Node.js web framework

isite documentation

isite helps you build secure, multi-language Node.js websites with automatic routes, file management, sessions, permissions, MongoDB helpers, WebSocket handling, and custom apps.

Get started View API
Package isite Current repo version 2026.04.05 Main entry index.js

What is included

Automatic routing

Map URLs to files, callbacks, folders, merged assets, dynamic paths, or wildcard routes.

Server-side site files

Read HTML, CSS, JS, JSON, XML, images, fonts, downloads, and merged files with cache support.

Sessions and security

Built-in cookies, session storage, users, roles, permissions, and feature-based HTML display.

MongoDB helpers

Connect collections and use high-level insert, find, update, delete, import, export, and backup APIs.

Custom apps

Load reusable modules from local paths, the global apps folder, or isite's built-in apps.

WebSocket support

Create WebSocket routes on the server and connect from the client with the bundled helper.

Installation

Install the package from npm, then create a server using the exported factory function.

npm install isite

Minimal server

var isite = require('isite');
var site = isite({ port: 8080 });

site.loadLocalApp('client-side');
site.loadLocalApp('security');

site.run();

Startup template

git clone https://github.com/absunstar/isite-template
cd isite-template
npm i
npm start

Configuration

Pass an options object to isite(). The framework also initializes defaults for folders, cache, MongoDB, sessions, security, language, HTTPS, and local apps. 

var site = require('isite')({
  port: process.env.port || 80,
  cwd: process.cwd(),
  dir: process.cwd() + '/site_files',
  upload_dir: process.cwd() + '/../uploads',
  download_dir: process.cwd() + '/../downloads',
  backup_dir: process.cwd() + '/../backup',
  apps: true,
  apps_dir: process.cwd() + '/apps',
  name: 'Your Site',
  lang: 'en',
  theme: 'default',
  mongodb: {
    enabled: true,
    host: 'localhost',
    port: '27017',
    db: 'default_db',
    collection: 'default_collection'
  },
  session: {
    timeout: 60 * 24 * 30,
    enabled: true,
    storage: 'file'
  },
  security: {
    enabled: true,
    users_collection: 'users_info',
    roles_collection: 'users_roles'
  }
});

Folder Structure

isite expects a site_files folder for public and parsed assets. Apps live in apps, while uploads, downloads, and backups can be configured. 

server.js
package.json
apps/
site_files/
  css/
  js/
  html/
  fonts/
  images/
  json/
  xml/
uploads/
downloads/
backup/

Routing

Routes can return files, folders, merged files, JSON content, or callback output. Route names and request parameters are normalized to lowercase, with raw variants available when needed.

Static file routes

site.onGET({ name: ['/', '/home', '/index'], path: site.dir + '/html/index.html' });
site.onGET({ name: '/css/bootstrap.css', path: site.dir + '/css/bootstrap.min.css' });
site.onPOST({ name: '/api', path: site.dir + '/json/employees.json' });

Merge multiple files

site.onGET({
  name: '/css/style.css',
  path: [
    site.dir + '/css/bootstrap.css',
    site.dir + '/css/custom.css'
  ]
});

Callbacks, dynamic params, and wildcard routes

site.onGET('/post/:id/category/:cat_id', function (req, res) {
  res.end('Post: ' + req.params.id + ', category: ' + req.params.cat_id);
});

site.onGET('/post/*', function (req, res) {
  res.end('Any post route');
});

site.onGET('*', function (req, res) {
  res.end('Fallback route');
});

Request and Response

isite decorates request and response objects with helpers for query/body data, params, headers, rendering, JSON responses, redirects, cookies, sessions, and user features. 

site.onGET('/api', function (req, res) {
  res.json({
    queryName: req.query.name,
    rawName: req.queryRaw.name,
    ip: req.ip,
    browserIsChrome: req.hasFeature('browser.chrome')
  });
});

site.onPOST('/users', function (req, res) {
  res.status(201).json({ done: true, user: req.body });
});

site.onGET('/old-url', function (req, res) {
  res.redirect('/new-url', 302);
});

Files

File helpers read from site_files by type, cache content in memory, merge files, check stats, write data, and create or remove directories. 

