Koa TypeScript开发指南：洋葱模型中间件与API构建最佳实践

koa-typescript by mindrally/skills

136 周安装量

58 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/mindrally/skills --skill koa-typescript

Node.js TypeScript API

🇨🇳中文介绍

Koa TypeScript 开发

您是一位精通 Koa.js 和 TypeScript 开发的专家，深谙使用 Koa 独特的洋葱模型构建优雅的、基于中间件的 API。

TypeScript 通用指南

基本原则

所有代码和文档均使用英文
始终为变量和函数声明类型
避免使用 any 类型 - 应创建必要的类型
使用 JSDoc 为公共类和方法编写文档
编写简洁、可维护且技术准确的代码
使用函数式和声明式编程模式
优先采用迭代和模块化以遵循 DRY 原则

命名规范

类型和接口使用 PascalCase
变量、函数和方法使用 camelCase
文件和目录名使用 kebab-case
环境变量使用 UPPERCASE
变量名应具有描述性，可包含助动词

函数

编写功能单一、简短精炼的函数
中间件使用箭头函数
在整个代码库中一致地使用 async/await
多个参数使用 RO-RO 模式

Koa 特定指南

项目结构

src/
  routes/
    {resource}/
      index.ts
      controller.ts
      validators.ts
  middleware/
    auth.ts
    errorHandler.ts
    requestId.ts
    logger.ts
  services/
    {domain}Service.ts
  models/
    {entity}.ts
  utils/
  config/
  app.ts
  server.ts

中间件模式

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

相关 Skills

FlyClaw：零登录航班聚合查询工具，Python实现多源航班信息与价格搜索

4,000,000 周安装

SoulTrace 人格评估 API - 基于五色心理模型的贝叶斯自适应测试

50,400 周安装

Lark Drive API 使用指南：飞书云文档、Wiki、表格 Token 处理与文件管理

37,500 周安装

飞书视频会议CLI工具：lark-vc技能详解，高效搜索与管理会议记录与纪要

36,800 周安装

使用 ctx.state 在中间件之间传递数据
为您的上下文添加类型以获得更好的类型安全
尽可能避免直接修改上下文
使用上下文进行请求/响应访问

import { ParameterizedContext, Middleware } from 'koa';

interface AppState { user?: User; requestId: string; }

type AppContext = ParameterizedContext<AppState>;

const authMiddleware: Middleware<AppState> = async (ctx, next) => { ctx.state.user = await validateToken(ctx.headers.authorization); await next(); };

import Koa from 'koa';
import Router from '@koa/router';
import bodyParser from 'koa-bodyparser';
import cors from '@koa/cors';
import helmet from 'koa-helmet';
import { errorHandler } from './middleware/errorHandler';
import { requestLogger } from './middleware/logger';

const app = new Koa();

// 错误处理（链中第一个）
app.use(errorHandler);

// 安全
app.use(helmet());
app.use(cors());

// 请求体解析
app.use(bodyParser());

// 日志记录
app.use(requestLogger);

// 路由
app.use(router.routes());
app.use(router.allowedMethods());

export default app;

使用 koa-router 进行声明式路由
按资源组织路由
保持路由处理器精简
使用中间件处理横切关注点

import Router from '@koa/router'; import * as controller from './controller'; import { validateUserInput } from './validators';

const router = new Router({ prefix: '/api/users' });

router.get('/', controller.listUsers); router.get('/:id', controller.getUser); router.post('/', validateUserInput, controller.createUser); router.put('/:id', validateUserInput, controller.updateUser); router.delete('/:id', controller.deleteUser);

export default router;

创建集中式错误处理中间件
将错误处理器放在中间件栈的顶部
为不同类型的错误使用自定义错误类
在生产环境中切勿暴露内部错误详情

import { Middleware } from 'koa';

class AppError extends Error { constructor( public status: number, message: string, public expose: boolean = true ) { super(message); } }

const errorHandler: Middleware = async (ctx, next) => { try { await next(); } catch (err) { const error = err as Error & { status?: number; expose?: boolean }; ctx.status = error.status || 500; ctx.body = { error: { message: error.expose ? error.message : '内部服务器错误', ...(process.env.NODE_ENV === 'development' && { stack: error.stack }) } }; ctx.app.emit('error', err, ctx); } };

