="p">(</span><span class="nx">n</span> <span class="o">-</span> <span class="nx">i</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="o">/</span> <span class="nx">i</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">result</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Definitions:</p> <ul> <li> <code>n</code>: total objects</li> <li> <code>r</code>: objects chosen at once</li> </ul> <p>Rules:</p> <ul> <li> <code>r</code> must be an integer &gt; 0</li> <li><code>r ≤ n</code></li> </ul> <p>Bonus rules (because constraints are fun):</p> <ul> <li><code>n ∈ [1, 50]</code></li> <li><code>r ∈ {1, 2, 3}</code></li> <li> <code>r</code> defaults to <strong>3</strong> </li> <li>Input may be a <strong>string</strong> or <strong>number</strong> </li> <li>Validators should convert strings → numbers</li> </ul> <p>Below we implement this in Zod, Valibot, ArkType, and finally Joi.</p> <p>(Yes, we’re doing all four. Because we can.)</p> <h3> Zod Version </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">z</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zod</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// payload schema</span> <span class="kd">const</span> <span class="nx">combinationPayloadSchema</span> <span class="o">=</span> <span class="nx">z</span> <span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">n</span><span class="p">:</span> <span class="nx">z</span> <span class="p">.</span><span class="nf">preprocess</span><span class="p">((</span><span class="nx">x</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nc">Number</span><span class="p">(</span><span class="nx">x</span><span class="p">),</span> <span class="nx">z</span><span class="p">.</span><span class="nf">int</span><span class="p">().</span><span class="nf">positive</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="nf">max</span><span class="p">(</span><span class="mi">50</span><span class="p">))</span> <span class="p">.</span><span class="nf">meta</span><span class="p">({</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">The total number of objects in the set</span><span class="dl">'</span><span class="p">,</span> <span class="na">examples</span><span class="p">:</span> <span class="p">[</span><span class="mi">5</span><span class="p">],</span> <span class="p">}),</span> <span class="na">r</span><span class="p">:</span> <span class="nx">z</span> <span class="p">.</span><span class="nf">preprocess</span><span class="p">(</span> <span class="p">(</span><span class="nx">x</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nc">Number</span><span class="p">(</span><span class="nx">x</span><span class="p">),</span> <span class="nx">z</span><span class="p">.</span><span class="nf">enum</span><span class="p">({</span> <span class="na">one</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">two</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">three</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span> <span class="p">})</span> <span class="p">)</span> <span class="p">.</span><span class="nf">optional</span><span class="p">()</span> <span class="p">.</span><span class="k">default</span><span class="p">(</span><span class="mi">3</span><span class="p">)</span> <span class="p">.</span><span class="nf">meta</span><span class="p">({</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">The number of objects chosen at once</span><span class="dl">'</span><span class="p">,</span> <span class="na">examples</span><span class="p">:</span> <span class="p">[</span><span class="mi">3</span><span class="p">],</span> <span class="p">}),</span> <span class="p">})</span> <span class="p">.</span><span class="nf">refine</span><span class="p">(</span> <span class="p">(</span><span class="nx">schema</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">schema</span><span class="p">.</span><span class="nx">n</span> <span class="o">&gt;=</span> <span class="nx">schema</span><span class="p">.</span><span class="nx">r</span><span class="p">,</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">make sure that n ≥ r</span><span class="dl">'</span> <span class="p">}</span> <span class="p">)</span> <span class="p">.</span><span class="nf">meta</span><span class="p">({</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">combination nCr inputs</span><span class="dl">'</span><span class="p">,</span> <span class="na">ref</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#/components/schemas/CombinationInputsWithZod</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="c1">// route</span> <span class="nx">app</span><span class="p">.</span><span class="nf">base</span><span class="p">()</span> <span class="p">.</span><span class="nf">zod</span><span class="p">({</span> <span class="na">payload</span><span class="p">:</span> <span class="nx">combinationPayloadSchema</span> <span class="p">})</span> <span class="p">.</span><span class="nf">route</span><span class="p">(</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/zod/combination</span><span class="dl">'</span><span class="p">,</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Calculate the combination of n and r.</span><span class="dl">'</span><span class="p">,</span> <span class="na">tags</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">zod</span><span class="dl">'</span><span class="p">],</span> <span class="na">payload</span><span class="p">:</span> <span class="p">{</span> <span class="na">allow</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">application/x-www-form-urlencoded</span><span class="dl">'</span><span class="p">],</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">({</span> <span class="na">payload</span><span class="p">:</span> <span class="p">{</span> <span class="nx">n</span><span class="p">,</span> <span class="nx">r</span> <span class="p">}</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">inputs</span><span class="p">:</span> <span class="p">{</span> <span class="nx">n</span><span class="p">,</span> <span class="nx">r</span> <span class="p">},</span> <span class="na">coefficient</span><span class="p">:</span> <span class="nf">binomialCoefficient</span><span class="p">(</span><span class="nx">n</span><span class="p">,</span> <span class="nx">r</span><span class="p">)</span> <span class="p">})</span> <span class="p">);</span> </code></pre> </div> <h3> Valibot Version </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">v</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">valibot</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// payload schema</span> <span class="kd">const</span> <span class="nx">combinationPayloadSchema</span> <span class="o">=</span> <span class="nx">v</span><span class="p">.</span><span class="nf">pipe</span><span class="p">(</span> <span class="nx">v</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">n</span><span class="p">:</span> <span class="nx">v</span><span class="p">.</span><span class="nf">pipe</span><span class="p">(</span> <span class="nx">v</span><span class="p">.</span><span class="nf">union</span><span class="p">([</span> <span class="nx">v</span><span class="p">.</span><span class="nf">number</span><span class="p">(),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">pipe</span><span class="p">(</span><span class="nx">v</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">transform</span><span class="p">((</span><span class="nx">input</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nc">Number</span><span class="p">(</span><span class="nx">input</span><span class="p">))),</span> <span class="p">]),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">integer</span><span class="p">(),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">minValue</span><span class="p">(</span><span class="mi">1</span><span class="p">),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">maxValue</span><span class="p">(</span><span class="mi">50</span><span class="p">),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">description</span><span class="p">(</span><span class="dl">'</span><span class="s1">The total number of objects in the set</span><span class="dl">'</span><span class="p">),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">metadata</span><span class="p">({</span> <span class="na">examples</span><span class="p">:</span> <span class="p">[</span><span class="mi">5</span><span class="p">]</span> <span class="p">})</span> <span class="p">),</span> <span class="na">r</span><span class="p">:</span> <span class="nx">v</span><span class="p">.</span><span class="nf">optional</span><span class="p">(</span> <span class="nx">v</span><span class="p">.</span><span class="nf">pipe</span><span class="p">(</span> <span class="nx">v</span><span class="p">.</span><span class="nf">union</span><span class="p">([</span> <span class="nx">v</span><span class="p">.</span><span class="nf">number</span><span class="p">(),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">pipe</span><span class="p">(</span><span class="nx">v</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">transform</span><span class="p">((</span><span class="nx">input</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nc">Number</span><span class="p">(</span><span class="nx">input</span><span class="p">))),</span> <span class="p">]),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">integer</span><span class="p">(),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">union</span><span class="p">([</span><span class="nx">v</span><span class="p">.</span><span class="nf">literal</span><span class="p">(</span><span class="mi">1</span><span class="p">),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">literal</span><span class="p">(</span><span class="mi">2</span><span class="p">),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">literal</span><span class="p">(</span><span class="mi">3</span><span class="p">)]),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">description</span><span class="p">(</span><span class="dl">'</span><span class="s1">The number of objects chosen at once</span><span class="dl">'</span><span class="p">),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">metadata</span><span class="p">({</span> <span class="na">examples</span><span class="p">:</span> <span class="p">[</span><span class="mi">3</span><span class="p">]</span> <span class="p">})</span> <span class="p">),</span> <span class="mi">3</span> <span class="p">),</span> <span class="p">}),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">check</span><span class="p">((</span><span class="nx">input</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">input</span><span class="p">.</span><span class="nx">n</span> <span class="o">&gt;=</span> <span class="nx">input</span><span class="p">.</span><span class="nx">r</span><span class="p">,</span> <span class="dl">'</span><span class="s1">make sure that n ≥ r</span><span class="dl">'</span><span class="p">),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">description</span><span class="p">(</span><span class="dl">'</span><span class="s1">combination nCr inputs</span><span class="dl">'</span><span class="p">),</span> <span class="nx">v</span><span class="p">.</span><span class="nf">metadata</span><span class="p">({</span> <span class="na">ref</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#/components/schemas/CombinationInputsWithValibot</span><span class="dl">'</span><span class="p">,</span> <span class="p">})</span> <span class="p">);</span> <span class="c1">// route</span> <span class="nx">app</span><span class="p">.</span><span class="nf">base</span><span class="p">()</span> <span class="p">.</span><span class="nf">valibot</span><span class="p">({</span> <span class="na">payload</span><span class="p">:</span> <span class="nx">combinationPayloadSchema</span> <span class="p">})</span> <span class="p">.</span><span class="nf">route</span><span class="p">(</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/valibot/combination</span><span class="dl">'</span><span class="p">,</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Calculate the combination of n and r.</span><span class="dl">'</span><span class="p">,</span> <span class="na">tags</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">valibot</span><span class="dl">'</span><span class="p">],</span> <span class="na">payload</span><span class="p">:</span> <span class="p">{</span> <span class="na">allow</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">application/x-www-form-urlencoded</span><span class="dl">'</span><span class="p">],</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">({</span> <span class="na">payload</span><span class="p">:</span> <span class="p">{</span> <span class="nx">n</span><span class="p">,</span> <span class="nx">r</span> <span class="p">}</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">inputs</span><span class="p">:</span> <span class="p">{</span> <span class="nx">n</span><span class="p">,</span> <span class="nx">r</span> <span class="p">},</span> <span class="na">coefficient</span><span class="p">:</span> <span class="nf">binomialCoefficient</span><span class="p">(</span><span class="nx">n</span><span class="p">,</span> <span class="nx">r</span><span class="p">)</span> <span class="p">})</span> <span class="p">);</span> </code></pre> </div> <h3> ArkType Version </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">RequestBodyDocsModifier</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="kd">type</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">arktype</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// payload schema</span> <span class="kd">const</span> <span class="nx">combinationPayloadSchema</span> <span class="o">=</span> <span class="nf">type</span><span class="p">([</span> <span class="p">{</span> <span class="na">n</span><span class="p">:</span> <span class="nf">type</span><span class="p">([</span> <span class="dl">'</span><span class="s1">number.integer | string</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">@</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">The total number of objects in the set</span><span class="dl">'</span><span class="p">,</span> <span class="na">expected</span><span class="p">:</span> <span class="dl">'</span><span class="s1">an integer</span><span class="dl">'</span><span class="p">,</span> <span class="na">examples</span><span class="p">:</span> <span class="p">[</span><span class="mi">5</span><span class="p">],</span> <span class="na">format</span><span class="p">:</span> <span class="dl">'</span><span class="s1">integer</span><span class="dl">'</span> <span class="p">},</span> <span class="p">])</span> <span class="p">.</span><span class="nf">pipe</span><span class="p">((</span><span class="nx">v</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nc">Number</span><span class="p">(</span><span class="nx">v</span><span class="p">))</span> <span class="p">.</span><span class="nf">to</span><span class="p">(</span><span class="dl">'</span><span class="s1">1 &lt;= number.integer &lt;= 50</span><span class="dl">'</span><span class="p">),</span> <span class="na">r</span><span class="p">:</span> <span class="nf">type</span><span class="p">([</span> <span class="dl">'</span><span class="s1">1 | 2 | 3 | string</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">@</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">The number of objects chosen at once</span><span class="dl">'</span><span class="p">,</span> <span class="na">expected</span><span class="p">:</span> <span class="dl">'</span><span class="s1">1, 2 or 3</span><span class="dl">'</span><span class="p">,</span> <span class="na">examples</span><span class="p">:</span> <span class="p">[</span><span class="mi">3</span><span class="p">],</span> <span class="na">format</span><span class="p">:</span> <span class="dl">'</span><span class="s1">integer</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">])</span> <span class="p">.</span><span class="nf">pipe</span><span class="p">((</span><span class="nx">v</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="k">typeof</span> <span class="nx">v</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span> <span class="p">?</span> <span class="p">(</span><span class="nx">v</span> <span class="p">?</span> <span class="nc">Number</span><span class="p">(</span><span class="nx">v</span><span class="p">)</span> <span class="p">:</span> <span class="kc">NaN</span><span class="p">)</span> <span class="p">:</span> <span class="nx">v</span><span class="p">))</span> <span class="p">.</span><span class="nf">to</span><span class="p">(</span><span class="dl">'</span><span class="s1">1 | 2 | 3</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="k">default</span><span class="p">(</span><span class="mi">3</span><span class="p">),</span> <span class="p">},</span> <span class="dl">'</span><span class="s1">@</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">combination nCr inputs</span><span class="dl">'</span><span class="p">,</span> <span class="p">]).</span><span class="nf">pipe</span><span class="p">((</span><span class="nx">payload</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">type</span><span class="p">({</span> <span class="na">n</span><span class="p">:</span> <span class="nf">type</span><span class="p">(</span><span class="s2">`number &gt;= </span><span class="p">${</span><span class="nx">payload</span><span class="p">.</span><span class="nx">r</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="dl">'</span><span class="s1">@</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">≥ r</span><span class="dl">'</span><span class="p">),</span> <span class="na">r</span><span class="p">:</span> <span class="dl">'</span><span class="s1">number</span><span class="dl">'</span><span class="p">,</span> <span class="p">})(</span><span class="nx">payload</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// route</span> <span class="nx">app</span><span class="p">.</span><span class="nf">base</span><span class="p">()</span> <span class="p">.</span><span class="nf">ark</span><span class="p">({</span> <span class="na">payload</span><span class="p">:</span> <span class="nx">combinationPayloadSchema</span><span class="p">,</span> <span class="p">})</span> <span class="p">.</span><span class="nf">route</span><span class="p">(</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/ark/combination</span><span class="dl">'</span><span class="p">,</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Calculate the combination of n and r.</span><span class="dl">'</span><span class="p">,</span> <span class="na">tags</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">ark</span><span class="dl">'</span><span class="p">],</span> <span class="na">payload</span><span class="p">:</span> <span class="p">{</span> <span class="na">allow</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">application/x-www-form-urlencoded</span><span class="dl">'</span><span class="p">],</span> <span class="p">},</span> <span class="na">plugins</span><span class="p">:</span> <span class="p">{</span> <span class="na">kaapi</span><span class="p">:</span> <span class="p">{</span> <span class="na">docs</span><span class="p">:</span> <span class="p">{</span> <span class="na">modifiers</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">requestBody</span><span class="p">:</span> <span class="k">new</span> <span class="nc">RequestBodyDocsModifier</span><span class="p">()</span> <span class="p">.