Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

express-contracts

Package Overview
Dependencies
Maintainers
1
Versions
6
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

express-contracts

Express.js plugin for checking request and response with rho-contracts

  • 1.0.1
  • Source
  • npm
  • Socket score
Version published
Maintainers
1
Created
Source

express-contracts

Express.js plugin for checking request and response with rho-contracts

Usage

var c = require('rho-contracts'),
    ec = require('express-contracts');

var cc = {};

cc.request = c.object({
        body: c.object({
            foo: c.value('bar'),
        }).strict(),
    }).rename('request');

cc.responseBody = c.object({
    baz: c.value('barbar'),
}).strict().rename('responseBody');

var exampleApplicationMiddleware = function (req, res, next) {
    res.status(200).checkedJson({ baz: req.body.foo + req.body.foo });
};

var exampleErrorHandlingMiddleware = function (err, req, res, next) {
    if (err) {
        if (err instanceof ec.ValidationError) {
            res.status(400).json({ error: err.message });
        } else if (err instanceof c.ContractError) {
            res.status(500).json({ error: 'Internal Contract Violation' });
        } else {
            res.status(500).json({ error: 'Internal Server Error' });
        }
    }
};

app.use(
   require('body-parser').json(), // populates req.body
   ec.useContracts(cc.request, cc.responseBody),
   exampleApplicationMiddleware,
   exampleErrorHandlingMiddleware
);

Note the middleware useContracts(requestContract, responseBodyContract) distinguishes between ValidationError (for failures of requestContract) and ContractError (for failures of responseBodyContract), which callers will likely wish to handle differently.

Furthermore, note that the middleware works by extending res with a method checkedJson which checks responseBodyContract before calling res.json, thus it is easy to "jump out" of the contract e.g. to send an error.

Finally, there is an asymmetry between the requestContract, which is run over the whole request (but only body and query actually checked), and the responseBodyContract, which is only run over the payload that eventually becomes the res.body.

Installation

npm install rho-contracts express-contracts

Contribute

  • Issue Tracker: github.com/bodylabs/express-contracts/issues
  • Source Code: github.com/bodylabs/express-contracts

Pull requests welcome!

Support

If you are having issues, please let us know.

License

The project is licensed under the two-clause BSD license.

FAQs

Package last updated on 29 Apr 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Fluent Assertions Faces Backlash After Abandoning Open Source Licensing

Security News

Fluent Assertions Faces Backlash After Abandoning Open Source Licensing

Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.

By Sarah Gooding  -  Jan 18, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc