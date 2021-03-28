Ravel

Forge past a tangle of modules. Make a cool app.

Ravel is a tiny, sometimes-opinionated foundation for creating organized, maintainable, and scalable web applications in node.js with ES2016/2017.

Note: The main branch may be in an unstable or even broken state during development. Please use releases instead of the main branch to explore stable code.

Table of Contents

Introduction

Ravel is inspired by the simplicity of koa and express, but aims to provide a pre-baked, well-tested and highly modular solution for creating enterprise web applications by providing:

A standard set of well-defined architectural components so that your code stays organized

Rapid REST API definition

definition Easy bootstrapping via an enforced, reference configuration of koa with critical middleware

via an enforced, reference configuration of koa with critical middleware Dependency injection (instead of relative require s)

And a few other features, plucked from popular back-end frameworks:

Transaction-per-request

Simple authentication and authentication configuration (no complex passport setup)

(Optional) externalized session storage for horizontal scalability

Ravel is deliberately designed to minimize unnecessary dependencies and have a small, well-documented codebase, making it easier to create secure and robust applications you and your users can trust.

Ravel is layered on top of, and designed to be used with, awesome technologies, including:

Installation

As Ravel uses async/await and several other ES2015/2016 features, you will need to use a 8.0.x+ distribution of node

$ npm install ravel

Architecture

Ravel applications consist of a few basic parts:

Modules: plain old classes which offer a great place to define modular application logic, middleware, authentication logic, etc.

plain old classes which offer a great place to define modular application logic, middleware, authentication logic, etc. Middleware a familiar concept from express or koa -like frameworks, middleware are chained functions which run in sequence against a request to a specific route.

a familiar concept from or -like frameworks, middleware are chained functions which run in sequence against a request to a specific route. Routes: a low-level place for general routing logic

a low-level place for general routing logic Resources: built on top of Routes , Resource s are REST-focused

built on top of , s are REST-focused Errors: Node.js Error s which are associated with an HTTP response code. throw them in your code and Routes and Resource s will automatically produce responses with a matching status.

If you're doing it right, your applications will consist largely of Module s, with a thin layer of Routes and Resource s on top.

Modules (and Errors)

Module s are plain old node.js modules exporting a single class which encapsulates application logic. Module s support dependency injection of core Ravel services and other Modules alongside npm dependencies (no relative require 's!). Module s are instantiated safely in dependency-order, and cyclical dependencies are detected automatically.

For more information about Module s, look at Ravel.Module below.

modules/cities.js

const Ravel = require ( 'ravel' ); const Error = Ravel.Error; const Module = Ravel.Module; const inject = Ravel.inject; class MissingCityError extends Error { constructor (name) { super ( `City ${name} does not exist.` , Ravel.httpCodes.NOT_FOUND); } } @inject( 'moment' , '$log' ) @Module( 'cities' ) class Cities { constructor (moment, $log) { this .moment = moment; this .$log = $log this .cities = [ 'Toronto' , 'New York' , 'Chicago' ]; } getAllCities () { return Promise .resolve( this .cities); } getCity (name) { return new Promise ( ( resolve, reject ) => { const index = this .cities.indexOf(name); if (index !== -1 ) { resolve( this .cities[index]); } else { this .$log.warn( `User requested unknown city ${name} ` ); reject( new MissingCityError(name)); } }); } } module .exports = Cities;

Middleware

Ravel middleware takes the form of an async function and is defined within Modules , either directly or via a factory pattern:

modules/cities.js

const Ravel = require ( 'ravel' ); const Module = Ravel.Module; const middleware = Module.middleware; class MyMiddleware { @middleware( 'custom-middleware' ) async doSomething(ctx, next) { await next(); } @middleware( 'another-middleware' , { factory : true }) anotherMiddlewareFactory (arg1, arg2) { return async (ctx, next) { await next(); } } }

Routes

Routes are Ravel 's lower-level wrapper for koa ( Resource s are the higher-level one). They support HEAD, GET, POST, PUT, PATCH and DELETE requests, and middleware, via decorators. Like Module s, they also support dependency injection. Though Routes can do everything Resources can do, they are most useful for implementing non-REST things, such as static content serving, proxying, etc. If you want to build a REST API, use Resource s instead (they're up next!).

