@besmarthead/sh-api-framework
Advanced tools
Comparing version 1.0.9 to 1.0.10
{ | ||
"name": "@besmarthead/sh-api-framework", | ||
"version": "1.0.9", | ||
"version": "1.0.10", | ||
"description": "SmartHead framework library for serverless APIs (security, openapi/swagger validation, logging ,... )", | ||
@@ -46,3 +46,3 @@ "keywords": [ | ||
}, | ||
"gitHead": "013f96eb542bea40eb654568c4a3882a629f92b9" | ||
"gitHead": "ccff1ac88c8fb780d4cd8a25355c0374a3385408" | ||
} |
# What is SH API Framework | ||
Annotations and libraries (utils) to help solve common tasks with API: | ||
- validation (with swagger / openapi): annotation '**@OpenApi**' | ||
- security (JWT validation): annotation '**@SecuredApi**' | ||
- API status handler/logger (ERROR/OK): annotation '**@StatusLogger**' | ||
- AWS Logger: util class '**AWSLambdaLogger**' | ||
### Validation with @OpenApi | ||
Validation of request / response with Swagger. | ||
- Required is to have valid swagger file on path ``/src/openapi-doc.yaml``. | ||
- If handler is annotated with @OpenApi than path of handler defined in ``serverles.yaml`` (to which is handler bind) must be also defined in swagger file. | ||
- Request and response is validated | ||
#### Options | ||
- **swaggerDocPath**: custom path to swagger file. | ||
- **apiPrefix**: when try to find path of handler in swagger file -> this prefix is add. | ||
example: when run in AWS and API is deployed to custom domain, all API has prefix which is not part of path of handler. | ||
- **skipResponseValidator**: should be validation of response skipped. | ||
### Security with @SecuredApi | ||
If handler is annotated with @SecuredAPI than API caller must be valid user (e.g. valid token in request): | ||
- HTTP header '**x-authorization**' must contain valid JWT token | ||
- if configured, other validation must pass | ||
#### Options | ||
- **header**: if token is in different header, set name of header here | ||
- **isSHAdmin**: If set to REQUIRED, user must be SH admin. | ||
If set to ALLOW and user is SH admin than other validations are skipped. | ||
### API Response and Status handling with @StatusLogger | ||
AWS Lambda functions are monitored with Elastic (logstash, elasticsearch, kibana, ...). | ||
If handler is annotated by this method: | ||
- and handler returns some entity (JSON object), logged is status "OK" | ||
- and handler throw exceptions, logged is status "ERROR" and monitoring systems (like Kibana watcher) can raise alert. | ||
### Common errors: | ||
- '**createInternalException**': Argument is string (witch is logged). Returned is response with status code 500 with message "Internal Server Error. | ||
Use when some unexpected error happen (cannot connect to DB, etc. ...) - When is not required to let caller of API know what is wrong. | ||
But logs contains what is wrong. | ||
### Common logging with AWSLambdaLogger | ||
Logger. | ||
## How to release | ||
Requirement: have user in NPM and be part of team: "**developers**" in orhanization "**besmarthead**" (https://www.npmjs.com/settings/besmarthead/teams/team/developers/users) | ||
Requirement: have user in NPM and be part of team: "**developers**" in organization "**besmarthead**" (https://www.npmjs.com/settings/besmarthead/teams/team/developers/users) | ||
- Check if user is logged into NPM (`npm whoami`). If user is not logged: `npm login` | ||
@@ -11,2 +62,2 @@ - `lerna publish --no-private` | ||
When publishing with lerna argument "**--no-private**", those packages are ignored" from publish. | ||
[Doc: lerna#--no-private](ttps://github.com/lerna/lerna/tree/master/commands/version#--no-private) | ||
[Doc: lerna#--no-private](https://github.com/lerna/lerna/tree/master/commands/version#--no-private) |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
69782
63