[mromnia]

Isn't this comparing apples to oranges? I haven't used koa, but it seems to be same level of abstraction as express - basically a thin layer over HTTP with routing. Rails or Django are several levels higher - they include auth, database interaction, CRUD etc. I'm not saying that either approach is better, just that the comparison seems strange.

[benbristow]

Rails doesn't include Auth.

Devise does a great job of it though - https://github.com/plataformatec/devise

[e12e]

It does include "has_secure_password" and its friends (password/password_confirmation) though, which goes a ways towards including auth/authz even if one doesn't use devise, when coupled with before_action-s. It certainly comes with some facilities for getting off the ground:

https://api.rubyonrails.org/classes/ActiveModel/SecurePasswo...

[h1d]

I'm only saying what the OP and I'm stating is worthless because they're based on experience.