For more information about Routes , look at Ravel.Routes below.

routes/index.js

const Ravel = require ( 'ravel' ); const Routes = Ravel.Routes; const inject = Ravel.inject; const before = Routes.before; const mapping = Routes.mapping; @Routes( '/' ) class ExampleRoutes { @mapping(Routes.GET, 'app' ) @before( 'custom-middleware' ) async appHandler (ctx) { ctx.body = '<!DOCTYPE html><html><body>Hello World!</body></html>' ; ctx.status = 200 ; } @mapping(Routes.GET, 'log' ) @before( 'another-middleware' , 1 , 2 , 'custom-middleware' ) async logHandler (ctx) { } } module .exports = ExampleRoutes;

Resources

What might be referred to as a controller in other frameworks, a Resource module defines HTTP methods on an endpoint, supporting the session-per-request transaction pattern via Ravel middleware. Resource s also support dependency injection, allowing for the easy creation of RESTful interfaces to your Module -based application logic. Resources are really just a thin wrapper around Routes , using specially-named handler functions ( get , getAll , head , headAll , post , put , putAll , patch , patchAll , delete , deleteAll ) instead of @mapping . This convention-over-configuration approach makes it easier to write proper REST APIs with less code, and is recommended over "carefully chosen" @mapping s in a Routes class.

For more information about Resource s, look at Ravel.Resource below.

resources/city.js

const Ravel = require ( 'ravel' ); const Resource = Ravel.Resource; const inject = Ravel.inject; const before = Resource.before; @inject( 'cities' ) @Resource( '/cities' ) class CitiesResource { constructor (cities) { this .cities = cities; } async getAll (ctx) { ctx.body = await this .cities.getAllCities(); } @before( 'custom-middleware' ) @before( 'another-middleware' , 1 , 2 ) async get (ctx) { ctx.body = await this .cities.getCity(ctx.params.id); } } module .exports = CitiesResource;

Bringing it all together

app.js

const app = new require ( 'ravel' )(); app.set( 'keygrip keys' , [ 'mysecret' , 'anothersecret' ]); app.scan( './modules' ); app.scan( './resources' ); app.scan( './routes/index.js' ); app.start();

Decorator Transpilation

Since decorators are not yet available in Node, you will need to use a transpiler to convert them into ES2016-compliant code. We have chosen Babel as our recommended transpiler.

$ npm install @babel/core@7.5.5 @babel/plugin-proposal-decorators@7.4.4 gulp-babel@8.0.0

gulpfile.js

const babelConfig = { 'plugins' : [[ '@babel/plugin-proposal-decorators' , { 'legacy' : true }]] }; gulp.task( 'transpile' , function ( ) { return gulp.src( 'src/**/*.js' ) .pipe(plugins.babel(babelConfig)) .pipe(gulp.dest( 'dist' )); });

Running the Application

$ node dist/app.js

API Documentation

Ravel App

A Ravel application is a root application file (such as app.js ), coupled with a collection of files exporting Module s, Resource s and Routes (see Architecture for more information). Getting started is usually as simple as creating app.js :

app.js

const Ravel = require ( 'ravel' ); const app = new Ravel(); ( async ( ) => { await app.init(); await app.listen(); })();

Managed Configuration System

Traditional node appliations often rely on process.env for configuration. This can lead to headaches when an expected value is not declared in the environment, a value is supplied but doesn't match any expected ones, or the name of an environment variable changes and refactoring mistakes are made. To help mitigate this common issue, Ravel features a simple configuration system which relies on three methods:

Create managed parameters with app.registerParameter() :

app.js

const Ravel = require ( 'ravel' ); const app = new Ravel(); app.registerParameter( 'my optional parameter' ); app.registerParameter( 'my required parameter' , true ); app.registerParameter( 'my third parameter' , true , 'some value' ); ( async ( ) => { await app.init(); await app.listen(); })();

Many Ravel plugin libraries will automatically create parameters which you will have to supply values for. These parameters will be documented in their README.md .