</span><span class="nf">addMediaType</span><span class="p">(</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">schema</span><span class="p">:</span> <span class="p">{</span> <span class="na">properties</span><span class="p">:</span> <span class="p">{</span> <span class="na">n</span><span class="p">:</span> <span class="p">{</span> <span class="na">minimum</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maximum</span><span class="p">:</span> <span class="mi">50</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">})</span> <span class="p">.</span><span class="nf">addMediaType</span><span class="p">(</span><span class="dl">'</span><span class="s1">application/x-www-form-urlencoded</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">schema</span><span class="p">:</span> <span class="p">{</span> <span class="na">properties</span><span class="p">:</span> <span class="p">{</span> <span class="na">n</span><span class="p">:</span> <span class="p">{</span> <span class="na">minimum</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maximum</span><span class="p">:</span> <span class="mi">50</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">}),</span> <span class="p">}),</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">({</span> <span class="na">payload</span><span class="p">:</span> <span class="p">{</span> <span class="nx">n</span><span class="p">,</span> <span class="nx">r</span> <span class="p">}</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">inputs</span><span class="p">:</span> <span class="p">{</span> <span class="nx">n</span><span class="p">,</span> <span class="nx">r</span> <span class="p">},</span> <span class="na">coefficient</span><span class="p">:</span> <span class="nf">binomialCoefficient</span><span class="p">(</span><span class="nx">n</span><span class="p">,</span> <span class="nx">r</span><span class="p">)</span> <span class="p">})</span> <span class="p">);</span> </code></pre> </div> <blockquote> <p>ArkType gets us most of the way there, but its auto-documentation leaves a few holes. That’s why we stepped in with <code>RequestBodyDocsModifier</code> to round things out.</p> </blockquote> <h3> Joi Version (for comparison) </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">Joi</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">joi</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// payload schema</span> <span class="kd">const</span> <span class="nx">combinationPayloadSchema</span> <span class="o">=</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">n</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">number</span><span class="p">()</span> <span class="p">.</span><span class="nf">description</span><span class="p">(</span><span class="dl">'</span><span class="s1">The total number of objects in the set</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">integer</span><span class="p">()</span> <span class="p">.</span><span class="nf">min</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="p">.</span><span class="nf">max</span><span class="p">(</span><span class="mi">50</span><span class="p">)</span> <span class="p">.</span><span class="nf">example</span><span class="p">(</span><span class="mi">5</span><span class="p">)</span> <span class="p">.</span><span class="nf">when</span><span class="p">(</span><span class="dl">'</span><span class="s1">r</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">is</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">number</span><span class="p">(),</span> <span class="na">then</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">number</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="nx">Joi</span><span class="p">.</span><span class="nf">ref</span><span class="p">(</span><span class="dl">'</span><span class="s1">r</span><span class="dl">'</span><span class="p">)),</span> <span class="p">})</span> <span class="p">.</span><span class="nf">required</span><span class="p">(),</span> <span class="na">r</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">number</span><span class="p">()</span> <span class="p">.</span><span class="nf">description</span><span class="p">(</span><span class="dl">'</span><span class="s1">The number of objects chosen at once</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">integer</span><span class="p">()</span> <span class="p">.</span><span class="nf">valid</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span> <span class="p">.</span><span class="k">default</span><span class="p">(</span><span class="mi">3</span><span class="p">)</span> <span class="p">.</span><span class="nf">example</span><span class="p">(</span><span class="mi">3</span><span class="p">)</span> <span class="p">.</span><span class="nf">optional</span><span class="p">(),</span> <span class="p">})</span> <span class="p">.</span><span class="nf">meta</span><span class="p">({</span> <span class="na">ref</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#/components/schemas/CombinationInputsWithJoi</span><span class="dl">'</span> <span class="p">})</span> <span class="p">.</span><span class="nf">description</span><span class="p">(</span><span class="dl">'</span><span class="s1">combination nCr inputs</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">required</span><span class="p">();</span> <span class="c1">// route</span> <span class="nx">app</span><span class="p">.</span><span class="nx">route</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">Payload</span><span class="p">:</span> <span class="p">{</span> <span class="na">n</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">r</span><span class="p">:</span> <span class="mi">1</span> <span class="o">|</span> <span class="mi">2</span> <span class="o">|</span> <span class="mi">3</span> <span class="p">}</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">(</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/joi/combination</span><span class="dl">'</span><span class="p">,</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Calculate the combination of n and r.</span><span class="dl">'</span><span class="p">,</span> <span class="na">tags</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">joi</span><span class="dl">'</span><span class="p">],</span> <span class="na">payload</span><span class="p">:</span> <span class="p">{</span> <span class="na">allow</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">application/x-www-form-urlencoded</span><span class="dl">'</span><span class="p">],</span> <span class="p">},</span> <span class="na">validate</span><span class="p">:</span> <span class="p">{</span> <span class="na">payload</span><span class="p">:</span> <span class="nx">combinationPayloadSchema</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">({</span> <span class="na">payload</span><span class="p">:</span> <span class="p">{</span> <span class="nx">n</span><span class="p">,</span> <span class="nx">r</span> <span class="p">}</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">inputs</span><span class="p">:</span> <span class="p">{</span> <span class="nx">n</span><span class="p">,</span> <span class="nx">r</span> <span class="p">},</span> <span class="na">coefficient</span><span class="p">:</span> <span class="nf">binomialCoefficient</span><span class="p">(</span><span class="nx">n</span><span class="p">,</span> <span class="nx">r</span><span class="p">)</span> <span class="p">})</span> <span class="p">);</span> </code></pre> </div> <blockquote> <p>Joi still requires the explicit generic type <code>&lt;{ Payload: … }&gt;</code>, but the schema itself is wonderfully compact.</p> </blockquote> <h2> So… Which Validator Should You Use? </h2> <p>Honestly?<br> <strong>Any of them.</strong><br> Kaapi doesn’t play favourites. You can mix and match all four in the same project.</p> <p>Here’s the vibe check:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Validator</th> <th>Pros</th> <th>Cons</th> </tr> </thead> <tbody> <tr> <td><strong>Zod</strong></td> <td>Great DX, powerful transforms, strong TS inference</td> <td>Verbose</td> </tr> <tr> <td><strong>Valibot</strong></td> <td>Very fast, very modular</td> <td>Piping can get long</td> </tr> <tr> <td><strong>ArkType</strong></td> <td>Most human-readable (<code>"3 &lt;= string &lt;= 10"</code>), minimal syntax</td> <td>Weaker doc generation, sometimes needs manual modifiers for complex schemas</td> </tr> <tr> <td><strong>Joi</strong></td> <td>Built-in with Hapi/Kaapi, concise</td> <td>Needs explicit TS generics</td> </tr> </tbody> </table></div> <p>Choose based on:</p> <ul> <li> <strong>Minimal code?</strong> → Joi or ArkType</li> <li> <strong>Strong type inference without generics?</strong> → Zod or Valibot</li> <li> <strong>Human-readable schemas?</strong> → ArkType</li> <li> <strong>Excellent auto-docs?</strong> → Zod / Valibot / Joi</li> </ul> <p>Basically:<br> <strong>Kaapi gives you the whole toolbox. Pick the screwdriver that makes you happy.</strong></p> <h2> Source Code </h2> <p>Curious to see the full app, judge the architecture, or spot a typo?</p> <p>👉 <strong><a href="https://github.com/shygyver/kaapi-monorepo-playground" rel="noopener noreferrer">github.com/shygyver/kaapi-monorepo-playground</a></strong><br> The example lives under <strong>validation-app</strong>.<br> See the README for instructions on running it.</p> <p>More Kaapi articles are coming! It has plenty more tricks up its sleeve.</p> <p>📦 <strong>Get started now</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @kaapi/kaapi </code></pre> </div> <p>🔗 <strong>Learn more:</strong> <a href="https://github.com/demingongo/kaapi/wiki" rel="noopener noreferrer">https://github.com/demingongo/kaapi/wiki</a></p> typescript node backend framework Building Modern Backends with Kaapi: API Documentation Generation ShyGyver Sat, 29 Nov 2025 18:58:17 +0000 https://forem.com/shygyver/building-modern-backends-with-kaapi-api-documentation-generation-57f2 https://forem.com/shygyver/building-modern-backends-with-kaapi-api-documentation-generation-57f2 <blockquote> <p>Kaapi: A flexible, extensible backend framework for modern APIs with messaging, documentation, and type safety built right in.<br><br> This series is written for backend developers who love TypeScript and can appreciate Hapi’s design philosophy.</p> </blockquote> <h2> Documentation? </h2> <p>(Yes, we actually read it… sometimes.)</p> <p>A good API lives or dies by its documentation. <br> Whether you have a public API, a private API, or an <em>"API that only Chad from DevOps knows how to use"</em>, someone <em>eventually</em> needs to understand it.</p> <p>Kaapi does this for you by auto-generating docs in <strong>two formats</strong>, because why settle for one?</p> <ul> <li> <strong>OpenAPI v3.1.1</strong>: for a complete, machine-readable definition</li> <li> <strong>Postman Collection v2.1</strong>: for folks on Postman’s free tier (👋 hi, we see you)</li> </ul> <p>Before we jump straight into documentation generation, we need... configuration. So let’s start there.</p> <h2> Configuration </h2> <p>A Kaapi app starts like a regular Hapi server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Kaapi</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="c1">// ServerOptions</span> <span class="na">port</span><span class="p">:</span> <span class="mi">3000</span><span class="p">,</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">localhost</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">start</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">app</span><span class="p">.</span><span class="nf">route</span><span class="p">({</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/hello</span><span class="dl">'</span><span class="p">,</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Another Hello World.</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">handler</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="s2">`Hello World!`</span><span class="p">,</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">🚀 Server running at:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">app</span><span class="p">.</span><span class="nf">base</span><span class="p">().</span><span class="nx">info</span><span class="p">.</span><span class="nx">uri</span><span class="p">);</span> <span class="p">};</span> <span class="nf">start</span><span class="p">();</span> </code></pre> </div> <p>Once this is running, visit:</p> <ul> <li>Swagger UI → <strong><a href="http://localhost:3000/docs/api" rel="noopener noreferrer">http://localhost:3000/docs/api</a></strong> </li> <li>OpenAPI schema → <strong><a href="http://localhost:3000/docs/api/schema" rel="noopener noreferrer">/docs/api/schema</a></strong> </li> <li>Postman collection → <strong><a href="http://localhost:3000/docs/api/schema?format=postman" rel="noopener noreferrer">/docs/api/schema?format=postman</a></strong> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frxmsxpon4qnmk4j60ite.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frxmsxpon4qnmk4j60ite.png" alt=" " width="777" height="521"></a></p> <p>Boom. Instant documentation. Zero guilt.</p> <p>Now let’s customize the documentation settings using the <code>docs</code> option:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Kaapi</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="c1">// ServerOptions</span> <span class="na">port</span><span class="p">:</span> <span class="mi">3000</span><span class="p">,</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">localhost</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// DocsConfig</span> <span class="na">docs</span><span class="p">:</span> <span class="p">{</span> <span class="na">disabled</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="c1">// disable documentation generation, default: false</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/docs/api</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// path to documentation, default: /docs/api</span> <span class="na">title</span><span class="p">:</span> <span class="dl">'</span><span class="s1">My First App</span><span class="dl">'</span><span class="p">,</span> <span class="na">version</span><span class="p">:</span> <span class="dl">'</span><span class="s1">1.0.1</span><span class="dl">'</span><span class="p">,</span> <span class="na">ui</span><span class="p">:</span> <span class="p">{</span> <span class="na">swagger</span><span class="p">:</span> <span class="p">{</span> <span class="na">customCss</span><span class="p">:</span> <span class="dl">'</span><span class="s1">.swagger-ui .topbar { display: none; }</span><span class="dl">'</span><span class="p">,</span> <span class="na">customSiteTitle</span><span class="p">:</span> <span class="dl">'</span><span class="s1">My First App</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <p>Visit <a href="http://localhost:3000/docs/api" rel="noopener noreferrer"><code>/docs/api</code></a> again, and voilà! Your Swagger UI now has a personalized title, a missing top bar and shows a new API version and title.</p> <h2> Petstore Example </h2> <p>Because no API documentation article is complete without animals,</p> <p>Time to recreate the legendary <strong><a href="https://github.com/swagger-api/swagger-petstore/blob/master/src/main/resources/openapi.yaml" rel="noopener noreferrer">Swagger Petstore</a></strong> with request data validation.</p> <h3> Petstore Configuration </h3> <p>We’re turning the configuration dial up to <strong>Fancy Mode</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="c1">// LoggerOptions</span> <span class="na">loggerOptions</span><span class="p">:</span> <span class="p">{</span> <span class="na">level</span><span class="p">:</span> <span class="dl">'</span><span class="s1">debug</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">port</span><span class="p">:</span> <span class="mi">3000</span><span class="p">,</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">localhost</span><span class="dl">'</span><span class="p">,</span> <span class="na">docs</span><span class="p">:</span> <span class="p">{</span> <span class="na">disabled</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/docs/api</span><span class="dl">'</span><span class="p">,</span> <span class="na">title</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Petstore</span><span class="dl">'</span><span class="p">,</span> <span class="na">license</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">MIT</span><span class="dl">'</span><span class="p">,</span> <span class="na">url</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://raw.githubusercontent.com/shygyver/kaapi-monorepo-playground/refs/heads/main/LICENSE</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">version</span><span class="p">:</span> <span class="dl">'</span><span class="s1">1.0.12</span><span class="dl">'</span><span class="p">,</span> <span class="na">ui</span><span class="p">:</span> <span class="p">{</span> <span class="na">swagger</span><span class="p">:</span> <span class="p">{</span> <span class="na">customCss</span><span class="p">:</span> <span class="dl">'</span><span class="s1">.swagger-ui .topbar { display: none; }</span><span class="dl">'</span><span class="p">,</span> <span class="na">customSiteTitle</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Swagger UI - Petstore</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="na">host</span><span class="p">:</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="dl">'</span><span class="s1">{baseUrl}</span><span class="dl">'</span><span class="p">,</span> <span class="na">variables</span><span class="p">:</span> <span class="p">{</span> <span class="na">baseUrl</span><span class="p">:</span> <span class="p">{</span> <span class="na">default</span><span class="p">:</span> <span class="dl">'</span><span class="s1">http://localhost:3000</span><span class="dl">'</span><span class="p">,</span> <span class="na">enum</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">http://localhost:3000</span><span class="dl">'</span><span class="p">],</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="na">tags</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">pet</span><span class="dl">'</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Everything about your Pets</span><span class="dl">'</span><span class="p">,</span> <span class="na">externalDocs</span><span class="p">:</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://swagger.io/</span><span class="dl">'</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Find out more</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <p>Why define <code>docs.host</code>?<br> Useful when deploying to production so Postman and external clients resolve URLs correctly. For local development, we simply set the internal uri <code>http://localhost:3000</code>. Using a variable like <code>{baseUrl}</code> also keeps things clean when switching between environments.</p> <p>Why define <code>docs.tags</code>?<br> This is optional, but helpful if you want to enrich tag metadata with descriptions or external links.</p> <p>Now let’s also sprinkle some <strong>extra documentation seasoning</strong> using <code>.setDescription()</code>, <code>.setContact()</code>, <code>.setExternalDoc()</code>, and other goodies.