Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.dhal.rokad.co/llms.txt

Use this file to discover all available pages before exploring further.

Express

Install: 
npm install express @rokadhq/dhal
Use the Express adapter: 
import express from "express";
import { dhal } from "@rokadhq/dhal/express";

const app = express();

app.use(express.json({ limit: "1mb" }));
app.use(dhal());

app.get("/", (_req, res) => {
  res.json({ ok: true });
});

app.post("/api/login", (_req, res) => {
  res.status(401).json({ error: "bad credentials" });
});

app.listen(3000);

Why order matters

Place Dhal early enough to protect routes, but after body middleware when you want rules to inspect parsed bodies. Recommended: 
app.use(express.json({ limit: "1mb" }));
app.use(dhal());
If you need raw-body inspection, capture rawBody in your body parser and expose it on the request object.

Credential-stuffing signals

The Express adapter records response outcomes after the response finishes. Repeated 401 or 403 on configured login routes can trigger credential-stuffing controls.