Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@janiscommerce/api
Advanced tools
A package for managing API from any origin.
npm install @janiscommerce/api
This is the class you should extend to code your own APIs. You can customize them with the following methods and getters:
This optional getter should return a valid struct. If it doesn't match the data, default http code is set to 400.
IMPORTANT In case you return an array, each element will be passed as an argument to struct validation (see examples below). To validate an array, use struct.list()
instead.
This optional method should throw an Error in case of validation failure. It's message will be set in the response body. It's return value will be discarded.
This method is required, and should have the logic of your API. At this point, request should be already validated. If you throw an error here, default http code is set to 500.
The following methods will be inherited from the base API Class:
pathParameters (getter). Returns the path parameters of the request as an array of values. For example: /store/10/schedules will generate the following path parameters: ['10']
headers (getter). Returns the the headers of the request as a key-value object.
cookies (getter). Returns the the cookies of the request as a key-value object.
shouldCreateLog(getter). Returns if the api execution should be logged as a boolean.
shouldLogRequestData(getter). Returns if the api request data should be logged as a boolean.
shouldLogRequestHeaders(getter). Returns if the api response data should be logged as a boolean.
excludeFieldsLogRequestData(getter). Returns the fields to exclude from the api request data that will be logged as an array.
excludeFieldsLogResponseBody(getter). Returns the fields to exclude from the api response body that will be logged as an array.
All this setters are chainable!
setCode(code).
Set a response httpCode. code
must be a integer. This will prevent default http codes to be set.
setHeader(headerName, headerValue).
Set an individual response header. headerName
must be a string.
setHeaders(headers).
Set response headers. headers
must be an object with "key-value" headers.
setCookie(cookieName, cookieValue).
Set an individual response cookie. cookieName
must be a string.
setCookies(cookies).
Set response cookies. cookies
must be an object with "key-value" cookies.
setBody(body). Set the response body.
This is the class you should use to dispatch your APIs. It takes the request data as constructor arguments and then finds you API file based on the endpoint and executes it.
The request must be an object and can be setup using the following properties:
'get'
.{}
.{}
.{}
.{}
.This will dispatch the API. It resolves to an object with the API execution result, with the following properties:
200
.Every error handled by this package will be an instance of this class. You might find more information about the error source in the previousError
property.
It also uses the following error codes:
Name | Value | Description |
---|---|---|
Invalid request data | 1 | The request parameters received are not an object |
Invalid endpoint | 2 | The request endpoint received is not a string |
Invalid method | 3 | The request method received is not a string |
Invalid headers | 4 | The request headers received are not an object |
Invalid cookies | 5 | The request cookies received are not an object |
API not found | 6 | The endpoint does not correspond to an API file. This sets the default http code to 404 |
Invalid API | 7 | The API does not inherit from API class or does not implement the process method |
Invalid struct | 8 | The request data does not match the API struct |
Invalid authentication data | 9 | The request authentication data received is not an object |
This is an error class to use to return easily a message and variables apply to it, for example to handle error translation properly.
Every variable should be a scalar (not an array or object). Otherwise it will be casted to a string.
const { ErrorWithVariables } = require('@janiscommerce/api');
throw new ErrorWithVariables('some.error.to.translate', {
name: 'Some name to replace in translation'
})
Since 2.0.0
This package implements API Session. In order to associate a request to a session, you must pass a valid authentication data in the authenticationData
property of the Dispatcher constructor.
Session details and customization details can be found in api-session README.
'use strict';
const { API } = require('@janiscommerce/api');
class MyApi extends API {
async process() {
this.setBody({
message: 'Success'
});
}
}
module.exports = MyApi;
'use strict';
const { API } = require('@janiscommerce/api');
class MyApi extends API {
get struct() {
return {
foo: 'string'
};
}
async validate() {
if(!this.data.foo.match(/(bar)+/))
throw new Error('Foo must be one or more bars');
}
async process() {
this.setBody({
message: 'Success'
});
}
}
module.exports = MyApi;
'use strict';
const { API } = require('@janiscommerce/api');
class MyApi extends API {
get struct() {
return [{
foo: 'string?'
}, {
// Defaults
foo: 'bar'
}];
}
async process() {
this.setBody({
message: 'Success'
});
}
}
module.exports = MyApi;
'use strict';
const { API } = require('@janiscommerce/api');
const UserValidator = require('user-validator');
class MyApi extends API {
get struct() {
return {
userId: 'number'
};
}
async validate() {
if(!UserValidator.isValidId(this.data.userId)) {
this.setCode(401);
throw new Error('Unauthorized');
}
}
async process() {
this.setBody({
message: 'Success'
});
}
}
module.exports = MyApi;
'use strict';
const { API } = require('@janiscommerce/api');
class MyApi extends API {
async process() {
this
.setHeader('x-foo', 'bar')
.setCode(201)
.setBody({
message: 'Created'
});
}
}
module.exports = MyApi;
'use strict';
const { API } = require('@janiscommerce/api');
const UserValidator = require('user-validator');
class MyApi extends API {
get struct() {
return {
userId: 'number'
};
}
async validate() {
const userValidator = this.session.getSessionInstance(UserValidator);
if(!userValidator.isValidId(this.data.userId)) {
this.setCode(401);
throw new Error('Unauthorized');
}
}
async process() {
this.setBody({
message: 'Success'
});
}
}
module.exports = MyApi;
'use strict';
const { Dispatcher } = require('@janiscommerce/api');
const dispatcher = new Dispatcher({
endpoint: 'store/10/schedules',
method: 'get',
data: { status: 'active' },
headers: { 'Content-Type': 'application/json' },
cookies: { 'my-cookie': 'cookie-value' },
authenticationData: { userId: 10, clientCode: 'janiscommerce' }
});
const response = await dispatcher.dispatch();
To implement predictable REST APIs, there are a couple packages that extend this one:
To implement this on serverless, there is a REST API handler that can be used out-of-the-box:
To implement unit tests in your APIs, there is a also a package:
[6.0.0] - 2020-08-27
@janiscommerce/api-session
to 3.x.x
FAQs
A package for managing API from any origin
The npm package @janiscommerce/api receives a total of 266 weekly downloads. As such, @janiscommerce/api popularity was classified as not popular.
We found that @janiscommerce/api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.