Provide values via app.set() . Setting an unknown parameter will result in an Error .

app.js

const Ravel = require ( 'ravel' ); const app = new Ravel(); app.registerParameter( 'my optional parameter' ); ( async ( ) => { await app.init(); app.set( 'my optional parameter' , 'some value' ); app.set( 'an unknown parameter' , 'some value' ); await app.listen(); })();

Retrieve values via app.get() . Retrieving an unknown parameter will result in an Error .

app.js

const Ravel = require ( 'ravel' ); const app = new Ravel(); app.registerParameter( 'my required parameter' , true , 'default value' ); ( async ( ) => { await app.init(); app.set( 'my required parameter' , 'some value' ); app.get( 'my required parameter' ) === 'some value' ; await app.listen(); })();

Core parameters

Ravel has several core parameters:

app.set( 'keygrip keys' , [ 'my super secret key' , 'another super secret key' ]); app.set( 'redis host' , undefined ); app.set( 'redis port' , 6379 ); app.set( 'redis password' , undefined ); app.set( 'redis max retries' , 10 ); app.set( 'port' , 8080 ); app.set( 'https' , false ) app.set( 'https options' , {}) app.set( 'log level' , true , app.$log.DEBUG); app.set( 'log format' , true , '[%(date)s] %(name)s.%(levelname)s: %(message)s' ); app.set( 'log colors' , true , true ); app.set( 'session key' , 'ravel.sid' ); app.set( 'session max age' , null ); app.set( 'session secure' , true ); app.set( 'session rolling' , false ); app.set( 'session samesite' , null ); app.set( 'app route' , '/' ); app.set( 'login route' , '/login' ); app.set( 'public directory' , undefined ); app.set( 'favicon path' , undefined ); app.set( 'enable websockets' , true ); app.set( 'max websocket payload bytes' , 100 * 1024 * 1024 ); app.set( 'redis websocket channel prefix' , 'ravel.ws' );

To make it easier to supply configuration values to Ravel, a .ravelrc.json file can be placed beside app.js (or in any parent directory of app.js ). This is the recommended method of setting parameters.

.ravelrc.json

{ "keygrip keys" : [ "my super secret key" , "another super secret key" ] }

You can also use environment variables in .ravelrc.json file which will be interpolated using process.env at startup time:

{ "keygrip keys" : " $MY_SUPER_SECRET_KEY " , "mysql connection string" : "mysql:/// $MYSQL_USER : $MYSQL_PASSWORD @ $MYSQL_HOST : $MYSQL_PORT / $MYSQL_DB " }

This is the base Error type for Ravel, meant to be extended into semantic errors which can be used within your applications. When you create a custom Ravel.Error , you must provide an associated HTTP status code, which Ravel will automatically respond with if an HTTP request results in that particular Error being thrown. This helps create meaningful status codes for your REST APIs while working within traditional node error-handling paradigms ( throw/try/catch and Promise.reject() ). Errors are generally best-declared within Module , Resource or Routes files (and not exported), closest to where they are used. If necessary, create a Module to group and export them.

at the top of some Module , Resource or Routes file (we'll get to this next)

const Ravel = require ( 'ravel' ); class UploadError extends Ravel . Error { constructor (msg) { super (msg, Ravel.httpCodes.BAD_REQUEST); } }

Module s are meant to contain the bulk of your application logic, either to support endpoints defined in Resource s and Routes , or to perform tasks at specific points during the Ravel lifecycle (see Lifecycle Decorators below).

Here's a simple module:

modules/my-module.js

const Ravel = require ( 'ravel' ); const inject = Ravel.inject; const Module = Ravel.Module; @Module( 'mymodule' ) @inject( 'path' , 'fs' , 'custom-module' , 'plain-class' ) class MyModule { constructor (path, fs, custom, plain) { this .path = path; this .fs = fs; this .custom = custom; this .plain = plain; } aMethod () { } async anAsyncMethod () { } } module .exports = MyModule;

Dependency Injection and Module Registration

Ravel's dependency injection system is meant to address several issues with traditional require() s:

Using require() with one's own modules in a complex project often results in statements like this: require('../../../../my/module'); . This issue is especially pronounced when require() ing source modules in test files.

with one's own modules in a complex project often results in statements like this: . This issue is especially pronounced when ing source modules in test files. Cyclical dependencies between modules are not always obvious in a large codebase, and can result in unexpected behaviour.

