maxserver 0.0.14 → 0.0.15

package/README.md

@@ -20,7 +20,6 @@ Ready node server setup based on **Fastify** to speedup api development.
 - **Dev server**
 <br><br>
 
-
 - Dependencies: original fastify packages + scalar/fastify-api-reference (doc generator)
 - The source is simple and short. Everyone shall be able to read, understand and modify if needed.
 
@@ -36,23 +35,19 @@ npm install maxserver
 ## Setup
 ```js
 import maxserver from "maxserver";
+
 const server = await maxserver();
-const address = await server.listen({
-	port: Number(process.env.PORT || 3000),
-});
+await server.listen();
 
-console.log("Server running at", address);
+console.log("Server running at ", server.getAddress());
 export default server;
-```
-
-**maxserver(options)** forwards options to fastify(options).  
-It returns the fully configured Fastify server instance.
-
 
+```
 ---
 
-## ⚙️ Configuration
-Configure the server by setting variabels in your .env file.
+## ⚙️ Configure
+Quick configure your server by passing options to the **maxserver()** or define them in your .env file.  
+You can also pass any fastify options.
 
 | Variable | Default | Description |
 | :--- | :--- | :--- |

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "maxserver",
-	"version": "0.0.14",
+	"version": "0.0.15",
 	"description": "Node server setup based fastify",
 	"author": "Max Matinpalo",
 	"type": "module",

package/src/index.js

@@ -15,24 +15,50 @@ import {
 import { setupGetAddress } from "./getAddress.js";
 
 
+export default async function maxserver(config = {}) {
+
+	const {
+
+		// maxserver options
+		secret = process.env.SECRET,
+		cookieSecret = process.env.COOKIE_SECRET,
+		mongodbUri = process.env.MONGODB_URI,
+		docs = process.env.DOCS !== "false",
+		staticDir = process.env.STATIC_DIR,
+		corsOrigin = process.env.CORS_ORIGIN || "*",
+
+		// everything else goes straight to Fastify
+		...fastifyOpts
+
+	} = config;
+
+	if (process.env.NODE_ENV == "development") {
+		console.error("Please define secret in env !");
+
+	}
+
+	let maxserverConfig = {
+		secret, mongodbUri, docs, staticDir, corsOrigin
+	};
+
+	process.env.NODE_ENV;
+
+
 
-export default async function maxserver(options = {}) {
 
 	const app = Fastify({
-		trustProxy: true,
-		host: "0.0.0.0",
+
 		https: getHttpsOptions() || undefined,
+		trustProxy: true,
 
 		// To allow writing example value fields to schemas for doucumentation 
 		ajv: { customOptions: { strictSchema: false } },
-		...options,
+		...fastifyOpts,
 	});
 
-	global.createError = function (code, message) {
-		const err = new Error(message);
-		err.statusCode = code;
-		return err;
-	};
+	app.decorate("maxserver", maxserverConfig);
+
+
 
 	setupGetAddress(app);
 	await setupCookie(app);
@@ -45,5 +71,12 @@ export default async function maxserver(options = {}) {
 	await setupRoutes(app);
 
 
+	global.createError = function (code, message) {
+		const err = new Error(message);
+		err.statusCode = code;
+		return err;
+	};
+
+
 	return app;
 }

package/src/setup.js

@@ -12,20 +12,11 @@ import apiReference from "@scalar/fastify-api-reference";
 
 import { loadRoutes } from "./routeLoader.js";
 
-
-export async function setupCookie(app) {
-	// Use COOKIE_SECRET or fall back to JWT_SECRET so you don't need a new env var immediately
-	const secret = process.env.COOKIE_SECRET || process.env.JWT_SECRET || "change-me-in-prod";
-
-	await app.register(cookie, {
-		secret,
-		hook: "onRequest", // Crucial: Ensures cookies are parsed before your route handlers run
-		parseOptions: {}
-	});
+export async function setupRoutes(app) {
+	await loadRoutes(app);
 }
 
 
-
 export async function setupHelmet(app) {
 	await app.register(helmet, {
 		contentSecurityPolicy: false,
@@ -35,21 +26,19 @@ export async function setupHelmet(app) {
 	});
 }
 
+
 export async function setupCors(app) {
 	const isProd = process.env.NODE_ENV === "production";
-	const origin = process.env.CORS_ORIGIN || true;
