Security News
UK Officials Consider Banning Ransomware Payments from Public Entities
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.
@frontegg/client
Advanced tools
Frontegg is a web platform where SaaS companies can set up their fully managed, scalable and brand aware - SaaS features and integrate them into their SaaS portals in up to 5 lines of code.
Use the package manager npm to install frontegg client.
npm install @frontegg/client
As we grow as a company we also provide new and improved APIs such as the new v3 Events API. This will allow your to configure more and worry less about channels. It is still not perfect, but we're getting there. With the new v3 api you'll be able to use the frontegg portal to map events to channels in order to allow your customers to configure their own channels. The new client will no longer send the channels you wish to trigger, and just use the event's payload.
Please note that email & slack may still require further data (like the email template or slack message format).
Unlike previous clients, the new client requires that you pass a separate authenticator.
Example:
const authenticator = new FronteggAuthenticator();
await authenticator.init('<YOUR_CLIENT_ID>', '<YOUR_API_KEY>')
const eventsClient = new EventsClient(authenticator);
const id = await eventsClient.send(
'my-tenant-id',
{
eventKey: 'my.event',
data: {
description: 'my description',
title: 'my title'
},
channelConfiguration: {
email: {
from: 'email@email.com',
html: '<div>{{title}}</div>', // data interpolation using the event data
subject: 'subject'
},
slack: {
emails: ['email@email.com'],
slackMessageConfig: {
// use https://api.slack.com/methods/chat.postMessage data format to fill this configuration
}
}
}
})
Frontegg offers multiple components for integration with the Frontegg's scaleable back end and front end libraries
When using Frontegg's managed UI features and UI libraries, Frontegg allow simple integration via middleware usage
To use the Frontegg's middleware import the frontegg middleware from the @frontegg/client library
const { frontegg, FronteggPermissions } = require('@frontegg/client');
And use the following lines after the authentication verification
app.use('/frontegg', frontegg({
clientId: 'my-client-id',
apiKey: 'my-api-key',
contextResolver: (req) => {
const email = req.context.user; // The user context (after JWT verification)
const tenantId = req.context.tenantId; // The tenantId context (after JWT verification)
const permissions = [FronteggPermissions.All];
return {
email,
tenantId,
permissions
};
}
}))
To use the Frontegg's middleware inside NextJS project:
Add a new route to your project /pages/api/frontegg/[...param].ts
Import fronteggNextJs from the @frontegg/client library
const { fronteggNextJs, FronteggPermissions } = require('@frontegg/client');
And export the middleware from /pages/api/frontegg/[...param].ts
export default fronteggNextJs({
clientId: 'my-client-id',
apiKey: 'my-api-key',
contextResolver: (req) => {
const email = req.context.user; // The user context (after JWT verification)
const tenantId = req.context.tenantId; // The tenantId context (after JWT verification)
const permissions = [FronteggPermissions.All];
return {
email,
tenantId,
permissions
};
}
})
When using the Frontegg middleware library, you can choose which functionality is enabled for your user based on his role or based on any other business logic your application holds.
Controlling the permissions is done via the Frontegg middleware by injecting the permissions array
/// Allow the user to do everything on all enabled Frontegg modules
const permissions = [FronteggPermissions.All];
/// Allow the user to do everything on Frontegg audits module
const permissions = [FronteggPermissions.Audit];
/// Allow the user to read audits and audits stats but not exporting it
const permissions = [FronteggPermissions.Audit.Read, FronteggPermissions.Audit.Stats];
Let your customers record the events, activities and changes made to their tenant.
Frontegg’s Managed Audit Logs feature allows a SaaS company to embed an end-to-end working feature in just 5 lines of code.
const { AuditsClient } = require('@frontegg/client')
const audits = new AuditsClient()
// First initialize the module
await audits.init('MY-CLIENT-ID', 'MY-AUDITS-KEY')
// And add audits
await audits.sendAudit({
tenantId: 'my-tenant-id',
time: Date(),
user: 'info@frontegg.com',
resource: 'Portal',
action: 'Login',
severity: 'Medium',
ip: '1.2.3.4'
})
const { AuditsClient } = require('@frontegg/client')
const audits = new AuditsClient()
// First initialize the module
await audits.init('MY-CLIENT-ID', 'MY-AUDITS-KEY')
// And add audits
const { data, total } = await audits.getAudits({
tenantId: 'my-tenant-id',
filter: 'any-text-filter',
sortBy: 'my-sort-field',
sortDirection: 'asc | desc'
offset: 0, // Offset for starting the page
count: 50 // Number of desired items
})
Allow your customers to be aware of any important business related event they need to pay attention to, both in the dashboard and even when offline.
Frontegg’s Managed Notifications feature allows a SaaS company to embed an end-to-end working feature in just 5 lines of code.
import { NotificationsClient } from '@frontegg/client'
const notificationsClient = new NotificationsClient();
// First initialize the module
await notificationsClient.init('YOUR-CLIENT-ID', 'YOUR-API-KEY');
// Set the notification you want to send
const notification = {
"title": "Notification Title",
"body": "Notification Body",
"severity": "info",
"url": "example.com" // url to be opened when user clicks on the notification
}
// send the notification to a specific user
await notificationsClient.sendToUser('RECEPIENT-USER-ID', 'RECEPIENT-TENANT-ID', notification)
// send the notification to all tenant users
await notificationsClient.sendToTenantUsers('RECEPIENT-TENANT-ID', notification)
// send the notification to all users
await notificationsClient.sendToAllUsers(notification)
Protect your routes and controllers with a simple middleware and policy The middleware needs to run BEFORE the rest of your routes and controllers and is initiated via a simple policy and context hook
app.use(RbacMiddleware({
// Hook to the role in the context of the request (each request can contain several roles / permissions)
contextResolver: async (req) => { return { roles: ['admin'], permissions: ['rule.delete'] } },
// Define the policy
policy: {
default: 'deny', // Can be 'allow' as default as well
rules: [{
url: '/api/admin/*',
method: '*',
requiredPermissions: ['write'] // For each of the admin routes require 'write' permissions
}, {
url: '/api/*',
method: '*',
requiredPermissions: ['read'] // For all the /api require 'read' permissions
}, {
url: '*',
method: '*',
requiredRoles: [],
requiredPermissions: [] // For all the other APIs allow without any required permissions / roles
}]
}
}));
FAQs
Frontegg Javascript Library for backend node servers
The npm package @frontegg/client receives a total of 11,975 weekly downloads. As such, @frontegg/client popularity was classified as popular.
We found that @frontegg/client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.