http-server.md

Backend - HTTP (REST API) module

• Protects server by defining: Content Security Policy, DNS Prefetch Control, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, X-XSS-Protection
• Serves custom static paths
• Defines new routes (GET, POST, PUT, PATCH, DELETE)
• Provides CERN SSO authentication and e-groups authorization using OpenID Connect module
• Secures routes with JWT token

Instance

const {HttpServer} = require('@aliceo2/web-ui');
HttpServer({port: PORT, hostname: HOSTNAME, tls: TLS_ENABLED, portSecure: HTTPS_PORT, key: TLS_KEY, cert: TLS_CERT, autoListen: AUTO_LISTEN}, JWT_CONF, OPENID_CONF);

Where:

• HTTP_CONF consists of following fields:
  • PORT - HTTP port number
  • [HOSTNAME] - server's hostname which is required by Content Security Policy (default: localhost)
  • [TLS_ENABLED] - flag that enables/disables TLS (default: false)
  • [HTTPS_PORT] - HTTPS port number, TLS must be enabled
  • [TLS_KEY] - private key filepath, TLS must be enabled
  • [TLS_CERT] - certificate filepath, TLS must be enabled
  • [AUTO_LISTEN] - flag that enables/disables automatic listening (default: true)
  • [LIMIT] - controls the maximum request body size. Defaults to '100kb'.
• [JWT_CONF] - JWT module config, see JWT module
• [OPENID_CONF] - OpenID config, see OpenID Connect module

Public methods

listen

close

address

addStaticPath

get

post

put

patch

delete

Minimal server example

// Include required modules
const {HttpServer} = require('@aliceo2/web-ui');

// create instance of http server
const http = new HttpServer({
  port: 8080
});

// Server `public` folder
http.addStaticPath('public');

Route example

http.get('/hi', (req, res) => {
  res.status(200).json({message: 'hi'})
}, { public: true }); // turns off JWT verification