@pks1988/apirouteforge
v1.0.0
Published
APIRouteForge automatically generates secure, dynamic, optimized REST APIs from allowed database modules.
Maintainers
Readme
APIRouteForge
APIRouteForge automatically generates secure, dynamic, optimized REST APIs from explicitly allowed database modules.
Tagline: APIRouteForge - Automatically generate secure, dynamic, and optimized APIs from your database modules.
Developer: Pradeep Kumar Sheoran (Developer)
Company: BSG Technologies
Contact / WhatsApp: +91-8595147850
Donation: UPI on mobile number +91-8595147850
Keywords And Hashtags
apirouteforge, api-route-forge, apiforge, auto-api, dynamic-api, rest-api, postgres, express, nestjs, typescript, crud, backend-library, bsg-technologies
#APIRouteForge #AutoAPI #NodeJS #TypeScript #PostgreSQL #ExpressJS #NestJS #BackendLibrary #CRUDAPI #BSGTechnologies
Why APIRouteForge
APIRouteForge helps backend teams expose database-backed CRUD APIs without writing repetitive controllers for every table. It is config-first and security-first: no table is exposed unless you explicitly allow it, every column is checked against allowlists, hidden fields are never returned, and all SQL is parameterized.
Features
- Config-based module exposure
- PostgreSQL adapter
- Express adapter
- Optional API endpoint UI for browsing generated endpoints
- NestJS module/controller/service
- Universal query endpoint
- REST CRUD endpoints
- Safe query builder with parameterized SQL
- Filters, search, sorting, pagination
- Field selection and hidden field protection
- Read-only fields and required fields
- Custom validation rules and validators
- Role/module/field permission hooks
- Before/after create, update, delete hooks
- Soft delete support
- Audit log support
- Relation loading when requested
- Bulk create, bulk update, bulk delete
- Export operation hook shape
- Module discovery from database schema
- Standard success and error JSON responses
- Database-adapter friendly architecture for MySQL, MongoDB, and MSSQL later
Installation
npm install @pks1988/apirouteforge pgExpress and NestJS are optional peers:
npm install express
npm install @nestjs/commonExpress Setup
import express from "express";
import { createAPIRouteForge } from "@pks1988/apirouteforge";
const app = express();
const apiRouteForge = createAPIRouteForge({
database: {
type: "postgres",
connectionString: process.env.DATABASE_URL
},
basePath: "/api/route-forge",
ui: {
enabled: true,
path: "/",
title: "APIRouteForge Endpoint UI",
description: "Browse generated modules, endpoints, filters, and query examples."
},
modules: {
users: {
table: "users",
primaryKey: "id",
allowedOperations: ["list", "read", "create", "update"],
selectableFields: ["id", "name", "email", "status", "created_at"],
searchableFields: ["name", "email"],
filterableFields: ["status", "created_at"],
sortableFields: ["id", "name", "created_at"],
hiddenFields: ["password", "refresh_token"],
readOnlyFields: ["id", "created_at"],
requiredFields: ["name", "email"],
validation: {
email: { type: "email", required: true }
}
}
},
auth: {
enabled: true,
getUser: async (req) => (req as any).user
},
permissions: {
enabled: true,
canAccessModule: async ({ user, module, operation }) => {
return Boolean((user as any)?.permissions?.includes(`${module}:${operation}`));
}
}
});
app.use("/api/route-forge", apiRouteForge.router());
app.listen(3000);Open the built-in UI at:
http://localhost:3000/api/route-forgeNestJS Setup
import { Module } from "@nestjs/common";
import { APIRouteForgeModule } from "@pks1988/apirouteforge/nest";
@Module({
imports: [
APIRouteForgeModule.forRoot({
database: {
type: "postgres",
connectionString: process.env.DATABASE_URL
},
basePath: "/api/route-forge",
modules: {
users: {
table: "users",
primaryKey: "id",
allowedOperations: ["list", "read"],
selectableFields: ["id", "name", "email"],
searchableFields: ["name", "email"],
hiddenFields: ["password"]
}
}
})
]
})
export class AppModule {}REST Endpoints
Mount the Express router at /api/route-forge to get:
GET /api/route-forge/modules
GET /api/route-forge/:module
GET /api/route-forge/:module/:id
POST /api/route-forge/:module
PATCH /api/route-forge/:module/:id
DELETE /api/route-forge/:module/:id
POST /api/route-forge/:module/search
POST /api/route-forge/:module/export
GET /api/route-forge/:module/schema
GET /api/route-forge/:module/relations
POST /api/route-forge/queryBuilt-In API Endpoint UI
APIRouteForge can provide a simple UI with all generated module endpoints, allowed operations, filter/search/sort fields, schema links, and a universal query JSON example.
