Empowering
Orange Dragonfly gives you the freedom to use any technology you want and architect your project in the way that suits you best. It simply handles the boring parts.
Specialized
While you can build many kinds of applications with Orange Dragonfly, it is clearly REST API-oriented and lets you focus on business logic.
Customizable
Orange Dragonfly is highly customizable, and you can configure it to meet all your requirements.
Built-in Features
REST-First Controllers
Convention-based route generation from controller and method names for streamlined REST-style development.
Middleware Support
App-level and controller-level middleware (before/after) for handling cross-cutting behavior.
Request Parsing
Built-in parsing for query strings, JSON, URL-encoded forms, and multipart form data.
Structured Responses
Automatic JSON, text, binary, and streaming response handling with sensible defaults.
Validation & Error Handling
Built-in body, query, and custom validation with consistent responses and configurable error handling.
Security Essentials
Automatic OPTIONS routes, built-in CORS middleware, opt-in security headers, and safe input parsing.
JWT Authentication
JWT middleware with claim validation, JWKS caching, and automatic key rotation support.
Rate Limiting
Flexible rate limiting at global, controller, or action levels.
Transport Flexibility
Supports HTTP/HTTPS, HTTP/2 (TLS or cleartext), CLI, and custom transports.
Serverless Integrations
Built-in AWS API Gateway REST API and HTTP API Lambda adapters for serverless deployments.
Static File Serving
Secure static file serving with ETag/Last-Modified caching and optional byte-range request support.
Caching
Pluggable cache interface and an in-memory cache implementation.
Core Approach
Controllers for endpoint logic
Define endpoint behavior in controller classes with explicit action methods (doGet, doPost, etc.) and keep route behavior organized by resource.
Validation in the pipeline
Validation runs as part of the request lifecycle, helping you fail early and keep endpoint logic focused on business rules.
Middleware where it belongs
Use app-level and controller-level middleware for cross-cutting concerns like CORS, rate limiting, logging, and response handling.
Hooks for control
Lifecycle hooks such as request completion and action events make it straightforward to add logging, diagnostics, and custom runtime behavior.
Getting Started
Install Orange Dragonfly:
Now you can start coding:
See the example app for more features.
Philosophy
Extend, don't configure
The framework is designed to be extended through inheritance. You build applications by subclassing: inherit from a base controller, an action, or the app itself, and override what you need. The framework shapes itself to your domain, not the other way around.
No third-party dependencies
The framework relies only on Node.js built-ins. Keeping the dependency tree flat means a smaller security surface, fewer version conflicts, and a more predictable runtime.
REST-oriented, but flexible
The defaults are optimized for building REST APIs, while the underlying design stays general enough to accommodate other use cases without fighting the framework.
Run it your way
The application core is decoupled from how it receives requests. The same app can be served through a built-in HTTP server, HTTP/2, a serverless function, or any other transport without changing your business logic.
