Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
apicache-keyv
Advanced tools
An ultra-simplified API response caching middleware for Express/Node using plain-english durations.
I added the ability to use keyv storage backends.
Because route-caching of simple data/responses should ALSO be simple.
To use, simply inject the middleware (example: apicache.middleware('5 minutes', [optionalMiddlewareToggle])
) into your routes. Everything else is automagic.
import express from 'express'
import apicache from 'apicache'
let app = express()
let cache = apicache.middleware
app.get('/api/collection/:id?', cache('5 minutes'), (req, res) => {
// do some work... this will only occur once per 5 minutes
res.json({ foo: 'bar' })
})
let cache = apicache.middleware
app.use(cache('5 minutes'))
app.get('/will-be-cached', (req, res) => {
res.json({ success: true })
})
import express from 'express'
import Keyv from 'keyv'
import apicache from 'apicache'
let app = express()
let cacheWithRedis = apicache.options({
storage: new CacheStorage(new Keyv('redis://user:pass@localhost:6379')),
}).middleware
let cacheWithPostgres = apicache.options({
storage: new CacheStorage(new Keyv('postgresql://user:pass@localhost:5432/dbname')),
}).middleware
app.get('/will-be-cached-with-redis', cacheWithRedis('5 minutes'), (req, res) => {
res.json({ success: true })
})
app.get('/will-be-cached-with-pg', cacheWithPostgres('5 minutes'), (req, res) => {
res.json({ success: true })
})
import apicache from 'apicache'
let cache = apicache.middleware
app.use(cache('5 minutes'))
// routes are automatically added to index, but may be further added
// to groups for quick deleting of collections
app.get('/api/:collection/:item?', (req, res) => {
req.apicacheGroup = req.params.collection
res.json({ success: true })
})
// add route to display cache performance (courtesy of @killdash9)
app.get('/api/cache/performance', (req, res) => {
res.json(apicache.getPerformance())
})
// add route to display cache index
app.get('/api/cache/index', (req, res) => {
res.json(apicache.getIndex())
})
// add route to manually clear target/group
app.get('/api/cache/clear/:target?', (req, res) => {
res.json(apicache.clear(req.params.target))
})
/*
GET /api/foo/bar --> caches entry at /api/foo/bar and adds a group called 'foo' to index
GET /api/cache/index --> displays index
GET /api/cache/clear/foo --> clears all cached entries for 'foo' group/collection
*/
// higher-order function returns false for responses of other status codes (e.g. 403, 404, 500, etc)
const onlyStatus200 = (req, res) => res.statusCode === 200
const cacheSuccesses = cache('5 minutes', onlyStatus200)
app.get('/api/missing', cacheSuccesses, (req, res) => {
res.status(404).json({ results: 'will not be cached' })
})
app.get('/api/found', cacheSuccesses, (req, res) => {
res.json({ results: 'will be cached' })
})
let cache = apicache.options({
headers: {
'cache-control': 'no-cache',
},
}).middleware
let cache5min = cache('5 min') // continue to use normally
apicache.options([globalOptions])
- getter/setter for global options. If used as a setter, this function is chainable, allowing you to do things such as... say... return the middleware.apicache.middleware([duration], [toggleMiddleware], [localOptions])
- the actual middleware that will be used in your routes. duration
is in the following format "[length][unit]", as in "10 minutes"
or "1 day"
. A second param is a middleware toggle function, accepting request and response params, and must return truthy to enable cache for the request. Third param is the options that will override global ones and affect this middleware only.middleware.options([localOptions])
- getter/setter for middleware-specific options that will override global ones.apicache.getPerformance()
- returns current cache performance (cache hit rate)apicache.getIndex()
- returns current cache index [of keys]apicache.clear([target])
- clears cache target (key or group), or entire cache if no value passed, returns new index.apicache.newInstance([options])
- used to create a new ApiCache instance (by default, simply requiring this library shares a common instance)apicache.clone()
- used to create a new ApiCache instance with the same options as the current one{
debug: false|true, // if true, enables console output
defaultDuration: '1 hour', // should be either a number (in ms) or a string, defaults to 1 hour
enabled: true|false, // if false, turns off caching globally (useful on dev)
redisClient: client, // if provided, uses the [node-redis](https://github.com/NodeRedis/node_redis) client instead of [memory-cache](https://github.com/ptarjan/node-cache)
appendKey: fn(req, res), // appendKey takes the req/res objects and returns a custom value to extend the cache key
headerBlacklist: [], // list of headers that should never be cached
statusCodes: {
exclude: [], // list status codes to specifically exclude (e.g. [404, 403] cache all responses unless they had a 404 or 403 status)
include: [], // list status codes to require (e.g. [200] caches ONLY responses with a success/200 code)
},
trackPerformance: false, // enable/disable performance tracking... WARNING: super cool feature, but may cause memory overhead issues
headers: {
// 'cache-control': 'no-cache' // example of header overwrite
}
}
$ npm install -D @types/apicache
Sometimes you need custom keys (e.g. save routes per-session, or per method). We've made it easy!
Note: All req/res attributes used in the generation of the key must have been set previously (upstream). The entire route logic block is skipped on future cache hits so it can't rely on those params.
apicache.options({
appendKey: (req, res) => req.method + res.session.id,
})
Oftentimes it benefits us to group cache entries, for example, by collection (in an API). This
would enable us to clear all cached "post" requests if we updated something in the "post" collection
for instance. Adding a simple req.apicacheGroup = [somevalue];
to your route enables this. See example below:
var apicache = require('apicache')
var cache = apicache.middleware
// GET collection/id
app.get('/api/:collection/:id?', cache('1 hour'), function(req, res, next) {
req.apicacheGroup = req.params.collection
// do some work
res.send({ foo: 'bar' })
})
// POST collection/id
app.post('/api/:collection/:id?', function(req, res, next) {
// update model
apicache.clear(req.params.collection)
res.send('added a new item, so the cache has been cleared')
})
Additionally, you could add manual cache control to the previous project with routes such as these:
// GET apicache index (for the curious)
app.get('/api/cache/index', function(req, res, next) {
res.send(apicache.getIndex())
})
// GET apicache index (for the curious)
app.get('/api/cache/clear/:key?', function(req, res, next) {
res.send(200, apicache.clear(req.params.key || req.query.key))
})
$ export DEBUG=apicache
$ export DEBUG=apicache,othermoduleThatDebugModuleWillPickUp,etc
import apicache from 'apicache'
apicache.options({ debug: true })
When sharing GET
routes between admin and public sites, you'll likely want the
routes to be cached from your public client, but NOT cached when from the admin client. This
is achieved by sending a "x-apicache-bypass": true
header along with the requst from the admin.
The presence of this header flag will bypass the cache, ensuring you aren't looking at stale data.
Special thanks to all those that use this library and report issues, but especially to the following active users that have helped add to the core functionality!
FAQs
An ultra-simplified API response caching middleware for Express/Node using plain-english durations.
We found that apicache-keyv demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.