npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@adobe/spacecat-shared-http-utils

v1.7.0

Published

Shared modules of the Spacecat Services - HTTP Utils

Downloads

3,950

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mhaackmhaackamol-anandamol-ananddotendotenstopp-adobestopp-adobedylandepassdylandepassdjaeggidjaeggiadobehallsadobehallsfullcolorcoderfullcolorcodermarbecmarbectripodtripodgarthdbgarthdblazdlazdadobe-adminadobe-adminpatrickfultonpatrickfultontrielofftrieloffshazronshazronkrisnyekrisnyedcpfsdkdcpfsdknatebaldwinnatebaldwindevongovettdevongovettaspro83aspro83symanovisymanovidpfisterdpfisterstefan-guggisbergstefan-guggisbergkorrakorraroferofekptdobekptdobe

Keywords

Readme

Spacecat Shared - HTTP Utilities

A set of TypeScript functions for creating HTTP responses with standardized formats, and classes for dealing with authenticating HTTP requests.

Table of Contents

Introduction

This library provides a collection of functions related to http to be used in Spacecat development. The functions are designed to create responses with standardized formats, making it easier to maintain a consistent structure across different parts of your application.

Installation

Install the package using npm or yarn:

npm install @adobe/spacecat-shared-http-utils

or

yarn add @adobe/spacecat-shared-http-utils

Usage

Import the functions in your TypeScript file and use them to generate HTTP responses. Here's an example:

import {
  ok,
  noContent,
  badRequest,
  notFound,
  internalServerError,
} from '@adobe/spacecat-shared-http-utils';

// Example usage
const successResponse: Response = ok('Request was successful');

const emptyResponse: Response = noContent();

const errorResponse: Response = badRequest('Invalid input');

const notFoundResponse: Response = notFound('Resource not found');

const serverErrorResponse: Response = internalServerError('Something went wrong');

API

ok(body?: string): Response

Creates a successful response with an optional body.

noContent(headers?: Headers): Response

Creates a response with no content and optional headers.

badRequest(message: string, headers?: Headers): Response

Creates a response for a bad request with an error message and optional headers.

notFound(message: string, headers?: Headers): Response

Creates a response for a not found scenario with an error message and optional headers.

internalServerError(message: string, headers?: Headers): Response

Creates a response for an internal server error with an error message and optional headers.

Authentication

This package includes classes for dealing with authenticating HTTP requests.

ScopedApiKeyHandler

Scoped API keys are defined in the datalayer and can be used to authenticate requests to the Spacecat API. They employ "scopes" to enable fine-grained access to resources. An example API key entity looks like this (id omitted):

{
  "name": "Example API Key",
  "hashedApiKey": "4c806362b613f7496abf284146efd31da90e4b16169fe001841ca17290f427c4",
  "createdAt": "2024-08-21T19:00:00.000Z",
  "expiresAt": "2024-12-21T19:00:00.000Z",
  "scopes": [
    { "name": "imports.write" },
    { "name": "imports.read" }
  ]
}

Key points on the above:

  • hashedApiKey is the SHA-256 hash of the actual API key ("test-api-key" above)
  • scopes are the permissions granted to the API key
  • Each scope object can contain additional data, but the name field is required

The ScopedApiKeyHandler class is used to authenticate requests using scoped API keys. To support the existing Legacy API keys, it should be ordered after the LegacyApiKeyHandler in the authHandlers array. This enables requests with the existing API keys to be authenticated quickly without requiring a database lookup.

Checking for scope access

To enable a new scope, first refer to the scopeNames array in the ApiKey model (/packages/spacecat-shared-data-access/src/models/api-key.js). If the scope you need is not listed here, please add it. Note the convention for scope names is resource.action, e.g. imports.write or sites.read_all. The _all action suffix indicates access beyond resources created (or jobs initiated by) the current API key.

Next, you will want to check that the API used to make the request has access to the required scope(s) from your controller. The authWrapper adds an auth helper to the context which makes this easy. Here's an example of how to check for scope access from a controller:

// This route requires the 'imports.write' scope
function protectedRoute(context) {
  const { auth } = context;
  
  try {
    auth.checkScopes(['imports.write']);
  } catch (error) {
    throw new ErrorWithStatusCode('Missing required scopes', 401);
  }
  
  return ok('You have access to this resource');
}

Need additional details from the API key entity object? The authWrapper places the authenticated authInfo object into the context at context.attributes.authInfo, with the API key entity available in its profile property.

Creating a new API key

This is currently a manual process, and involves duplicating an existing API key entity in the datalayer and updating its properties. For the table to update, refer to the TABLE_NAME_API_KEYS constant (which will be overridden on prod).

In the future we are planning to support a way for clients to request their own API key, given a valid IMS token.

Contributing

Feel free to contribute by opening issues or creating pull requests. Please follow the existing coding style and include tests when adding new features.

License

This project is licensed under the Apache 2.0 - see the LICENSE file for details.