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// info for OpenAPI specification</span> <span class="nx">app</span><span class="p">.</span><span class="nx">openapi</span> <span class="p">.</span><span class="nf">setDescription</span><span class="p">(</span> <span class="s2">`This is an OpenAPI 3.1.1 specification of a sample Pet Store Server build with Kaapi. You can find out more about Kaapi at [https://www.npmjs.com/package/@kaapi/kaapi](https://www.npmjs.com/package/@kaapi/kaapi). Some useful links: - [The original Pet Store repository](https://github.com/swagger-api/swagger-petstore) - [OpenAPI Specification v3.1.1](https://spec.openapis.org/oas/v3.1.1.html) `</span> <span class="p">)</span> <span class="p">.</span><span class="nf">setTermsOfService</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://raw.githubusercontent.com/shygyver/kaapi-monorepo-playground/refs/heads/main/LICENSE</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">setContact</span><span class="p">({</span> <span class="na">url</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://github.com/shygyver</span><span class="dl">'</span><span class="p">,</span> <span class="p">})</span> <span class="p">.</span><span class="nf">setExternalDoc</span><span class="p">({</span> <span class="na">url</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://github.com/demingongo/kaapi/wiki</span><span class="dl">'</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Find out more about Kaapi</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="c1">// info for Postman collection</span> <span class="nx">app</span><span class="p">.</span><span class="nx">postman</span> <span class="p">.</span><span class="nf">setDescription</span><span class="p">(</span><span class="s2">`This is a Postman 2.1.0 collection format of a sample Pet Store Server build with Kaapi. You can find out more about Kaapi at [https://www.npmjs.com/package/@kaapi/kaapi](https://www.npmjs.com/package/@kaapi/kaapi). Some useful links: - [The original Pet Store repository](https://github.com/swagger-api/swagger-petstore) - [Postman Collection Format v2.1.0](https://schema.postman.com/collection/json/v2.1.0/draft-07/docs/index.html) `</span><span class="p">);</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fotysf3xn4oppfkg2ek8e.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fotysf3xn4oppfkg2ek8e.png" alt=" " width="800" height="443"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxz8qsa4u2rnejrh87pc4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxz8qsa4u2rnejrh87pc4.png" alt=" " width="475" height="468"></a></p> <h3> Petstore - Update an existing pet (Payload) </h3> <p>We’ll use <strong>Joi</strong> for validation.</p> <p>We also extend Joi to be nicer with <code>application/x-www-form-urlencoded</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">Joi</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">joi</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// validator ajustments for application/x-www-form-urlencoded</span> <span class="kd">const</span> <span class="nx">customJoi</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nx">Root</span> <span class="o">=</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">extend</span><span class="p">(</span> <span class="p">(</span><span class="nx">joi</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">array</span><span class="dl">'</span><span class="p">,</span> <span class="na">base</span><span class="p">:</span> <span class="nx">joi</span><span class="p">.</span><span class="nf">array</span><span class="p">(),</span> <span class="na">coerce</span><span class="p">:</span> <span class="p">{</span> <span class="na">from</span><span class="p">:</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span><span class="p">,</span> <span class="nf">method</span><span class="p">(</span><span class="nx">value</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="k">typeof</span> <span class="nx">value</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">value</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">[</span><span class="dl">'</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="nx">value</span><span class="p">.</span><span class="nf">endsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">]</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">value</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">value</span><span class="p">)</span> <span class="p">};</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">value</span><span class="p">:</span> <span class="nx">value</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1">,</span><span class="dl">'</span><span class="p">)</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">app</span><span class="p">.</span><span class="nx">log</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">};</span> <span class="p">},</span> <span class="p">},</span> <span class="p">}),</span> <span class="p">(</span><span class="nx">joi</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">object</span><span class="dl">'</span><span class="p">,</span> <span class="na">base</span><span class="p">:</span> <span class="nx">joi</span><span class="p">.</span><span class="nf">object</span><span class="p">(),</span> <span class="na">coerce</span><span class="p">:</span> <span class="p">{</span> <span class="na">from</span><span class="p">:</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span><span class="p">,</span> <span class="nf">method</span><span class="p">(</span><span class="nx">value</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="k">typeof</span> <span class="nx">value</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="nx">value</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">{</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">value</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">value</span><span class="p">)</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">app</span><span class="p">.</span><span class="nx">log</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">};</span> <span class="p">},</span> <span class="p">},</span> <span class="p">})</span> <span class="p">);</span> <span class="c1">// 'Update an existing pet' endpoint</span> <span class="nx">app</span><span class="p">.</span><span class="nx">route</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">Payload</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">category</span><span class="p">?:</span> <span class="p">{</span> <span class="nx">id</span><span class="p">?:</span> <span class="mi">1</span><span class="p">;</span> <span class="nl">name</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">};</span> <span class="nl">photoUrls</span><span class="p">:</span> <span class="kr">string</span><span class="p">[];</span> <span class="nl">tags</span><span class="p">?:</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">id</span><span class="p">?:</span> <span class="mi">0</span><span class="p">;</span> <span class="nl">name</span><span class="p">?:</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span><span class="p">;</span> <span class="p">},</span> <span class="p">];</span> <span class="nl">status</span><span class="p">?:</span> <span class="dl">'</span><span class="s1">available</span><span class="dl">'</span><span class="p">;</span> <span class="p">};</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/pet</span><span class="dl">'</span><span class="p">,</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">PUT</span><span class="dl">'</span><span class="p">,</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="na">tags</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">pet</span><span class="dl">'</span><span class="p">],</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Update an existing pet.</span><span class="dl">'</span><span class="p">,</span> <span class="na">notes</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">Update an existing pet by Id.</span><span class="dl">'</span><span class="p">],</span> <span class="na">payload</span><span class="p">:</span> <span class="p">{</span> <span class="na">allow</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">application/x-www-form-urlencoded</span><span class="dl">'</span><span class="p">],</span> <span class="p">},</span> <span class="na">validate</span><span class="p">:</span> <span class="p">{</span> <span class="na">payload</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">number</span><span class="p">().</span><span class="nf">integer</span><span class="p">().</span><span class="nf">example</span><span class="p">(</span><span class="mi">10</span><span class="p">).</span><span class="nf">meta</span><span class="p">({</span> <span class="na">format</span><span class="p">:</span> <span class="dl">'</span><span class="s1">int64</span><span class="dl">'</span> <span class="p">}).</span><span class="nf">required</span><span class="p">(),</span> <span class="na">name</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">example</span><span class="p">(</span><span class="dl">'</span><span class="s1">doggie</span><span class="dl">'</span><span class="p">).</span><span class="nf">required</span><span class="p">(),</span> <span class="na">category</span><span class="p">:</span> <span class="nx">customJoi</span> <span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">number</span><span class="p">().</span><span class="nf">integer</span><span class="p">().</span><span class="nf">example</span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="nf">meta</span><span class="p">({</span> <span class="na">format</span><span class="p">:</span> <span class="dl">'</span><span class="s1">int64</span><span class="dl">'</span> <span class="p">}),</span> <span class="na">name</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">example</span><span class="p">(</span><span class="dl">'</span><span class="s1">Dogs</span><span class="dl">'</span><span class="p">),</span> <span class="p">}),</span> <span class="na">photoUrls</span><span class="p">:</span> <span class="nx">customJoi</span> <span class="p">.</span><span class="nf">array</span><span class="p">()</span> <span class="p">.</span><span class="nf">items</span><span class="p">(</span><span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">meta</span><span class="p">({</span> <span class="na">xml</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">photoUrl</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}))</span> <span class="p">.</span><span class="nf">meta</span><span class="p">({</span> <span class="na">xml</span><span class="p">:</span> <span class="p">{</span> <span class="na">wrapped</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">})</span> <span class="p">.</span><span class="nf">required</span><span class="p">(),</span> <span class="na">tags</span><span class="p">:</span> <span class="nx">customJoi</span> <span class="p">.</span><span class="nf">array</span><span class="p">()</span> <span class="p">.</span><span class="nf">items</span><span class="p">(</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">number</span><span class="p">().</span><span class="nf">integer</span><span class="p">().</span><span class="nf">meta</span><span class="p">({</span> <span class="na">format</span><span class="p">:</span> <span class="dl">'</span><span class="s1">int64</span><span class="dl">'</span> <span class="p">}),</span> <span class="na">name</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="p">}).</span><span class="nf">meta</span><span class="p">({</span> <span class="na">xml</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">tag</span><span class="dl">'</span> <span class="p">},</span> <span class="p">})</span> <span class="p">)</span> <span class="p">.</span><span class="nf">meta</span><span class="p">({</span> <span class="na">xml</span><span class="p">:</span> <span class="p">{</span> <span class="na">wrapped</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}),</span> <span class="na">status</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">description</span><span class="p">(</span><span class="dl">'</span><span class="s1">pet status in the store</span><span class="dl">'</span><span class="p">).</span><span class="nf">valid</span><span class="p">(</span><span class="dl">'</span><span class="s1">available</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">pending</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">sold</span><span class="dl">'</span><span class="p">),</span> <span class="p">})</span> <span class="p">.</span><span class="nf">meta</span><span class="p">({</span> <span class="na">xml</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">pet</span><span class="dl">'</span> <span class="p">},</span> <span class="p">})</span> <span class="p">.</span><span class="nf">required</span><span class="p">(),</span> <span class="p">},</span> <span class="p">},</span> <span class="na">handler</span><span class="p">:</span> <span class="p">({</span> <span class="nx">payload</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="nx">payload</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>Boom:<br> You now have automatic validation <em>and</em> automatic documentation.<br> <a href="http://localhost:3000/docs/api" rel="noopener noreferrer">Swagger UI</a> will even show examples, which means fewer Slack messages from coworkers asking,</p> <blockquote> <p>“What does this endpoint expect again?”</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvbgokvoz15zxmw8qlhyd.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvbgokvoz15zxmw8qlhyd.png" alt=" " width="800" height="396"></a></p> <h3> Petstore - Update an existing pet (Responses) </h3> <p>Because your API should tell people what it <em>actually does</em>.<br> Here, if the request is valid, the endpoint simply returns the payload.</p> <p>Instead of rewriting your response schemas everywhere (aka the “Copy/Paste Olympics”), Kaapi lets you reference components via Joi metadata:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">route</span><span class="p">({</span> <span class="c1">// ...</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="na">validate</span><span class="p">:</span> <span class="p">{</span> <span class="na">payload</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">number</span><span class="p">().</span><span class="nf">integer</span><span class="p">().</span><span class="nf">example</span><span class="p">(</span><span class="mi">10</span><span class="p">).</span><span class="nf">meta</span><span class="p">({</span> <span class="na">format</span><span class="p">:</span> <span class="dl">'</span><span class="s1">int64</span><span class="dl">'</span> <span class="p">}).</span><span class="nf">required</span><span class="p">(),</span> <span class="na">name</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">example</span><span class="p">(</span><span class="dl">'</span><span class="s1">doggie</span><span class="dl">'</span><span class="p">).</span><span class="nf">required</span><span class="p">(),</span> <span class="na">category</span><span class="p">:</span> <span class="nx">customJoi</span> <span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">number</span><span class="p">().</span><span class="nf">integer</span><span class="p">().</span><span class="nf">example</span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="nf">meta</span><span class="p">({</span> <span class="na">format</span><span class="p">:</span> <span class="dl">'</span><span class="s1">int64</span><span class="dl">'</span> <span class="p">}),</span> <span class="na">name</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">example</span><span class="p">(</span><span class="dl">'</span><span class="s1">Dogs</span><span class="dl">'</span><span class="p">),</span> <span class="p">})</span> <span class="p">.</span><span class="nf">meta</span><span class="p">({</span> <span class="na">ref</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#/components/schemas/Category</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// 👈 here</span> <span class="p">}),</span> <span class="na">photoUrls</span><span class="p">:</span> <span class="nx">customJoi</span> <span class="p">.</span><span class="nf">array</span><span class="p">()</span> <span class="p">.</span><span class="nf">items</span><span class="p">(</span><span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">meta</span><span class="p">({</span> <span class="na">xml</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">photoUrl</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}))</span> <span class="p">.</span><span class="nf">meta</span><span class="p">({</span> <span class="na">xml</span><span class="p">:</span> <span class="p">{</span> <span class="na">wrapped</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">})</span> <span class="p">.</span><span class="nf">required</span><span class="p">(),</span> <span class="na">tags</span><span class="p">:</span> <span class="nx">customJoi</span> <span class="p">.</span><span class="nf">array</span><span class="p">()</span> <span class="p">.</span><span class="nf">items</span><span class="p">(</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">number</span><span class="p">().</span><span class="nf">integer</span><span class="p">().</span><span class="nf">meta</span><span class="p">({</span> <span class="na">format</span><span class="p">:</span> <span class="dl">'</span><span class="s1">int64</span><span class="dl">'</span> <span class="p">}),</span> <span class="na">name</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="p">}).</span><span class="nf">meta</span><span class="p">({</span> <span class="na">xml</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">tag</span><span class="dl">'</span> <span class="p">},</span> <span class="na">ref</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#/components/schemas/Tag</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// 👈 here</span> <span class="p">})</span> <span class="p">)</span> <span class="p">.</span><span class="nf">meta</span><span class="p">({</span> <span class="na">xml</span><span class="p">:</span> <span class="p">{</span> <span class="na">wrapped</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}),</span> <span class="na">status</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">description</span><span class="p">(</span><span class="dl">'</span><span class="s1">pet status in the store</span><span class="dl">'</span><span class="p">).</span><span class="nf">valid</span><span class="p">(</span><span class="dl">'</span><span class="s1">available</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">pending</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">sold</span><span class="dl">'</span><span class="p">),</span> <span class="p">})</span> <span class="p">.</span><span class="nf">meta</span><span class="p">({</span> <span class="na">xml</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">pet</span><span class="dl">'</span> <span class="p">},</span> <span class="na">ref</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#/components/schemas/Pet</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// 👈 here</span> <span class="p">})</span> <span class="p">.