Agent-Skills.md

Agent Skills: Node.js Express Server

Build production-ready Express.js servers with middleware, authentication, routing, and database integration. Use when creating REST APIs, managing requests/responses, implementing middleware chains, and handling server logic.

UncategorizedID: aj-geddes/useful-ai-prompts/nodejs-express-server

Repository

aj-geddes/useful-ai-prompts
aj-geddesLicense: MIT
607

Install this agent skill to your local

pnpm dlx add-skill https://github.com/aj-geddes/useful-ai-prompts/tree/HEAD/skills/nodejs-express-server

Skill Files

Browse the full folder contents for nodejs-express-server.

Download Skill

Loading file tree…

skills/nodejs-express-server/SKILL.md

Skill Metadata

Name
nodejs-express-server
Description
Build production-ready Express.js servers with middleware, authentication, routing, and database integration. Use when creating REST APIs, managing requests/responses, implementing middleware chains, and handling server logic.

Node.js Express Server

Overview

Create robust Express.js applications with proper routing, middleware chains, authentication mechanisms, and database integration following industry best practices.

When to Use

  • Building REST APIs with Node.js
  • Implementing server-side request handling
  • Creating middleware chains for cross-cutting concerns
  • Managing authentication and authorization
  • Connecting to databases from Node.js
  • Implementing error handling and logging

Instructions

1. Basic Express Setup

const express = require("express");
const app = express();
const PORT = process.env.PORT || 3000;

// Middleware
app.use(express.json());
app.use(express.urlencoded({ extended: true }));

// Routes
app.get("/health", (req, res) => {
  res.json({ status: "OK", timestamp: new Date().toISOString() });
});

// Error handling
app.use((err, req, res, next) => {
  console.error(err.stack);
  res.status(err.status || 500).json({
    error: err.message,
    requestId: req.id,
  });
});

app.listen(PORT, () => {
  console.log(`Server running on port ${PORT}`);
});

2. Middleware Chain Implementation

// Logging middleware
const logger = (req, res, next) => {
  const start = Date.now();
  res.on("finish", () => {
    const duration = Date.now() - start;
    console.log(`${req.method} ${req.path} ${res.statusCode} ${duration}ms`);
  });
  next();
};

// Authentication middleware
const authenticateToken = (req, res, next) => {
  const token = req.headers["authorization"]?.split(" ")[1];
  if (!token) return res.status(401).json({ error: "No token" });

  jwt.verify(token, process.env.JWT_SECRET, (err, user) => {
    if (err) return res.status(403).json({ error: "Invalid token" });
    req.user = user;
    next();
  });
};

// Error catching middleware wrapper
const asyncHandler = (fn) => (req, res, next) => {
  Promise.resolve(fn(req, res, next)).catch(next);
};

app.use(logger);
app.use(express.json());
app.get("/protected", authenticateToken, (req, res) => {
  res.json({ user: req.user });
});

3. Database Integration (PostgreSQL with Sequelize)

const { Sequelize, DataTypes } = require("sequelize");

const sequelize = new Sequelize(
  process.env.DB_NAME,
  process.env.DB_USER,
  process.env.DB_PASS,
  {
    host: process.env.DB_HOST,
    dialect: "postgres",
    logging: false,
  },
);

const User = sequelize.define(
  "User",
  {
    id: {
      type: DataTypes.UUID,
      defaultValue: DataTypes.UUIDV4,
      primaryKey: true,
    },
    email: {
      type: DataTypes.STRING,
      unique: true,
      allowNull: false,
    },
    password: DataTypes.STRING,
    role: {
      type: DataTypes.ENUM("user", "admin"),
      defaultValue: "user",
    },
  },
  {
    timestamps: true,
  },
);

// Sync database
sequelize.sync({ alter: true });

4. Authentication with JWT

const jwt = require("jsonwebtoken");
const bcrypt = require("bcrypt");

const generateToken = (userId) => {
  return jwt.sign(
    { userId, iat: Math.floor(Date.now() / 1000) },
    process.env.JWT_SECRET,
    { expiresIn: "24h" },
  );
};

app.post(
  "/login",
  asyncHandler(async (req, res) => {
    const { email, password } = req.body;
    const user = await User.findOne({ where: { email } });

    if (!user) return res.status(404).json({ error: "User not found" });

    const validPassword = await bcrypt.compare(password, user.password);
    if (!validPassword)
      return res.status(401).json({ error: "Invalid password" });

    const token = generateToken(user.id);
    res.json({ token, user: { id: user.id, email: user.email } });
  }),
);

5. RESTful Routes with CRUD Operations

const userRouter = express.Router();

