Repository  -  API  -  Source


December 5, 2016

Rewrote authentication logic – it now supports Auth0 style authentication: expiring "access tokens" and "refresh tokens" (with automatic token refresh feature).

Breaking changes:

  • authentication used to be a function. Now it's an object rather than a function.
  • authentication : function(payload) -> authentication.userInfo : function(payload)
  • Added authentication.refreshAccessToken(ctx) optional parameter for automatically refreshing expired tokens
  • Route handlers (including api route handlers) are no longer bound to this, use the new ctx parameter instead: ({ ... }, { ..., ctx }) => {}
  • jwt() function parameters renamed: user_id -> userId, jwt_id -> tokenId. expiresIn parameter added. keys parameter changed to a single key (pass it like key: keys[0])
  • authentication_token_id and authentication_token route handler parameters removed (use accessTokenId and accessToken instead)
  • ctx.authenticate() function removed (wasn't used at all). Renamed: ctx.jwt_id -> ctx.accessTokenId, ctx.jwt -> ctx.accessToken, ctx.authentication_error -> removed, ctx.token_data -> ctx.accessTokenPayload
  • authentication.validate_token option removed
  • parse_body option renamed to parseBody


  • Fix for Date parsing regular expression


May 11, 2016
  • Added HTTP error "429 Too Many Requests"


  • JWT is now only looked up in the HTTP Authorization header. JWT is no more looked up in the authentication cookie since it's prone to Cross-Site Request Forgery attacks.


November 9, 2016
  • (breaking change) file upload's stream function now takes an extra fields attribute (form fields)
    • (breaking change) removed postprocess option of file upload (use process instead)
    • (breaking change) file upload respond is now synchronous
    • now exporting a basic generateUniqueFilename(path) helper function


  • routing and api now don't wrap primitives into a JSON object when sending HTTP response


  • Fixed HTTP status 204 being sent instead of 200 for HEADs, GETs, POSTs and PATCHes.


  • Added Date parsing for routing (and api) parameters


  • http utility now rejects the Promise with the error slightly different from what it was in 0.1.x: it used to have .code property set to HTTP response status, but now that .code property is renamed to .status (I guess the new name better suits it)


July 8, 2016
  • Fixed a bug of PUT and DELETE HTTP queries must not return any content error being thrown when a Promise is returned from a route handler


  • Placed a restriction on PUT and DELETE HTTP queries to not return any content
    • Added date_parser to http utility


  • Fixed returning Promises in routes resolving to strange objects of form { _c: [], _s: 0, _d: false, _h: 0, _n: false }


  • Renamed to_name to just name for proxying


  • detect_locale now sets ctx.locale variable which can be read, for example, in route handlers as this.locale



  • Renamed http utility (which is passed inside parameters object of route handlers) to internal_http, emphasizing the fact that it should only be used to send HTTP requests to your own servers because it will also send JWT token header and therefore it would expose that sensitive information to a third party if used for external HTTP requests.


  • Added stream(file, response) parameter for file_upload which bypasses writing the uploaded files to disk. stream must either return a Promise (the resolved value will be later sent back in HTTP response) or stream response data directly to HTTP response. If stream is set, then process won't be called.


  • Added process parameter for file_upload which can process each file individually in parallel returning a result, while postprocess is applied at the end when all files are uploaded and processed.


  • Parallelized file upload
    • A little breaking change of on_file_uploaded function parameters: now takes an object.


  • Added short-hand aliases for file_upload and serve_static_files. Refactored file_upload function call parameters.


  • Removed development option. Checking NODE_ENV now.


  • Fixed bugs found by @once-ler. Introduced development option.


  • Initial release