
Kraken builds upon express and enables environment-aware, dynamic configuration, advanced middleware capabilities, security, and app lifecycle events. For more information and examples check out krakenjs.com
'use strict';
var express = require('express'),
kraken = require('kraken-js');
var app = express();
app.use(kraken());
app.listen(8000);
kraken([options])
kraken-js is used just like any normal middleware, however it does more than just return a function; it configures a complete express 4 application. See below for a list of features, but to get started just use it like middleware.
app.use(kraken());
// or to specify a mountpath for your application:
// app.use('/mypath', kraken());
// Note: mountpaths can also be configured using the
// `express:mountpath` config setting, but that setting
// will be overridden if specified in code.
Pass the following options to kraken via a config object such as this:
var options = {
onconfig: function (config, callback) {
// do stuff
callback(null, config);
}
};
// ...
app.use(kraken(options));
Note: All kraken-js configuration settings are optional.
basedir (String, optional)The working directory for kraken to use. kraken loads configuration files,
routes, and registers middleware so this directory is the path against all relative paths are resolved. The default value
is the directory of the file that uses kraken, which is generally index.js (or server.js).
onconfig (Function, optional)Provides an asynchronous hook for loading additional configuration. When invoked, a
confit configuration object containing all loaded configuration value passed
as the first argument, and a callback as the second. The signature of this handler is function (config, callback)
and the callback is a standard error-back which accepts an error as the first argument and the config object as the
second, e.g. callback(null, config).
protocols (Object, optional)Protocol handler implementations for use when processing configuration. For more information on protocols see shortstop and shortstop-handlers. By default, kraken comes with a set of shortstop protocols which are described in the "Config Protocols" section below, but you can add your own by providing an object with the protocol names as the keys and their implementations as properties, for example:
var options = {
protocols: {
file: function file(value, callback) {
fs.readFile(value, 'utf8', callback);
}
}
};
onKrakenMount (Function, optional)Provides a synchronous hook which executes once kraken mounts. It takes an express app instance as the first argument, and options as the second. The signature of this handler is function (app, options).
uncaughtException (Function, optional)Handler for uncaughtException errors outside of the middleware chain. See the endgame module for defaults.
For uncaught errors in the middleware chain, see shutdown middleware instead.
kraken comes with the following shortstop protocol handlers by default:
import:Merge the contents of the specified file into configuration under a given key.
{
"foo": "import:./myjsonfile"
}
config:Replace with the value at a given key. Note that the keys in this case are dot (.) delimited.
{
"foo": {
"bar": true
},
"foobar": "config:foo.bar"
}
path:The path handler is documented in the shortstop-handlers repo.
file:The file handler is documented in the shortstop-handlers repo.
base64:The base64 handler is documented in the shortstop-handlers repo.
env:The env handler is documented in the shortstop-handlers repo.
require:The require handler is documented in the shortstop-handlers repo.
exec:The exec handler is documented in the shortstop-handlers repo.
glob:The glob handler is documented in the shortstop-handlers repo.
resolve:The resolve handler is documented in the shortstop-resolve repo.
Using environment suffixes, configuration files are applied and overridden according to the current environment as set
by NODE_ENV. The application looks for a ./config directory relative to the basedir and looks for config.json as the baseline config specification. JSON files matching the current env are processed and loaded. Additionally, JSON configuration files may contain comments.
Valid NODE_ENV values are undefined or dev[elopment] (uses development.json), test[ing] (uses test.json), stag[e|ing] (uses staging.json), prod[uction] (uses config.json). Simply add a config file with the name, to have it read only in that environment, e.g. config/development.json.
Much like configuration, you shouldn't need to write a lot of code to determine what's in your middleware chain. meddleware is used internally to read,
resolve, and register middleware with your express application. You can either specify the middleware in your config.json or {environment}.json, (or) import it from a separate json file using the import protocol mentioned above.
Kraken comes with common middleware already included in its config.json file. The following is a list of the included middleware and their default configurations which can be overridden in your app's configuration:
* "shutdown" - internal middleware which handles graceful shutdowns in production environments
- Priority - 0
- Enabled - true if not in a development environment
- Module - "kraken-js/middleware/shutdown"
- Arguments (Array)
- Object
- "timeout" - milliseconds (default: 30000)
- "template" - template to render (default: null)
- "shutdownHeaders" - custom headers to write while still disconnecting.
