npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@open-age/express-api

v2.8.2

Published

a route helper to convert express to api

Downloads

154

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

sunny-parkashsunny-parkash

Keywords

apiexpressroutes

Readme

Open Age Service

Overview

It is the framework component for openage services. It implements some of the boilerplate code like

  1. User Authentication
  2. Endpoint Authorization
  3. Repsonse Standardization
  4. Response Caching
  5. Response Remapping
  6. Bulk Request

It also builds the context and adds following mechanisms to it:

  1. Caching
  2. Configuration
  3. Logging
  4. Rules Evaluation

Release Notes

Version 2.7.9

Enhanced security:

  • Implemented session validation with the authentication provider for a more robust authentication mechanism.
  • Implemented session caching to save round trips (see session caching)
  • Improved exception handling by hiding server errors and sending the one in api.errors section.

Refactorings

Version 2.6.0

  • Implemented caching of the response.

Usage

Getting hierarchical configuration from the context

TODO:

  • [ ] Complete documentation

Getting and Setting the Cache

TODO:

  • [ ] Complete documentation

Setup

Installation

  1. Add the package
npm install @open-age/express-api --save
  1. Add dependencies

TODO:

  • [ ] Complete documentation

Configuration

This component uses config package. The configuration can be defined at multiple levels.

  1. Code Level
  2. Installation Level
  3. Organization Level
  4. Tenant Level

Caching the response

Step 1: Configure cache server

You need to configure the application to use the cache configuration. Here is an example:

{
    "cacheServer": {
        "type":"redis",
        "config": {
            "host": "${env:cacheServer.host}",
            "port": "${env:cacheServer.port}",
            "options": {
                "password": "${env:cacheServer.password}",
                "maxmemory": "1gb",
                "maxmemoryPolicy": "allkeys-lru"
            }
        }
    }
}

Following cache servers are supported

This would also be used to cache the authentication data

Step 2: Configure the endpoint

You need to set the endpoint to cache the response. It can be defined at one of the following places (in the order of decreasing preference):

  1. In the tenant configuration
{
    "config": {
        "api": {
            "resource-get-by-id": {
                "cache": {
                }
            }
        }
    }
}
  1. At service level
{

    "api": {
        "resource-get-by-id": {
            "cache": {
            }
        }
    }
}
  1. In the spec path file specs/paths/:resource.js.
{
    "url": "/",
    "get": {
        "id": "resource-get-by-id",
        "cache":{
        }
    }
}

The endpoint id, resource-get-by-id is defined in spec/paths/resource.js file. Even if the id the not defined it will be automatically created according to convention.

The cache section above would take following configuration

{
    // unique id with which value will be saved
    "key": "resource_${query}", 
    // seconds after which key and it's value will get deleted
    "ttl": 2000, 
    // action to perfom when the endpoint is hit (defaults to add)
    "action": "add",
    // the condition(optional) that needs to be met 
    // for the response to be cache response
    "condition": {
        "operator": "AND",
        "value": [{ "key": "query.field","operator": "==", "value": "value" }]
    }  
}

TODO:

  • [ ] Add examples with more conditions

Securing an endpoint

Just like cache you need to configure the endpoint by adding permissions to it

TODO:

  • [ ] Complete documentation

Modifying a response

TODO:

  • [ ] Complete documentation

Authentication

Validating the claims

Requesting ip with that of the token
{
    "auth": {
        "validate": {
            "ip": true,
        }
    }
}

TODO:

  • [ ] support for region in the ip like in-*
Expiry of the token
  1. Following setting will check the expiry of the token against the current time
{
    "auth": {
        "validate": {
            "expiry": true,
        }
    }
}
  1. Following setting will check the status of the session. It should not be inactive or expired
{
    "auth": {
        "validate": {
            "session": true,
        }
    }
}

Configuring how the service would authenticate the token

Using directory as auth provider
  1. Set the auth.provider as directory
{
    "auth": {
        "provider": "directory"
    }
}
  1. Configure providers.directory. Note the system would fetch the session (from id) of the user under the credentials of providers.directory.role.key
{
    "providers": {
        "directory": {
            "url": "http://api.openage.in/directory/v1/api", // prod url
            "role": {
                "key": "<role key of the tenant owner>"
            }
        }
    }
}
Caching the session

Add sessions endpoints to the directory provider, and add the cache setting to it. You need to also add cacheServer setting

{
    "providers": {
        "directory": {
            "endpoints": {
                "sessions": {
                    "get": {
                        "cache": {
                            "ttl": 60000 // 60 seconds
                        }
                    }
                }
            }
        }
    }
}

If the cache is not defined, then the session won't be cahced

Using directory as auth provider

Sending out custom errors api.errors

{
    "api": {
        "errors": {
            "UNKNOWN": {
                "code": "UNKNOWN",
                "message": "Internal Server Error"
            },
            "ACCESS_DENIED": {
                "code": "ACCESS_DENIED",
                "message": "Insufficient Permission"
            }
        }
    }
}