api-joe - npm Package Compare versions

Comparing version 0.1.3 to 0.2.0

CHANGELOG.md

		@@ -8,2 +8,12 @@ # API Joe Changelog

		## [v0.2.0] - 2020-03-31

		### Added
		- session uuid in order to not expose the actual claim data

		### Fixed
		- re-applying gzip compression when reading from services
		- claim data not being proxied to websocket requests
		- unwanted headers passed from services to client

		## [v0.1.3] - 2020-02-21
		@@ -44,1 +54,2 @@
		[v0.1.3]: https://gitlab.com/GCSBOSS/api-joe/-/tags/v0.1.3
		[v0.2.0]: https://gitlab.com/GCSBOSS/api-joe/-/tags/v0.2.0

gl-code-quality-report.json

		@@ -1,1 +0,1 @@
		[]
		[{"categories":["Complexity"],"check_name":"method_lines","content":{"body":""},"description":"Function `pass` has 33 lines of code (exceeds 25 allowed). Consider refactoring.","fingerprint":"89e6ba40f4fb9a4bf4fd4f94d18a3844","location":{"path":"lib/proxy.js","lines":{"begin":5,"end":51}},"other_locations":[],"remediation_points":792000,"severity":"minor","type":"issue","engine_name":"structure"}]

lib/proxy.js

		@@ -12,13 +12,32 @@ const httpProxy = require('http-proxy');
		let proxy = httpProxy.createProxyServer({
		ignorePath: true, target, proxyTimeout: 3000
		ignorePath: true, target, proxyTimeout: 3000,
		selfHandleResponse: true
		});

		if(flash.claim)
		proxy.on('proxyReq', prq =>
		prq.setHeader(conf.proxy.claimHeader, encodeURIComponent(flash.claim)));
		proxy.on('proxyReq', prq => {
		prq.removeHeader(conf.proxy.claimHeader);

		if(!conf.proxy.preserveCookies)
		proxy.on('proxyReq', prq => prq.removeHeader('Cookie'));
		if(!conf.proxy.preserveCookies)
		prq.removeHeader('Cookie');

		prq.removeHeader('Accept-Encoding');

		if(flash.claim)
		prq.setHeader(conf.proxy.claimHeader, encodeURIComponent(flash.claim));
		});

		proxy.on('proxyRes', (prs, req, res) => {
		if(prs.headers['content-type'])
		res.setHeader('Content-Type', prs.headers['content-type']);
		res.statusCode = prs.statusCode;
		prs.on('data', chunk => res.write(chunk));
		prs.on('end', () => res.end());
		});

		if(headers.upgrade == 'websocket'){
		delete req.headers[conf.proxy.claimHeader];

		if(flash.claim)
		req.headers[conf.proxy.claimHeader] = encodeURIComponent(flash.claim);

		proxy.ws(req, req.socket, undefined);
		@@ -25,0 +44,0 @@ log.debug({ target, class: 'ws' }, 'Proxyed websocket upgrade to %s', target);

lib/session.js

		const { request, post } = require('muhb');
		const { authn } = require('nodecaf').assertions;
		const { v4: uuid } = require('uuid');

		@@ -13,8 +14,8 @@ function eraseCookie(conf, res){
		async match({ redis, req, flash, next, conf, res }){
		let claim = req.signedCookies[conf.cookie.name];

		if(typeof claim !== 'string')
		let sessid = req.signedCookies[conf.cookie.name];
		if(typeof sessid !== 'string')
		return next();

		if(await redis.exists(claim) === 0){
		let claim = await redis.get(sessid);
		if(!claim){
		eraseCookie(conf, res);
		@@ -25,3 +26,4 @@ return next();
		flash.claim = claim;
		redis.expire(claim, conf.session.timeout);
		flash.sessid = sessid;
		redis.expire(sessid, conf.session.timeout);
		next();
		@@ -48,7 +50,9 @@ },

		res.cookie(conf.cookie.name, authData, conf.cookie);
		let sessid = uuid();

		res.cookie(conf.cookie.name, sessid, conf.cookie);
		res.end();

		await redis.set(authData, 1);
		redis.expire(authData, conf.session.timeout);
		await redis.set(sessid, authData);
		redis.expire(sessid, conf.session.timeout);

		@@ -62,5 +66,5 @@ if(typeof conf.auth.onSuccess == 'string')
		res.end();
		redis.del(flash.claim);
		redis.del(flash.sessid);
		}

		}

package.json

		{
		"name": "api-joe",
		"version": "0.1.3",
		"version": "0.2.0",
		"description": "An API Gateway to easily expose your services to web clients",
		@@ -39,9 +39,10 @@ "main": "lib/main.js",
		"http-proxy": "^1.18.0",
		"muhb": "^3.0.0",
		"nodecaf": "^0.8.2",
		"periodo": "^0.1.1"
		"muhb": "^3.0.1",
		"nodecaf": "^0.8.5",
		"periodo": "^0.1.1",
		"uuid": "^7.0.2"
		},
		"devDependencies": {
		"ws": "^7.2.1"
		"ws": "^7.2.3"
		}
		}

New alerts