MasterController

Introduction

The backend fortress — a fast, modern MVC framework for Node.js.

MasterController is the backend half of Master: a pure-ESM, Node 20+ MVC framework that handles routing, controllers, a composable middleware pipeline, WebSockets, CORS, and production-grade security — without the boilerplate.

Boot in one file#

A MasterController app starts with a tiny server.js. setupServer() wires the framework pipeline, startMVC('app') loads your routes and pre-registers every controller, and start() finalizes the request pipeline.

server.js

// backend/server.js
import master from 'mastercontroller';

master.root = import.meta.dirname;
master.environmentType = process.env.NODE_ENV || 'development';

const server = master.setupServer('http');   // wire the pipeline
master.cors.init({ origin: ['http://localhost:3000'] });

await master.startMVC('app');   // load routes.js + discover controllers
await master.start(server);     // finalize + register terminal routing

server.listen(3001, () => console.log('⚡ API on :3001'));

Controllers reply with data#

Controllers are plain ESM classes. Each request gets a fresh instance; action methods receive the request object and reply with this.returnJson(...) or this.returnError(...). Pair them with MasterRecord queries for a complete API.

postsController.js

// app/controllers/postsController.js
import db from '../models/db.js';

export default class PostsController {
  constructor(requestObject) {
    this.requestObject = requestObject;
  }

  // GET /posts
  async index() {
    const data = await db.Post.toList();
    this.returnJson({ data });
  }

  // GET /posts/:id
  async show(obj) {
    const post = await db.Post.where((p) => p.id == $$, Number(obj.params.id)).single();
    if (!post) return this.returnError(404, 'Not found');
    this.returnJson({ data: post });
  }
}

API-first, view-optional

In a Master app the UI lives in Next.js, so controllers return JSON by default. MasterController also ships a pluggable view layer (returnView) if you want classic server-rendered HTML — see Views & Templates.

What’s in the box#

Routing — single routes, RESTful resources, and route constraints.
Controllers — actions, params, JSON, redirects, and filters.
Middleware pipeline — composable (ctx, next) stages.
WebSockets — socket controllers via Socket.IO.
Security — CSRF, rate limiting, secure headers, HSTS.
Monitoring & scaling — Prometheus metrics and Redis-backed horizontal scaling.

Installation & Boot →

Set up and start the server.

Routing →

Map URLs to controller actions.

Controllers →

The full controller API.

Security →

Ship safely to production.