C
CanxJSv1.6.2
  • Learn
  • Blog
  • Showcase
C
CanxJS

Ultra-fast async MVC backend framework for Bun. Build production-ready APIs with elegance and speed.

Resources

  • Documentation
  • Learn
  • Blog
  • Showcase

Documentation

  • Introduction
  • Installation
  • Core Concepts
  • CLI Commands
  • API Reference

Legal

  • Privacy Policy
  • Terms of Service

© 2026 CanxJS. All rights reserved.

Built with ❤️ for Candra Kirana

  • Cluster Mode
  • Microservices
  • Observability
  • Security Layers
  • Universal Signals
  • Canx Flow
  • Maintenance
Enterprise

Enterprise Security

Bank-grade security features including Audit Logging, Secrets Management, and OAuth2 Provider. Build compliant applications with SOC2, HIPAA, and GDPR support.

Audit Logging

Immutable audit trails for SOC2, HIPAA, and GDPR compliance.

Secrets Manager

Unified interface for Vault, AWS Secrets Manager, or environment variables.

OAuth2 Provider

Turn your app into an Identity Provider with built-in OAuth2 server.

Rate Limiting

Protect against brute force and DDoS with configurable rate limits.

Audit Logging

Create immutable audit trails for compliance. Use the @Audit decorator or auditLogger() for manual logging.

controllers/PaymentController.ts
1import { Audit, auditLogger } from 'canxjs';
2
3class PaymentController {
4  
5  // Method Decorator - automatically logs action
6  @Audit('payment.process') 
7  async process(req: Request) {
8    // Your payment logic here
9  }
10
11  // Manual Logging - more control
12  async refund(req: Request) {
13    await auditLogger().log('payment.refund', {
14      actor: { id: req.user.id, type: 'user' },
15      resource: { type: 'payment', id: '123' },
16      status: 'success',
17      metadata: { reason: 'customer_request' }
18    });
19  }
20}

Secrets Manager

Unified interface to access secrets from Environment, HashiCorp Vault, or AWS Secrets Manager.

config/secrets.ts
1import { secrets } from 'canxjs';
2
3// Get or Throw (if missing)
4const apiKey = await secrets.getOrThrow('STRIPE_API_KEY');
5
6// Get with default
7const dbHost = await secrets.get('DB_HOST') || 'localhost';
8
9// Batch get
10const { DB_USER, DB_PASS } = await secrets.getMany([
11  'DB_USER', 
12  'DB_PASS'
13]);
14
15// Configure driver
16secrets.configure({
17  driver: 'vault',
18  url: process.env.VAULT_URL,
19  token: process.env.VAULT_TOKEN
20});

OAuth2 Provider

Turn your CanxJS application into an Identity Provider (IdP) with built-in OAuth2 Server support.

auth/oauth-server.ts
1import { OAuth2Server, createAuthorizationServer } from 'canxjs';
2
3const authServer = createAuthorizationServer({
4  issuer: 'https://auth.myapp.com',
5  clients: [
6    { 
7      id: 'mobile-app',
8      secret: 'super-secret',
9      redirectUris: ['myapp://callback']
10    }
11  ]
12});
13
14// Authorization endpoint
15app.get('/oauth/authorize', authServer.authorize());
16
17// Token endpoint
18app.post('/oauth/token', authServer.token());
19
20// Protected resource
21app.get('/api/userinfo', authServer.authenticate(), (req) => {
22  return { user: req.user };
23});

Rate Limiting

Protect your API from abuse with configurable rate limiting at global or route level.

app.ts
1import { rateLimit, createRateLimiter } from 'canxjs';
2
3// Simple rate limiting
4app.use(rateLimit({
5  windowMs: 15 * 60 * 1000, // 15 minutes
6  max: 100 // limit each IP to 100 requests per window
7}));
8
9// Per-route rate limiting
10app.post('/api/login', 
11  rateLimit({ max: 5, windowMs: 60000 }),
12  loginHandler
13);
14
15// Custom key generator
16const userLimiter = createRateLimiter({
17  max: 1000,
18  keyGenerator: (req) => req.user?.id || req.ip
19});

Next Steps

Explore other enterprise features for building production-ready applications.