Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Exegesis is a library for building REST APIs using OpenAPI (formerly known as Swagger). It allows you to define your API using an OpenAPI specification and then automatically handles request validation, response validation, and routing based on that specification.
Request Validation
This code demonstrates how to set up request validation using Exegesis. It uses an OpenAPI specification file to automatically validate incoming requests against the defined API schema.
const exegesisExpress = require('exegesis-express');
const express = require('express');
const path = require('path');
const app = express();
const options = {
controllers: path.resolve(__dirname, './controllers'),
};
exegesisExpress.middleware(path.resolve(__dirname, './openapi.yaml'), options)
.then((middleware) => {
app.use(middleware);
app.listen(3000, () => {
console.log('Listening on port 3000');
});
});
Response Validation
This code demonstrates how to set up response validation using Exegesis. It ensures that the responses sent by the server conform to the OpenAPI specification.
const exegesisExpress = require('exegesis-express');
const express = require('express');
const path = require('path');
const app = express();
const options = {
controllers: path.resolve(__dirname, './controllers'),
};
exegesisExpress.middleware(path.resolve(__dirname, './openapi.yaml'), options)
.then((middleware) => {
app.use(middleware);
app.use((req, res, next) => {
res.json({ message: 'Hello, world!' });
});
app.listen(3000, () => {
console.log('Listening on port 3000');
});
});
Routing
This code demonstrates how to set up routing using Exegesis. It automatically routes incoming requests to the appropriate controller based on the OpenAPI specification.
const exegesisExpress = require('exegesis-express');
const express = require('express');
const path = require('path');
const app = express();
const options = {
controllers: path.resolve(__dirname, './controllers'),
};
exegesisExpress.middleware(path.resolve(__dirname, './openapi.yaml'), options)
.then((middleware) => {
app.use(middleware);
app.listen(3000, () => {
console.log('Listening on port 3000');
});
});
Swagger Express Middleware is a collection of middleware for Express.js that automatically validates requests, responses, and more using a Swagger (OpenAPI) specification. It is similar to Exegesis in that it provides request and response validation, but it does not offer as seamless integration with controllers and routing.
Express OpenAPI Validator is a middleware for Express.js that validates requests and responses against an OpenAPI 3 specification. It is similar to Exegesis in terms of validation capabilities but does not provide built-in routing or controller integration.
OpenAPI Backend is a library for building and routing APIs using OpenAPI definitions. It focuses on routing and handling requests based on the OpenAPI specification, similar to Exegesis, but it is more lightweight and does not include built-in validation.
exegesis
n. An explanation or critical interpretation of a text, especially an API definition document.
-- No dictionary ever
This library implements a framework-agnostic server side implementation of OpenAPI 3.x.
Exegesis is a library for implementing server-side OpenAPI 3.x The library has been written in such a way that hopefully it will also be used to implement future versions of OpenAPI, or possibly even other API description standards altogether.
You probably don't want to be using this library directly. Have a look at:
Check out the tutorial here.
This function takes an API document and a set of options, and returns a connect-style middleware function which will execute the API.
openApiDoc
is either a path to your openapi.yaml or openapi.json file,
or it can be a JSON object with the contents of your OpenAPI document. This
should have the x-exegesis-controller
extension defined on any paths you want to be able to access.
options
is described in detail here. At a
minimum, you'll probably want to provide options.controllers
, a path to where
your controller modules
can be found. If you have any security requirements defined, you'll also
want to pass in some authenticators.
To enable response validation, you'll want to provide a validation callback
function via onResponseValidationError()
.
Exegesis's functionality can also be extended using plugins,
which run on every request. Plugins let you add functionality like
role base authorization,
or CORS.
This function is similar to compileApi
; it takes an API document and a set of
options,
and returns a "runner". The runner is a function runner(req, res)
, which takes
in a standard node HTTP request and response. It will not modify the response,
however. Instead it returns (either via callback or Promise) and HttpResult
object. This is a {headers, status, body}
object, where body
is a readable
stream, read to be piped to the response.
A convenience function for writing an HttpResult
from a runner out to the
response.
import * as path from 'path';
import * as http from 'http';
import * as exegesis from 'exegesis';
// See https://github.com/exegesis-js/exegesis/blob/master/docs/Options.md
const options = {
controllers: path.resolve(__dirname, './src/controllers'),
};
// `compileApi()` can either be used with a callback, or if none is provided,
// will return a Promise.
exegesis.compileApi(
path.resolve(__dirname, './openapi/openapi.yaml'),
options,
(err, middleware) => {
if (err) {
console.error('Error creating middleware', err.stack);
process.exit(1);
}
const server = http.createServer((req, res) =>
middleware(req, res, (err) => {
if (err) {
res.writeHead(err.status || 500);
res.end(`Internal error: ${err.message}`);
} else {
res.writeHead(404);
res.end();
}
})
);
server.listen(3000);
}
);
Internally, when you "compile" an API, Exegesis produces an
ApiInterface object.
This is an object that, given a method, url, and headers, returns a
resolvedOperation
-
essentially a collection of functions that will parse and validate the body and
parameters, has the controller that executes the functionality, etc... The only
current implementation for an ApiInterface is the
oas3/OpenApi
class.
Essentially this class's job is to take in an OpenAPI 3.x.x document, and turn it
an ApiInterface that Exegesis can use. In theory, however, we could parse some
other API document format, produce an ApiInterface, and Exegsis would still be
able to run it.
FAQs
Parses OpenAPI documents
We found that exegesis demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.