Express / Fastify

Import from @system-core/core/integrations/express.

Use this adapter when the runtime request/response pair is Express-like ({ req, res }) or Fastify-compatible ({ request, reply }). Both adapters implement the same HttpAdapter interface, so all system-core logic functions work with either.

Use Cases

Express controllers and middleware calling package-owned CMS or auth flows
Fastify route handlers bridged to system-core auth or delivery logic
Any Node.js HTTP server where you have direct access to req / res

How It Works

text

{ req, res } → expressAdapter → HttpAdapter → system-core logic functions
{ request, reply } → fastifyAdapter → HttpAdapter → system-core logic functions

Express Setup

Install

bash

npm install @system-core/core express zod @prisma/client
npm install bcryptjs jsonwebtoken nodemailer

Create an adapter and use it in a route

import express from 'express'
import { createExpressAdapter } from '@system-core/core/integrations/express'
import { system } from './system'

const app    = express()
const http   = createExpressAdapter()

app.get('/api/pages', async (req, res) => {
  const event = { req, res }
  const pages = await system.cms.listPublishedPages()
  res.json(pages)
})

Auth middleware

import { createExpressAdapter } from '@system-core/core/integrations/express'

const http = createExpressAdapter()

export async function requireAuth(req, res, next) {
  const event = { req, res }
  const raw   = http.getHeader(event, 'authorization') ?? ''
  const token = raw.startsWith('Bearer ') ? raw.slice(7) : ''
  if (!token) return res.status(401).json({ message: 'Unauthorized' })

  const session = await system.auth.sessions.verifyToken?.(token)
  if (!session)  return res.status(401).json({ message: 'Invalid token' })

  req.user = session
  next()
}

Fastify Setup

import Fastify from 'fastify'
import { createFastifyAdapter } from '@system-core/core/integrations/express'
import { system } from './system'

const app  = Fastify()
const http = createFastifyAdapter()

app.get('/api/pages', async (request, reply) => {
  const event = { request, reply }
  const pages = await system.cms.listPublishedPages()
  return pages
})

API Reference

Export	Kind	Description
`createExpressAdapter()`	`function`	Returns an `HttpAdapter` for `{ req, res }` context
`createFastifyAdapter()`	`function`	Returns an `HttpAdapter` for `{ request, reply }` context
`adapterTestSuite(adapter)`	`function`	Compliance assertion suite — run in tests

Redirect Safety

Both adapters validate redirect targets before issuing a sendRedirect. They allow only relative paths and origins matching APP_URL (or ALLOWED_REDIRECT_ORIGINS CSV). This prevents open-redirect attacks.

Express / Fastify ​

Use Cases ​

How It Works ​

Express Setup ​

Install ​

Create an adapter and use it in a route ​

Auth middleware ​

Fastify Setup ​

API Reference ​

Redirect Safety ​

Related ​