site.html('index', function (err, content) {
  site.log(content);
});

site.readFiles([
  site.dir + '/html/head.html',
  site.dir + '/html/content.html',
  site.dir + '/html/footer.html'
], function (err, content) {
  site.log(content);
});

site.isFileExists(path, function (yes) {});
site.fileStat(path, function (err, stats) {});
site.writeFile(path, data, function (err) {});
site.removeFile(path, function (err) {});
site.createDir(path, function (err, path) {});

WebSocket

Register WebSocket endpoints with site.onWS() and connect from the browser with site.ws().

site.onWS('/chat', function (client) {
  client.onMessage = function (message) {
    if (message.type === 'connected') {
      client.send({ type: 'ready' });
    }
  };
});
<script src="/x-js/all.js"></script>
<script>
site.ws('ws://localhost/chat', function (server) {
  server.onOpen = function () {
    server.send({ type: 'accessToken', content: '##session.accessToken##' });
  };
  server.onMessage = function (msg) {
    console.log(msg);
  };
});
</script>

Cookies and Sessions

Cookies store client-side values per user. Sessions store server-side user data and are automatically associated with an access token. 

site.onGET('/testSetCookie', function (req, res) {
  res.cookie('name', req.query.name);
  res.end('cookie set');
});

site.onGET('/testGetCookie', function (req, res) {
  res.end('name from cookie: ' + req.cookie('name'));
});
site.onGET('/testSetSession', function (req, res) {
  req.session.user_name = req.query.user_name;
  res.session.ip = req.ip;
  site.saveSession(res.session);
  res.end('Session set');
});

Custom Apps

Apps are modules that receive the site instance. They can register routes, words, variables, permissions, roles, and app-specific logic. 

// apps/my-app/app.js
module.exports = function (site) {
  site.onGET('/my-app', function (req, res) {
    res.send('My app is loaded');
  });
};
site.importApp(FOLDER_PATH);
site.loadApp('my-app');
site.loadLocalApp('security');

Master Pages

Master pages wrap route content with shared header and footer files.

site.addMasterPage({
  name: 'main',
  header: site.dir + '/html/header.html',
  footer: site.dir + '/html/footer.html'
});

site.onGET({
  name: '/contact',
  masterPage: 'main',
  path: site.dir + '/html/contact.html',
  parser: 'html'
});

HTML Server Tags and Attributes

Enable parser: 'html' to import site files, inject variables, use words, and show content conditionally by language, permission, login state, browser, operating system, or IP. 

site.var('siteName', 'First Site With isite');
site.onGET({ name: '/', path: site.dir + '/html/index.html', parser: 'html' });
<style x-import="page.css"></style>
<div x-import="navbar.html"></div>
<title>##var.siteName##</title>
<h2>##word.user_name##</h2>

<div x-lang="Ar">Arabic content</div>
<div x-permission="admin">Admins only</div>
<div x-feature="login">Logged-in users</div>
<div x-feature="browser.chrome">Chrome users</div>

MongoDB

Use site.connectCollection() for high-level collection access, or site.mongodb for lower-level database operations. 

var employees = site.connectCollection('employees', 'company');

employees.insertOne({ name: 'amr', salary: 50000 }, function (err, doc) {});

employees.findMany({
  where: { name: /a/i },
  select: { name: 1, salary: 1 },
  limit: 50,
  skip: 10,
  sort: { salary: -1 }
}, function (err, docs, count) {});

employees.updateOne({
  where: { id: 5 },
  set: { salary: 30000 }
}, function (err, result) {});

employees.deleteOne({ where: { id: 5 } }, function (err, result) {});
site.backupDB();
site.restoreDB();
employees.createIndex({ name: 1 }, {}, function (err, result) {});
employees.createUnique({ email: 1 }, function (err, result) {});

Upload and Download

isite parses uploaded files and provides response helpers for forced downloads.

<form action="uploadFile" method="post" enctype="multipart/form-data">
  <input type="file" name="fileToUpload" />
  <input type="submit" />
</form>
site.onPOST('uploadFile', function (req, res) {
  var response = { done: true };
  var file = req.files.fileToUpload;
  var newpath = site.options.upload_dir + '/' + file.originalFilename;

  site.mv(file.filepath, newpath, function (err) {
    if (err) {
      response.done = false;
      response.error = err;
    }
    res.json(response);
  });
});

site.onGET('/files/file1.zip', function (req, res) {
  res.download(site.options.download_dir + '/file1.zip', 'info.zip');
});

Multi Language

Store translated words in site_files/json/words.json, use ##word.name## in HTML, and switch language with /x-language/change. 

