Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
hapi-swagger
Advanced tools
This is a OpenAPI (aka Swagger) plug-in for Hapi When installed it will self document the API interface in a project.
Version | Hapi | Joi | Node | Release Notes |
---|---|---|---|---|
v11.x | >=18.4.0 @hapi/hapi | >=16.0.0 | >=8 | #631 |
v10.x | >=18.3.1 @hapi/hapi | >=14.0.0 | >=8 | #587 |
9.x | >=17 hapi | <14.0.0 | >=8 | #487 |
7.x | <17 hapi | ??? | ??? | #325 |
You can add the module to your Hapi using npm:
> npm install hapi-swagger --save
If you want to view the documentation from your API you will also need to install the inert
and vision
plugs-ins which support templates and static
content serving.
> npm install @hapi/inert --save
> npm install @hapi/vision --save
In your Hapi apps main JavaScript file add the following code to created a Hapi server
object. You will also add the routes for you API as describe on hapijs.com site.
const Hapi = require('@hapi/hapi');
const Inert = require('@hapi/inert');
const Vision = require('@hapi/vision');
const HapiSwagger = require('hapi-swagger');
const Pack = require('./package');
(async () => {
const server = await new Hapi.Server({
host: 'localhost',
port: 3000,
});
const swaggerOptions = {
info: {
title: 'Test API Documentation',
version: Pack.version,
},
};
await server.register([
Inert,
Vision,
{
plugin: HapiSwagger,
options: swaggerOptions
}
]);
try {
await server.start();
console.log('Server running at:', server.info.uri);
} catch(err) {
console.log(err);
}
server.route(Routes);
})();
As a project may be a mixture of web pages and API endpoints you need to tag the routes you wish Swagger to
document. Simply add the tags: ['api']
property to the route object for any endpoint you want documenting.
You can even specify more tags and then later generate tag-specific documentation. If you specify
tags: ['api', 'foo']
, you can later use /documentation?tags=foo
to load the documentation on the
HTML page (see next section).
{
method: 'GET',
path: '/todo/{id}/',
options: {
handler: handlers.getToDo,
description: 'Get todo',
notes: 'Returns a todo item by the id passed in the path',
tags: ['api'], // ADD THIS TAG
validate: {
params: Joi.object({
id : Joi.number()
.required()
.description('the id for the todo item'),
})
}
},
}
Once you have tagged your routes start the application. The plugin adds a page into your site with the route /documentation
,
so the the full URL for the above options would be http://localhost:3000/documentation
.
hapi-swagger exports its own typescript definition file that can be used when registering the plugin with Hapi. See example below:
npm i @types/hapi__hapi @types/hapi__inert @types/hapi__joi @types/hapi__vision @types/node hapi-swagger --save-dev
import * as Hapi from '@hapi/hapi';
import * as HapiSwagger from 'hapi-swagger';
// code omitted for brevity
const swaggerOptions: HapiSwagger.RegisterOptions = {
info: {
title: 'Test API Documentation'
}
};
const plugins: Array<Hapi.ServerRegisterPluginObject<any>> = [
{
plugin: Inert
},
{
plugin: Vision
},
{
plugin: HapiSwagger,
options: swaggerOptions
}
];
await server.register(plugins);
Read the contributing guidelines for details.
I would like to thank all that have contributed to the project over the last couple of years. This is a hard project to maintain, getting Hapi to work with Swagger is like putting a round plug in a square hole. Without the help of others it would not be possible.
FAQs
A swagger documentation UI generator plugin for hapi
The npm package hapi-swagger receives a total of 64,073 weekly downloads. As such, hapi-swagger popularity was classified as popular.
We found that hapi-swagger demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.