Ravel addresses this with the the @inject decorator:

modules/my-module.js

const Ravel = require ( 'ravel' ); const inject = Ravel.inject; const Module = Ravel.Module; @Module( 'mymodule' ) @inject( 'another-module' ) class MyModule { constructor (another) { this .another = another; } } module .exports = MyModule;

The injection name of another-module is inferred from its filename, but can be overriden via the @Module('custom-name') decorator.

If runnning app.scan('./modules') :

'./modules/my-module' will be injectable as 'my-module'

will be injectable as './modules/another-module' will be injectable as 'another-module'

will be injectable as './modules/package/another-module' will be injectable as 'package.another-module'

Module s are singletons which are instantiated in dependency-order (i.e. if A depends on B , B is guaranteed to be constructed first). Cyclical dependencies are detected automatically and result in an Error .

To further simplify working with imports in Ravel, you can @inject Ravel services, the core node API, and npm dependencies (installed in your local node_modules or globally) alongside your own Module s:

const Ravel = require ( 'ravel' ); const inject = Ravel.inject; const Module = Ravel.Module; @Module( 'mymodule' ) @inject( 'another-module' , 'fs' , 'moment' , '$err' ) class MyModule { constructor (another, fs, moment, $err) { } } module .exports = MyModule;

To avoid constructors which simply perform assignments, Ravel includes the @autoinject decorator which can perform assignments for you:

modules/my-module.js

const Ravel = require ( 'ravel' ); const inject = Ravel.inject; const Module = Ravel.Module; @Module( 'mymodule' ) @inject( 'another' ) @autoinject( 'fs' , 'moment' , '$err' ) class MyModule { constructor (another) { this .another = another; } method () { } } module .exports = MyModule;

Core Services

Several core Ravel services are available for injection within your Module s, Resource s and Routes :

@inject('$app') - A reference to the ravel app object itself

- A reference to the ravel app object itself @inject('$err') - Built-in error types

- Built-in error types @inject('$log') - A logger scoped to the target module

- A logger scoped to the target module @inject('$kvstore') - A reference to the internal redis connection (or mock, in the case where no external redis is supplied)

- A reference to the internal redis connection (or mock, in the case where no external redis is supplied) @inject('$params') - A read-only reference to the parameter system, to retrieve parameter values

- A read-only reference to the parameter system, to retrieve parameter values @inject('$db') - A mechanism for creating scoped transactions. See Scoped Transactions below for more information.

Module Namespacing

In a large project, it may become desirable to namespace your Module s to avoid naming conflicts. This is easily accomplished with Ravel by separating source files for Module s into different directories. Let's assume the following project structure:

app .js .ravelrc .json modules/ core/ my-module .js util/ my-module .js

Then, import the Module directory as before, using app.scan() :

app.js

const app = new Ravel(); app.scan( './modules' );

Essentially, Ravel ignores the path you pass to app.scan() and uses any remaining path components to namespace Module s.

Lifecycle Decorators

Module s are also a great place to define logic which should run at particular points during the Ravel lifecycle. Decorating a Module method with a lifecycle decorator appropriately results in that method firing exactly once at the specified time (with the exception of @interval , of course):

const Ravel = require ( 'ravel' ); const Module = Ravel.Module; const prelisten = Module.prelisten; @Module( 'init-module' ) class MyInitModule { @prelisten initDBTables () { } } module .exports = MyInitModule;

There are currently six lifecycle decorators:

@postinit fires at the end of Ravel.init()

fires at the end of @prelisten fires at the beginning of Ravel.listen()

fires at the beginning of @postlisten fires at the end of Ravel.listen()

fires at the end of @preclose fires at the beginning of Ravel.close()

fires at the beginning of @interval(1000) fires at the end of Ravel.listen() and then repeatedly at the specified interval until Ravel.close()

fires at the end of and then repeatedly at the specified interval until @koaconfig fires during Ravel.init() , after Ravel is finished configuring the underlying koa app object with global middleware. Methods decorated with @koaconfig receive a reference to the underlying koa app object for customization. This decorator is meant for exceptional circumstances, since (unnecessarily) global middleware constitutes a hot path and can lead to inefficiency.

