Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@azure/storage-queue
Advanced tools
@azure/storage-queue is an npm package that provides a client library for working with Azure Queue Storage, which is a service for storing large numbers of messages that can be accessed from anywhere in the world via authenticated calls using HTTP or HTTPS. This package allows you to create, delete, and manage queues, as well as add, retrieve, and delete messages within those queues.
Create a Queue
This code sample demonstrates how to create a new queue in Azure Queue Storage using the @azure/storage-queue package.
const { QueueServiceClient } = require('@azure/storage-queue');
const connectionString = 'your_connection_string';
const queueServiceClient = QueueServiceClient.fromConnectionString(connectionString);
const queueClient = queueServiceClient.getQueueClient('myqueue');
await queueClient.create();
console.log('Queue created');
Add a Message to a Queue
This code sample demonstrates how to add a message to an existing queue in Azure Queue Storage.
const { QueueServiceClient } = require('@azure/storage-queue');
const connectionString = 'your_connection_string';
const queueServiceClient = QueueServiceClient.fromConnectionString(connectionString);
const queueClient = queueServiceClient.getQueueClient('myqueue');
await queueClient.sendMessage('Hello, World!');
console.log('Message added');
Retrieve Messages from a Queue
This code sample demonstrates how to retrieve messages from a queue in Azure Queue Storage.
const { QueueServiceClient } = require('@azure/storage-queue');
const connectionString = 'your_connection_string';
const queueServiceClient = QueueServiceClient.fromConnectionString(connectionString);
const queueClient = queueServiceClient.getQueueClient('myqueue');
const messages = await queueClient.receiveMessages();
for (const message of messages.receivedMessageItems) {
console.log(`Message: ${message.messageText}`);
}
Delete a Message from a Queue
This code sample demonstrates how to delete a message from a queue in Azure Queue Storage.
const { QueueServiceClient } = require('@azure/storage-queue');
const connectionString = 'your_connection_string';
const queueServiceClient = QueueServiceClient.fromConnectionString(connectionString);
const queueClient = queueServiceClient.getQueueClient('myqueue');
const messages = await queueClient.receiveMessages();
for (const message of messages.receivedMessageItems) {
await queueClient.deleteMessage(message.messageId, message.popReceipt);
console.log('Message deleted');
}
The aws-sdk package provides a comprehensive set of tools for interacting with AWS services, including Amazon SQS (Simple Queue Service). Amazon SQS is similar to Azure Queue Storage in that it allows you to manage message queues. The main difference is that aws-sdk is used for AWS services, while @azure/storage-queue is specific to Azure.
The google-cloud package provides client libraries for Google Cloud services, including Google Cloud Pub/Sub, which is a messaging service similar to Azure Queue Storage. Google Cloud Pub/Sub offers more advanced features like message filtering and ordering, whereas Azure Queue Storage is simpler and more straightforward.
The kafka-node package is a client library for Apache Kafka, a distributed event streaming platform. Kafka is more complex and offers higher throughput and scalability compared to Azure Queue Storage. It is suitable for real-time data processing and large-scale message handling.
Azure Storage Queue provides cloud messaging between application components. In designing applications for scale, application components are often decoupled, so that they can scale independently. Queue storage delivers asynchronous messaging for communication between application components, whether they are running in the cloud, on the desktop, on an on-premises server, or on a mobile device. Queue storage also supports managing asynchronous tasks and building process work flows.
This project provides a client library in JavaScript that makes it easy to consume the Azure Storage Queue service.
Use the client libraries in this package to:
Key links:
See our support policy for more details.
The preferred way to install the Azure Storage Queue client library for JavaScript is to use the npm package manager. Type the following into a terminal window:
npm install @azure/storage-queue
Azure Storage supports several ways to authenticate. In order to interact with the Azure Queue Storage service you'll need to create an instance of a Storage client - QueueServiceClient
or QueueClient
for example. See samples for creating the QueueServiceClient
to learn more about authentication.
The Azure Queue Storage service supports the use of Azure Active Directory to authenticate requests to its APIs. The @azure/identity
package provides a variety of credential types that your application can use to do this. Please see the README for @azure/identity
for more details and samples to get you started.
This library is compatible with Node.js and browsers, and validated against LTS Node.js versions (>=8.16.0) and latest versions of Chrome, Firefox and Edge.
This library requires certain DOM objects to be globally available when used in the browser, which web workers do not make available by default. You will need to polyfill these to make this library work in web workers.
For more information please refer to our documentation for using Azure SDK for JS in Web Workers
This library depends on following DOM APIs which need external polyfills loaded when used in web workers:
There are differences between Node.js and browsers runtime. When getting started with this library, pay attention to APIs or classes marked with "ONLY AVAILABLE IN NODE.JS RUNTIME" or "ONLY AVAILABLE IN BROWSERS".
StorageSharedKeyCredential
generateAccountSASQueryParameters()
generateQueueSASQueryParameters()
To use this client library in the browser, first you need to use a bundler. For details on how to do this, please refer to our bundling documentation.