</span><span class="nf">required</span><span class="p">(),</span> <span class="p">},</span> <span class="p">},</span> <span class="na">handler</span><span class="p">:</span> <span class="p">({</span> <span class="nx">payload</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="nx">payload</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>Adding <code>meta({ ref: '#/components/schemas/Pet' })</code> registers the schema <code>Pet</code> into <code>#/components/schemas</code>, if it was not already registered. We do the same for <code>Tag</code> and <code>Category</code>.</p> <p>Once registered, documenting responses with <strong>modifiers</strong>, part of Kaapi’s built-in plugins, becomes easy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">ResponseDocsModifier</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="nx">app</span><span class="p">.</span><span class="nf">route</span><span class="p">({</span> <span class="c1">// ...</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="na">validate</span><span class="p">:</span> <span class="p">{</span> <span class="na">payload</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="c1">// ...</span> <span class="p">})</span> <span class="p">.</span><span class="nf">meta</span><span class="p">({</span> <span class="na">xml</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">pet</span><span class="dl">'</span> <span class="p">},</span> <span class="na">ref</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#/components/schemas/Pet</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// 👈 creates schema reference</span> <span class="p">})</span> <span class="p">.</span><span class="nf">required</span><span class="p">(),</span> <span class="p">},</span> <span class="na">plugins</span><span class="p">:</span> <span class="p">{</span> <span class="na">kaapi</span><span class="p">:</span> <span class="p">{</span> <span class="na">docs</span><span class="p">:</span> <span class="p">{</span> <span class="na">modifiers</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">responses</span><span class="p">:</span> <span class="k">new</span> <span class="nc">ResponseDocsModifier</span><span class="p">()</span> <span class="p">.</span><span class="nf">setCode</span><span class="p">(</span><span class="mi">200</span><span class="p">)</span> <span class="p">.</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">'</span><span class="s1">Successful operation</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">addMediaType</span><span class="p">(</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">schema</span><span class="p">:</span> <span class="p">{</span> <span class="na">$ref</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#/components/schemas/Pet</span><span class="dl">'</span> <span class="p">},</span> <span class="c1">// 👈 use reference</span> <span class="p">}),</span> <span class="p">}),</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="c1">// ...</span> <span class="p">});</span> </code></pre> </div> <p>You can also group responses:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">groupResponses</span><span class="p">,</span> <span class="nx">ResponseDocsModifier</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="nx">app</span><span class="p">.</span><span class="nf">route</span><span class="p">({</span> <span class="c1">// ...</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="na">plugins</span><span class="p">:</span> <span class="p">{</span> <span class="na">kaapi</span><span class="p">:</span> <span class="p">{</span> <span class="na">docs</span><span class="p">:</span> <span class="p">{</span> <span class="na">modifiers</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">responses</span><span class="p">:</span> <span class="nf">groupResponses</span><span class="p">(</span> <span class="k">new</span> <span class="nc">ResponseDocsModifier</span><span class="p">()</span> <span class="p">.</span><span class="nf">setCode</span><span class="p">(</span><span class="mi">200</span><span class="p">)</span> <span class="p">.</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">'</span><span class="s1">Bad Request</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">addMediaType</span><span class="p">(</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">schema</span><span class="p">:</span> <span class="p">{</span> <span class="na">$ref</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#/components/schemas/Pet</span><span class="dl">'</span> <span class="p">},</span> <span class="p">}),</span> <span class="k">new</span> <span class="nc">ResponseDocsModifier</span><span class="p">()</span> <span class="p">.</span><span class="nf">setCode</span><span class="p">(</span><span class="mi">400</span><span class="p">)</span> <span class="p">.</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">'</span><span class="s1">Bad Request</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">addMediaType</span><span class="p">(</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">schema</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">object</span><span class="dl">'</span><span class="p">,</span> <span class="na">properties</span><span class="p">:</span> <span class="p">{</span> <span class="na">statusCode</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">number</span><span class="dl">'</span><span class="p">,</span> <span class="na">enum</span><span class="p">:</span> <span class="p">[</span><span class="mi">400</span><span class="p">],</span> <span class="p">},</span> <span class="na">error</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span><span class="p">,</span> <span class="na">enum</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">Bad Request</span><span class="dl">'</span><span class="p">]</span> <span class="p">},</span> <span class="na">message</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span> <span class="p">},</span> <span class="p">},</span> <span class="na">required</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">statusCode</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">],</span> <span class="p">},</span> <span class="p">}),</span> <span class="k">new</span> <span class="nc">ResponseDocsModifier</span><span class="p">().</span><span class="nf">setCode</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">'</span><span class="s1">Pet not found</span><span class="dl">'</span><span class="p">),</span> <span class="k">new</span> <span class="nc">ResponseDocsModifier</span><span class="p">().</span><span class="nf">setCode</span><span class="p">(</span><span class="mi">415</span><span class="p">).</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unsupported Media Type</span><span class="dl">'</span><span class="p">),</span> <span class="k">new</span> <span class="nc">ResponseDocsModifier</span><span class="p">()</span> <span class="p">.</span><span class="nf">setDefault</span><span class="p">(</span><span class="kc">true</span><span class="p">)</span> <span class="p">.</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unexpected error</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">addMediaType</span><span class="p">(</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">schema</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">object</span><span class="dl">'</span><span class="p">,</span> <span class="na">properties</span><span class="p">:</span> <span class="p">{</span> <span class="na">statusCode</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">number</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">error</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span> <span class="p">},</span> <span class="na">message</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span> <span class="p">},</span> <span class="p">},</span> <span class="na">required</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">statusCode</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">],</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> <span class="p">),</span> <span class="p">}),</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="c1">// ...</span> <span class="p">});</span> </code></pre> </div> <h3> Reusing Shared Responses </h3> <p>Since we’ll probably reuse some responses (like <code>400 Bad Request</code>) across multiple routes, it’s better to define them once:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">ResponseDocsModifier</span><span class="p">,</span> <span class="nx">SchemaModifier</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Error schema</span> <span class="kd">const</span> <span class="nx">errorSchema</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SchemaModifier</span><span class="p">(</span><span class="dl">'</span><span class="s1">Error</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">object</span><span class="dl">'</span><span class="p">,</span> <span class="na">properties</span><span class="p">:</span> <span class="p">{</span> <span class="na">statusCode</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">number</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">error</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span> <span class="p">},</span> <span class="na">message</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span> <span class="p">},</span> <span class="p">},</span> <span class="na">required</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">statusCode</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">],</span> <span class="p">});</span> <span class="c1">// BadRequestResponse response</span> <span class="kd">const</span> <span class="nx">badRequestResponse</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ResponseDocsModifier</span><span class="p">(</span><span class="dl">'</span><span class="s1">BadRequestResponse</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">'</span><span class="s1">Bad Request</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">addMediaType</span><span class="p">(</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">schema</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">object</span><span class="dl">'</span><span class="p">,</span> <span class="na">properties</span><span class="p">:</span> <span class="p">{</span> <span class="na">statusCode</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">number</span><span class="dl">'</span><span class="p">,</span> <span class="na">enum</span><span class="p">:</span> <span class="p">[</span><span class="mi">400</span><span class="p">],</span> <span class="p">},</span> <span class="na">error</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span><span class="p">,</span> <span class="na">enum</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">Bad Request</span><span class="dl">'</span><span class="p">]</span> <span class="p">},</span> <span class="na">message</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span> <span class="p">},</span> <span class="p">},</span> <span class="na">required</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">statusCode</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">],</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <p>Register them globally:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">groupResponses</span><span class="p">,</span> <span class="nx">Kaapi</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="c1">// ...</span> <span class="na">docs</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="na">schemas</span><span class="p">:</span> <span class="p">[</span><span class="nx">errorSchema</span><span class="p">],</span> <span class="c1">// 👈 register schemas</span> <span class="na">responses</span><span class="p">:</span> <span class="nf">groupResponses</span><span class="p">(</span><span class="nx">badRequestResponse</span><span class="p">),</span> <span class="c1">// 👈 register responses</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <p>Then reuse them:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">groupResponses</span><span class="p">,</span> <span class="nx">MediaTypeModifier</span><span class="p">,</span> <span class="nx">ResponseDocsModifier</span><span class="p">,</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// endpoint</span> <span class="nx">app</span><span class="p">.</span><span class="nf">route</span><span class="p">({</span> <span class="c1">// ...</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="na">plugins</span><span class="p">:</span> <span class="p">{</span> <span class="na">kaapi</span><span class="p">:</span> <span class="p">{</span> <span class="na">docs</span><span class="p">:</span> <span class="p">{</span> <span class="na">modifiers</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">responses</span><span class="p">:</span> <span class="nf">groupResponses</span><span class="p">(</span> <span class="k">new</span> <span class="nc">ResponseDocsModifier</span><span class="p">()</span> <span class="p">.</span><span class="nf">setCode</span><span class="p">(</span><span class="mi">200</span><span class="p">)</span> <span class="p">.</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">'</span><span class="s1">Successful operation</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">addMediaType</span><span class="p">(</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">schema</span><span class="p">:</span> <span class="p">{</span> <span class="na">$ref</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#/components/schemas/Pet</span><span class="dl">'</span> <span class="p">},</span> <span class="p">}),</span> <span class="nx">badRequestResponse</span><span class="p">.</span><span class="nf">withContext</span><span class="p">().</span><span class="nf">setCode</span><span class="p">(</span><span class="mi">400</span><span class="p">),</span> <span class="c1">// 👈 use response in this route context</span> <span class="k">new</span> <span class="nc">ResponseDocsModifier</span><span class="p">().</span><span class="nf">setCode</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">'</span><span class="s1">Pet not found</span><span class="dl">'</span><span class="p">),</span> <span class="k">new</span> <span class="nc">ResponseDocsModifier</span><span class="p">().</span><span class="nf">setCode</span><span class="p">(</span><span class="mi">415</span><span class="p">).</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unsupported Media Type</span><span class="dl">'</span><span class="p">),</span> <span class="k">new</span> <span class="nc">ResponseDocsModifier</span><span class="p">()</span> <span class="p">.</span><span class="nf">setDefault</span><span class="p">(</span><span class="kc">true</span><span class="p">)</span> <span class="p">.</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unexpected error</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">addMediaType</span><span class="p">(</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="k">new</span> <span class="nc">MediaTypeModifier</span><span class="p">({</span> <span class="na">schema</span><span class="p">:</span> <span class="nx">errorSchema</span> <span class="p">}))</span> <span class="c1">// 👈 use schema</span> <span class="p">),</span> <span class="p">}),</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="c1">// ...</span> <span class="p">});</span> </code></pre> </div> <p>Less schema duplication. More happiness.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fypm7nqpu1ld30bwdcu3l.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fypm7nqpu1ld30bwdcu3l.png" alt=" " width="800" height="265"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F28sdxapn4jx9bkmpawpk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F28sdxapn4jx9bkmpawpk.png" alt=" " width="800" height="483"></a></p> <h3> A Note on XML Support </h3> <p>So... we are done for this route but here’s the unfortunate truth:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">allow</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">application/x-www-form-urlencoded</span><span class="dl">'</span><span class="p">],</span> </code></pre> </div> <p>Unlike the original <a href="https://github.com/swagger-api/swagger-petstore/blob/master/src/main/resources/openapi.yaml" rel="noopener noreferrer">Swagger Petstore API</a>, our example does not support <code>application/xml</code>, even though our schemas include XML metadata.<br> So why not do it? Because by default, payloads are parsed into JSON for validation. <br> Disabling parsing means disabling <strong>Joi</strong> validation and auto-generated docs.<br> In short:</p> <ul> <li>disabling JSON parsing = disabling Joi</li> <li>disabling Joi = sadness <em>or</em> disabling auto-generated docs</li> </ul> <p>But don’t worry, it is possible to disable parsing and manually document payloads, but to keep the example simple, we skipped it.</p> <p>Instead, let's check it out in the next example.</p> <h3> Petstore - Uploads an image </h3> <p>File uploads should <em>not</em> be parsed into JSON (<em>and they can't be anyway</em>). For this route we will:</p> <ul> <li>disable automatic parsing</li> <li>manually validate the uploaded file type (PNG/JPEG)</li> <li>describe the request body manually using <code>RequestBodyDocsModifier</code> </li> </ul> <p>Here is the result:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">Boom</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@hapi/boom</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">groupResponses</span><span class="p">,</span> <span class="nx">Kaapi</span><span class="p">,</span> <span class="nx">MediaTypeModifier</span><span class="p">,</span> <span class="nx">RequestBodyDocsModifier</span><span class="p">,</span> <span class="nx">ResponseDocsModifier</span><span class="p">,</span> <span class="nx">SchemaModifier</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">Joi</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">joi</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">Stream</span><span class="p">,</span> <span class="p">{</span> <span class="nx">PassThrough</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">node:stream</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// ...</span> <span class="nx">app</span><span class="p">.</span><span class="nx">route</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">Params</span><span class="p">:</span> <span class="p">{</span> <span class="na">petId</span><span class="p">:</span> <span class="kr">number</span> <span class="p">};</span> <span class="nl">Payload</span><span class="p">:</span> <span class="nx">Stream</span><span class="p">.</span><span class="nx">Readable</span><span class="p">;</span> <span class="nl">Query</span><span class="p">:</span> <span class="p">{</span> <span class="nx">additionalMetadata</span><span class="p">?:</span> <span class="kr">string</span> <span class="p">}</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/pet/{petId}/uploadImage</span><span class="dl">'</span><span class="p">,</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="na">tags</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">pet</span><span class="dl">'</span><span class="p">],</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Uploads an image.