Node Express REST API
Express.js: REST API schnell erstellen
Express ist das beliebteste Node.js Framework für APIs. Minimal, flexibel und mit riesigem Ökosystem. Hier lernen Sie die Grundlagen.
Projekt Setup
# Projekt erstellen mkdir my-api && cd my-api npm init -y # Dependencies npm install express npm install --save-dev nodemon
package.json
{
"name": "my-api",
"scripts": {
"start": "node src/index.js",
"dev": "nodemon src/index.js"
}
}
Minimale API
// src/index.js
const express = require('express');
const app = express();
const PORT = process.env.PORT || 3000;
// JSON Body Parser
app.use(express.json());
// Routen
app.get('/', (req, res) => {
res.json({ message: 'Hello World!' });
});
app.get('/users', (req, res) => {
res.json([
{ id: 1, name: 'Max' },
{ id: 2, name: 'Anna' }
]);
});
app.get('/users/:id', (req, res) => {
const { id } = req.params;
res.json({ id: parseInt(id), name: 'Max' });
});
app.post('/users', (req, res) => {
const { name, email } = req.body;
res.status(201).json({ id: 3, name, email });
});
// Server starten
app.listen(PORT, () => {
console.log(`Server läuft auf Port ${PORT}`);
});
Projektstruktur
my-api/ ├── src/ │ ├── index.js # Entry Point │ ├── routes/ │ │ ├── index.js │ │ ├── users.js │ │ └── products.js │ ├── controllers/ │ │ ├── userController.js │ │ └── productController.js │ ├── middleware/ │ │ ├── auth.js │ │ └── errorHandler.js │ ├── models/ │ │ └── User.js │ └── config/ │ └── database.js ├── package.json └── .env
Router Module
// src/routes/users.js
const express = require('express');
const router = express.Router();
const userController = require('../controllers/userController');
router.get('/', userController.getAll);
router.get('/:id', userController.getById);
router.post('/', userController.create);
router.put('/:id', userController.update);
router.delete('/:id', userController.delete);
module.exports = router;
// src/routes/index.js
const express = require('express');
const router = express.Router();
router.use('/users', require('./users'));
router.use('/products', require('./products'));
module.exports = router;
// src/index.js
const express = require('express');
const routes = require('./routes');
const app = express();
app.use(express.json());
app.use('/api', routes);
// Ergibt: /api/users, /api/products
Controller
// src/controllers/userController.js
const users = [
{ id: 1, name: 'Max', email: 'max@example.com' },
{ id: 2, name: 'Anna', email: 'anna@example.com' }
];
exports.getAll = (req, res) => {
res.json(users);
};
exports.getById = (req, res) => {
const user = users.find(u => u.id === parseInt(req.params.id));
if (!user) {
return res.status(404).json({ error: 'User nicht gefunden' });
}
res.json(user);
};
exports.create = (req, res) => {
const { name, email } = req.body;
if (!name || !email) {
return res.status(400).json({ error: 'Name und Email erforderlich' });
}
const newUser = {
id: users.length + 1,
name,
email
};
users.push(newUser);
res.status(201).json(newUser);
};
exports.update = (req, res) => {
const user = users.find(u => u.id === parseInt(req.params.id));
if (!user) {
return res.status(404).json({ error: 'User nicht gefunden' });
}
const { name, email } = req.body;
if (name) user.name = name;
if (email) user.email = email;
res.json(user);
};
exports.delete = (req, res) => {
const index = users.findIndex(u => u.id === parseInt(req.params.id));
if (index === -1) {
return res.status(404).json({ error: 'User nicht gefunden' });
}
users.splice(index, 1);
res.status(204).send();
};
Middleware
Logging Middleware
// src/middleware/logger.js
module.exports = (req, res, next) => {
console.log(`${new Date().toISOString()} ${req.method} ${req.url}`);
next();
};
// Verwenden
app.use(require('./middleware/logger'));
Auth Middleware
// src/middleware/auth.js
module.exports = (req, res, next) => {
const token = req.headers.authorization?.split(' ')[1];
if (!token) {
return res.status(401).json({ error: 'Token erforderlich' });
}
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET);
req.user = decoded;
next();
} catch (err) {
res.status(401).json({ error: 'Ungültiger Token' });
}
};
// Verwenden
router.get('/profile', authMiddleware, userController.getProfile);
Error Handling
// src/middleware/errorHandler.js
module.exports = (err, req, res, next) => {
console.error(err.stack);
if (err.name === 'ValidationError') {
return res.status(400).json({ error: err.message });
}
if (err.name === 'UnauthorizedError') {
return res.status(401).json({ error: 'Nicht autorisiert' });
}
res.status(500).json({
error: process.env.NODE_ENV === 'production'
? 'Interner Serverfehler'
: err.message
});
};
// Am ENDE registrieren
app.use(errorHandler);
Async Error Handler
// Wrapper für async Funktionen
const asyncHandler = (fn) => (req, res, next) => {
Promise.resolve(fn(req, res, next)).catch(next);
};
// Verwendung
router.get('/users', asyncHandler(async (req, res) => {
const users = await User.find();
res.json(users);
}));
Validierung mit express-validator
npm install express-validator
const { body, validationResult } = require('express-validator');
router.post('/users',
body('email').isEmail().withMessage('Ungültige E-Mail'),
body('password').isLength({ min: 6 }).withMessage('Mindestens 6 Zeichen'),
(req, res) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
// User erstellen...
}
);
CORS aktivieren
npm install cors
const cors = require('cors');
// Alle Origins erlauben
app.use(cors());
// Oder spezifisch
app.use(cors({
origin: 'https://example.com',
methods: ['GET', 'POST', 'PUT', 'DELETE'],
credentials: true
}));
💡 Tipp:
Für Produktion: Helmet für Security-Header, Rate Limiting gegen DDoS, und PM2 als Process Manager.