Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
@smithy/middleware-stack
Advanced tools
Provides a means for composing multiple middleware functions into a single handler
@smithy/middleware-stack is a middleware stack implementation for the AWS SDK for JavaScript. It allows developers to compose middleware functions to handle requests and responses, enabling customization and extension of the SDK's behavior.
Adding Middleware
This feature allows you to add middleware to the stack. Middleware functions can intercept and modify requests and responses. The code sample demonstrates adding a logging middleware that logs the request and response.
const { MiddlewareStack } = require('@smithy/middleware-stack');
const stack = new MiddlewareStack();
const loggingMiddleware = (next) => async (args) => {
console.log('Request:', args);
const result = await next(args);
console.log('Response:', result);
return result;
};
stack.add(loggingMiddleware, {
step: 'initialize',
name: 'loggingMiddleware',
});
// Example usage with a handler
const handler = async (args) => {
return { data: 'response data' };
};
const composedHandler = stack.resolve(handler, {});
composedHandler({ input: 'request data' });
Removing Middleware
This feature allows you to remove middleware from the stack by its name. The code sample demonstrates adding and then removing a logging middleware.
const { MiddlewareStack } = require('@smithy/middleware-stack');
const stack = new MiddlewareStack();
const loggingMiddleware = (next) => async (args) => {
console.log('Request:', args);
const result = await next(args);
console.log('Response:', result);
return result;
};
stack.add(loggingMiddleware, {
step: 'initialize',
name: 'loggingMiddleware',
});
// Remove the middleware
stack.remove('loggingMiddleware');
Composing Middleware
This feature allows you to compose multiple middleware functions in a stack. The code sample demonstrates adding two middleware functions and composing them to handle a request.
const { MiddlewareStack } = require('@smithy/middleware-stack');
const stack = new MiddlewareStack();
const middleware1 = (next) => async (args) => {
console.log('Middleware 1');
return next(args);
};
const middleware2 = (next) => async (args) => {
console.log('Middleware 2');
return next(args);
};
stack.add(middleware1, { step: 'initialize', name: 'middleware1' });
stack.add(middleware2, { step: 'initialize', name: 'middleware2' });
// Example usage with a handler
const handler = async (args) => {
return { data: 'response data' };
};
const composedHandler = stack.resolve(handler, {});
composedHandler({ input: 'request data' });
Express is a minimal and flexible Node.js web application framework that provides a robust set of features for web and mobile applications. It allows for the use of middleware to handle requests and responses, similar to @smithy/middleware-stack, but is focused on web server functionality.
Koa is a new web framework designed by the team behind Express, aiming to be a smaller, more expressive, and more robust foundation for web applications and APIs. Like @smithy/middleware-stack, Koa uses middleware to handle requests and responses, but it is designed for building web servers.
Redux is a predictable state container for JavaScript apps. It allows for middleware to intercept and handle actions, similar to how @smithy/middleware-stack handles requests and responses. However, Redux is focused on state management in front-end applications.
The package contains an implementation of middleware stack interface. Middleware stack is a structure storing middleware in specified order and resolve these middleware into a single handler.
A middleware stack has five Step
s, each of them represents a specific request life cycle:
initialize: The input is being prepared. Examples of typical initialization tasks include injecting default options computing derived parameters.
serialize: The input is complete and ready to be serialized. Examples of typical serialization tasks include input validation and building an HTTP request from user input.
build: The input has been serialized into an HTTP request, but that request may require further modification. Any request alterations will be applied to all retries. Examples of typical build tasks include injecting HTTP headers that describe a stable aspect of the request, such as Content-Length
or a body checksum.
finalizeRequest: The request is being prepared to be sent over the wire. The request in this stage should already be semantically complete and should therefore only be altered to match the recipient's expectations. Examples of typical finalization tasks include request signing and injecting hop-by-hop headers.
deserialize: The response has arrived, the middleware here will deserialize the raw response object to structured response
There are two ways to add middleware to a middleware stack. They both add middleware to specified Step
but they provide fine-grained location control differently.
You can add middleware to specified step with:
stack.add(middleware, {
step: "finalizeRequest",
});
This approach works for most cases. Sometimes you want your middleware to be executed in the front of the Step
, you can set the Priority
to high
. Set the Priority
to low
then this middleware will be executed at the end of Step
:
stack.add(middleware, {
step: "finalizeRequest",
priority: "high",
});
If multiple middleware is added to same step
with same priority
, the order of them is determined by the order of adding them.
In some cases, you might want to execute your middleware before some other known middleware, then you can use addRelativeTo()
:
stack.add(middleware, {
step: "finalizeRequest",
name: "myMiddleware",
});
stack.addRelativeTo(anotherMiddleware, {
relation: "before", //or 'after'
toMiddleware: "myMiddleware",
});
You can remove middleware by name one at a time:
stack.remove("Middleware1");
If you specify tags for middleware, you can remove multiple middleware at a time according to tag:
stack.add(middleware, {
step: "finalizeRequest",
tags: ["final"],
});
stack.removeByTag("final");
FAQs
Provides a means for composing multiple middleware functions into a single handler
The npm package @smithy/middleware-stack receives a total of 6,491,588 weekly downloads. As such, @smithy/middleware-stack popularity was classified as popular.
We found that @smithy/middleware-stack demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.