</span><span class="dl">'</span><span class="p">,</span> <span class="na">notes</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">Upload image of the pet.</span><span class="dl">'</span><span class="p">],</span> <span class="na">payload</span><span class="p">:</span> <span class="p">{</span> <span class="na">allow</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">application/octet-stream</span><span class="dl">'</span><span class="p">],</span> <span class="na">output</span><span class="p">:</span> <span class="dl">'</span><span class="s1">stream</span><span class="dl">'</span><span class="p">,</span> <span class="na">maxBytes</span><span class="p">:</span> <span class="mi">1024</span> <span class="o">*</span> <span class="mi">2000</span><span class="p">,</span> <span class="na">multipart</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">parse</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="c1">// 👈 disable auto parsing</span> <span class="p">},</span> <span class="na">validate</span><span class="p">:</span> <span class="p">{</span> <span class="na">params</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">petId</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">number</span><span class="p">().</span><span class="nf">integer</span><span class="p">().</span><span class="nf">description</span><span class="p">(</span><span class="dl">'</span><span class="s1">ID of pet to update</span><span class="dl">'</span><span class="p">).</span><span class="nf">meta</span><span class="p">({</span> <span class="na">format</span><span class="p">:</span> <span class="dl">'</span><span class="s1">int64</span><span class="dl">'</span> <span class="p">}).</span><span class="nf">required</span><span class="p">(),</span> <span class="p">}),</span> <span class="na">query</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">additionalMetadata</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">description</span><span class="p">(</span><span class="dl">'</span><span class="s1">Additional Metadata</span><span class="dl">'</span><span class="p">),</span> <span class="p">}),</span> <span class="p">},</span> <span class="na">plugins</span><span class="p">:</span> <span class="p">{</span> <span class="na">kaapi</span><span class="p">:</span> <span class="p">{</span> <span class="na">docs</span><span class="p">:</span> <span class="p">{</span> <span class="na">modifiers</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="c1">// 👇 payload schema definition</span> <span class="na">requestBody</span><span class="p">:</span> <span class="k">new</span> <span class="nc">RequestBodyDocsModifier</span><span class="p">().</span><span class="nf">addMediaType</span><span class="p">(</span><span class="dl">'</span><span class="s1">application/octet-stream</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">schema</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span><span class="p">,</span> <span class="na">contentMediaType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/octet-stream</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">}),</span> <span class="na">responses</span><span class="p">:</span> <span class="nf">groupResponses</span><span class="p">(</span> <span class="k">new</span> <span class="nc">ResponseDocsModifier</span><span class="p">().</span><span class="nf">setCode</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">'</span><span class="s1">successful operation</span><span class="dl">'</span><span class="p">),</span> <span class="nx">badRequestResponse</span><span class="p">.</span><span class="nf">withContext</span><span class="p">().</span><span class="nf">setCode</span><span class="p">(</span><span class="mi">400</span><span class="p">),</span> <span class="k">new</span> <span class="nc">ResponseDocsModifier</span><span class="p">().</span><span class="nf">setCode</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">'</span><span class="s1">Pet not found</span><span class="dl">'</span><span class="p">),</span> <span class="k">new</span> <span class="nc">ResponseDocsModifier</span><span class="p">()</span> <span class="p">.</span><span class="nf">setDefault</span><span class="p">(</span><span class="kc">true</span><span class="p">)</span> <span class="p">.</span><span class="nf">setDescription</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unexpected error</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">addMediaType</span><span class="p">(</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="k">new</span> <span class="nc">MediaTypeModifier</span><span class="p">({</span> <span class="na">schema</span><span class="p">:</span> <span class="nx">errorSchema</span> <span class="p">}))</span> <span class="p">),</span> <span class="p">}),</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="na">handler</span><span class="p">:</span> <span class="k">async </span><span class="p">({</span> <span class="na">params</span><span class="p">:</span> <span class="p">{</span> <span class="nx">petId</span> <span class="p">},</span> <span class="nx">payload</span><span class="p">,</span> <span class="na">query</span><span class="p">:</span> <span class="p">{</span> <span class="nx">additionalMetadata</span> <span class="p">}</span> <span class="p">},</span> <span class="nx">h</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">app</span><span class="p">.</span><span class="nx">log</span><span class="p">.</span><span class="nf">debug</span><span class="p">(</span><span class="s2">`[uploadFile] petId: </span><span class="p">${</span><span class="nx">petId</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nx">log</span><span class="p">.</span><span class="nf">debug</span><span class="p">(</span><span class="s2">`[uploadFile] additionalMetadata: </span><span class="p">${</span><span class="nx">additionalMetadata</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="c1">// validate file signature (PNG/JPG) and stream it back</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">((</span><span class="nx">resolve</span><span class="p">,</span> <span class="nx">reject</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Collect first few bytes for validation</span> <span class="kd">let</span> <span class="nx">buffer</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="nf">alloc</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">validated</span> <span class="o">=</span> <span class="kc">false</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">pass</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PassThrough</span><span class="p">();</span> <span class="nx">payload</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">data</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">chunk</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">validated</span><span class="p">)</span> <span class="p">{</span> <span class="nx">buffer</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="nf">concat</span><span class="p">([</span><span class="nx">buffer</span><span class="p">,</span> <span class="nx">chunk</span><span class="p">]);</span> <span class="k">if </span><span class="p">(</span><span class="nx">buffer</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;=</span> <span class="mi">8</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">header</span> <span class="o">=</span> <span class="nx">buffer</span><span class="p">.</span><span class="nf">subarray</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">8</span><span class="p">);</span> <span class="c1">// PNG/JPG check</span> <span class="kd">const</span> <span class="nx">pngSig</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">([</span><span class="mh">0x89</span><span class="p">,</span> <span class="mh">0x50</span><span class="p">,</span> <span class="mh">0x4e</span><span class="p">,</span> <span class="mh">0x47</span><span class="p">,</span> <span class="mh">0x0d</span><span class="p">,</span> <span class="mh">0x0a</span><span class="p">,</span> <span class="mh">0x1a</span><span class="p">,</span> <span class="mh">0x0a</span><span class="p">]);</span> <span class="kd">const</span> <span class="nx">jpegSig</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">([</span><span class="mh">0xff</span><span class="p">,</span> <span class="mh">0xd8</span><span class="p">]);</span> <span class="k">if </span><span class="p">(</span><span class="nx">header</span><span class="p">.</span><span class="nf">equals</span><span class="p">(</span><span class="nx">pngSig</span><span class="p">)</span> <span class="o">||</span> <span class="nx">header</span><span class="p">.</span><span class="nf">subarray</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">2</span><span class="p">).</span><span class="nf">equals</span><span class="p">(</span><span class="nx">jpegSig</span><span class="p">))</span> <span class="p">{</span> <span class="nx">validated</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">h</span><span class="p">.</span><span class="nf">response</span><span class="p">(</span><span class="nx">pass</span><span class="p">).</span><span class="nf">type</span><span class="p">(</span><span class="nx">header</span><span class="p">.</span><span class="nf">equals</span><span class="p">(</span><span class="nx">pngSig</span><span class="p">)</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">image/png</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">image/jpeg</span><span class="dl">'</span><span class="p">));</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">payload</span><span class="p">.</span><span class="nf">unpipe</span><span class="p">(</span><span class="nx">pass</span><span class="p">);</span> <span class="c1">// Drain the rest of the stream so client doesn't hang</span> <span class="nx">payload</span><span class="p">.</span><span class="nf">resume</span><span class="p">();</span> <span class="k">return</span> <span class="nf">reject</span><span class="p">(</span><span class="nx">Boom</span><span class="p">.</span><span class="nf">badRequest</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid file type</span><span class="dl">'</span><span class="p">));</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">pass</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="nx">chunk</span><span class="p">);</span> <span class="p">});</span> <span class="nx">payload</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">end</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">app</span><span class="p">.</span><span class="nx">log</span><span class="p">.</span><span class="nf">debug</span><span class="p">(</span><span class="dl">'</span><span class="s1">[uploadFile] Done parsing payload!</span><span class="dl">'</span><span class="p">);</span> <span class="nx">pass</span><span class="p">.</span><span class="nf">end</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">buffer</span><span class="p">.</span><span class="nx">length</span> <span class="o">&lt;</span> <span class="mi">8</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">reject</span><span class="p">(</span><span class="nx">Boom</span><span class="p">.</span><span class="nf">badRequest</span><span class="p">(</span><span class="dl">'</span><span class="s1">No file uploaded</span><span class="dl">'</span><span class="p">));</span> <span class="p">}</span> <span class="p">});</span> <span class="p">});</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2q24k0qw5ja8azz2u7xk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2q24k0qw5ja8azz2u7xk.png" alt=" " width="800" height="522"></a></p> <p>With that, we’ve covered the core of API documentation in Kaapi.</p> <h2> Source Code </h2> <p>Where all the magic came from (and where you can go judge my code):</p> <p>👉 <strong><a href="https://github.com/shygyver/kaapi-monorepo-playground" rel="noopener noreferrer">github.com/shygyver/kaapi-monorepo-playground</a></strong><br> The app demonstrated here is named <strong>documentation-app</strong>.<br> See the README for instructions on running it.</p> <p>Stay tuned for more! Kaapi still has more features to show off!</p> <p>📦 <strong>Get started now</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @kaapi/kaapi </code></pre> </div> <p>🔗 <strong>Learn more:</strong> <a href="https://github.com/demingongo/kaapi/wiki" rel="noopener noreferrer">github.com/demingongo/kaapi/wiki</a></p> typescript node openapi postman Building Modern Backends with Kaapi: Introduction & Getting Started ShyGyver Wed, 26 Nov 2025 18:43:32 +0000 https://forem.com/shygyver/building-modern-backends-with-kaapi-introduction-getting-started-2199 https://forem.com/shygyver/building-modern-backends-with-kaapi-introduction-getting-started-2199 <blockquote> <p>Kaapi: A flexible, extensible backend framework for modern APIs with messaging, documentation, and type safety built right in.<br><br> This series is written for backend developers who love TypeScript and can appreciate Hapi’s design philosophy.</p> </blockquote> <h2> What Is Kaapi? </h2> <p><strong>Kaapi</strong> (<code>@kaapi/kaapi</code>) is a <strong>TypeScript-first backend framework</strong> built on top of <a href="https://hapi.dev/" rel="noopener noreferrer">Hapi.js</a>.<br><br> It gives you a clean foundation for building <strong>modular, documented, and message-driven APIs</strong> without the boilerplate.</p> <p>Think of it as Hapi, but with:</p> <ul> <li> <strong>Type safety</strong> throughout</li> <li> <strong>Messaging</strong> support (Kafka-ready)</li> <li><strong>Auto-generated OpenAPI &amp; Postman docs</strong></li> <li> <strong>Built-in logging</strong> via Winston</li> </ul> <p>So not <strong>"Yet again a new Nodejs framework this year!"</strong> in case your were thinking that (<em>I know you did</em>) but rather a <strong>practical evolution</strong>: the same trusted Hapi core, now supercharged.<br><br> It’s about cutting boilerplate, not reinventing the wheel.</p> <h2> ⚙️ Installation </h2> <p>Install it from npm:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @kaapi/kaapi </code></pre> </div> <h2> 🚀 Your First Kaapi Application </h2> <p>Kaapi is built on <strong>Hapi</strong>, so everything you know from Hapi still works; but Kaapi adds higher-level ergonomics.</p> <p>Here’s the simplest working server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Kaapi</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">init</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="na">port</span><span class="p">:</span> <span class="mi">3000</span><span class="p">,</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">localhost</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">🚀 Server running at:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">app</span><span class="p">.</span><span class="nf">base</span><span class="p">().</span><span class="nx">info</span><span class="p">.</span><span class="nx">uri</span><span class="p">);</span> <span class="p">};</span> <span class="nf">init</span><span class="p">();</span> </code></pre> </div> <ul> <li> <code>app.listen()</code> starts the server</li> <li> <code>app.base()</code> gives access to the underlying Hapi server</li> </ul> <h2> Routing </h2> <p>Routing feels familiar, declarative and type-safe:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">route</span><span class="p">({</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="dl">'</span><span class="s1">Hello World!</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>Want a custom 404? Just register an empty route config:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">route</span><span class="p">({},</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">h</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">h</span><span class="p">.</span><span class="nf">response</span><span class="p">(</span><span class="dl">'</span><span class="s1">404 Not Found</span><span class="dl">'</span><span class="p">).</span><span class="nf">code</span><span class="p">(</span><span class="mi">404</span><span class="p">));</span> </code></pre> </div> <p>The <code>{}</code> route acts as a global catch-all; simple and intuitive.</p> <h2> Logging Made Easy </h2> <p>Kaapi comes with <a href="https://www.npmjs.com/package/winston" rel="noopener noreferrer">Winston</a> out of the box.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nx">log</span><span class="p">.</span><span class="nf">silly</span><span class="p">(</span><span class="dl">'</span><span class="s1">This is mindless</span><span class="dl">'</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nx">log</span><span class="p">.</span><span class="nf">debug</span><span class="p">(</span><span class="dl">'</span><span class="s1">Debugging</span><span class="dl">'</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nx">log</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="dl">'</span><span class="s1">Server started</span><span class="dl">'</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nx">log</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="dl">'</span><span class="s1">This is a warning</span><span class="dl">'</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nx">log</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Something went wrong</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>Or define your own logger:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">winston</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">winston</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createLogger</span><span class="p">,</span> <span class="nx">Kaapi</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@kaapi/kaapi</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">logger</span> <span class="o">=</span> <span class="nf">createLogger</span><span class="p">({</span> <span class="na">level</span><span class="p">:</span> <span class="dl">'</span><span class="s1">info</span><span class="dl">'</span><span class="p">,</span> <span class="na">transports</span><span class="p">:</span> <span class="p">[</span><span class="k">new</span> <span class="nx">winston</span><span class="p">.</span><span class="nx">transports</span><span class="p">.</span><span class="nc">Console</span><span class="p">()],</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Kaapi</span><span class="p">({</span> <span class="nx">logger</span> <span class="p">});</span> </code></pre> </div> <h2> Built-in API Documentation </h2> <p>Kaapi automatically generates <strong>OpenAPI</strong> + <strong>Postman</strong> docs.<br> Once your server runs, open:</p> <ul> <li> <a href="http://localhost:3000/docs/api" rel="noopener noreferrer"><code>/docs/api</code></a> → Swagger UI</li> <li> <a href="http://localhost:3000/docs/api/schema" rel="noopener noreferrer"><code>/docs/api/schema</code></a> → OpenAPI JSON</li> <li> <a href="http://localhost:3000/docs/api/schema?format=postman" rel="noopener noreferrer"><code>/docs/api/schema?format=postman</code></a> → Postman collection</li> </ul> <p>Everything comes from your routes and Joi validations; no manual Swagger config.</p> <p>Example route:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">Joi</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">joi</span><span class="dl">'</span><span class="p">;</span> <span class="nx">app</span><span class="p">.