Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
enonic-wizardry
Advanced tools
Functional utility library for Enonic XP. This library is intended to house reusable and tested code blocks based on enonic-fp that can be used in every project.
Enonic-wizardry is intended to supplement enonic-fp with common patterns. It would be very uncommon to use this library without also using enonic-fp.
We recommend using this library together with its sister library: enonic-ts-codegen. enonic-ts-codegen will create TypeScript interfaces
for your content-types. Those interfaces will be very useful together with this library.
npm run build
In this example we have a service that returns an article by the key
as json. Or if something goes wrong, we return
an Internal Server Error instead.
import { fold, map } from "fp-ts/lib/IOEither";
import { pipe } from "fp-ts/lib/pipeable";
import { Request, Response } from "enonic-types/lib/controller";
import { get as getContent } from "enonic-fp/lib/content";
import { errorResponse, ok } from "enonic-wizardry/lib/controller";
import { getContentDataWithId } from "enonic-wizardry/lib/content";
import { Article } from "../../site/content-types/article/article"; // 1
export function get(req: Request): Response { // 2
const program = pipe( // 3
getContent<Article>({ // 4
key: req.params.key!
}),
map(getContentDataWithId), // 5
fold( // 6
errorResponse('article.error'), // 7
ok // 8
)
);
return program(); // 9
}
interface Article { ... }
generated by enonic-ts-codegen.Request
and Response
to control the shape of our controller.pipe
function from fp-ts to pipe the result of one function into the next one.get
function from content
– here renamed getContent
so it won't collide with the get
function in the controller – to return some content where the type is IOEither<EnonicError, Content<Article>>
.data
of the Content
. But if we want to do operations on this data, we are going to need the _id
of the content. The getContentDataWithId<A>(content: Content<A>): WithId<A>
function takes content as input, and returns the union of the data
and { _id: string }
.IOEither
. This is done with fold(handleError, handleSuccess)
.errorResponse(i18nPrefix: string)
function returns a new function that can be used as a callback by fold
. This "new function", takes the EnonicError
object as a parameter, and creates a Json response with the correct status number, based on the errorKey
of the EnonicError
.ok
function to fold
as the second parameter. The ok
creates a Response
where the status
is 200
, and the parameter is the body
. The content-type dependent on whether the parameter is a string
(text/html), or anything else (application/json).program
of type IO<Response>
, but we have not yet performed a single sideeffect. It's time to perform those side effects, so we run the IO
by calling it.publishFromDraftToMaster
publishContentByKey
applyChangesToData
createAndPublish
deleteAndPublish
modifyAndPublish
getContentDataWithId
createMediaFromAttachment
runAsSuperUser
runInDraftContext
status
errorResponse
unsafeRenderErrorPage
ok
created
noContent
redirect
badRequest
unauthorized
forbidden
notFound
methodNotAllowed
internalServerError
badGateway
substringAfter
json
getUuidFromPath
forceArray
forceReadonlyArray
uuidv4
validate
FAQs
Functional utility library for Enonic XP
We found that enonic-wizardry demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.