New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket

@commercetools-backend/express

Package Overview
Dependencies
Maintainers
3
Versions
1118
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@commercetools-backend/express

Zero-config HTTP server as Express.js to facilitate development

  • 0.0.0-canary-2020737187
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
1K
decreased by-4.21%
Maintainers
3
Weekly downloads
 
Created
Source

@commercetools-backend/express

Latest release (latest dist-tag) Latest release (next dist-tag) Minified + GZipped size GitHub license

Zero-config HTTP server as Express.js to facilitate development.

This package is primarily built for HTTP servers used by Custom Applications and it provides a set of components to facilitate the development of the HTTP server.

Install

$ npm install --save @commercetools-backend/express

Session middleware

This Express.js middleware should be used to handle the authentication exchange between the server and the /proxy/forward-to endpoint of the Merchant Center API Gateway.

You can read more about the "Proxy to External API" concepts here.

const {
  createSessionMiddleware,
  CLOUD_IDENTIFIERS,
} = require('@commercetools-backend/express');

app.use(
  createSessionMiddleware({
    audience: 'https://my-api-server.com',
    issuer: CLOUD_IDENTIFIERS.GCP_EU,
  })
);
app.use((request, response, next) => {
  // `request.session` contains the useful information
});

Middleware options

  • audience (string): The public-facing URL of your API server. The value should only contain the origin URL (protocol, hostname, port), the request path is inferred from the incoming request.

  • issuer (string): Either a cloud identifier or a valid URL to the Merchant Center API Gateway. The cloud identifier maps to the Merchant Center API URL of the related cloud region.

    • gcp-au: https://mc-api.australia-southeast1.gcp.commercetools.com
    • gcp-eu: https://mc-api.europe-west1.gcp.commercetools.com
    • gcp-us: https://mc-api.us-central1.gcp.commercetools.com
    • aws-fra: https://mc-api.eu-central-1.aws.commercetools.com
    • aws-ohio: https://mc-api.us-east-2.aws.commercetools.com
  • inferIssuer (boolean): Determines whether the issuer should be inferred from the custom request HTTP header x-mc-api-cloud-identifier which is sent by the Merchant Center API Gateway when forwarding the request. This might be useful in case the server is used in multiple regions.

  • jwks (object): See options of jwks-rsa.

Usage in Serverless Functions

If your HTTP server runs as a Serverless Function, the Express.js middleware should not be needed. Instead you can use the underlying function that does not require the next callback.

Example for Google Cloud Functions

const {
  createSessionAuthVerifier,
  CLOUD_IDENTIFIERS,
} = require('@commercetools-backend/express');

const sessionAuthVerifier = createSessionAuthVerifier({
  audience: 'https://my-api-server.com',
  issuer: CLOUD_IDENTIFIERS.GCP_EU,
});

exports.handler = async function (request, response) {
  try {
    await sessionAuthVerifier(request, response);
  } catch (error) {
    response.status(401).send(JSON.stringify({ message: 'Unauthorized' }));
    return;
  }

  // `request.session` contains the useful information
};

The same concept applies for serverless functions in other cloud providers.

Keywords

FAQs

Package last updated on 03 Aug 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc