Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@janiscommerce/api
Advanced tools
A package for managing API from any origin.
npm install @janiscommerce/api
This is the class you should extend to code your own APIs. You can customize them with the following methods and getters:
This optional getter should return a valid struct. If it doesn't match the data, default http code is set to 400.
IMPORTANT In case you return an array, each element will be passed as an argument to struct validation (see examples below). To validate an array, use struct.list()
instead.
This optional method should throw an Error in case of validation failure. It's message will be set in the response body. It's return value will be discarded.
This method is required, and should have the logic of your API. At this point, request should be already validated. If you throw an error here, default http code is set to 500.
The following methods will be inherited from the base API Class:
pathParameters. string array. Returns the path parameters of the request. For example: /store/10/schedules will generate the following path parameters: ['10']
headers. object. Returns the the headers of the request as a key-value object.
cookies. object. Returns the the cookies of the request as a key-value object.
shouldCreateLog. boolean.
Determines if the api execution should be logged or not.
When the HTTP Method is GET the default is false
and true
otherwise.
shouldLogRequestData. boolean. Determines if the api request data should be logged or not.
shouldLogRequestHeaders. boolean. Determines if the api response data should be logged or not.
shouldLogResponseBody. boolean. Determines if the api response body should be logged or not.
excludeFieldsLogRequestData. string array. Returns the fields to exclude from the api request data.
excludeFieldsLogResponseBody. string array. Returns the fields to exclude from the api response body. The fields will be omitted recursively.
All this setters are chainable!
setCode(code).
Set a response httpCode. code
must be a integer. This will prevent default http codes to be set.
setHeader(headerName, headerValue).
Set an individual response header. headerName
must be a string.
setHeaders(headers).
Set response headers. headers
must be an object with "key-value" headers.
setCookie(cookieName, cookieValue).
Set an individual response cookie. cookieName
must be a string.
setCookies(cookies).
Set response cookies. cookies
must be an object with "key-value" cookies.
setBody(body). Set the response body.
This is the class you should use to dispatch your APIs. It takes the request data as constructor arguments and then finds you API file based on the endpoint and executes it.
The request must be an object and can be setup using the following properties:
'get'
.{}
.{}
.{}
.{}
.This will dispatch the API. It resolves to an object with the API execution result, with the following properties:
200
.Every error handled by this package will be an instance of this class. You might find more information about the error source in the previousError
property.
It also uses the following error codes:
Name | Value | Description |
---|---|---|
Invalid request data | 1 | The request parameters received are not an object |
Invalid endpoint | 2 | The request endpoint received is not a string |
Invalid method | 3 | The request method received is not a string |
Invalid headers | 4 | The request headers received are not an object |
Invalid cookies | 5 | The request cookies received are not an object |
API not found | 6 | The endpoint does not correspond to an API file. This sets the default http code to 404 |
Invalid API | 7 | The API does not inherit from API class or does not implement the process method |
Invalid struct | 8 | The request data does not match the API struct |
Invalid authentication data | 9 | The request authentication data received is not an object |
This is an error class to use to return easily a message and variables apply to it, for example to handle error translation properly.
Every variable should be a scalar (not an array or object). Otherwise it will be casted to a string.
const { ErrorWithVariables } = require('@janiscommerce/api');
throw new ErrorWithVariables('some.error.to.translate', {
name: 'Some name to replace in translation'
})
Since 2.0.0
This package implements API Session. In order to associate a request to a session, you must pass a valid authentication data in the authenticationData
property of the Dispatcher constructor.
Session details and customization details can be found in api-session README.
'use strict';
const { API } = require('@janiscommerce/api');
class MyApi extends API {
async process() {
this.setBody({
message: 'Success'
});
}
}
module.exports = MyApi;
'use strict';
const { API } = require('@janiscommerce/api');
class MyApi extends API {
get struct() {
return {
foo: 'string'
};
}
async validate() {
if(!this.data.foo.match(/(bar)+/))
throw new Error('Foo must be one or more bars');
}
async process() {
this.setBody({
message: 'Success'
});
}
}
module.exports = MyApi;
'use strict';
const { API } = require('@janiscommerce/api');
class MyApi extends API {
get struct() {
return [{
foo: 'string?'
}, {
// Defaults
foo: 'bar'
}];
}
async process() {
this.setBody({
message: 'Success'
});
}
}
module.exports = MyApi;
'use strict';
const { API } = require('@janiscommerce/api');
const UserValidator = require('user-validator');
class MyApi extends API {
get struct() {
return {
userId: 'number'
};
}
async validate() {
if(!UserValidator.isValidId(this.data.userId)) {
this.setCode(401);
throw new Error('Unauthorized');
}
}
async process() {
this.setBody({
message: 'Success'
});
}
}
module.exports = MyApi;
'use strict';
const { API } = require('@janiscommerce/api');
class MyApi extends API {
async process() {
this
.setHeader('x-foo', 'bar')
.setCode(201)
.setBody({
message: 'Created'
});
}
}
module.exports = MyApi;
'use strict';
const { API } = require('@janiscommerce/api');
const UserValidator = require('user-validator');
class MyApi extends API {
get struct() {
return {
userId: 'number'
};
}
async validate() {
const userValidator = this.session.getSessionInstance(UserValidator);
if(!userValidator.isValidId(this.data.userId)) {
this.setCode(401);
throw new Error('Unauthorized');
}
}
async process() {
this.setBody({
message: 'Success'
});
}
}
module.exports = MyApi;
'use strict';
const { Dispatcher } = require('@janiscommerce/api');
const dispatcher = new Dispatcher({
endpoint: 'store/10/schedules',
method: 'get',
data: { status: 'active' },
headers: { 'Content-Type': 'application/json' },
cookies: { 'my-cookie': 'cookie-value' },
authenticationData: { userId: 10, clientCode: 'janiscommerce' }
});
const response = await dispatcher.dispatch();
To implement predictable REST APIs, there are a couple packages that extend this one:
To implement this on serverless, there is a REST API handler that can be used out-of-the-box:
To implement unit tests in your APIs, there is a also a package:
[8.0.3] - 2024-06-07
entityId
read from the endpoint or response body.id
FAQs
A package for managing API from any origin
The npm package @janiscommerce/api receives a total of 520 weekly downloads. As such, @janiscommerce/api popularity was classified as not popular.
We found that @janiscommerce/api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.