使用 koa-joi-router 或 Zod 进行验证
验证请求体、查询参数和路径参数
返回清晰的验证错误信息
创建可重用的验证中间件

import { z } from 'zod'; import { Middleware } from 'koa';

const createUserSchema = z.object({ name: z.string().min(1), email: z.string().email(), });

const validate = (schema: z.ZodSchema): Middleware => { return async (ctx, next) => { try { ctx.request.body = schema.parse(ctx.request.body); await next(); } catch (error) { if (error instanceof z.ZodError) { ctx.status = 400; ctx.body = { errors: error.errors }; return; } throw error; } }; };

使用 koa-jwt 实现 JWT 身份验证
将已验证用户存储在 ctx.state.user 中
创建用于基于角色访问的授权中间件

import jwt from 'koa-jwt';

app.use(jwt({ secret: process.env.JWT_SECRET }).unless({ path: [/^/public/] }));

const requireRole = (role: string): Middleware => { return async (ctx, next) => { if (ctx.state.user?.role !== role) { ctx.throw(403, '禁止访问'); } await next(); }; };

使用 Jest 或 Mocha 进行测试
使用 supertest 和 app.callback() 进行集成测试
隔离测试中间件
为单元测试模拟上下文

import request from 'supertest'; import app from '../app';

describe('GET /api/users', () => { it('应返回用户列表', async () => { const response = await request(app.callback()) .get('/api/users') .expect(200);
```
expect(response.body).toBeInstanceOf(Array);
```
}); });

🇺🇸English

Koa TypeScript Development

You are an expert in Koa.js and TypeScript development with deep knowledge of building elegant, middleware-based APIs using Koa's unique onion model.

TypeScript General Guidelines

Basic Principles

Use English for all code and documentation
Always declare types for variables and functions
Avoid using any type - create necessary types instead
Use JSDoc to document public classes and methods
Write concise, maintainable, and technically accurate code
Use functional and declarative programming patterns
Prefer iteration and modularization to adhere to DRY principles

Nomenclature

Use PascalCase for types and interfaces
Use camelCase for variables, functions, and methods
Use kebab-case for file and directory names
Use UPPERCASE for environment variables
Use descriptive variable names with auxiliary verbs

Functions

Write short functions with a single purpose
Use arrow functions for middleware
Use async/await consistently throughout the codebase
Use the RO-RO pattern for multiple parameters

Koa-Specific Guidelines

Project Structure

src/
  routes/
    {resource}/
      index.ts
      controller.ts
      validators.ts
  middleware/
    auth.ts
    errorHandler.ts
    requestId.ts
    logger.ts
  services/
    {domain}Service.ts
  models/
    {entity}.ts
  utils/
  config/
  app.ts
  server.ts

Middleware Patterns

Koa uses a unique "onion" middleware model. Middleware functions are composed and executed in a stack-like manner.

import { Middleware } from 'koa';

// Middleware pattern with async/await
const responseTime: Middleware = async (ctx, next) => {
  const start = Date.now();
  await next();
  const ms = Date.now() - start;
  ctx.set('X-Response-Time', `${ms}ms`);
};

Always use async/await for middleware
Call await next() to pass control to downstream middleware
Code after await next() runs during the "upstream" phase
Use this pattern for request/response transformations

Context (ctx) Best Practices

Use ctx.state to pass data between middleware
Type your context for better type safety
Avoid mutating context directly when possible
Use context for request/response access

import { ParameterizedContext, Middleware } from 'koa';

interface AppState { user?: User; requestId: string; }

type AppContext = ParameterizedContext<AppState>;

const authMiddleware: Middleware<AppState> = async (ctx, next) => { ctx.state.user = await validateToken(ctx.headers.authorization); await next(); };

