Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@injex/express-plugin
Advanced tools
The Express Plugin provides tools to work with the Express Framework to create Express applications in a better and organized way.
The plugin exposes decorators for creating controllers, route handlers, and middlewares that wraps the Express API.
This plugin should be used with Injex's Node runtime.
You can install the Env Plugin via NPM
npm install --save @injex/express-plugin
or Yarn
yarn add @injex/express-plugin
You should also make sure Express
is installed on your project.
Creating the plugin and passing it to the runtime container config object
import { Injex } from "@injex/node";
import { ExpressPlugin } from "@injex/express-plugin";
Injex.create({
rootDirs: [__dirname],
plugins: [
new ExpressPlugin({
// plugin configurations
})
]
});
name
The express application instance name, as it will be used in the runtime container for later injection.
string
expressApp
false
app
If you already have an express instance in your application, you can pass it to the app
config option so the plugin will use it.
For example:
import { ExpressPlugin } from "@injex/express-plugin";
import * as express from "express";
const myApp = express();
const plugin = new ExpressPlugin({
app: myApp
})
ExpressApplication instance
false
createAppCallback
If you don't provide the app
config option, the Express Plugin will create an Express app instance for you. You can pass in the createAppCallback
if you want to hook up the application instance with custom middleware or listen to a network port.
For example:
import { Injex } from "@injex/node";
import { ExpressPlugin } from "@injex/express-plugin";
import * as bodyParser from "body-parser";
Injex.create({
...
plugins: [
...
new ExpressPlugin({
createAppCallback: (app) => {
app.use(bodyParser());
app.listen(8080);
}
})
]
})
Function
function(app: Application) { }
false
As mentioned above, the Express plugin exposes decorators to handle routes and middlewares inside a controller. A controller is a collection of route handlers related to a specific domain in your application. An exciting part about controllers is that they respond to the @singleton()
decorator so that you can create a singleton controller or a factory-based controller made for each request.
@controller()
Defines a class and mark it as a controller. If the @singleton()
decorator is also used, only one controller will be created for all requests; otherwise, a controller instance will be created for each request.
@define()
@controller()
export class TodosController {
}
@get()
, @post()
, @patch()
, @put()
, @del()
HTTP method handler decorators to define route handlers inside a controller.
@define()
@controller()
export class TodosController {
@get("/todos/:id")
public getTodo(req, res) {
res.send({
id: req.param.id,
text: "Learn how to use the Injex framework",
status: "in_progress"
});
}
}
@middleware()
Define a middleware or a list of chainable middlewares on a controller route handler. A middleware is a class that implements the IMiddleware
interface.
Note that you can pass an array of middlewares (@middleware([ ... ])
); in that case, the middlewares get called from left to right. If a middleware failed with an error, the route handler function would not be triggered.
@define()
@singleton()
export class AuthMiddleware implements IMiddleware {
// IMiddleware handler, receives express's request, response
// and the next function
public handle(req, res, next) {
const token = req.query.token;
if (token === "123456") {
next();
} else {
res.send("unauthorize");
next(new Error("unauthorize"));
}
}
}
@define()
@controller()
export class TodosController {
@get("/todos/:id")
@middleware(AuthMiddleware)
public getTodo(req, res) {
res.send({
id: req.param.id,
text: "Learn how to use the Injex framework",
status: "in_progress"
});
}
}
import { define, singleton } from "@injex/core";
import { controller, get, del, post, patch } from "@injex/express-plugin";
@define()
@singleton()
@controller()
export class TodosController {
@inject() private todosManager;
@get("/todos/")
public async getAllTodos(req, res) {
const todos = await this.todosManager.getAll();
res.send(todos);
}
@get("/todos/:id")
@middleware(AuthMiddleware)
public async getTodo(req, res) {
const todo = await this.todosManager.getOne(req.params.id);
res.send(todo);
}
@del("/todos/:id")
public async deleteTodo(req, res) {
await this.todosManager.del(req.params.id);
res.status(204).end();
}
@post("/todos/")
public async createTodo(req, res) {
const todo = await this.todosManager.create(req.params.id, req.body);
res.status(201).send(todo);
}
@patch("/todos/:id")
public async updateTodo(req, res) {
const todo = await this.todosManager.update(req.params.id, req.body);
res.send(todo);
}
@patch("/todos/:id/toggle")
public async toggleTodo(req, res) {
await this.todosManager.toggle(req.params.id);
res.status(201).end();
}
}
If you want a quick demo to play with, check out the express example in the examples section.
FAQs
Unknown package
The npm package @injex/express-plugin receives a total of 12 weekly downloads. As such, @injex/express-plugin popularity was classified as not popular.
We found that @injex/express-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.