Routes are Ravel's abstraction of koa . They provide Ravel with a simple mechanism for registering koa routes, which should (generally) only be used for serving templated pages or static content (not for building RESTful APIs, for which Ravel.Resource is more applicable). Extend this abstract superclass to create a Routes module.

Like Module s, Routes classes support dependency injection, allowing easy connection of application logic and web layers.

Endpoints are created within a Routes class by creating an async method and then decorating it with @mapping . The @mapping decorator indicates the subpath for the route (concatenated with the base path passed to super() in the constructor ), as well as the HTTP verb. The method handler accepts a single argument ctx which is a koa context. Savvy readers with koa experience will note that, within the handler, this refers to the instance of the Routes class (to make it easy to access injected Module s), and the passed ctx argument is a reference to the koa context.

Unlike @koa/router , Ravel's internal router attempts to ensure predictability at runtime, by sorting routes predictably according to a set of rules. As a result, declaration order should have significantly less impact on the function of your routes, which is critical given that that order is not immediately obvious due to Ravel's dependency-injection-focused approach.

routes/my-routes.js

const inject = require ( 'ravel' ).inject; const Routes = require ( 'ravel' ).Routes; const mapping = Routes.mapping; const before = Routes.before; @inject( 'koa-bodyparser' , 'fs' , 'custom-module' ) @Routes( '/' ) class MyRoutes { constructor (bodyParser, fs, custom) { this .bodyParser = bodyParser(); this .fs = fs; this .custom = custom; } @mapping(Routes.GET, 'app' ); @before( 'bodyParser' ) async appHandler (ctx) { ctx.status = 200 ; ctx.body = '<!doctype html><html></html>' ; } } module .exports = MyRoutes;

Registering Routes

Much like Module s, Routes can be added to your Ravel application via app.scan('path/to/routes') :

app.js

const app = new Ravel(); app.scan( './routes' );

What might be referred to as a controller in other frameworks, a Resource module defines HTTP methods on an endpoint. Resource s also support dependency injection, allowing for the easy creation of RESTful interfaces to your Module -based application logic. Resources are really just a thin wrapper around Routes , using specially-named handler methods ( get , getAll , post , put , putAll , delete , deleteAll ) instead of @mapping . This convention-over-configuration approach makes it easier to write proper REST APIs with less code, and is recommended over carefully chosen @mapping s in a Routes class. Omitting any or all of the specially-named handler functions is fine, and will result in a 501 NOT IMPLEMENTED status when that particular method/endpoint is requested. Resource s inherit all the properties, methods and decorators of Routes . See core/routes for more information. Note that @mapping does not apply to Resources .

As with Routes classes, Resource handler methods are async functions which receive a koa context as their only argument.

resources/person-resource.js

const inject = require ( 'ravel' ).inject; const Resource = require ( 'ravel' ).Resource; const before = Routes.before; @inject( 'koa-bodyparser' , 'fs' , 'custom-module' ) @Resource( '/person' ) class PersonResource { constructor (convert, bodyParser, fs, custom) { this .bodyParser = bodyParser(); this .fs = fs; this .custom = custom; } @before( 'bodyParser' ) async getAll (ctx) { } async get (ctx) { } async post (ctx) {} async putAll (ctx) {} async put (ctx) {} async deleteAll (ctx) {} async delete (ctx) {} } module .exports = PersonResource;

Registering Resources

Much like Module s, Resource s can be added to your Ravel application via app.scan('path/to/resources/directory') :

app.js

const app = new Ravel(); app.scan( './resources' );

Response Caching

Ravel supports transparent response caching via the @cache decorator, which can be applied at both the class and method-level of Resource s and Routes . Method-level applications of @cache override class-level ones.

