Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
@podium/layout
Advanced tools
Module for composing full page layouts out of page fragments in a micro frontend architecture.
Module for composing full page layouts out of page fragments in a micro frontend architecture.
Module for building a layout server. A layout server is mainly responsible for fetching HTML fragments and stitching these fragments into an full HTML page.
To do this, a layout instance provides three core features:
@podium/client
used to fetch content from podlets@podium/context
used to set request bound information on the requests from the layout to podlets when fetching their content@podium/proxy
makes it possible to publicly expose data endpoints in a podlet or in any backend serviceThis module can be used together with a plain node.js HTTP server or any HTTP
framework and any templating language of your choosing (or none if you prefer).
Though; Connect compatible middleware based frameworks (such as Express) is
first class in Podium so this module comes with a .middleware()
method for
convenience.
For writing layout servers with other http frameworks the following modules exist:
$ npm install @podium/layout
Build a simple layout server including a single podlet using Express:
const express = require('express');
const Layout = require('@podium/layout');
const layout = new Layout({
name: 'myLayout',
pathname: '/',
});
const podlet = layout.client.register({
name: 'myPodlet',
uri: 'http://localhost:7100/manifest.json',
});
const app = express();
app.use(layout.middleware());
app.get('/', (req, res, next) => {
const ctx = res.locals.podium.context;
Promise.all([podlet.fetch(ctx)]).then(result => {
res.status(200).send(`
<html><body>
<section>${result[0]}</section>
</body></html>
`);
});
});
app.listen(7000);
Create a new Layout instance.
const layout = new Layout(options);
option | default | type | required | details |
---|---|---|---|---|
name | null | string | true | Name that the layout identifies itself by |
pathname | null | string | true | Pathname of where a Layout is mounted in a http server |
logger | null | object | false | A logger which conform to a log4j interface |
context | null | object | false | Options to be passed on to the internal @podium/context constructor |
client | null | object | false | Options to be passed on to the internal @podium/client constructor |
proxy | null | object | false | Options to be passed on to the internal @podium/proxy constructor |
Name that the layout identifies itself by. The name value must be in camelCase.
Example:
const layout = new Layout({
name: 'myLayoutName',
pathname: '/foo',
});
The Pathname of where the Layout is mounted into the HTTP server. It is important that this value matches where the entry point of a route is in the HTTP server since this value is used to mount the proxy and tell podlets (through the context) where they are mounted and where the proxy is mounted.
If the layout is mounted at the server "root", set pathname
to /
:
const app = express();
const layout = new Layout({
name: 'myLayout',
pathname: '/',
});
app.use(layout.middleware());
app.get('/', (req, res, next) => {
[ ... ]
});
If the layout is mounted at /foo
, set pathname to /foo
:
const app = express();
const layout = new Layout({
name: 'myLayout',
pathname: '/foo',
});
app.use('/foo', layout.middleware());
app.get('/foo', (req, res, next) => {
[ ... ]
});
app.get('/foo/:id', (req, res, next) => {
[ ... ]
});
There is also a helper method for retrieving the set pathname
which can be
used to get the pathname from the Layout object when defining routes.
See .pathname()
for further details.
Any log4j compatible logger can be passed in and will be used for logging. Console is also supported for easy test / development.
Example:
const layout = new Layout({
name: 'myLayout',
pathname: '/foo',
logger: console,
});
Under the hood abslog is used to abstract out logging. Please see abslog for further details.
Options to be passed on to the internal [@podium/context constructor].
Please see the [@podium/context constructor] for which options can be set.
Example of setting the debug
context to default true
:
const layout = new Layout({
name: 'myLayout',
pathname: '/foo',
context: {
debug: {
enabled: true,
},
},
});
Options to be passed on to the internal @podium/client constructor.
Please see @podium/client constructor for which options which can be set.
Example of setting the retries
on the client to 6
:
const layout = new Layout({
name: 'myLayout',
pathname: '/foo',
client: {
retries: 6,
},
});
Options to be passed on to the internal @podium/proxy constructor.
Please see @podium/proxy constructor for which options which can be set.
Example of setting the timeout
on the proxy to 30 seconds:
const layout = new Layout({
name: 'myLayout',
pathname: '/foo',
proxy: {
timeout: 30000,
},
});
The Layout instance has the following API:
Metod for processing an incoming HTTP request. This method is intended to be used to implement support for multiple HTTP frameworks and should not really be used directly in a layout server.
What it does:
HttpIncoming.context
which can be passed on to the client when requesting content from podlets.Returns a Promise. If the inbound request matches a proxy endpoint the returned
Promise will resolve with undefined
. If the inbound request does not match a
proxy endpoint the returned Promise will resolve with the passed in
HttpIncoming object.
The method take the following arguments:
An instance of an HttpIncoming class.
const { HttpIncoming } = require('@podium/utils');
const Layout = require('@podium/layout');
const layout = new Layout({
name: 'myLayout',
pathname: '/',
});
app.use(async (req, res, next) => {
const incoming = new HttpIncoming(req, res, res.locals);
try {
const result = await layout.process(incoming);
if (result) {
res.locals.podium = result;
next();
}
} catch (error) {
next(error);
}
});
A Connect compatible middleware which takes care of the operations needed for
a layout to fully work. It is more or less a wrapper for the .process()
method.
Important: This middleware must be mounted before defining any routes.
Example
const app = express();
app.use(layout.middleware());
The context generated by the middleware will be stored at
res.locals.podium.context
.
Returns an Array of internal middleware performing the tasks described above.
A helper method to retrieve the pathname
set on the constructor. This can be
handy to use in defining routes since the pathname
set in the constructor
must match whatever is defined as root in each route in a HTTP router.
Example:
const layout = new Layout({
name: 'myLayout',
pathname: '/foo'
});
app.get(layout.pathname(), (req, res, next) => {
[ ... ]
});
app.get(`${layout.pathname()}/bar`, (req, res, next) => {
[ ... ]
});
app.get(`${layout.pathname()}/bar/:id`, (req, res, next) => {
[ ... ]
});
A property that exposes an instance of the @podium/client for fetching content from podlets.
Example of registering a podlet and fetching it:
const layout = new Layout({
name: 'myLayout',
pathname: '/',
});
const podlet = layout.client.register({
name: 'myPodlet',
uri: 'http://localhost:7100/manifest.json',
});
podlet.fetch({}).then(result => {
console.log(result);
});
Please see @podium/client for full documentation.
A property that exposes an instance of the @podium/context used to create a context.
Example of registering a custom third party context parser to the context:
const Parser = require('my-custom-parser');
const layout = new Layout({
name: 'myLayout',
pathname: '/',
});
layout.context.register('customParser', new Parser('someConfig'));
Please see @podium/context for full documentation.
Property that exposes a metric stream. This stream joins all internal metrics streams into one stream resulting in all metrics from all sub modules being exposed here.
Please see @metrics/metric for full documentation.
Copyright (c) 2019 FINN.no
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Module for composing full page layouts out of page fragments in a micro frontend architecture.
The npm package @podium/layout receives a total of 818 weekly downloads. As such, @podium/layout popularity was classified as not popular.
We found that @podium/layout demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.