+	const origin = app.maxserver.corsOrigin ?? true;
 
-	if (isProd && !process.env.CORS_ORIGIN) app.log.warn("CORS_ORIGIN not set, allowing all origins");
+	if (isProd && origin === true) {
+		app.log.warn("CORS origin not set, allowing all origins");
+	}
 
 	await app.register(cors, { origin });
 }
 
 
-
-export async function setupRoutes(app) {
-	await loadRoutes(app);
-}
-
 export function getHttpsOptions() {
 	const { TLS_KEY, TLS_CERT } = process.env;
 	if (!TLS_KEY || !TLS_CERT) return null;
@@ -67,67 +56,63 @@ export function getHttpsOptions() {
 
 
 
-
-function isAuthSkippableUrl(url) {
-	if (!url) return false;
-	if (url.startsWith("/openapi.json")) return true;
-	if (url.startsWith("/docs")) return true;
-	if (url.startsWith("/static/")) return true;
-	return false;
+export async function setupCookie(app) {
+	await app.register(cookie, {
+		secret: app.maxserver.secret || "supersecret",
+		hook: "onRequest"
+	});
 }
 
+
 export async function setupJwt(app) {
-	const secret = process.env.JWT_SECRET;
-	if (!secret) return;
 
-	// because we added own cookie setup function above
-	//await app.register(cookie);
+	await app.register(jwt, {
+		secret: app.maxserver.secret || "supersecret",
+		cookie: { cookieName: "token" }
+	});
 
-	await app.register(jwt, { secret, cookie: { cookieName: "token" } });
+	app.addHook("preHandler", async function (req) {
 
-	app.addHook("onRequest", async function (req) {
+		// Let preflight requests pass
 		if (req.method === "OPTIONS") return;
 
-		const url = req.raw?.url || req.url;
-		if (isAuthSkippableUrl(url)) return;
-		if (req.routeOptions?.config?.public) return;
+		const auth =
+			req.routeOptions?.config?.auth ??
+			req.routeOptions?.schema?.auth;
 
-		await req.jwtVerify();
+		if (!auth) return;
 
+		await req.jwtVerify();
 		const u = req.user;
 		req.userId = u?.sub || u?.userId || u?.userid || u?.id || null;
 	});
+
 }
 
-export async function setupMongo(app) {
 
-	const url = process.env.MONGODB_URI;
+export async function setupMongo(app) {
+	const url = app.maxserver.mongodbUri;
 	if (!url) return;
-
 	await app.register(mongodb, { url });
 
-	// ObjectId is available on app.mongo after registration
 	const { ObjectId, db } = app.mongo;
-
 	global.oid = id => new ObjectId(id ? String(id) : undefined);
 	global.db = db;
 }
 
-export async function setupStatic(app) {
-	const dir = process.env.STATIC_DIR;
-	if (!dir) return;
-
-	await app.register(fastifyStatic, {
-		root: path.resolve(dir),
-		prefix: "/static/",
-	});
-}
 
 export async function setupDocs(app) {
-	const defaultSecurity = [{ bearerAuth: [] }, { cookieAuth: [] }];
+
+	const info = app.maxserver.openapiInfo || {
+		title: "API",
+		version: "1.0.0",
+	};
 
 	await app.register(swagger, {
 		openapi: {
+			info,
+			// OpenAPI 3.x: securitySchemes must be defined globally here not per route
+			// Routes only add `security: [...]` that references these scheme names
 			components: {
 				securitySchemes: {
 					bearerAuth: { type: "http", scheme: "bearer" },
@@ -137,13 +122,29 @@ export async function setupDocs(app) {
 		},
 	});
 
-	app.get("/openapi.json", { config: { public: true } }, () => app.swagger());
 
-	await app.register(apiReference, { routePrefix: "/docs", openapi: true });
+	app.get("/openapi.json", {}, () => app.swagger());
+
+	if (app.maxserver.docs != false)
+		await app.register(apiReference, { routePrefix: "/docs", openapi: true });
 
 	app.addHook("onRoute", (route) => {
-		if (route.config?.public) return;
+		const auth = route.config?.auth ?? route.schema?.auth;
+		if (!auth) return;
 		route.schema ||= {};
-		route.schema.security = defaultSecurity;
+		route.schema.security ||= [{ bearerAuth: [] }, { cookieAuth: [] }];
 	});
-}
+}
+
+
+
+export async function setupStatic(app) {
+	const dir = app.maxserver.staticDir;
+	if (!dir) return;
+
+	await app.register(fastifyStatic, {
+		root: path.resolve(dir),
+		prefix: "/static/",
+	});
+}
+