Method-level example

const Routes = require ( 'ravel' ).Routes; const mapping = Routes.mapping; const cache = Routes.cache; @Routes( '/' ) class MyRoutes { @cache @mapping(Routes.GET, '/projects/:id' ) async handler (ctx) { } }

Class-level example, with options

const Resource = require ( 'ravel' ).Resource; const cache = Resource.cache; @cache({ expire : 60 , maxLength : 100 }) @Resource( '/' ) class MyResource { constructor (bodyParser) { this .bodyParser = bodyParser(); } async get (ctx) { } }

Database Providers

A DatabaseProvider is a lightweight wrapper for a node database library (such as node-mysql) which performs all the complex set-up and configuration of the library automatically, and registers simple parameters which you must app.set (such as the database host ip). The true purpose of DatabaseProvider s is to reduce boilerplate code between applications, as well as facilitate Ravel's transaction-per-request system (coming up next). You may use as many different DatbaseProvider s as you wish in your application. Here's an example pulled from ravel-mysql-provider :

Example Setup

app.js

const app = new require ( 'ravel' )(); const MySQLProvider = require ( 'ravel-mysql-provider' ); new MySQLProvider(app, 'mysql' ); ( async ( ) => { await app.init(); })();

Example Configuration

.ravelrc.json

{ "mysql options" : { "host" : "localhost" , "port" : 3306 , "user" : "root" , "password" : "a password" , "database" : "mydatabase" , "idleTimeoutMillis" : 5000 , "connectionLimit" : 10 } }

List of Ravel DatabaseProvider s

Ravel currently supports several DatabaseProvider s via external libraries.

If you've written a DatabaseProvider and would like to see it on this list, contact us or open an issue/PR against this README!

The @transaction decorator is Ravel's way of automatically opening (and managing) database connections for a Routes or Resource handler method. It is available for import as Routes.transaction or Resource.transaction .

When used at the method-level, @transaction opens connections for that specific handler method. When used at the class-level, it open connections for all handler methods in that Route or Resource class.

Connections are available within the handler method as an object ctx.transaction , which contains connections as values and DatabaseProvider names as keys. Connections will be closed automatically when the endpoint responds (do not close them yourself), and will automatically roll-back changes if a DatabaseProvider supports it (generally a SQL-only feature).

resources/person-resource.js

const Resource = require ( 'ravel' ).Resource; const transaction = Resource.transaction; @Resource( '/person' ) class PersonResource { @transaction( 'mysql' ) async get (ctx) { ctx.body = await new Promise ( ( resolve, reject ) => { ctx.transaction.mysql.query( 'SELECT 1' , (err, rows) => { if (err) return reject(err); resolve(rows); }); }); } } module .exports = PersonResource;

Scoped Transactions

Sometimes, you may need to open a transaction outside of a code path triggered by an HTTP request. Good examples of this might include database initialization at application start-time, or logic triggered by a websocket connection. In these cases, a Module class can open a scoped transaction using the names of the DatabaseProviders you are interested in, and an async function (scope) in which to use the connections. Scoped transactions only exist for the scope of the async function and are automatically cleaned up at the end of the function. It is best to view Module.$db.scoped() as an identical mechanism to @transaction , behaving in exactly the same way, with a slightly different API:

modules/database-initializer.js

const Module = require ( 'ravel' ).Module; const autoinject = require ( 'ravel' ).autoinject; const prelisten = Module.prelisten; @Module( 'db-init' ) @autoinject( '$db' , '$log' ) class DatabaseInitializer { @prelisten doDbInit (ctx) { const self = this ; this .$db.scoped( 'mysql' , async function ( ctx ) { await self.createTables(ctx.transaction.mysql); await self.insertRows(ctx.transaction.mysql); }).catch( ( err ) => { self.$log.error(err.stack); process.exit( 1 ); }); } createTables (mysqlConnection) { } insertRows (mysqlConnection) { } } module .exports = DatabaseInitializer;

