GETTING STARTED

MAIN CONCEPTS

API

TuftContext

The Tuft context object is passed as the first and only argument to the user-defined response handler, as well as any pre-handlers that are present on a particular route. It contains the request object as one of its properties, as well as several useful methods.

Methods

.setHeader(name, value)

Sets the outgoing header name to value.

t.setHeader('foo', 'bar')

.getHeader(name)

Returns the current value of outgoing header name. If name has not been set, then returns undefined.

t.getHeader('foo') // 'bar'

.getHeaders()

Returns an object containing all the outgoing headers that are currently set.

t.getHeaders() // { foo: 'bar' }

Updates the outgoing set-cookie header (creating it if it doesn't already exist) with the provided name and value.

t.setCookie('my-cookie-name', 'my-cookie-value')

Can be passed a third options argument which is an object containing any of the following properties:

expiresDate

When the cookie should expire. If not set, a session cookie is created. If expires and maxAge are both set, only maxAge will be used.

maxAgenumber

The number of seconds until the cookie expires. A value less than or equal to zero will expire the cookie immediately.

domainstring

The host that the cookie will be sent to.

pathstring

Text that must exist in the request URL in order for the client to send the cookie header.

Defaults to '/'.

secureboolean

Whether or not cookies should only be sent via HTTPS.

httpOnlyboolean

Whether or not client side JavaScript should be prevented from accessing the cookie.

sameSitestring

A string that must be one of the following three values:

  • 'Strict'
  • 'Lax'
  • 'None'

Can be set to 'Strict' or 'Lax' to help mitigate the threat of CSRF attacks. For more information, see the official specification.

Properties

secure boolean

Indicates whether or not the current HTTP transaction is secure (i.e. t.request.protocol === 'https')

requestobject

Contains the following properties related to the incoming HTTP request:

headers object

Contains the incoming HTTP headers.

methodstring

The request method for the current request.

pathnamestring

The pathname for the current request, without the query string (if one existed).

protocolstring

The HTTP scheme of the incoming request ('http' or 'https').

ipstring

The IP address of the remote client.

searchstring

The query string from the request URL. If there is no query string, the value of this property will be an empty string.

secureboolean

Whether or not the current request is using HTTP or HTTPS.

paramsobject

Contains any named parameters that were provided in the route-defined path. For example, the route 'GET /user/{name}' contains the named parameter name. The params object for a GET request for '/user/john' would then be { name: 'john' }.

In addition to the properties listed above, the request object may contain other properties that were added by pre-handlers that are active on the current route.