</span><span class="nx">route</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">Query</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">({</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Greet someone</span><span class="dl">'</span><span class="p">,</span> <span class="na">tags</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">Index</span><span class="dl">'</span><span class="p">],</span> <span class="na">validate</span><span class="p">:</span> <span class="p">{</span> <span class="na">query</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">()</span> <span class="p">.</span><span class="nf">trim</span><span class="p">()</span> <span class="p">.</span><span class="k">default</span><span class="p">(</span><span class="dl">'</span><span class="s1">World</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">description</span><span class="p">(</span><span class="dl">'</span><span class="s1">Optional name to personalize the greeting response</span><span class="dl">'</span><span class="p">),</span> <span class="p">}),</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">({</span> <span class="na">query</span><span class="p">:</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">}</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="s2">`Hello </span><span class="p">${</span><span class="nx">name</span><span class="p">}</span><span class="s2">!`</span><span class="p">);</span> </code></pre> </div> <h2> What’s Coming Next </h2> <p>This article is just the start of the <strong>Kaapi series</strong>.<br> In upcoming parts, we’ll dive into the interesting subjects:</p> <ul> <li>the configuration and documentation generation (OpenAPI, Postman, SwaggerUI)</li> <li>Request data validation (with Arktype, Joi, Valibot, Zod)</li> <li>Authentication with Auth Designs (Basic, API Key, OAuth2)</li> <li>Messaging with Kafka and Event-Driven Architectures</li> <li>Testing and Deployment Tips</li> </ul> <p>📦 <strong>Get started now</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @kaapi/kaapi </code></pre> </div> <p>🔗 <strong>Learn more:</strong> <a href="https://github.com/demingongo/kaapi/wiki" rel="noopener noreferrer">github.com/demingongo/kaapi/wiki</a></p> typescript node backend framework To an Old Friend: A Goodbye to Windows ShyGyver Mon, 13 Oct 2025 18:28:07 +0000 https://forem.com/shygyver/to-an-old-friend-a-goodbye-to-windows-j0 https://forem.com/shygyver/to-an-old-friend-a-goodbye-to-windows-j0 <h1> To an Old Friend: A Goodbye to Windows </h1> <p><strong>We were there.</strong></p> <p>You were my first real OS. The one I crashed with bad C code, froze with my broken C++ while learning OpenGL, and probably abused a bit more than I should have with pirated tools I didn’t fully understand. But you were patient with me. You let me mess up. You let me learn.</p> <p>I didn’t know it at the time, but those freezes and crashes were my first lessons in programming, system design, and responsibility. I wasn’t just learning code, I was learning how computers <em>behave</em> when humans get it wrong.</p> <p>You were there during my curiosity phase, my mistakes, my breakthroughs. You saw the worst code I ever wrote and the first things I was truly proud of. You gave me the space to become who I am now.</p> <p>But we’ve grown apart.</p> <p>I still remember Windows 7 like it was yesterday: stable, respectful, customizable. Windows 10, for all its noise, still gave me room to breathe. But now, Windows 11… it’s not you anymore. It’s not me either. It’s a platform built for a different kind of user, with different priorities.</p> <p>I’ve found other places that support who I am now. Systems that don’t reset my settings, track my actions, or try to push things I didn’t ask for. They don’t feel nostalgic. But they feel <em>right</em>.</p> <p>Still, I won’t forget you. Not the crashes, not the late nights, not the joy of making something work for the first time.</p> <p>So this isn’t bitterness.<br><br> It’s a handshake, a nod, a “thanks for everything.” </p> <p>We may still cross paths now and then, maybe once a year, for that one app that still won’t run anywhere else. But the truth is, I’ve moved on.</p> <p><strong>We were there.</strong><br><br> And I’m glad we were.</p> windows linux programming nostalgia Generate documentation with @novice1/api-doc-generator: Part 1 ShyGyver Wed, 03 Jan 2024 00:26:50 +0000 https://forem.com/shygyver/generate-documentation-with-novice1api-doc-generator-part-1-3kj0 https://forem.com/shygyver/generate-documentation-with-novice1api-doc-generator-part-1-3kj0 <p>In the previous articles, we went through:</p> <ul> <li>how to create a Rest API with <a href="https://www.npmjs.com/package/@novice1/app" rel="noopener noreferrer">@novice1/app</a> </li> <li>how to validate request data with <a href="https://www.npmjs.com/package/@novice1/validator-joi" rel="noopener noreferrer">@novice1/validator-joi</a> </li> </ul> <p>Now we wish to use the API for ourself or give an access for other people to use. For that we are missing something of fundamental importance: <strong>documentation</strong>.</p> <p>Let us be real, during my years as a developer, I never met anyone who liked writing documentation. That does not mean that it's not necessary to do so.<br> For a REST API, a schema of the API can be very useful and self explanatory. There are multiple schema specifications like <a href="https://swagger.io/specification/" rel="noopener noreferrer">OpenAPI</a> and <a href="https://schema.postman.com/" rel="noopener noreferrer">Postman</a>. <strong><a href="https://www.npmjs.com/package/@novice1/api-doc-generator" rel="noopener noreferrer">@novice1/api-doc-generator</a></strong> covers them both.</p> <p>With <strong><a href="https://www.npmjs.com/package/@novice1/api-doc-generator" rel="noopener noreferrer">@novice1/api-doc-generator</a></strong>, you can easily generate an <strong>OpenAPI</strong> and/or <strong>Postman</strong> schema from your application. That package is quite complete, covers all cases and has a <a href="https://kisiwu.github.io/novice-api-doc-generator/latest/index.html" rel="noopener noreferrer">reference sheet</a> for its usage.</p> <p>In this article we will see how to generate an OpenAPI schema with <strong><a href="https://www.npmjs.com/package/@novice1/api-doc-generator" rel="noopener noreferrer">@novice1/api-doc-generator</a></strong> for a simple REST API.</p> <h2> Create the service </h2> <p>Let's install the dependencies<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm i @novice1/api-doc-generator yamljs npm i <span class="nt">--save-dev</span> @types/yamljs </code></pre> </div> <p>and create the service that will generate the documentation</p> <p><em>src/services/openapi/generator.ts</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">OpenAPI</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@novice1/api-doc-generator</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">EXTERNAL_PORT</span><span class="p">,</span> <span class="nx">EXTERNAL_PROTOCOL</span><span class="p">,</span> <span class="nx">HOSTNAME</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../../config/server</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">openAPIGenerator</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">OpenAPI</span><span class="p">()</span> <span class="p">.</span><span class="nf">setTitle</span><span class="p">(</span><span class="dl">'</span><span class="s1">API DOC</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">setHost</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">EXTERNAL_PROTOCOL</span><span class="p">}</span><span class="s2">://</span><span class="p">${</span><span class="nx">HOSTNAME</span><span class="p">}${</span><span class="nx">EXTERNAL_PORT</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">:</span><span class="dl">'</span><span class="o">+</span><span class="nx">EXTERNAL_PORT</span> <span class="p">:</span> <span class="dl">''</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="p">.</span><span class="nf">setConsumes</span><span class="p">([</span><span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">])</span> <span class="p">.</span><span class="nf">setTags</span><span class="p">([</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">default</span><span class="dl">'</span><span class="p">,</span> <span class="na">externalDocs</span><span class="p">:</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Find more info here</span><span class="dl">'</span><span class="p">,</span> <span class="na">url</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://swagger.io/specification/</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}</span> <span class="p">])</span> </code></pre> </div> <h2> Access documentation </h2> <p>Using @novice1/app, the app provides metadata. Those are used to generate the REST API schema.</p> <p><em>src/index.ts</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">logger</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@novice1/logger</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">app</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./app</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">httpError</span><span class="p">,</span> <span class="nx">httpNotFound</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./middlewares/http</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">PORT</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./config/server</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">openAPIGenerator</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./services/openapi/generator</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// 404</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">httpNotFound</span><span class="p">);</span> <span class="c1">// error</span> <span class="nx">app</span><span class="p">.</span><span class="nf">useError</span><span class="p">(</span><span class="nx">httpError</span><span class="p">);</span> <span class="c1">// start server</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">PORT</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="dl">'</span><span class="s1">Application running on port</span><span class="dl">'</span><span class="p">,</span> <span class="nx">PORT</span><span class="p">)</span> <span class="cm">/** * Add app metadata to API documentation generator */</span> <span class="nx">openAPIGenerator</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="nx">app</span><span class="p">.</span><span class="nx">meta</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <p>Create a route that renders the schema:</p> <p><em>src/routes/documentation.ts</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">routing</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@novice1/routing</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">Joi</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">joi</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">YAML</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">yamljs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">openAPIGenerator</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../services/openapi/generator</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="nf">routing</span><span class="p">().</span><span class="nf">get</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/documentation</span><span class="dl">'</span><span class="p">,</span> <span class="na">parameters</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// query</span> <span class="na">query</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">object</span><span class="p">().</span><span class="nf">keys</span><span class="p">({</span> <span class="na">json</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">boolean</span><span class="p">().</span><span class="k">default</span><span class="p">(</span><span class="kc">false</span><span class="p">)</span> <span class="p">}),</span> <span class="c1">// do not put this route in the documentation </span> <span class="na">undoc</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">},</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Get the JSON schema</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="nx">openAPIGenerator</span><span class="p">.</span><span class="nf">result</span><span class="p">()</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">req</span><span class="p">.</span><span class="nx">query</span><span class="p">.</span><span class="nx">json</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// respond with a yaml schema</span> <span class="nx">res</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">text/plain</span><span class="dl">'</span><span class="p">)</span> <span class="nx">res</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="nx">YAML</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">result</span><span class="p">,</span> <span class="mi">10</span><span class="p">,</span> <span class="mi">2</span><span class="p">))</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c1">// respond with the JSON schema</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">result</span><span class="p">)</span> <span class="p">}</span> <span class="p">})</span> </code></pre> </div> <p>And register it with the other routers:</p> <p><em>src/routes/index.ts</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">corsOptions</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./cors-options</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">documentation</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./documentation</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">helloWorld</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./hello-world</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">items</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./items</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// all routers</span> <span class="k">export</span> <span class="k">default</span> <span class="p">[</span> <span class="nx">corsOptions</span><span class="p">,</span> <span class="nx">documentation</span><span class="p">,</span> <span class="nx">helloWorld</span><span class="p">,</span> <span class="nx">items</span> <span class="p">]</span> </code></pre> </div> <p>Now, we run the application to see if we have access to the schema at <a href="http://localhost:8080/documentation" rel="noopener noreferrer">http://localhost:8080/documentation</a>.</p> <p>For development:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run dev </code></pre> </div> <p>For production:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run lint npm run build npm start </code></pre> </div> <p>It should render the schema in yaml format. To get the json format, we can set the following query string in the url <code>?json=true</code>.</p> <p>The schema can be copied and pasted to the <a href="https://editor.swagger.io/" rel="noopener noreferrer">Swagger Editor</a> to get a UI to test your API.</p> <h2> Render swagger UI </h2> <p>If you want your API to not just serve the schema but also the UI, you can install the following dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm i swagger-ui-express npm i <span class="nt">--save-dev</span> @types/swagger-ui-express </code></pre> </div> <p>and change the route that serves the documentation like so:</p> <p><em>src/routes/documentation.ts</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">routing</span><span class="p">,</span> <span class="p">{</span> <span class="nx">RequestHandler</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@novice1/routing</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">Joi</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">joi</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">YAML</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">yamljs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">swaggerUi</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">swagger-ui-express</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">openAPIGenerator</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../services/openapi/generator</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">swaggerUIController</span><span class="p">:</span> <span class="nx">RequestHandler</span> <span class="o">=</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">swaggerDocument</span> <span class="o">=</span> <span class="nx">openAPIGenerator</span><span class="p">.</span><span class="nf">result</span><span class="p">()</span> <span class="k">return</span> <span class="nx">swaggerUi</span><span class="p">.</span><span class="nf">setup</span><span class="p">(</span><span class="nx">swaggerDocument</span><span class="p">)(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">swaggerRouter</span> <span class="o">=</span> <span class="nf">routing</span><span class="p">()</span> <span class="p">.</span><span class="nf">get</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="na">parameters</span><span class="p">:</span> <span class="p">{</span> <span class="na">undoc</span><span class="p">:</span> <span class="kc">true</span> <span class="p">},</span> <span class="p">},</span> <span class="nx">swaggerUIController</span><span class="p">)</span> <span class="p">.</span><span class="nf">get</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/schema</span><span class="dl">'</span><span class="p">,</span> <span class="na">parameters</span><span class="p">:</span> <span class="p">{</span> <span class="na">query</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">object</span><span class="p">().</span><span class="nf">keys</span><span class="p">({</span> <span class="na">json</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">boolean</span><span class="p">().</span><span class="k">default</span><span class="p">(</span><span class="kc">false</span><span class="p">),</span> <span class="p">}).</span><span class="nf">options</span><span class="p">({</span> <span class="na">allowUnknown</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">stripUnknown</span><span class="p">:</span> <span class="kc">false</span> <span class="p">}),</span> <span class="na">undoc</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">},</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="nx">openAPIGenerator</span><span class="p">.</span><span class="nf">result</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">req</span><span class="p">.</span><span class="nx">query</span><span class="p">.</span><span class="nx">json</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">text/plain</span><span class="dl">'</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="nx">YAML</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">result</span><span class="p">,</span> <span class="mi">10</span><span class="p">,</span> <span class="mi">2</span><span class="p">));</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">result</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="k">export</span> <span class="k">default</span> <span class="nf">routing</span><span class="p">().</span><span class="nf">use</span><span class="p">(</span><span class="dl">'</span><span class="s1">/documentation</span><span class="dl">'</span><span class="p">,</span> <span class="nx">swaggerUi</span><span class="p">.