[
  { "name": "user_name", "En": "User Name", "Ar": "اسم المستخدم" },
  { "name": "user_email", "En": "Email", "Ar": "البريد الالكترونى" }
]
<label>##word.user_name##</label>
<div x-lang="Ar">Arabic content</div>
<div x-lang="En">English content</div>

Client Libraries and Charts

The client-side app exposes common browser libraries through fixed routes. The charts app adds local chart creation helpers. 

site.loadLocalApp('client-side');
site.loadLocalApp('charts');
<link rel="stylesheet" href="/x-css/bootstrap3.css" />
<link rel="stylesheet" href="/x-css/font-awesome.css" />
<script src="/x-js/jquery.js"></script>
<script src="/x-js/bootstrap3.js"></script>
<script src="/x-js/angular.js"></script>

Helpers

isite includes helpers for rendering, hashing, encoding, JSON conversion, object copying, and feature checks.

res.render('index.html', { name: 'amr' }, {
  compress: true,
  cache: false,
  parser: 'html css js'
});

var copy = site.copy({ name: 'amr' });
var hash = site.md5('content');
var base64 = site.toBase64('content');
var normal = site.fromBase64(base64);
var jsonString = site.toJson(copy);
var jsonObj = site.fromJson(jsonString);

Events

Global events let apps and routes communicate across the site lifecycle.

site.on('event name', function (obj) {
  site.log('name: ' + obj.name);
});

site.call('event name', { name: 'x1' });

site.on('sync event name', function (obj, callback, next) {
  site.log(obj.name);
  next();
});

site.quee('sync event name', { name: 'x2' });

API Reference

Area Methods and properties
Server site.run, site.start, site.listen, site.close
Routing onREQUEST, onGET, onPOST, onPUT, onDELETE, onALL, callRoute
Extra methods onPATCH, onOPTIONS, onHEAD, onVIEW, onCOPY, onLINK, onUNLINK, onLOCK, onUNLOCK
Files html, css, js, json, xml, readFile, readFiles, writeFile, removeFile, createDir
Apps importApp, importApps, loadApp, loadLocalApp, addApp, getApp
Database connectCollection, mongodb, backupDB, restoreDB
HTML parser var, addVars, word, words.addFile, addMasterPage
Utilities copy, md5, toBase64, fromBase64, toJson, fromJson, cmd, fetch

Complete Function Index

This index lists the public and commonly consumed functions found in the isite source. Some aliases call the same implementation, so they are grouped together.

Site lifecycle and core

isite(options) site.run() site.start() site.listen() site.close(wait) site.reset() site.require(filePath) site.cmd(command, callback) site.log(...args) site.canRequire(name) site.newURL(url, base) site.requireFromString(code, filename, opts)

Routing

site.onREQUEST(method, route, callback) site.onGET(route, callback) site.get(route, callback) site.onPOST(route, callback) site.post(route, callback) site.onPUT(route, callback) site.put(route, callback) site.onDELETE(route, callback) site.delete(route, callback) site.onALL(route, callback) site.all(route, callback) site.onTEST(route, callback) site.test(route, callback) site.onVIEW(route, callback) site.onOPTIONS(route, callback) site.onPATCH(route, callback) site.onCOPY(route, callback) site.onHEAD(route, callback) site.onLINK(route, callback) site.onUNLINK(route, callback) site.onPURGE(route, callback) site.onLOCK(route, callback) site.onUNLOCK(route, callback) site.onPROPFIND(route, callback) site.callRoute(name, req, res) site.off(routeOrPath)

Request helpers

req.addFeature(name) req.hasFeature(name) req.removeFeature(name) req.getUserFinger() req.word(name) req.cookie(name) req.cookies(name)

Response helpers

res.set(name, value) res.status(code) res.error(code) res.download(path, name) res.download2(path, name) res.render(file, data, options) res.html(file, data, options) res.txt(name, data) res.css(name, data) res.js(name, data) res.jsonFile(name, data) res.send(content) res.sendHTML(content) res.htmlContent(content) res.textContent(text) res.sendTEXT(text) res.json(object, time) res.redirect(url, code) res.remove(name) res.delete(name) res.cookie(name, value) res.cookies(name, value)