// GET all users (with pagination)
userRouter.get(
  "/",
  authenticateToken,
  asyncHandler(async (req, res) => {
    const { page = 1, limit = 20 } = req.query;
    const users = await User.findAndCountAll({
      offset: (page - 1) * limit,
      limit: parseInt(limit),
    });

    res.json({
      data: users.rows,
      pagination: { page, limit, total: users.count },
    });
  }),
);

// GET single user
userRouter.get(
  "/:id",
  authenticateToken,
  asyncHandler(async (req, res) => {
    const user = await User.findByPk(req.params.id);
    if (!user) return res.status(404).json({ error: "Not found" });
    res.json({ data: user });
  }),
);

// POST create user
userRouter.post(
  "/",
  asyncHandler(async (req, res) => {
    const { email, password } = req.body;
    const hashedPassword = await bcrypt.hash(password, 10);

    const user = await User.create({
      email,
      password: hashedPassword,
    });

    res.status(201).json({ data: user });
  }),
);

// PATCH update user
userRouter.patch(
  "/:id",
  authenticateToken,
  asyncHandler(async (req, res) => {
    const user = await User.findByPk(req.params.id);
    if (!user) return res.status(404).json({ error: "Not found" });

    await user.update(req.body, {
      fields: ["email", "role"],
    });

    res.json({ data: user });
  }),
);

// DELETE user
userRouter.delete(
  "/:id",
  authenticateToken,
  asyncHandler(async (req, res) => {
    const user = await User.findByPk(req.params.id);
    if (!user) return res.status(404).json({ error: "Not found" });

    await user.destroy();
    res.status(204).send();
  }),
);

app.use("/api/users", userRouter);

6. Error Handling Middleware

class AppError extends Error {
  constructor(message, statusCode) {
    super(message);
    this.statusCode = statusCode;
    Error.captureStackTrace(this, this.constructor);
  }
}

app.use((err, req, res, next) => {
  err.statusCode = err.statusCode || 500;

  if (err.name === "SequelizeValidationError") {
    return res.status(400).json({
      error: "Validation failed",
      details: err.errors.map((e) => ({ field: e.path, message: e.message })),
    });
  }

  if (process.env.NODE_ENV === "production") {
    return res.status(err.statusCode).json({
      error: err.message,
      requestId: req.id,
    });
  }

  res.status(err.statusCode).json({
    error: err.message,
    stack: err.stack,
  });
});

app.use((req, res) => {
  res.status(404).json({ error: "Route not found" });
});

7. Environment Configuration

require("dotenv").config();

const config = {
  port: process.env.PORT || 3000,
  env: process.env.NODE_ENV || "development",
  database: {
    url: process.env.DATABASE_URL,
    dialect: "postgres",
  },
  jwt: {
    secret: process.env.JWT_SECRET,
    expiresIn: "24h",
  },
  cors: {
    origin: process.env.CORS_ORIGIN || "http://localhost:3000",
  },
};

module.exports = config;

Best Practices

✅ DO

  • Use middleware for cross-cutting concerns
  • Implement proper error handling
  • Validate input data before processing
  • Use async/await for async operations
  • Implement authentication on protected routes
  • Use environment variables for configuration
  • Add logging and monitoring
  • Use HTTPS in production
  • Implement rate limiting
  • Keep route handlers focused and small

❌ DON'T

  • Handle errors silently
  • Store sensitive data in code
  • Use synchronous operations in routes
  • Forget to validate user input
  • Implement authentication in route handlers
  • Use callback hell (use promises/async-await)
  • Expose stack traces in production
  • Trust client-side validation only

Complete Example

const express = require("express");
const jwt = require("jsonwebtoken");
const { Sequelize, DataTypes } = require("sequelize");

const app = express();
app.use(express.json());

const sequelize = new Sequelize("postgres://user:pass@localhost/db");

const User = sequelize.define("User", {
  email: DataTypes.STRING,
  password: DataTypes.STRING,
});

const authenticateToken = (req, res, next) => {
  const token = req.headers["authorization"]?.split(" ")[1];
  jwt.verify(token, "secret", (err, user) => {
    if (err) return res.status(403).json({ error: "Forbidden" });
    req.user = user;
    next();
  });
};

app.get("/users", authenticateToken, async (req, res, next) => {
  try {
    const users = await User.findAll();
    res.json({ data: users });
  } catch (err) {
    next(err);
  }
});

app.post("/users", async (req, res, next) => {
  try {
    const user = await User.create(req.body);
    res.status(201).json({ data: user });
  } catch (err) {
    next(err);
  }
});

app.listen(3000, () => console.log("Server running on port 3000"));