node-apex-api-security
Advanced tools
node-apex-api-security - npm Package Compare versions
Comparing version 0.7.6 to 0.7.7
@@ -41,2 +41,4 @@ # Change Log | ||
| ### V0.7.6 | ||
| + Update package.json to fix sub-dependency vulnerabilities | ||
| + Update package.json to fix sub-dependency vulnerabilities | ||
| ### V0.7.7 | ||
| + Remove nonce node library |
@@ -1,2 +0,1 @@ | ||
| const nonceLib = require('nonce')(); | ||
| const _ = require('lodash'); | ||
@@ -222,3 +221,3 @@ const qs = require('querystring'); | ||
| formData: reqProps.formData || null, | ||
| nonce: reqProps.nonce || nonceLib(), | ||
| nonce: reqProps.nonce || crypto.randomBytes(32).toString('base64'), | ||
| timestamp: reqProps.timestamp || (new Date).getTime() | ||
@@ -293,3 +292,3 @@ }; | ||
| defaultParams[prefixedAppId] = baseProps.appId; | ||
| defaultParams[prefixedNonce] = baseProps.nonce || nonceLib(); | ||
| defaultParams[prefixedNonce] = baseProps.nonce || crypto.randomBytes(32).toString('base64'); | ||
| defaultParams[prefixedSignatureMethod] = baseProps.signatureMethod; | ||
@@ -457,4 +456,3 @@ defaultParams[prefixedTimestamp] = baseProps.timestamp || (new Date).getTime(); | ||
| // restore the port no remove during validation | ||
| if (isNullOrEmpty(port)) port = 443; | ||
| targetURL.port = port; | ||
| targetURL.port = _.isNil(port) ? 443 : port; | ||
@@ -461,0 +459,0 @@ let req = request(httpMethod, targetURL.href); |
| { | ||
| "name": "node-apex-api-security", | ||
| "version": "0.7.6", | ||
| "version": "0.7.7", | ||
| "description": "APEX API security utiity. Includes helper operations to generate HMAC-SHA256 and RSA-SHA256 signatures", | ||
@@ -16,3 +16,2 @@ "main": "index.js", | ||
| "minimist": "^1.2.0", | ||
| "nonce": "^1.0.4", | ||
| "querystring": "^0.2.0", | ||
@@ -19,0 +18,0 @@ "superagent": "^3.8.3", |
@@ -33,4 +33,6 @@ # APEX API Node.js Security Utility | ||
| #### L1 Secured API | ||
| #### APEX L1 Secured API | ||
| Authorization token with **HMACSHA256** signature | ||
| ```javascript | ||
@@ -52,4 +54,6 @@ const ApiSigningUtil = require('node-apex-api-security').ApiSigningUtil; | ||
| #### L2 Secured API | ||
| #### APEX L2 Secured API | ||
| Authorization token with **SHA256withRSA** signature | ||
| ```javascript | ||
@@ -60,10 +64,11 @@ const ApiSigningUtil = require('node-apex-api-security').ApiSigningUtil; | ||
| const requestOptions = { | ||
| appId: 'my-app-id', // Apex App ID | ||
| keyFile: '/path/to/my/private.key', // Path to private key used for L2 signature | ||
| authPrefix: 'apex_l2_eg', // Authentication prefix, determined by authentication level and gateway type | ||
| httpMethod: 'get', // HTTP method, e.g. GET/POST | ||
| urlPath: 'https://my.apex.api/endpoint' // URL to Apex API | ||
| appId: 'my-app-id', // Apex App ID | ||
| keyString: '----BEGIN PRIVATE KEY-----...', // The PEM formatted private key's string | ||
| // keyFile: '/path/to/my/private.key', // Alternatively, simply pass in the path to private key used for L2 signature | ||
| authPrefix: 'apex_l2_eg', // Authentication prefix, determined by authentication level and gateway type | ||
| httpMethod: 'get', // HTTP method, e.g. GET/POST | ||
| urlPath: 'https://my.apex.api/endpoint' // URL to Apex API | ||
| }; | ||
| // Apex_l1_ig realm="https://my.apex.api/endpoint",apex_l1_ig_app_id="my-app-id",apex_l1_ig_nonce="152393542217300",apex_l1_ig_signature="u5nTX4ZbkL8c9pp5C79VHu07QPPLG9yx2VxpLX7kqGM=",apex_l1_ig_signature_method="HMACSHA256",apex_l1_ig_timestamp="1523935422173",apex_l1_ig_version="1.0" | ||
| // Apex_l2_ig realm="https://my.apex.api/endpoint",apex_l2_ig_app_id="my-app-id",apex_l2_ig_nonce="152393542217300",apex_l2_ig_signature="u5nTX4ZbkL8c9pp5C79VHu07QPPLG9yx2VxpLX7kqGM=",apex_l2_ig_signature_method="SHA256withRSA",apex_l2_ig_timestamp="1523935422173",apex_l2_ig_version="1.0" | ||
| const L2SignatureToken = ApiSigningUtil.getSignatureToken(requestOptions); | ||
@@ -115,4 +120,4 @@ ``` | ||
| The full API endpoint | ||
| The full API endpoint, for example https://my-apex-api.api.gov.sg/api/my/specific/data. **Note: Must be the endpoint URL as served from the Apex gateway, from the domain api.gov.sg. This may differ from the actual HTTP endpoint that you are calling, for example if it were behind a proxy with a different URL.** | ||
| ```javascript | ||
@@ -203,6 +208,6 @@ let urlPath = "https://my.apex.api/v1/resources?host=https%3A%2F%2Fnd-hello.api.example.comß&panelName=hello"; | ||
| ## Contributing | ||
| + For more information about contributing PRs and issues, see [CONTRIBUTING.md](https://github.com/GovTechSG/node-apex-api-security/blob/master/.github/CONTRIBUTING.md). | ||
| For more information about contributing, and raising PRs or issues, see [CONTRIBUTING.md](https://github.com/GovTechSG/node-apex-api-security/blob/master/.github/CONTRIBUTING.md). | ||
| ## Release | ||
| + See [CHANGELOG.md](CHANGELOG.md). | ||
| See [CHANGELOG.md](CHANGELOG.md). | ||
@@ -209,0 +214,0 @@ ## License |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by5.01%
30910
- Dependency count
- decreased by-14.29%
6
- Number of package files
- increased by10%
11
- Lines of code
- increased by5.96%
462
- Number of lines in readme file
- increased by2.37%
216
Dependency changes
- Removednonce@^1.0.4
- Removednonce@1.0.4(transitive)