You need to set up Cross-Origin Resource Sharing (CORS) rules for your storage account if you need to develop for browsers. Go to Azure portal and Azure Storage Explorer, find your storage account, create new CORS rules for blob/queue/file/table service(s).
For example, you can create following CORS settings for debugging. But please customize the settings carefully according to your requirements in production environment.
A Queue is a data store within an Azure Storage Queue service account for sending/receiving messages between connected clients.
Key data types in our library related to these services are:
QueueServiceClient
represents a connection (via a URL) to a given storage account in the Azure Storage Queue service and provides APIs for manipulating its queues. It is authenticated to the service and can be used to create QueueClient
objects, as well as create, delete, list queues from the service.QueueClient
represents a single queue in the storage account. It can be used to manipulate the queue's messages, for example to send, receive, and peek messages in the queue.To use the clients, import the package into your file:
const AzureStorageQueue = require("@azure/storage-queue");
Alternatively, selectively import only the types you need:
const { QueueServiceClient, StorageSharedKeyCredential } = require("@azure/storage-queue");
The QueueServiceClient
requires an URL to the queue service and an access credential. It also optionally accepts some settings in the options
parameter.
DefaultAzureCredential
from @azure/identity
packageRecommended way to instantiate a QueueServiceClient
Setup : Reference - Authorize access to blobs and queues with Azure Active Directory from a client application - https://docs.microsoft.com/azure/storage/common/storage-auth-aad-app
Register a new AAD application and give permissions to access Azure Storage on behalf of the signed-in user
API permissions
section, select Add a permission
and choose Microsoft APIs
.Azure Storage
and select the checkbox next to user_impersonation
and then click Add permissions
. This would allow the application to access Azure Storage on behalf of the signed-in user.Grant access to Azure Storage Queue data with RBAC in the Azure Portal
Access control (IAM)
tab (in the left-side-navbar of your storage account in the azure-portal).Environment setup for the sample
CLIENT ID
and TENANT ID
. In the "Certificates & Secrets" tab, create a secret and note that down.AZURE_TENANT_ID
, AZURE_CLIENT_ID
, AZURE_CLIENT_SECRET
as environment variables to successfully execute the sample (can leverage process.env).const { DefaultAzureCredential } = require("@azure/identity");
const { QueueServiceClient } = require("@azure/storage-queue");
const account = "<account>";
const credential = new DefaultAzureCredential();
const queueServiceClient = new QueueServiceClient(
`https://${account}.queue.core.windows.net`,
credential
);
[Note - Above steps are only for Node.js]
Alternatively, you can instantiate a QueueServiceClient
using the fromConnectionString()
static method with the full connection string as the argument. (The connection string can be obtained from the azure portal.) [ONLY AVAILABLE IN NODE.JS RUNTIME]
const { QueueServiceClient } = require("@azure/storage-queue");
const connStr = "<connection string>";
const queueServiceClient = QueueServiceClient.fromConnectionString(connStr);
StorageSharedKeyCredential
Alternatively, you instantiate a QueueServiceClient
with a StorageSharedKeyCredential
by passing account-name and account-key as arguments. (The account-name and account-key can be obtained from the azure portal.)
[ONLY AVAILABLE IN NODE.JS RUNTIME]
const { QueueServiceClient, StorageSharedKeyCredential } = require("@azure/storage-queue");
// Enter your storage account name and shared key
const account = "<account>";
const accountKey = "<accountkey>";
// Use StorageSharedKeyCredential with storage account and account key
// StorageSharedKeyCredential is only available in Node.js runtime, not in browsers
const sharedKeyCredential = new StorageSharedKeyCredential(account, accountKey);
const queueServiceClient = new QueueServiceClient(
`https://${account}.queue.core.windows.net`,
sharedKeyCredential,
{
retryOptions: { maxTries: 4 }, // Retry options
telemetry: { value: "BasicSample/V11.0.0" } // Customized telemetry string
}
);
Also, You can instantiate a QueueServiceClient
with a shared access signatures (SAS). You can get the SAS token from the Azure Portal or generate one using generateAccountSASQueryParameters()
.
const { QueueServiceClient } = require("@azure/storage-queue");
const account = "<account name>";
const sas = "<service Shared Access Signature Token>";
const queueServiceClient = new QueueServiceClient(
`https://${account}.queue.core.windows.net${sas}`
);
Use QueueServiceClient.listQueues()
function to iterate the queues,
with the new for-await-of
syntax:
const { DefaultAzureCredential } = require("@azure/identity");
const { QueueServiceClient } = require("@azure/storage-queue");
const account = "<account>";
const credential = new DefaultAzureCredential();
const queueServiceClient = new QueueServiceClient(
`https://${account}.queue.core.windows.net`,
credential
);
async function main() {
const iter1 = queueServiceClient.listQueues();
let i = 1;
for await (const item of iter1) {
console.log(`Queue${i}: ${item.name}`);
i++;
}
}
main();
Alternatively without for-await-of
:
const { DefaultAzureCredential } = require("@azure/identity");
const { QueueServiceClient } = require("@azure/storage-queue");
const account = "<account>";
const credential = new DefaultAzureCredential();
const queueServiceClient = new QueueServiceClient(
`https://${account}.queue.core.windows.net`,
credential
);
async function main() {
const iter2 = queueServiceClient.listQueues();
let i = 1;
let item = await iter2.next();
while (!item.done) {
console.log(`Queue ${i++}: ${item.value.name}`);
item = await iter2.next();
}
}
main();
For a complete sample on iterating queues please see samples/v12/typescript/listQueues.ts.