</span><span class="nx">serve</span><span class="p">,</span> <span class="nx">swaggerRouter</span> <span class="p">);</span> </code></pre> </div> <p>That way, your API will serve the UI <em>(html)</em> at <code>/documentation</code> and the schema <em>(yaml/json)</em> at <code>/documentation/schema</code>.</p> <p>As I said earlier, <strong><a href="https://www.npmjs.com/package/@novice1/api-doc-generator" rel="noopener noreferrer">@novice1/api-doc-generator</a></strong> is quite complete. We can define everything there is in <a href="https://swagger.io/specification/v3/" rel="noopener noreferrer">OpenAPI Specification 3.0.3</a> and <a href="//Postman%20Collection%20Format%20v2.1.0">Postman Collection Format v2.1.0</a> so it would be impossible to cover it all in one article. As of today, the best way to learn <strong>@novice1/api-doc-generator</strong> is by reading the package's documentation that you can find <a href="https://kisiwu.github.io/novice-api-doc-generator/latest/index.html" rel="noopener noreferrer">here</a>. It lists and defines the classes, interfaces, enumerations and gives a few examples on how to define <a href="https://kisiwu.github.io/novice-api-doc-generator/latest/index.html#md:auth" rel="noopener noreferrer">authorizations</a>, <a href="https://kisiwu.github.io/novice-api-doc-generator/latest/index.html#md:responses" rel="noopener noreferrer">responses</a>, etc ... <br> I would gladly talk about more aspects of the package in future articles if it is requested in the comment section. <br> What is sure is that we will continue using and updating our REST API documentation in the next article that will be about <strong>Authorizations with @novice1/app</strong>.</p> <h2> References </h2> <p>You can see the result of what we have done till now <a href="https://github.com/shygyver/nodejs-tuto/tree/part-03" rel="noopener noreferrer">right here on Github</a>.</p> javascript beginners node typescript Validate request data with @novice1/validator-joi ShyGyver Sun, 29 Oct 2023 17:03:33 +0000 https://forem.com/shygyver/validate-request-data-with-novice1validator-joi-29ag https://forem.com/shygyver/validate-request-data-with-novice1validator-joi-29ag <p>In the <a href="https://dev.to/shygyver/nodejs-rest-api-with-novice1app-3a0d">previous post</a>, we learnt how to setup a Rest API with <a href="https://www.npmjs.com/package/@novice1/app" rel="noopener noreferrer">@novice1/app</a> and create <a href="https://dev.to/shygyver/nodejs-rest-api-with-novice1app-3a0d#routes">routes</a> and <a href="https://dev.to/shygyver/nodejs-rest-api-with-novice1app-3a0d#services">services</a>. Now we will see how to respond different status code and validate request data.</p> <h2> Middlewares </h2> <p>First we want to handle http errors with middlewares.<br> We are going to start by updating our debug service to export a logger for middlewares.</p> <p><em>src/services/debug.ts</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">logger</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@novice1/logger</span><span class="dl">'</span><span class="p">;</span> <span class="nx">logger</span><span class="p">.</span><span class="nx">Debug</span><span class="p">.</span><span class="nf">enable</span><span class="p">([</span> <span class="dl">'</span><span class="s1">route*</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">middleware*</span><span class="dl">'</span> <span class="p">].</span><span class="nf">join</span><span class="p">(</span><span class="dl">'</span><span class="s1">|</span><span class="dl">'</span><span class="p">));</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">debugRoute</span> <span class="o">=</span> <span class="nx">logger</span><span class="p">.</span><span class="k">debugger</span><span class="p">(</span><span class="dl">'</span><span class="s1">route</span><span class="dl">'</span><span class="p">);</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">debugMiddleware</span> <span class="o">=</span> <span class="nx">logger</span><span class="p">.</span><span class="k">debugger</span><span class="p">(</span><span class="dl">'</span><span class="s1">middleware</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>Now let's handle http errors 404 and 500.<br> First, we create the functions.</p> <p><em>src/middlewares/http.ts</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">ErrorRequestHandler</span><span class="p">,</span> <span class="nx">RequestHandler</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">debugMiddleware</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../services/debug</span><span class="dl">'</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">httpError</span><span class="p">:</span> <span class="nx">ErrorRequestHandler</span> <span class="o">=</span> <span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">_req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">_</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">logger</span> <span class="o">=</span> <span class="nx">debugMiddleware</span><span class="p">.</span><span class="nf">extend</span><span class="p">(</span><span class="dl">'</span><span class="s1">httpError</span><span class="dl">'</span><span class="p">);</span> <span class="nx">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span><span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Something went wrong</span><span class="dl">'</span><span class="p">})</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">httpNotFound</span><span class="p">:</span> <span class="nx">RequestHandler</span> <span class="o">=</span> <span class="p">(</span><span class="nx">_req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span><span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span><span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>Then we register them to the app server with the methods <code>use</code> and <code>useError</code> (special method to register <code>ErrorRequestHandler</code>).</p> <p><em>src/index.ts</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">logger</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@novice1/logger</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">app</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./app</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">httpError</span><span class="p">,</span> <span class="nx">httpNotFound</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./middlewares/http</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">PORT</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PORT</span> <span class="p">?</span> <span class="nf">parseInt</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PORT</span><span class="p">)</span> <span class="p">:</span> <span class="mi">8000</span><span class="p">;</span> <span class="c1">// 404</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">httpNotFound</span><span class="p">);</span> <span class="c1">// error</span> <span class="nx">app</span><span class="p">.</span><span class="nf">useError</span><span class="p">(</span><span class="nx">httpError</span><span class="p">);</span> <span class="c1">// start server</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">PORT</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="dl">'</span><span class="s1">Application running on port</span><span class="dl">'</span><span class="p">,</span> <span class="nx">PORT</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <p>We can check that it works by testing the <code>Not Found</code> handler (e.g.: <a href="http://localhost:8080/path-that-does-not-exist" rel="noopener noreferrer">http://localhost:8080/path-that-does-not-exist</a>).</p> <h2> Validate requests </h2> <p>We can validate requests many ways, <a href="https://www.npmjs.com/package/@novice1/app#usage" rel="noopener noreferrer">@novice1/app</a> being as flexible as <code>Express</code>. We will use <a href="https://www.npmjs.com/package/@novice1/validator-joi" rel="noopener noreferrer">@novice1/validator-joi</a>, a validator made expressly for <code>@novice1/routing</code>.</p> <p>We install the dependencies<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>joi @novice1/validator-joi </code></pre> </div> <p>and register the validator globaly in the app (it could also be registered by router, see more examples <a href="https://www.npmjs.com/package/@novice1/validator-joi#installation" rel="noopener noreferrer">here</a>)</p> <p><em>src/app.ts</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">FrameworkApp</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@novice1/app</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">cookieParser</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">cookie-parser</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">cors</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">cors</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">routes</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./routes</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">validatorJoi</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@novice1/validator-joi</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">debugMiddleware</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./services/debug</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// init app</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FrameworkApp</span><span class="p">({</span> <span class="na">framework</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// middlewares for all requests</span> <span class="na">middlewares</span><span class="p">:</span> <span class="p">[</span> <span class="nf">cookieParser</span><span class="p">(),</span> <span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">(),</span> <span class="nx">express</span><span class="p">.</span><span class="nf">urlencoded</span><span class="p">({</span> <span class="na">extended</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}),</span> <span class="nf">cors</span><span class="p">()</span> <span class="p">],</span> <span class="na">validators</span><span class="p">:</span> <span class="p">[</span><span class="nf">validatorJoi</span><span class="p">(</span><span class="kc">undefined</span><span class="p">,</span> <span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">_req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">debugMiddleware</span><span class="p">.</span><span class="nf">extend</span><span class="p">(</span><span class="dl">'</span><span class="s1">validator-joi</span><span class="dl">'</span><span class="p">).</span><span class="nf">error</span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span><span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">bad request</span><span class="dl">"</span><span class="p">})</span> <span class="p">})]</span> <span class="p">},</span> <span class="na">routers</span><span class="p">:</span> <span class="nx">routes</span> <span class="p">})</span> </code></pre> </div> <p>There we:</p> <ul> <li>registered our validator in the property <code>framework.validators</code> </li> <li>used a custom error request handler to respond with a <code>status code 400</code> if data aren't valid (see <a href="https://www.npmjs.com/package/@novice1/validator-joi#installation" rel="noopener noreferrer">@novice1/validator-joi</a>)</li> </ul> <p>Now all we need are routes to validate. <br> Below is an example of http CRUD operations:</p> <p><em>src/routes/items.ts</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">routing</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@novice1/routing</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">debugRoute</span><span class="p">,</span> <span class="nx">debugMiddleware</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../services/debug</span><span class="dl">'</span> <span class="k">import</span> <span class="nx">Joi</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">joi</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ErrorRequestHandler</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">logger</span> <span class="o">=</span> <span class="nx">debugRoute</span><span class="p">.</span><span class="nf">extend</span><span class="p">(</span><span class="dl">'</span><span class="s1">items</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">customErrorHandler</span><span class="p">:</span> <span class="nx">ErrorRequestHandler</span> <span class="o">=</span> <span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">_req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">_</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">log</span> <span class="o">=</span> <span class="nx">debugMiddleware</span><span class="p">.</span><span class="nf">extend</span><span class="p">(</span><span class="dl">'</span><span class="s1">customErrorHandler</span><span class="dl">'</span><span class="p">);</span> <span class="nx">log</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span><span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Bad request: could not update an item</span><span class="dl">'</span><span class="p">})</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">itemsRouter</span> <span class="o">=</span> <span class="nf">routing</span><span class="p">()</span> <span class="p">.</span><span class="nf">get</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span> <span class="p">},</span> <span class="p">(</span><span class="nx">_</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">([])</span> <span class="p">})</span> <span class="p">.</span><span class="nf">post</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="na">parameters</span><span class="p">:</span> <span class="p">{</span> <span class="na">body</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">object</span><span class="p">().</span><span class="nf">keys</span><span class="p">({</span> <span class="na">title</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">required</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="nf">max</span><span class="p">(</span><span class="mi">128</span><span class="p">),</span> <span class="na">description</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">max</span><span class="p">(</span><span class="mi">2560</span><span class="p">).</span><span class="nf">allow</span><span class="p">(</span><span class="dl">''</span><span class="p">),</span> <span class="na">text</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">max</span><span class="p">(</span><span class="mi">5120</span><span class="p">).</span><span class="nf">allow</span><span class="p">(</span><span class="dl">''</span><span class="p">),</span> <span class="na">published</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">boolean</span><span class="p">().</span><span class="k">default</span><span class="p">(</span><span class="kc">false</span><span class="p">)</span> <span class="p">})</span> <span class="p">}</span> <span class="p">},</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">item</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">item</span><span class="p">);</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">itemsIdRouter</span> <span class="o">=</span> <span class="nf">routing</span><span class="p">()</span> <span class="p">.</span><span class="nf">get</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/:id</span><span class="dl">'</span><span class="p">,</span> <span class="na">parameters</span><span class="p">:</span> <span class="p">{</span> <span class="na">params</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">required</span><span class="p">()</span> <span class="p">},</span> <span class="p">}</span> <span class="p">},</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="s2">`Got "</span><span class="p">${</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2">"`</span> <span class="p">});</span> <span class="p">})</span> <span class="p">.</span><span class="nf">put</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/:id</span><span class="dl">'</span><span class="p">,</span> <span class="na">parameters</span><span class="p">:</span> <span class="p">{</span> <span class="na">params</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">required</span><span class="p">()</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">object</span><span class="p">().</span><span class="nf">keys</span><span class="p">({</span> <span class="na">title</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="nf">max</span><span class="p">(</span><span class="mi">128</span><span class="p">),</span> <span class="na">description</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">max</span><span class="p">(</span><span class="mi">2560</span><span class="p">).</span><span class="nf">allow</span><span class="p">(</span><span class="dl">''</span><span class="p">),</span> <span class="na">text</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">max</span><span class="p">(</span><span class="mi">5120</span><span class="p">).</span><span class="nf">allow</span><span class="p">(</span><span class="dl">''</span><span class="p">),</span> <span class="na">published</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">boolean</span><span class="p">()</span> <span class="p">}).</span><span class="nf">min</span><span class="p">(</span><span class="mi">1</span><span class="p">),</span> <span class="na">onerror</span><span class="p">:</span> <span class="nx">customErrorHandler</span> <span class="p">}</span> <span class="p">},</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">item</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="nx">item</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">item</span><span class="p">);</span> <span class="p">})</span> <span class="p">.</span><span class="k">delete</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/:id</span><span class="dl">'</span><span class="p">,</span> <span class="na">parameters</span><span class="p">:</span> <span class="p">{</span> <span class="na">params</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">Joi</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">required</span><span class="p">()</span> <span class="p">},</span> <span class="p">}</span> <span class="p">},</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span> <span class="p">});</span> <span class="p">})</span> <span class="k">export</span> <span class="k">default</span> <span class="nf">routing</span><span class="p">().</span><span class="nf">use</span><span class="p">(</span><span class="dl">'</span><span class="s1">/items</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">_res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">logger</span><span class="p">.</span><span class="nf">debug</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">req</span><span class="p">.</span><span class="nx">method</span><span class="p">}</span><span class="s2"> </span><span class="p">${</span><span class="nx">req</span><span class="p">.