Authentication Providers

An AuthenticationProvider is a lightweight wrapper for a Passport provider library (such as passport-github) which performs all the complex set-up and configuration of the library automatically, and registers simple parameters which you must app.set (such as OAuth client ids and secrets). The purpose of AuthenticationProvider s is to reduce boilerplate code between applications, and simplify often complex Passport configuration code. You may use as many different AuthenticationProvider s as you wish in your application. Here's an example pulled from ravel-github-oauth2-provider :

Example Setup

app.js

const app = new require ( 'ravel' )(); const GitHubProvider = require ( 'ravel-github-oauth2-provider' ); new GitHubProvider(app); ( async ( ) => { await app.init(); });

Example Configuration

.ravelrc.json

{ "github auth callback url" : "http://localhost:8080" , "github auth path" : "/auth/github" , "github auth callback path" : "/auth/github/callback" , "github client id" : "YOUR_CLIENT_ID" , "github client secret" : "YOUR_CLIENT_SECRET" }

You'll also need to implement an @authconfig module like this:

modules/authconfig.js

; const Ravel = require ( 'ravel' ); const inject = Ravel.inject; const Module = Ravel.Module; const authconfig = Module.authconfig; @authconfig @Module( 'authconfig' ) @inject( 'user-profiles' ) class AuthConfig { constructor (userProfiles) { this .userProfiles = userProfiles; } serializeUser (profile) { return Promise .resolve(profile.id); } deserializeUser (id) { return this .userProfiles.getProfile(id); } verify (providerName, ...args) { } } module .exports = AuthConfig;

List of Ravel AuthenticationProvider s

Ravel currently supports several AuthenticationProvider s via external libraries.

If you've written an AuthenticationProvider and would like to see it on this list, contact us or open an issue/PR against this README!

Authentication

Once you've registered an AuthenticationProvider , requiring users to have an authenticated session to access a Routes or Resource endpoint is accomplished via the @authenticated decorator, which can be used at the class or method level:

Note: the @authenticated decorator works the same way on Routes and Resource classes/methods

const Routes = require ( 'ravel' ).Routes; const mapping = Routes.mapping; const authenticated = Routes.authenticated; @authenticated @Routes( '/' ) class MyRoutes { @authenticated({ redirect : true }) @mapping(Routes.GET, 'app' ) async handler (ctx) { } }

WebSockets

Deployment and Scaling

Ravel is designed for horizontal scaling, and helps you avoid common pitfalls when designing your node.js backend application. In particular:

Session storage in Redis is highly recommended. Without it, you cannot safely replicate your Ravel app. When deploying multiple replicas of your Ravel app, be sure to app.set('redis host') to point to an external, shared redis server.

to point to an external, shared server. The internal koa application's app.proxy flag is set to true .

flag is set to . All Ravel dependencies are strictly locked (i.e. no use of ~ or ^ in package.json ). This helps foster repeatability between members of your team, as well as between development/testing/production environments. Adherence to semver in the node ecosystem is unfortunately varied at best, so it is recommended that you follow the same practice in your app as well.

or in ). This helps foster repeatability between members of your team, as well as between development/testing/production environments. Adherence to semver in the node ecosystem is unfortunately varied at best, so it is recommended that you follow the same practice in your app as well. While it is possible to color outside the lines, Ravel provides a framework for developing stateless backend applications, where all stateful data is stored in external caches or databases.

It is strongly encouraged that you containerize your Ravel app using an Alpine-based docker container, and then explore technologies such as docker-compose or kubernetes to appropriately scale out and link to (at least) the official redis container. An example project with a reference docker-compose environment for Ravel can be found in the starter project.

Ravel apps may either be TLS-terminated by the proxy in front of them, or communicate with that proxy over TLS via app.set('https', true) . When enabling https support, app.get('port') refers to the port which will now listen for https traffic. app.set('https options', {}) may be used in conjunction with options from here to set keys, certificates, etc. Ravel does not support exposing endpoints over http and https simultaneously, as it is recommended to exclusively use https via a terminating proxy or, if necessary, directly against the app.

Ravel does not explicitly require hiredis, but is is highly recommended that you install it alongside Ravel for improved redis performance.