Enable it in config:
const apiRouteForge = createAPIRouteForge({
database: {
type: "postgres",
connectionString: process.env.DATABASE_URL
},
basePath: "/api/route-forge",
ui: {
enabled: true,
path: "/",
title: "APIRouteForge Endpoint UI",
description: "Browse generated API endpoints and module schemas."
},
modules: {
users: {
table: "users",
allowedOperations: ["list", "read"],
selectableFields: ["id", "name", "email"],
filterableFields: ["status"],
sortableFields: ["id"]
}
}
});
app.use("/api/route-forge", apiRouteForge.router());Now visit:
GET /api/route-forgeYou will also have JSON endpoints:
GET /api/route-forge/modules
GET /api/route-forge/users/schema
GET /api/route-forge/users
POST /api/route-forge/queryDelete, export, and bulk operations are disabled unless included in allowedOperations.
Universal Query Endpoint
{
"module": "visaApplications",
"operation": "list",
"filters": {
"status": "PENDING",
"country_id": 96
},
"search": "ABC123",
"sort": {
"field": "created_at",
"direction": "desc"
},
"pagination": {
"page": 1,
"limit": 20
},
"include": ["statusUpdates"]
}Filters
{
"filters": {
"status": "ACTIVE",
"country_id": 96,
"created_at": {
"from": "2026-01-01",
"to": "2026-12-31"
},
"amount": {
"gte": 1000,
"lte": 5000
}
}
}Supported operators: eq, ne, contains, startsWith, endsWith, in, notIn, gt, gte, lt, lte, between, isNull, isNotNull, from, to.
Standard Success Response
{
"success": true,
"module": "users",
"operation": "list",
"data": [],
"meta": {
"page": 1,
"limit": 20,
"total": 100,
"totalPages": 5
},
"message": "Data fetched successfully",
"timestamp": "2026-07-01T13:30:00.000Z"
}Standard Error Response
{
"success": false,
"module": "users",
"operation": "list",
"error": {
"code": "FORBIDDEN",
"message": "You do not have permission to access this module",
"details": {}
},
"timestamp": "2026-07-01T13:30:00.000Z"
}Module Discovery
Discovery suggests available tables and relations. It does not expose them automatically.
const discovered = await apiRouteForge.discoverModules();
console.log(discovered.modules);You must copy selected modules into config before APIRouteForge will expose them.
Permissions
permissions: {
enabled: true,
canAccessModule: async ({ user, module, operation }) => {
return (user as any).permissions.includes(`${module}:${operation}`);
},
canAccessField: async ({ field }) => {
return !field.includes("secret");
}
}Hooks
users: {
table: "users",
hooks: {
beforeCreate: async ({ data, user }) => {
data.created_by = (user as any).id;
return data;
},
afterUpdate: async ({ id }) => {
console.log("Updated user", id);
}
}
}Audit Log
audit: {
enabled: true,
table: "audit_logs",
actorField: "user_id"
}Security Checklist
- Expose only modules listed in
modules - Put all returned fields in
selectableFields - Put secrets in
hiddenFields - Put generated fields in
readOnlyFields - Keep
deleteand bulk operations disabled unless required - Use permission hooks in authenticated systems
- Never accept raw SQL from request bodies
- Keep
filterableFieldsandsortableFieldsnarrow - Use validation for create/update payloads
Performance Checklist
- Avoid
SELECT *; APIRouteForge selects allowlisted fields - Keep
maxPageSizeconservative - Add database indexes for filter/search/sort fields
- Load relations only through
include - Use
searchableFieldssparingly - Prefer cursor pagination for very large future workloads
- Add a Redis cache adapter later for shared production cache
Implementation Guide
- Install
@pks1988/apirouteforgeandpg. - Create a PostgreSQL connection string.
- Run
discoverModules()locally to inspect tables. - Add only safe modules to
modules. - Configure
selectableFields,hiddenFields,filterableFields, andsortableFields. - Enable
authandpermissions. - Mount
apiRouteForge.router()in Express or importAPIRouteForgeModulein NestJS. - Add validation and hooks for business rules.
- Add audit logging for sensitive modules.
- Deploy behind your normal auth, rate limiting, logging, and monitoring stack.
Examples
See:
examples/express.example.tsexamples/nestjs.example.tsexamples/postgres.example.tsexamples/bls-style-modules.example.ts
