npm - maxserver - Versions diffs - 0.0.13 → 0.0.15 - Mend

maxserver 0.0.13 → 0.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -20,7 +20,6 @@ Ready node server setup based on **Fastify** to speedup api development.
 - **Dev server**
 <br><br>
 - Dependencies: original fastify packages + scalar/fastify-api-reference (doc generator)
 - The source is simple and short. Everyone shall be able to read, understand and modify if needed.
@@ -36,23 +35,19 @@ npm install maxserver
 ## Setup
 ```js
 import maxserver from "maxserver";
 const server = await maxserver();
-const address = await server.listen({
-	port: Number(process.env.PORT || 3000),
-});
+await server.listen();
-console.log("Server running at", address);
+console.log("Server running at ", server.getAddress());
 export default server;
-```
-**maxserver(options)** forwards options to fastify(options).
-It returns the fully configured Fastify server instance.
+```
 ---
-## ⚙️ Configuration
-Configure the server by setting variabels in your .env file.
+## ⚙️ Configure
+Quick configure your server by passing options to the **maxserver()** or define them in your .env file.
+You can also pass any fastify options.
 | Variable | Default | Description |
 | :--- | :--- | :--- |

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "maxserver",
-	"version": "0.0.13",
+	"version": "0.0.15",
 	"description": "Node server setup based fastify",
 	"author": "Max Matinpalo",
 	"type": "module",

package/src/getAddress.js CHANGED Viewed

@@ -1,29 +1,37 @@
-import os from "os";
+import os from "node:os";
 export function setupGetAddress(app) {
-	app.decorate("getAddress", function () {
-		const addr = this.server.address();
+	app.decorate("getAddress", () => {
+		const addr = app.server?.address();
+		const protocol = app.initialConfig?.https ? "https" : "http";
 		if (!addr) return null;
 		if (typeof addr === "string") return addr;
-		const protocol = this.initialConfig.https ? "https" : "http";
-		const host = getExternalIp() || "localhost";
+		const isPublicBind = addr.address === "0.0.0.0" || addr.address === "::";
+		const isLoopback = addr.address === "127.0.0.1" || addr.address === "::1";
+		const envIp = String(process.env.PUBLIC_IP || "").trim() || null;
+		const detectedIp = envIp || getLanIp();
+		const ip = (isPublicBind && !isLoopback)
+			? (detectedIp || addr.address)
+			: "localhost";
+		const host = ip.includes(":") ? `[${ip}]` : ip;
 		return `${protocol}://${host}:${addr.port}`;
 	});
 }
-function getExternalIp() {
+function getLanIp() {
 	const nets = os.networkInterfaces();
 	for (const name of Object.keys(nets)) {
-		for (const net of nets[name]) {
-			if (net.family === "IPv4" && !net.internal) return net.address;
+		for (const net of (nets[name] || [])) {
+			if (net?.family === "IPv4" && !net.internal) return net.address;
 		}
 	}
 	return null;
-}
+}

package/src/index.js CHANGED Viewed

@@ -15,23 +15,50 @@ import {
 import { setupGetAddress } from "./getAddress.js";
+export default async function maxserver(config = {}) {
+	const {
+		// maxserver options
+		secret = process.env.SECRET,
+		cookieSecret = process.env.COOKIE_SECRET,
+		mongodbUri = process.env.MONGODB_URI,
+		docs = process.env.DOCS !== "false",
+		staticDir = process.env.STATIC_DIR,
+		corsOrigin = process.env.CORS_ORIGIN || "*",
+		// everything else goes straight to Fastify
+		...fastifyOpts
+	} = config;
+	if (process.env.NODE_ENV == "development") {
+		console.error("Please define secret in env !");
+	}
+	let maxserverConfig = {
+		secret, mongodbUri, docs, staticDir, corsOrigin
+	};
+	process.env.NODE_ENV;
-export default async function maxserver(options = {}) {
 	const app = Fastify({
-		trustProxy: true,
 		https: getHttpsOptions() || undefined,
+		trustProxy: true,
 		// To allow writing example value fields to schemas for doucumentation
 		ajv: { customOptions: { strictSchema: false } },
-		...options,
+		...fastifyOpts,
 	});
-	global.createError = function (code, message) {
-		const err = new Error(message);
-		err.statusCode = code;
-		return err;
-	};
+	app.decorate("maxserver", maxserverConfig);
 	setupGetAddress(app);
 	await setupCookie(app);
@@ -44,5 +71,12 @@ export default async function maxserver(options = {}) {
 	await setupRoutes(app);
+	global.createError = function (code, message) {
+		const err = new Error(message);
+		err.statusCode = code;
+		return err;
+	};
 	return app;
 }

package/src/setup.js CHANGED Viewed

@@ -12,20 +12,11 @@ import apiReference from "@scalar/fastify-api-reference";
 import { loadRoutes } from "./routeLoader.js";
-export async function setupCookie(app) {