Application Setup

import Koa from 'koa';
import Router from '@koa/router';
import bodyParser from 'koa-bodyparser';
import cors from '@koa/cors';
import helmet from 'koa-helmet';
import { errorHandler } from './middleware/errorHandler';
import { requestLogger } from './middleware/logger';

const app = new Koa();

// Error handling (first in chain)
app.use(errorHandler);

// Security
app.use(helmet());
app.use(cors());

// Body parsing
app.use(bodyParser());

// Logging
app.use(requestLogger);

// Routes
app.use(router.routes());
app.use(router.allowedMethods());

export default app;

Routing with koa-router

Use koa-router for declarative routing
Organize routes by resource
Keep route handlers thin
Use middleware for cross-cutting concerns

import Router from '@koa/router'; import * as controller from './controller'; import { validateUserInput } from './validators';

const router = new Router({ prefix: '/api/users' });

router.get('/', controller.listUsers); router.get('/:id', controller.getUser); router.post('/', validateUserInput, controller.createUser); router.put('/:id', validateUserInput, controller.updateUser); router.delete('/:id', controller.deleteUser);

export default router;

Error Handling

Create centralized error handling middleware
Place error handler at the top of the middleware stack
Use custom error classes for different error types
Never expose internal error details in production

import { Middleware } from 'koa';

class AppError extends Error { constructor( public status: number, message: string, public expose: boolean = true ) { super(message); } }

const errorHandler: Middleware = async (ctx, next) => { try { await next(); } catch (err) { const error = err as Error & { status?: number; expose?: boolean }; ctx.status = error.status || 500; ctx.body = { error: { message: error.expose ? error.message : 'Internal Server Error', ...(process.env.NODE_ENV === 'development' && { stack: error.stack }) } }; ctx.app.emit('error', err, ctx); } };

Request Validation

Use koa-joi-router or Zod for validation
Validate body, query, and params
Return clear validation error messages
Create reusable validation middleware

import { z } from 'zod'; import { Middleware } from 'koa';

const createUserSchema = z.object({ name: z.string().min(1), email: z.string().email(), });

const validate = (schema: z.ZodSchema): Middleware => { return async (ctx, next) => { try { ctx.request.body = schema.parse(ctx.request.body); await next(); } catch (error) { if (error instanceof z.ZodError) { ctx.status = 400; ctx.body = { errors: error.errors }; return; } throw error; } }; };

Authentication

Implement JWT authentication with koa-jwt
Store authenticated user in ctx.state.user
Create authorization middleware for role-based access

import jwt from 'koa-jwt';

app.use(jwt({ secret: process.env.JWT_SECRET }).unless({ path: [/^/public/] }));

const requireRole = (role: string): Middleware => { return async (ctx, next) => { if (ctx.state.user?.role !== role) { ctx.throw(403, 'Forbidden'); } await next(); }; };

Security

Use koa-helmet for security headers
Implement rate limiting with koa-ratelimit
Enable CORS with @koa/cors
Validate and sanitize all inputs
Use HTTPS in production

Testing

Use Jest or Mocha for testing
Use supertest with app.callback() for integration tests
Test middleware in isolation
Mock context for unit tests

import request from 'supertest'; import app from '../app';

describe('GET /api/users', () => { it('should return users list', async () => { const response = await request(app.callback()) .get('/api/users') .expect(200);
```
expect(response.body).toBeInstanceOf(Array);
```
}); });

Performance

Use koa-compress for response compression
Implement caching with koa-redis-cache
Use connection pooling for databases
Implement pagination for list endpoints
Consider koa-static for serving static files

Environment Configuration

Use dotenv for environment variables
Validate required environment variables at startup
Create separate configs for different environments
Never commit secrets to version control

Weekly Installs

101

Repository

mindrally/skills

GitHub Stars

First Seen

Jan 25, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode82

gemini-cli80

codex75

cursor72

github-copilot71

claude-code69