Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

json-proxy-middleware

Package Overview
Dependencies
Maintainers
3
Versions
12
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

json-proxy-middleware

Simple express.js friendly json proxy middleware utility

  • 0.0.11
  • latest
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
15
increased by650%
Maintainers
3
Weekly downloads
 
Created
Source

json-proxy-middleware

This is a simple middleware utility that can be used to proxy JSON requests for Express node.js servers. This is most useful when you want to simply pass a response from a service to a client, without needing to buffer or modify it. For example, your server could do an authentication check, and then simply stream the data from the service to the client.

Quick Start

Assuming you have an express Router, here's a quick way to get things wired up:

import express from "express";
import jsonProxy from "json-proxy-middleware";

const router = new express.Router();

router.get(
  "/service/proxy/path",
  (req, res, next) => {
    if (req.user.isLoggedIn) {
      next();
    }
  },
  jsonProxy({
    urlHost: "https://my.service.url",
    headers: {
      "x-custom-header-calling-application-name": "my-application"
    }
  }),
  (error, req, res, next) => {
    res.status(500).json({
      message: "Whoops! The Proxy Middleware Broke!"
    });
  }
);

export default router;

In the example above, let's break down what happened in our router:

  1. We have some middleware that first checked if a user was loggedIn, assuming they are with whatever auth your app is using, we let them through.
  2. We created a jsonProxy middleware RequestHandler, and pointed it to https://my.service.url, and attached some custom HTTP headers for the service.
  3. We also provided an error handler, which we can use to inform our clients of the error how our application best sees fit. This is different from the service responding with an error, in which case that would have just been proxied through as well.

API

json-proxy-middleware is designed to be fairly flexible, yet performant for configuring how & where you proxy requests through your node.js middletier. The quick start above includes the barebones to get you up and running. Below is the full API with some details on how to use the middleware in a variety of different scenarios.

There is a single, default export from the utility, and that is the middleware itself:

import jsonProxy from "json-proxy-middleware";

It takes a single ProxyMiddlewareOptions object, and returns a RequestHandler function:

jsonProxy({
  additionalLogMessage: "custom appended log message",
  headers: {
    "custom-additional-http-header": "value"
  }
  logger: console,
  urlHost: "https://my.service.uri",
});
propertytypedescription
additionalLogMessagestring (optional)a message that will be appended to proxy start/end/error logging
headers(req, res)object/function (optional)an object or function that returns an object with additional headers to forward on the proxied request
loggerlogger instance (optional)any valid logger instance with methods .info() and .error() to be called with logging messages
addCurlHeaderboolean/function (optional)attaches a curlCommand to your request headers for easier debugging (defaults to false)
urlHost(req, res)string/functiona string or function that returns a string indicating a host to have a request proxied to

additionalLogMessage

When a logger is provided, this message will be appended to to info/error logs and can be used to customize the log messages per jsonProxy usage as needed.

headers

When provided, these will be appended to the default headers that we forward. By default we provide the headers necessary for JSON requests:

{
  Accept: "application/json",
  "Content-Type": "application/json"
}

If you'd like, you can provide an object with static headers to forward, like so:

jsonProxy({
  headers: { "custom-http-header": "static value" }
});

In some cases, you need to also forward request headers that came in from the client, or you might need to forward headers based on the request itself. In that case, you can provide a function that the middleware will call for each incoming proxy request:

jsonProxy({
  headers(req, res) {
    return {
      userId: req.user.getId(),
      session: req.sessionId
      // etc
    };
  }
});

Setting headers this way allows you to perform a white or black list style header forwarding for the proxy as well.

logger

When a logger is provided, json-proxy-middleware will log out information useful for debugging, such as when a proxy request started, when it ended, and how long it took. We also log out errors in the event those occur. You can provide any kind of logger you prefer, as long as it has a .info() and .error() log level method to invoke.

addCurlHeader

It's often useful to debug a request using a curl command. You will see this in your response headers as headers['x-curl-command']. You can set this option as a boolean:

router.get(
  "/service/REST/v1/**",
  jsonProxy({ urlHost: "https://my.service.url", addCurlHeader: true })
);

Or set it conditionally:

router.get(
  "/service/REST/v1/**",
  jsonProxy({
    urlHost: "https://my.service.url",
    addCurlHeader: (req, res) => req.originalUrl.includes('foo.bar'),
  })
);

urlHost

The urlHost is combined with the path on the proxy to perform a request. It is required, and you can provide either a string or function that returns a string for the request. The simplest example looks like this:

router.get(
  "/service/REST/v1",
  jsonProxy({ urlHost: "https://my.service.url" })
);

This will result in jsonProxy making a GET request to:

https://my.service.url/service/REST/v1

Because of the way Express are designed with their routing, you can also leverage this with regex / glob paths, like so:

router.get(
  "/service/REST/v1/**",
  jsonProxy({ urlHost: "https://my.service.url" })
);

This will mean that json-proxy-middleware will proxy any paths that match. It's a great idea to understand if this will open up security holes in your service, and in general proxying requests through globs requires some thought & coordination with the proxied service.

Another thing to note with Express servers, is that you can mount routes at different base paths. json-proxy-middleware by default navigates this for you, so keep that in mind when using proxy routers in scenarios like this:

import express from "express";

const server = express();
const router = express.Router();

router.get(
  "/service/REST/v1/**",
  jsonProxy({ urlHost: "https://my.service.url" })
);

server.use("/proxy", router);

In this case, your clients will be making requests to /proxy/service/REST/v1/**, but json-proxy-middleware will be proxying requests to https://my.service.url/service/REST/v1/**, removing the /api portion from the request.

Keywords

FAQs

Package last updated on 10 Dec 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts

Research

Security News

Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts

Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.

By Kirill Boychenko  -  Dec 20, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc