Swagger REST framework for Node.js, with support for MongoDB and JSON-Schema
Arrest lets you write RESTful web services in minutes. It automatically generates a Swagger description of the API and support input validation using JSON-Schemas.
Highlight features:
Note for 1.3 users: arrest 3.x is a complete rewrite of the old module and it's not backwards compatible.
npm install arrest
The following sample application shows how to create a simple REST API, using a MongoDB collection as the data store. In the sample, the path /tests is linked to a tests collection on a MongoDB instance running on localhost:
const arrest = require('arrest');
const api = new arrest.API();
api.addResource(new arrest.MongoResource('mongodb://localhost:27017', { name: 'Test' }));
api.listen(3000);
The Swagger specification of the API you just created is available at http://localhost:3000/swagger.json
Now you can query your data collection like this:
curl "http://localhost:3000/tests"
You can add a new item:
curl "http://localhost:3000/tests" -H "Content-Type: application/json" -X POST -d '{ "name": "Jimbo", "surname": "Johnson" }'
You can query a specific item by appeding the identifier of the record (the _id attribute):
curl "http://localhost:3000/tests/51acc04f196573941f000002"
You can update an item:
curl "http://localhost:3000/tests/51acc04f196573941f000002" -H "Content-Type: application/json" -X PUT -d '{ "name": "Jimbo", "surname": "Smith" }'
And finally you can delete an item:
curl "http://localhost:3000/tests/51acc04f196573941f000002" -X DELETE
An API is a collection of Resources, each supporting one or more Operations.
In arrest you create an API by creating an instance of the base API class or of a derived class.
You then add instances of the Resource class or a derived one. Each resource contains its supported Routes, that is
a collection of instances of classes derived from the abstract Operation, which represents an operation to be executed
when an HTTP method is called on a path.
The following code demonstrates this three level structure:
const arrest = require('arrest');
const api = new arrest.API();
const operation1 = function(req, res, next) {
res.json({ data: 'this is operation 1' });
}
const operation2 = function(req, res, next) {
res.json({ data: 'this is operation 2' });
}
const operation3 = function(req, res, next) {
res.json({ data: 'this is operation 3' });
}
const resource1 = new arrest.Resource({
name: 'SomeResource',
routes: {
'/': {
get: operation1,
post: operation2
},
'/some-path': {
put: operation3
}
}
})
api.addResource(resource1);
api.listen(3000);
The API above supports the following operations:
GET on http://localhost/some-resourcesPOST on http://localhost/some-resourcesPUT on http://localhost/some-resources/some-pathPlease note how the some-resources path was automatically constructed using the name of the resource SomeResource, making
it plural and converting the camelcase in a dash-separated name. This default behaviour can be changed specifying the
namePlural and path when creating the resource (e.g. new Resource({ name: 'OneResource', namePlural: 'ManyResources', path: 'my_resources' }))
Another other way to produce the same result is:
const arrest = require('arrest');
const api = new arrest.API();
const resource1 = new arrest.Resource({ name: 'SomeResource' });
resource1.addOperation('/', 'get', function(req, res, next) {
res.json({ data: 'this is operation 1' });
});
resource1.addOperation('/', 'post', function(req, res, next) {
res.json({ data: 'this is operation 2' });
});
resource1.addOperation('/some-path', 'put', function(req, res, next) {
res.json({ data: 'this is operation 3' });
});
api.addResource(resource1);
api.listen(3000);
In real world applications, where resources and operation are in fact more complex, you will want to create class that extend the basic classes in arrest, like in the next example:
const arrest = require('arrest');
class MyOperation extends arrest.Operation {
constructor(resource, path, method) {
super('op1', resource, path, method);
}
handler(req, res, next) {
res.json({ data: 'this is a custom operation' });
}
}
class MyResource extends arrest.Resource {
constructor() {
super();
this.addOperation(new MyOperation(this, '/', 'get'));
}
}
class MyAPI extends arrest.API {
constructor() {
super({
info: {
title: 'This is a custom API',
version: '0.9.5'
}
});
this.addResource(new MyResource());
}
}
const api = new MyAPI();
api.listen(3000);
The API above supports GETs on http://localhost/my-resources (note how the path was in this case constructed automatically
from the name of the class MyResource).
By the default, arrest APIs add a special route /swagger.json that returns the Swagger description of the API: the Swagger
object is populated with the properties of the API object, Resources are converted into Swagger Tags and Operations are
mapped to Swagger Operations.
arrest supports JSON-Schema for data validation. Validation rules are set using the Swagger specification. For instance,
the following code show how to validate the body of a POST and the query paramters of a GET:
class MyOperation1 extends arrest.Operation {
constructor(resource, path, method) {
super('op1', resource, path, method);
this.setInfo({
parameters: [
{
name: 'body',
in: 'body',
required: true,
schema: {
type: 'object',
required: [ 'name' ],
additionalProperties: false,
properties: {
name: {
type: 'string'
},
surname: {
type: 'string'
}
}
}
}
]
});
}
handler(req, res, next) {
res.json({ data: 'this is a op1' });
}
}
class MyOperation2 extends arrest.Operation {
constructor(resource, path, method) {
super('op2', resource, path, method);
this.setInfo({
parameters: [
{
name: 'lang',
in: 'query',
type: 'string',
required: true
},
{
name: 'count',
in: 'query',
type: 'integer'
}
]
});
}
handler(req, res, next) {
res.json({ data: 'this is a op2' });
}
}
class MyResource extends arrest.Resource {
constructor() {
super();
this.addOperation(new MyOperation1(this, '/', 'post'));
this.addOperation(new MyOperation2(this, '/', 'get'));
}
}
Omitting the body or passing an invalid body (e.g. an object without the name property) when POSTing to
http://localhost/my-resources will return an error. Likewise GETting without a lang parameter or with a count
set to anything other than a number will fail.
TBA
TBA (default api routes)
TBA
TBA
TBA
FAQs
OpenAPI v3 compliant REST framework for Node.js, with support for MongoDB and JSON-Schema
The npm package arrest receives a total of 541 weekly downloads. As such, arrest popularity was classified as not popular.
We found that arrest demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.