Some options for Fastify
I've been experimenting with Fastify and I've enjoyed how it tightly integrates with JSON Schemas to validate both parameters sent to the server, and responses sent back to the client. The modules that made it into my toolbox so far are:
- fastify-sentry for integration with Sentry.io (it's worth reminding people about their Open Source Model);
- fastify-helmet for security headers;
- I've enjoyed Swagger-Stats for development for some time, and they support Fastify out of the box;
- Of course fastify-metrics for some Prometheus intregation goodness;
- For now we're using basic JSON Web Token functionality (
subandscope, namely ) on the project, so I've been relying on fastify-jwt and fastify-cookie for Authentication; - On the Authorization side, fastify-jwt-authz does the job for both
Bearertokens in theAuthorizationheader, and those stored in cookies.
There's a bit more in the following code snippet (in Literate CoffeeScript as usual).
# This is server.coffee.md
Config
Config = require 'config'
Fastify Framework
fastify = (require 'fastify') {
logger: Config.get 'fastify.logger'
trustProxy: Config.get 'fastify.trustProxy'
}
Sentry.io support
fastify.register (require 'fastify-sentry'),
dsn: Config.get 'sentry.dsn'
Helmet security headers
helmet = require 'fastify-helmet'
fastify.register helmet
CORS
CORS = require 'fastify-cors'
fastify.register CORS
Swagger Stats (local machine only, useful while developing,
remove in production)
swStats = require 'swagger-stats'
fastify.register swStats.getFastifyPlugin
Prometheus metrics
Metrics = require 'fastify-metrics'
fastify.register Metrics, endpoint: '/metrics'
Dynamic Swagger generation based on routes and JSON Schema
Swagger = require 'fastify-swagger'
fastify.register Swagger,
swagger:
info:
title: 'Example Swagger'
description: 'API for Example services'
version: '0.1.0'
securityDefinitions:
OAuth2:
type: 'oauth2'
flow: 'implicit'
# authorizationUrl:
scopes:
'read:cat': 'read cat data'
'write:cat': 'modify cat data'
exposeRoute: true
JSON Web Token Authentication
This will provide you with a `user` field containing the
JWT payload in the request object in your routes.
jwt = require 'fastify-jwt'
fastify.register jwt,
secret: Config.get 'token.secret'
cookieName: Config.get 'token.cookieName'
fastify.register require 'fastify-cookie'
fastify.decorate 'authenticate', (req,rep) ->
try
await req.jwtVerify maxAge: Config.get 'token.maxAge'
catch err
rep.status(403).send err
return
JSON Web Token (scope) Authorization
jwtAuthz = require 'fastify-jwt-authz'
fastify.register jwtAuthz
Some routes…
fastify.register (require './routes/api-v1'), prefix: '/api/v1'
fastify.register (require './routes/meta'), prefix: '/meta'
fastify.register (require './routes/root')
Some static content.
Notice the `decorateReply` on the first route, this allows you
to register multiple static routes.
Content = require 'fastify-static'
path = require 'path'
fastify.register Content,
root: path.join __dirname, '../demo/dist'
prefix: '/demo/'
schemaHide: true
decorateReply: false
fastify.register Content,
root: path.join __dirname, '../front/dist'
prefix: '/'
schemaHide: true
Socket.io integration, if desired
if Config.get 'feature.io'
IO = require 'socket.io'
io = new IO fastify.server, {}
fastify.decorate 'io', io
io.on 'connection', (require './io')
MongoDB client, if desired
if Config.has 'feature.mongo'
fastify.register (require 'fastify-mongodb'),
forceClose: true
url: Config.get 'feature.mongo'
Module or Application?
module.exports = fastify
if require.main is module
do ->
address = await fastify.listen (Config.get 'fastify.port'), (Config.get 'fastify.host')
console.log fastify.printRoutes()
console.log "Server listening on #{address}"
return