Secure Web API with Referrer Control

Build a simple Koa web API that serves information about books and implements proper referrer policy headers to control how much referrer information is shared when users navigate to external resources.

Requirements

Your API should:

1. Create a Koa application that listens on port 3000
2. Implement security middleware that sets a referrer policy header to prevent referrer information from being sent to external sites
3. Provide an endpoint GET /books that returns a JSON array of book objects (at least 2 books with title and author fields)
4. Provide an endpoint GET /books/:id that returns a single book by ID (numeric ID)
5. Return appropriate HTTP status codes (200 for success, 404 when book not found)

Test Cases

• Starting the server and making a GET request to /books returns status 200 with a JSON array containing at least 2 books @test
• Making a GET request to /books/1 returns status 200 with a single book object @test
• Making a GET request to /books/999 returns status 404 for a non-existent book @test
• The response headers include Referrer-Policy set to no-referrer @test

Implementation

@generates

API

// Export the Koa application instance
export const app;

// Export a function to start the server
export function startServer(port);

Dependencies { .dependencies }

koa-helmet { .dependency }

Provides security headers middleware including referrer policy control.

koa { .dependency }

Web framework for building the API.

koa-router { .dependency }

Routing middleware for handling different endpoints.