Use QueueServiceClient.getQueueClient()
function to create a new queue.
const { DefaultAzureCredential } = require("@azure/identity");
const { QueueServiceClient } = require("@azure/storage-queue");
const account = "<account>";
const credential = new DefaultAzureCredential();
const queueServiceClient = new QueueServiceClient(
`https://${account}.queue.core.windows.net`,
credential
);
const queueName = "<valid queue name>";
async function main() {
const queueClient = queueServiceClient.getQueueClient(queueName);
const createQueueResponse = await queueClient.create();
console.log(
`Created queue ${queueName} successfully, service assigned request Id: ${createQueueResponse.requestId}`
);
}
main();
Use sendMessage()
to add a message to the queue:
const { DefaultAzureCredential } = require("@azure/identity");
const { QueueServiceClient } = require("@azure/storage-queue");
const account = "<account>";
const credential = new DefaultAzureCredential();
const queueServiceClient = new QueueServiceClient(
`https://${account}.queue.core.windows.net`,
credential
);
const queueName = "<valid queue name>";
async function main() {
const queueClient = queueServiceClient.getQueueClient(queueName);
// Send a message into the queue using the sendMessage method.
const sendMessageResponse = await queueClient.sendMessage("Hello World!");
console.log(
`Sent message successfully, service assigned message Id: ${sendMessageResponse.messageId}, service assigned request Id: ${sendMessageResponse.requestId}`
);
}
main();
QueueClient.peekMessages()
allows looking at one or more messages in front of the queue. This call
doesn't prevent other code from accessing peeked messages.
const { DefaultAzureCredential } = require("@azure/identity");
const { QueueServiceClient } = require("@azure/storage-queue");
const account = "<account>";
const credential = new DefaultAzureCredential();
const queueServiceClient = new QueueServiceClient(
`https://${account}.queue.core.windows.net`,
credential
);
const queueName = "<valid queue name>";
async function main() {
const queueClient = queueServiceClient.getQueueClient(queueName);
const peekMessagesResponse = await queueClient.peekMessages();
console.log(`The peeked message is: ${peekMessagesResponse.peekedMessageItems[0].messageText}`);
}
main();
Messages are processed in two steps.
queueClient.receiveMessages()
. This makes the messages invisible to other code reading messages from this queue for a default period of 30 seconds.queueClient.deleteMessage()
with the message's popReceipt
.If your code fails to process a message due to hardware or software failure, this two-step process ensures that another instance of your code can get the same message and try again.
const { DefaultAzureCredential } = require("@azure/identity");
const { QueueServiceClient } = require("@azure/storage-queue");
const account = "<account>";
const credential = new DefaultAzureCredential();
const queueServiceClient = new QueueServiceClient(
`https://${account}.queue.core.windows.net`,
credential
);
const queueName = "<valid queue name>";
async function main() {
const queueClient = queueServiceClient.getQueueClient(queueName);
const response = await queueClient.receiveMessages();
if (response.receivedMessageItems.length === 1) {
const receivedMessageItem = response.receivedMessageItems[0];
console.log(`Processing & deleting message with content: ${receivedMessageItem.messageText}`);
const deleteMessageResponse = await queueClient.deleteMessage(
receivedMessageItem.messageId,
receivedMessageItem.popReceipt
);
console.log(
`Delete message successfully, service assigned request Id: ${deleteMessageResponse.requestId}`
);
}
}
main();
const { DefaultAzureCredential } = require("@azure/identity");
const { QueueServiceClient } = require("@azure/storage-queue");
const account = "<account>";
const credential = new DefaultAzureCredential();
const queueServiceClient = new QueueServiceClient(
`https://${account}.queue.core.windows.net`,
credential
);
const queueName = "<valid queue name>";
async function main() {
const queueClient = queueServiceClient.getQueueClient(queueName);
const deleteQueueResponse = await queueClient.delete();
console.log(
`Deleted queue successfully, service assigned request Id: ${deleteQueueResponse.requestId}`
);
}
main();
A complete example of simple QueueServiceClient
scenarios is at samples/v12/typescript/src/queueClient.ts.
Enabling logging may help uncover useful information about failures. In order to see a log of HTTP requests and responses, set the AZURE_LOG_LEVEL
environment variable to info
. Alternatively, logging can be enabled at runtime by calling setLogLevel
in the @azure/logger
:
const { setLogLevel } = require("@azure/logger");
setLogLevel("info");
More code samples
If you'd like to contribute to this library, please read the contributing guide to learn more about how to build and test the code.
Also refer to Storage specific guide for additional information on setting up the test environment for storage libraries.
FAQs
Microsoft Azure Storage SDK for JavaScript - Queue
We found that @azure/storage-queue demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.