Hello World Node.js Application

This application represents one of the simplest operations performed in Node.js applications: making an HTTP request to a third party.

No other operations will be permitted such as reading from the filesystem (other than require() statements, of course) or executing child processes. We won't even be able to make requests which do not match the URL patterns as described in our policies.

Code for server.js

This file is the entry point to our Node.js application and is unmodified code; that is to say, there are no Intrinsic-specific changes made to the application code. In this example we're going to use the Express web server as it's usually the most familiar. Intrinsic doesn't actually care what web server is being used, though, it'll work with anything from the internal http module to other servers like Hapi. We're also making outbound HTTP requests using request, but as you might have guessed, the tool for performing requests also doesn't matter.

const http = require('request');
const express = require('express');

const app = express();
const PORT = process.env.NODE_PORT;

app.get('/example', (req, res) => {
  request.get('http://www.intrinsic.com', (err, data) => {
    if (err) return res.status(500).send(err.message);

      body: data.body

app.listen(PORT, () => {
  console.log(`Example app listening on port ${PORT}!`);

This application performs a simple task. It listens for incoming HTTP requests. If a request is made for GET /example then it will call the request handler. This handler makes an outbound request to the Intrinsic website. Once the response is received the application replies to the request with the data it received.

Code for intrinsic.js

This file will load the Intrinsic module, perform some configuration, load the policies file, and start the application.

const intrinsic = require('@intrinsic/intrinsic');


Code for intrinsic-policy.js

This file will actually perform the policy configuration of our Node.js Application. We only have a single incoming route to configure so we only need a single route section.

In the case of our sample application we only want to create a single policy, which whitelists GET requests made to http://www.intrinsic.com. (For more information on these types of policies, be sure to check out the section on HTTP Policies.)

'use strict';
const { HttpServer } = require('@intrinsic/intrinsic');
const server = new HttpServer({ port: process.env.NODE_PORT });

server.addSandbox('get', '/example', policy => {

module.exports = server;