-	// Use COOKIE_SECRET or fall back to JWT_SECRET so you don't need a new env var immediately
-	const secret = process.env.COOKIE_SECRET || process.env.JWT_SECRET || "change-me-in-prod";
-	await app.register(cookie, {
-		secret,
-		hook: "onRequest", // Crucial: Ensures cookies are parsed before your route handlers run
-		parseOptions: {}
-	});
+export async function setupRoutes(app) {
+	await loadRoutes(app);
 }
 export async function setupHelmet(app) {
 	await app.register(helmet, {
 		contentSecurityPolicy: false,
@@ -35,21 +26,19 @@ export async function setupHelmet(app) {
 	});
 }
 export async function setupCors(app) {
 	const isProd = process.env.NODE_ENV === "production";
-	const origin = process.env.CORS_ORIGIN || true;
+	const origin = app.maxserver.corsOrigin ?? true;
-	if (isProd && !process.env.CORS_ORIGIN) app.log.warn("CORS_ORIGIN not set, allowing all origins");
+	if (isProd && origin === true) {
+		app.log.warn("CORS origin not set, allowing all origins");
+	}
 	await app.register(cors, { origin });
 }
-export async function setupRoutes(app) {
-	await loadRoutes(app);
-}
 export function getHttpsOptions() {
 	const { TLS_KEY, TLS_CERT } = process.env;
 	if (!TLS_KEY || !TLS_CERT) return null;
@@ -67,67 +56,63 @@ export function getHttpsOptions() {
-function isAuthSkippableUrl(url) {
-	if (!url) return false;
-	if (url.startsWith("/openapi.json")) return true;
-	if (url.startsWith("/docs")) return true;
-	if (url.startsWith("/static/")) return true;
-	return false;
+export async function setupCookie(app) {
+	await app.register(cookie, {
+		secret: app.maxserver.secret || "supersecret",
+		hook: "onRequest"
+	});
 }
 export async function setupJwt(app) {
-	const secret = process.env.JWT_SECRET;
-	if (!secret) return;
-	// because we added own cookie setup function above
-	//await app.register(cookie);
+	await app.register(jwt, {
+		secret: app.maxserver.secret || "supersecret",
+		cookie: { cookieName: "token" }
+	});
-	await app.register(jwt, { secret, cookie: { cookieName: "token" } });
+	app.addHook("preHandler", async function (req) {
-	app.addHook("onRequest", async function (req) {
+		// Let preflight requests pass
 		if (req.method === "OPTIONS") return;
-		const url = req.raw?.url || req.url;
-		if (isAuthSkippableUrl(url)) return;
-		if (req.routeOptions?.config?.public) return;
+		const auth =
+			req.routeOptions?.config?.auth ??
+			req.routeOptions?.schema?.auth;
-		await req.jwtVerify();
+		if (!auth) return;
+		await req.jwtVerify();
 		const u = req.user;
 		req.userId = u?.sub || u?.userId || u?.userid || u?.id || null;
 	});
 }
-export async function setupMongo(app) {
-	const url = process.env.MONGODB_URI;
+export async function setupMongo(app) {
+	const url = app.maxserver.mongodbUri;
 	if (!url) return;
 	await app.register(mongodb, { url });
-	// ObjectId is available on app.mongo after registration
 	const { ObjectId, db } = app.mongo;
 	global.oid = id => new ObjectId(id ? String(id) : undefined);
 	global.db = db;
 }
-export async function setupStatic(app) {
-	const dir = process.env.STATIC_DIR;
-	if (!dir) return;
-	await app.register(fastifyStatic, {
-		root: path.resolve(dir),
-		prefix: "/static/",
-	});
-}
 export async function setupDocs(app) {
-	const defaultSecurity = [{ bearerAuth: [] }, { cookieAuth: [] }];
+	const info = app.maxserver.openapiInfo || {
+		title: "API",
+		version: "1.0.0",
+	};
 	await app.register(swagger, {
 		openapi: {
+			info,
+			// OpenAPI 3.x: securitySchemes must be defined globally here not per route
+			// Routes only add `security: [...]` that references these scheme names
 			components: {
 				securitySchemes: {
 					bearerAuth: { type: "http", scheme: "bearer" },
@@ -137,13 +122,29 @@ export async function setupDocs(app) {
 		},
 	});
-	app.get("/openapi.json", { config: { public: true } }, () => app.swagger());
-	await app.register(apiReference, { routePrefix: "/docs", openapi: true });
+	app.get("/openapi.json", {}, () => app.swagger());
+	if (app.maxserver.docs != false)
+		await app.register(apiReference, { routePrefix: "/docs", openapi: true });
 	app.addHook("onRoute", (route) => {
-		if (route.config?.public) return;
+		const auth = route.config?.auth ?? route.schema?.auth;
+		if (!auth) return;
 		route.schema ||= {};
-		route.schema.security = defaultSecurity;
+		route.schema.security ||= [{ bearerAuth: [] }, { cookieAuth: [] }];
 	});
-}
+}
+export async function setupStatic(app) {
+	const dir = app.maxserver.staticDir;
+	if (!dir) return;
+	await app.register(fastifyStatic, {
+		root: path.resolve(dir),
+		prefix: "/static/",
+	});
+}