- "uncaughtException" - custom handler - function (error, req, res, next) - for uncaught errors. Default behavior is to log the error and then trigger shutdown.
* "compress" - adds compression to server responses
- Priority - 10
- Enabled - false (disabled in all environments by default)
- Module - "compression" (npm)
* "favicon" - serves the site's favicon
- Priority - 30
- Module - "serve-favicon" (npm)
- Arguments (Array)
- String - local path to the favicon file (default: "path:./public/favicon.ico")
* "static" - serves static files from a specific folder
- Priority - 40
- Module - "serve-static" (npm)
- Arguments (Array)
- String - local path to serve static files from (default: "path:./public")
* "logger" - logs requests and responses
- Priority - 50
- Module - "morgan" (npm)
- Arguments (Array)
- String - log format type (default: "combined")
* "json" - parses JSON request bodies
- Priority - 60
- Module - "body-parser" (npm)
- Method - "json"
* "urlencoded" - parses URL Encoded request bodies
- Priority - 70
- Module - "body-parser" (npm)
- Method - "urlencoded"
- Arguments (Array)
- Object
- "extended" (Boolean) - parse extended syntax with the qs module (default: true)
* "multipart" - parses multipart FORM bodies
- Priority - 80
- Module - "kraken-js/middleware/multipart" (delegates to formidable)
* "cookieParser" - parses cookies in request headers
- Priority - 90
- Module - "cookie-parser" (npm)
- Arguments (Array)
- String - secret used to sign cookies (default: "keyboard cat")
* "session" - maintains session state
- Priority - 100
- Module - "express-session" (npm)
- Arguments (Array)
- Object
- "key" (String) - cookie name (default: "connect.sid")
- "secret" (String) - secret used to sign session cookie (default: "keyboard cat")
- "cookie" (Object) - describing options for the session cookie
- "path" (String) - base path to verify cookie (default: "/")
- "httpOnly" (Boolean) - value indicating inaccessibility of cookie in the browser (default: true)
- "maxAge" (Number) - expiration of the session cookie (default: null)
- "resave" (Boolean) - value indicating whether sessions should be saved even if unmodified (default: true)
- "saveUninitialized" (Boolean) - value indicating whether to save uninitialized sessions (default: true)
- "proxy" (Boolean) - value indicating whether to trust the reverse proxy (default: null, inherit from express)
* "appsec" - secures the application against common vulnerabilities (see Application Security below)
- Priority - 110
- Module - "lusca" (github)
- Arguments (Array)
- Object
- "csrf" (Boolean|Object) - value indicating whether to require CSRF tokens for non GET, HEAD, or OPTIONS requests, or an options object to configure CSRF protection (default: true)
- "xframe" (String) - value for the X-Frame-Options header (default: "SAMEORIGIN")
- "p3p" (String|Boolean) - the Compact Privacy Policy value or false if not used (default: false)
- "csp" (Object|Boolean) - options configuring Content Security Policy headers or false if not used (default: false)
* "router" - routes traffic to the applicable controller
- Priority - 120
- Module - "express-enrouten" (npm)
- Arguments (Array)
- Object
- "index" (String) - path to the single file to load (default: "path:./routes")
Additional notes:
- The session middleware defaults to using the in-memory store. This is not recommended for production applications and the configuration should be updated to use a shared resource (such as Redis or Memcached) for session storage.
- You can change the routes which are affected by the middleware by providing a top-level option of route. In express deployments, it is common to re-route where static files are served which can be accomplished like so:
// include this in your own config.json and this will merge with the Kraken defaults
// NB: if you use kraken-devtools you must re-route that as well in development.json!
{
"static": {
"route": "/static"
}
}
In any non-trivial Kraken deployment you will likely need to extend the included middleware. Common middleware which need extension include cookie parsing and session handling. In those particular cases, the secrets used should be updated:
```js { // include this in your own config.json and this will merge with the Kraken defaults "middleware": {
"cookieParser": {
"module": {
"arguments": [ "your better secret value" ]
}
},
"session": {
"module": {
// NB: arrays like 'arguments' are not merged but rather replaced, so you must
// include all required configuration options here.
"arguments": [
{
"secret": "a much better secret",
"cookie": {
"path": "/",
"httpOnly": true,
"maxAge": null
},
"resave": true,
$ claude mcp add kraken-js \
-- python -m otcore.mcp_server <graph>