File system

site.fileStat(path, callback) site.fileStatSync(path) site.css(name, callback) site.xml(name, callback) site.js(name, callback) site.json(name, callback) site.html(name, callback) site.download(name, req, res) site.downloadFile(path, req, res) site.isFileExists(path, callback) site.isFileExistsSync(path) site.readFile(path, callback) site.readFileRaw(path, callback) site.readFileStream(path) site.readFiles(paths, callback) site.readFileSync(path) site.writeFile(path, data, callback) site.writeFileSync(path, data, encode, callback) site.removeFile(path, callback) site.deleteFile(path, callback) site.removeFileSync(path) site.deleteFileSync(path) site.createDir(path, callback) site.mkDir(path, callback) site.createDirSync(path) site.mkdirSync(path)

Events and features

site.on(name, callback) site.call(name, args, callback) site.quee(name, args, callback) site.quee_check(name, fire) site.addFeature(name, value) site.getFeature(name) site.hasFeature(name) site.feature(name, value) site.addfeatures(path)

Variables, words, and master pages

site.addVar(name, value) site.getVar(name) site.var(name, value) site.addVars(path) site.word(obj) site.words.word(obj) site.words.get(name) site.words.add(word) site.words.set(word) site.words.addList(list) site.words.addFile(path) site.words.save() site.addMasterPage(page)

Apps

site.addApp(app) site.getApp(name) site.connectApp(appOptions) site.importApp(appPath, name2) site.importApps(appDir) site.loadApp(name, name2) site.loadLocalApp(name, name2) app.init() app.add(item, callback) app.update(item, callback) app.delete(item, callback) app.view(item, callback) app.all(options, callback) app.handleRequest(req, res, callback) app.api(apiOptions, callback)

Collections

site.connectCollection(option, db) collection.insertOne(doc, callback) collection.insert(doc, callback) collection.add(doc, callback) collection.addOne(doc, callback) collection.insertMany(docs, callback) collection.addMany(docs, callback) collection.insertAll(docs, callback) collection.addAll(docs, callback) collection.update(options, callback) collection.updateOne(options, callback) collection.edit(options, callback) collection.editOne(options, callback) collection.updateMany(options, callback) collection.editMany(options, callback) collection.updateAll(options, callback) collection.editAll(options, callback) collection.delete(options, callback) collection.deleteOne(options, callback) collection.remove(options, callback) collection.removeOne(options, callback) collection.deleteMany(options, callback) collection.removeMany(options, callback) collection.deleteAll(options, callback) collection.removeAll(options, callback) collection.get(options, callback) collection.getOne(options, callback) collection.find(options, callback) collection.findOne(options, callback) collection.select(options, callback) collection.selectOne(options, callback) collection.getMany(options, callback) collection.getAll(options, callback) collection.findAll(options, callback) collection.findMany(options, callback) collection.selectAll(options, callback) collection.selectMany(options, callback) collection.count(options, callback) collection.getCount(options, callback) collection.ObjectId(id) collection.ObjectID(id) collection.drop(callback) collection.createUnique(obj, callback) collection.createIndex(obj, options, callback) collection.dropIndex(obj, options, callback) collection.dropIndexes(options, callback) collection.aggregate(pipeline, callback) collection.findDuplicate(obj, callback) collection.deleteDuplicate(obj, callback) collection.removeDuplicate(obj, callback) collection.loadAll(options, callback) collection.import(filePath, callback) collection.export(options, filePath, callback)

MongoDB low-level

site.mongodb.ObjectID(id) site.mongodb.ObjectId(id) site.mongodb.handleDoc(doc, badLetter) site.mongodb.connectDB(name, callback) site.mongodb.connectCollection(options, callback) site.mongodb.createIndex(options, callback) site.mongodb.dropIndex(options, callback) site.mongodb.dropIndexes(options, callback) site.mongodb.aggregate(options, callback) site.mongodb.dropCollection(options, callback) site.mongodb.insertOne(options, callback) site.mongodb.insert(options, callback) site.mongodb.insertMany(options, callback) site.mongodb.findOne(options, callback) site.mongodb.find(options, callback) site.mongodb.findMany(options, callback) site.mongodb.count(options, callback) site.mongodb.distinct(options, callback) site.mongodb.updateOne(options, callback) site.mongodb.update(options, callback) site.mongodb.updateMany(options, callback) site.mongodb.deleteOne(options, callback) site.mongodb.delete(options, callback) site.mongodb.deleteMany(options, callback) site.backupDB(options, callback) site.restoreDB(options, callback)

