Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
By Sarah Gooding - Apr 23, 2024
rw-api-microservice-node
Advanced tools
Readme
RW API microservice utility for Nodejs applications
Library to register and integrate microservices in the RW API.
Supports Koa 2.x and 1.x frameworks.
Requirements
- Nodejs v11 or greater
Install
Using NPM:
npm install --save rw-api-microservice-node
Using Yarn:
yarn add rw-api-microservice-node
Use in microservice
In the listen callback of your Koa application, add the following code snippet:
const Koa = require('koa');
const RWAPIMicroservice = require('rw-api-microservice-node')
const app = new Koa();
app.use(RWAPIMicroservice.bootstrap({
logger: logger,
microserviceToken: '<your microservice token>',
gatewayURL: '<your gateway URL>',
fasltyEnabled: true,
fastlyServiceId: '<your Fastly service id>',
fastlyAPIKey: '<your Fastly API key>',
awsRegion: '<your AWS region>',
awsCloudWatchLogStreamName: '<your AWS CloudWatch log stream name>',
}))
// Make sure you add your auth-depending routes *after* bootstraping this module
const server = app.listen(process.env.PORT, () => {
logger.info('Server started!');
});
Configuration
These are the values you'll need to provide when using this library:
See this link for details on how to get Fastly credentials.
| Argument name | Type | Description | Required? | Default value |
|---|---|---|---|---|
| logger | Object | A bunyan logger object, for logging purposes | yes | |
| gatewayURL | string | The URL of the API as a whole, where all other services will be reachable | yes | |
| microserviceToken | string | JWT token to use on calls to other services | yes | |
| skipAPIKeyRequirementEndpoints | Array | List of object containing a method and pathRegex. Incoming requests that match one of the elements on the list will bypass API Key requirement. | no | |
| fastlyEnabled | boolean | If set to true, the Fastly integration will be enabled | yes | |
| fastlyServiceId | string | Access credentials to the Fastly API | if Fastly enabled | |
| fastlyAPIKey | string | Access credentials to the Fastly API | if Fastly enabled | |
| requireAPIKey | boolean | If API keys are required. If set to true, requests with no API key automatically get a HTTP 403 response. | no | true |
| awsCloudWatchLoggingEnabled | boolean | If API key usage should be logged to AWS CloudWatch. | no | true |
| awsRegion | string | Which AWS region to use when logging requests to AWS CloudWatch. | yes | |
| awsCloudWatchLogGroupName | string | Which CloudWatch Log Group name to use when logging requests to AWS CloudWatch. | no | 'api-keys-usage' |
| awsCloudWatchLogStreamName | string | Which CloudWatch Log Stream name to use when logging requests to AWS CloudWatch. | yes |
FAQs
Integration library for the RW API microservice
The npm package rw-api-microservice-node receives a total of 5 weekly downloads. As such, rw-api-microservice-node popularity was classified as not popular.
We found that rw-api-microservice-node demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Last updated on 08 Aug 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
By Sarah Gooding - Apr 19, 2024
Research
Security News
npm Package for ReExt React Components Library Exfiltrates Git Credentials
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
By Sarah Gooding, Socket Research Team - Apr 18, 2024