</span><span class="nx">originalUrl</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="nf">next</span><span class="p">()</span> <span class="p">},</span> <span class="nx">itemsRouter</span><span class="p">,</span> <span class="nx">itemsIdRouter</span><span class="p">);</span> </code></pre> </div> <p>There we:</p> <ul> <li>defined routers for the path <code>/items</code> </li> <li>configured <code>path</code> and <code>parameters</code> for each route</li> </ul> <p>We use the <a href="https://www.npmjs.com/package/joi" rel="noopener noreferrer"><code>joi</code></a> package to write the properties' schema that will be validated by our validator (so some knowledge of <code>joi</code> is required). </p> <p><code>@novice1/validator-joi</code> can validate the properties <code>params</code>, <code>body</code>, <code>query</code>, <code>headers</code>, <code>cookies</code>, and <code>files</code> (useful when using <a href="https://www.npmjs.com/package/multer" rel="noopener noreferrer">multer</a>) from the request. </p> <p>For one route, we defined an <code>Error Request Handler</code> (<code>customErrorHandler</code>) in the parameter <code>onerror</code>. It is useful if we want to do something specific when a validation error happens on that route.</p> <p><em>Note: As you can see, we didn't make any operation to a database as it is not the purpose of the example but you can complete the controllers as you wish.</em></p> <p>Finally, let's register the new router</p> <p><em>src/routes/index.ts</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">corsOptions</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./cors-options</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">helloWorld</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./hello-world</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">items</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./items</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// all routers</span> <span class="k">export</span> <span class="k">default</span> <span class="p">[</span> <span class="nx">corsOptions</span><span class="p">,</span> <span class="nx">helloWorld</span><span class="p">,</span> <span class="nx">items</span> <span class="p">]</span> </code></pre> </div> <p>Now we can run the application and try our different routes (with a tool like <a href="https://www.postman.com/" rel="noopener noreferrer">Postman</a> for example) and send invalid data to see if our validator is working and responds with a <code>status code 400</code>.</p> <p>For development:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run dev </code></pre> </div> <p>For production:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run lint npm run build npm start </code></pre> </div> <h2> References </h2> <p>You can see the result of what we have done till now <a href="https://github.com/shygyver/nodejs-tuto/tree/part-02" rel="noopener noreferrer">right here on Github</a>.</p> javascript beginners node typescript NodeJS Rest API with @novice1/app ShyGyver Mon, 11 Sep 2023 20:01:23 +0000 https://forem.com/shygyver/nodejs-rest-api-with-novice1app-3a0d https://forem.com/shygyver/nodejs-rest-api-with-novice1app-3a0d <p>Yet another Node.js library based on <code>Express</code>. What could make you want to use <a href="https://www.npmjs.com/package/@novice1/app" rel="noopener noreferrer">@novice1/app</a>? <br> I'm glad you asked.</p> <p><a href="https://www.npmjs.com/package/@novice1/app" rel="noopener noreferrer">@novice1/app</a> is as fast and minimalist as <code>Express</code> with new functionalities and its own <a href="https://www.npmjs.com/search?q=%40novice1" rel="noopener noreferrer">plugins</a> that give a purpose to its existence.</p> <p>Through this article and those to come, I'm going to show how it can be used to build small/mid-size Rest APIs, validate data, integrate websockets into your server, generate documentation for Swagger UI and/or Postman, etc ...</p> <h2> Setup </h2> <p>First we initialize a project by running the command in the terminal<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm init </code></pre> </div> <p>and install the dependencies<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">--save-dev</span> @types/cookie-parser @types/cors @types/node @typescript-eslint/eslint-plugin @typescript-eslint/parser dotenv eslint ts-node typescript npm <span class="nb">install</span> @novice1/app @novice1/logger @novice1/routing cookie-parser cors express nodemon tslib </code></pre> </div> <p>Once done, we can add the following scripts in the file <em>package.json</em> that was created with <code>npm init</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"build"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tsc"</span><span class="p">,</span><span class="w"> </span><span class="nl">"dev"</span><span class="p">:</span><span class="w"> </span><span class="s2">"nodemon"</span><span class="p">,</span><span class="w"> </span><span class="nl">"lint"</span><span class="p">:</span><span class="w"> </span><span class="s2">"eslint src/**/*.ts"</span><span class="p">,</span><span class="w"> </span><span class="nl">"start"</span><span class="p">:</span><span class="w"> </span><span class="s2">"node lib/index.js"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>To use those scripts we have to configure <code>eslint</code>, <code>nodemon</code> and <code>typescript</code>. Here is what I recommend as configuration files at the root of the project (feel free to add more options):</p> <p><em><code>.eslintrc.json</code></em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"env"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"browser"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"es6"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"extends"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"eslint:recommended"</span><span class="p">,</span><span class="w"> </span><span class="s2">"plugin:@typescript-eslint/recommended"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"parser"</span><span class="p">:</span><span class="w"> </span><span class="s2">"@typescript-eslint/parser"</span><span class="p">,</span><span class="w"> </span><span class="nl">"parserOptions"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ecmaVersion"</span><span class="p">:</span><span class="w"> </span><span class="mi">6</span><span class="p">,</span><span class="w"> </span><span class="nl">"sourceType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"module"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"plugins"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"@typescript-eslint"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"rules"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"quotes"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="s2">"single"</span><span class="p">],</span><span class="w"> </span><span class="nl">"quote-props"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="s2">"as-needed"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><em><code>nodemon.json</code></em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"watch"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"src"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"ext"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ts,json"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ignore"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"src/**/*.spec.ts"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"exec"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ts-node -r dotenv/config ./src/index.ts"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><em><code>tsconfig.json</code></em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">see</span><span class="w"> </span><span class="err">https://www.typescriptlang.org/tsconfig</span><span class="w"> </span><span class="nl">"include"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"src"</span><span class="p">],</span><span class="w"> </span><span class="nl">"exclude"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"node_modules"</span><span class="p">],</span><span class="w"> </span><span class="nl">"compilerOptions"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"typeRoots"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"node_modules/@types"</span><span class="p">],</span><span class="w"> </span><span class="nl">"module"</span><span class="p">:</span><span class="w"> </span><span class="s2">"CommonJS"</span><span class="p">,</span><span class="w"> </span><span class="nl">"lib"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"DOM"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ES6"</span><span class="p">],</span><span class="w"> </span><span class="nl">"target"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ES6"</span><span class="p">,</span><span class="w"> </span><span class="nl">"importHelpers"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"declaration"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"sourceMap"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"outDir"</span><span class="p">:</span><span class="w"> </span><span class="s2">"./lib"</span><span class="p">,</span><span class="w"> </span><span class="nl">"rootDir"</span><span class="p">:</span><span class="w"> </span><span class="s2">"./src"</span><span class="p">,</span><span class="w"> </span><span class="nl">"strict"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"noImplicitReturns"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"noFallthroughCasesInSwitch"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"noUnusedLocals"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"noUnusedParameters"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"moduleResolution"</span><span class="p">:</span><span class="w"> </span><span class="s2">"node"</span><span class="p">,</span><span class="w"> </span><span class="nl">"esModuleInterop"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"skipLibCheck"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"forceConsistentCasingInFileNames"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Now that we are done with the "basic" setup, we can start programming the application.</p> <h2> First application </h2> <p>Let's program our <strong>services</strong>, <strong>routes</strong> and http <strong>server</strong>. </p> <h3> Services </h3> <p>To help the development process, we <u>need</u> a debugging utility.</p> <p><em><code>src/services/debug.ts</code></em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">logger</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@novice1/logger</span><span class="dl">'</span><span class="p">;</span> <span class="nx">logger</span><span class="p">.</span><span class="nx">Debug</span><span class="p">.</span><span class="nf">enable</span><span class="p">([</span> <span class="dl">'</span><span class="s1">route*</span><span class="dl">'</span> <span class="p">].</span><span class="nf">join</span><span class="p">(</span><span class="dl">'</span><span class="s1">|</span><span class="dl">'</span><span class="p">));</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">debugRoute</span> <span class="o">=</span> <span class="nx">logger</span><span class="p">.</span><span class="k">debugger</span><span class="p">(</span><span class="dl">'</span><span class="s1">route</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>There, we enable all namespaces starting with <code>'route'</code> (<code>route*</code>) and create the debugger <code>debugRoute</code> in namespace <code>'route'</code>. That way, we know that everything that <code>debugRoute</code> will log will be displayed.</p> <h3> Routes </h3> <p>Our first route, for testing purposes, will simply render "Hello World!" or "Hello <code>&lt;name&gt;</code>!", <code>&lt;name&gt;</code> being the value of the url variable <code>name</code>.</p> <p><em><code>src/routes/hello-world.ts</code></em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">routing</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@novice1/routing</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">debugRoute</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../services/debug</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// hello-world</span> <span class="k">export</span> <span class="k">default</span> <span class="nf">routing</span><span class="p">().</span><span class="nf">get</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/hello-world</span><span class="dl">'</span> <span class="p">},</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">debugRoute</span><span class="p">.</span><span class="nf">extend</span><span class="p">(</span><span class="dl">'</span><span class="s1">hello-world</span><span class="dl">'</span><span class="p">).</span><span class="nf">debug</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">path</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="s2">`Hello </span><span class="p">${</span><span class="nx">req</span><span class="p">.</span><span class="nx">query</span><span class="p">.</span><span class="nx">name</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">World</span><span class="dl">'</span><span class="p">}</span><span class="s2">!`</span><span class="p">);</span> <span class="p">})</span> </code></pre> </div> <p>Our second route is optional. It will enable pre-flight request for all requests.</p> <p><em><code>src/routes/cors-options.ts</code></em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">cors</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">cors</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">routing</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@novice1/routing</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// enable CORS (Cross-origin resource sharing) pre-flight request</span> <span class="k">export</span> <span class="k">default</span> <span class="nf">routing</span><span class="p">().</span><span class="nf">options</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">*</span><span class="dl">'</span> <span class="p">},</span> <span class="nf">cors</span><span class="p">())</span> </code></pre> </div> <p>From that we simply allow cross-origin resource sharing pre-flight without restrictions.</p> <p>Then we export all routers from one module.</p> <p><em><code>src/routes/index.ts</code></em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">corsOptions</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./cors-options</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">helloWorld</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./hello-world</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// all routers</span> <span class="k">export</span> <span class="k">default</span> <span class="p">[</span> <span class="nx">corsOptions</span><span class="p">,</span> <span class="nx">helloWorld</span> <span class="p">]</span> </code></pre> </div> <h3> Server </h3> <p>We can now use <a href="https://www.npmjs.com/package/@novice1/app" rel="noopener noreferrer">@novice1/app</a> to register middlewares and routes.</p> <p><em><code>src/app.ts</code></em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">FrameworkApp</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@novice1/app</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">cookieParser</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">cookie-parser</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">cors</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">cors</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">routes</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./routes</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// init app</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FrameworkApp</span><span class="p">({</span> <span class="na">framework</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// middlewares for all requests</span> <span class="na">middlewares</span><span class="p">:</span> <span class="p">[</span> <span class="nf">cookieParser</span><span class="p">(),</span> <span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">(),</span> <span class="nx">express</span><span class="p">.</span><span class="nf">urlencoded</span><span class="p">({</span> <span class="na">extended</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}),</span> <span class="nf">cors</span><span class="p">()</span> <span class="p">]</span> <span class="p">},</span> <span class="na">routers</span><span class="p">:</span> <span class="nx">routes</span> <span class="p">})</span> </code></pre> </div> <p>And run the server on a specific port:</p> <p><em><code>src/index.ts</code></em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">logger</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@novice1/logger</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">app</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./app</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">PORT</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PORT</span> <span class="p">?</span> <span class="nf">parseInt</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PORT</span><span class="p">)</span> <span class="p">:</span> <span class="mi">8000</span><span class="p">;</span> <span class="c1">// start server</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">PORT</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="dl">'</span><span class="s1">Application running on port</span><span class="dl">'</span><span class="p">,</span> <span class="nx">PORT</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <h2> Run the application </h2> <h3> Development </h3> <p>To start the server in development mode, we add environment variables in the file <em>.env</em>. </p> <p><em><code>.env</code></em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>PORT=8080 </code></pre> </div> <p>This will set the environment variable <code>PORT</code> to <code>8080</code> when using the dependency <code>dotenv</code> (see <em><code>nodemon.json</code></em> file).</p> <p>Then we can start the server with the following command in the terminal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run dev </code></pre> </div> <p>You should see something like that in your console:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span>nodemon] starting <span class="sb">`</span>ts-node <span class="nt">-r</span> dotenv/config ./src/index.ts<span class="sb">`</span> info : Application running on port 8080 </code></pre> </div> <p>Open your favorite browser and go to <a href="http://localhost:8080/hello-world" rel="noopener noreferrer">http://localhost:8080/hello-world</a> or <a href="http://localhost:8080/hello-world?name=stranger" rel="noopener noreferrer">http://localhost:8080/hello-world?name=stranger</a> to see the result.</p> <h3> Production </h3> <p>In a production environment, you should check, build and start the server as:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run lint npm run build npm start </code></pre> </div> <h2> What now? </h2> <p>So we have a REST API but really nothing out of what Express can already do. In the next article, we will see how to use <a href="https://www.npmjs.com/package/@novice1/validator-joi" rel="noopener noreferrer">@novice1/validator-joi</a> to validate request data and give a better structure to our project.</p> <h2> References </h2> <p>You can see the result of what we have done till now <a href="https://github.com/shygyver/nodejs-tuto/tree/part-01" rel="noopener noreferrer">right here on Github</a>.</p> javascript beginners node typescript