Security

site.security.addKey(key) site.security.addPermissions(list, callback) site.security.addRole(role, callback) site.security.updateRole(role, callback) site.security.editeRole(role, callback) site.security.deleteRole(role, callback) site.security.removeRole(role, callback) site.security.addRoles(list, callback) site.security.removeUserFinger(obj) site.security.getUserFinger(obj) site.security.handleUser(user) site.security.loadAllUsers(callback) site.security.loadAllRoles(callback) site.security.getUsers(options, callback) site.security.getUser(user, callback) site.security.isUserExists(user, callback) site.security.login(user, callback) site.security.register(user, callback) site.security.logout(req, res, callback) site.security.addUser(user, callback) site.security.updateUser(user, callback) site.security.deleteUser(user, callback) site.security.isUserLogin(req, res) site.security.isUserHasPermission(req, res, permission) site.security.isUserHasPermissions(req, res, permissions) site.security.isUserHasRole(req, res, role) site.security.isUserHasRoles(req, res, roles) site.security.getUserPermissions(req, res) site.security.getUserRoles(req, res) site.security.addUserPermission(id, permission, callback)

Sessions, storage, and logs

site.getSession(req, callback) site.sessions.attach(req, callback) site.saveSession(session) site.sessions.save(session) site.storage(key, value) site.logs(key, value)

WebSocket

site.onWS(options, callback) site.ws.start(options, callback) site.ws.sendToAll(message) site.ws.closeAll() site.ws.onNewSupportedClient(client) site.ws.wsSupport() site.ws.supportHandle(client, message)

General utilities

site.copy(obj) site.toNumber(value) site.to_number(value) site.toInt(value) site.to_int(value) site.toFloat(value) site.to_float(value) site.toMoney(value, float) site.random(min, max) site.guid() site.getRegExp(text, flag) site.get_RegExp(text, flag) site.fetchURLContent(options, callback) site.fetch(url, options) site.request(url, options) site.AI(text) site.hide(data) site.hideObject(data) site.show(data) site.showObject(data) site.ul(data) site.removeRefObject(obj) site.objectDiff(obj1, obj2) site.toHtmlTable(obj) site.typeof(value) site.typeOf(value) site.escapeRegExp(text)

Date, JSON, and encoding

site.getDate(value) site.toDate(value) site.toDateOnly(value) site.toDateTime(value) site.getDateTime(value) site.toDateX(value) site.toDateXT(value) site.toDateXF(value) site.toDateT(value) site.toDateF(value) site.yy() site.mm() site.dd() site.fromJson(data, defaultValue) site.fromJSON(data, defaultValue) site.toJson(obj) site.toJSON(obj) site.toBase64(data) site.fromBase64(data) site.to123(data) site.from123(data) site.f1(data) site.getContentType(path) site.getFileEncode(path) site.md5(text) site.hash(text)

Email, Telegram, PDF, and proxy

site.sendEmail(mail, callback) site.sendMail(mail, callback) site.sendFreeMail(mail, callback) site.sendSmptMail(mail, callback) site.checkMailConfig(mail, callback) site.connectTelegramClient(session, apiId, apiHash, options) site.telegramInit(token, onNewMessage, polling) site.newTelegramBot(data, onNewMessage, polling) site.sendTelegramMessage(token, chatID, message) site.initFontKit(options, callback) site.loadPDF(options, callback) site.httpTrustedOnline() site.startProxy(options) site.closeProxy(options)

Prototype helpers

String.prototype.test(reg, flag) String.prototype.like(name) String.prototype.contains(name) String.prototype.contain(name) Array.prototype.test(reg, flag) Array.prototype.like(name) Array.prototype.contains(name) Array.prototype.contain(name)

AI Agent Files

These files are included to help AI coding agents understand the library quickly and make safer changes in this repository.

Agent guide

agent-guide.md explains the repo structure, architecture, conventions, and safe editing notes.

LLM index

llms.txt gives tools and crawlers a compact public index of the project and docs.

AI context

ai-context.md summarizes the framework mental model, startup flow, APIs, and pitfalls.

API map

api-map.json provides a machine-readable map of source files and public API groups.

Examples

examples-for-ai.md contains common recipes for routes, CRUD, uploads, WebSocket, and apps.

No sections match your search.