Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
sbbruff
Advanced tools
Readme
An express API gateway inspired by netflix zuul.
Bruff is an API Gateway built as an express middleware on Nodejs. It has the ability to route requests to multiple upstream servers or endpoints asynchronously or synchronously if dependency exist.
Our client applications (Web and Mobile) consume resources from different micro-services in order to perform different operations. The mobile client particularly had performance issues due to the fact that it called multiple endpoints from different services to perform a user action and or got response data more than it needed which increased latency. To solve this problem we found ourselves building middleware called Backend For Frontend (BFF) which will do all the work of calling multiple services, aggregating their responses and trimming out unneeded fields in the response for the client app. This approach increased the mobile client performance greatly.
For example, when a user to logs in into our mobile app the app needs to get access token from a service, and then calls another service to get the profile data of the user. The BFF came in to provide the mobile client with one new endpoint called /login
that abstracts this sequence of actions from the mobile app.
Because we realized we will be building a lot of middleware applications like this, we decided to embark on the journey of looking for a framework for this and we found Netflix Zuul. The problem is we could not use Netflix zuul as our engineering team could not support development in Java then we built our in house tool and called it Bruff.
To get started with Bruff you need to install the bruff npm module
npm install bruff --save
Create a bruff configuration module which holds the information and instruction you have for bruff e.g gateway.js
module.exports = {
gateway: [
{
base: "POST:/login", //the client will request for the endpoint
_to: [{ //bruff will make request to these two endpoints for you
url: "localhost:8987/oauth/token",
title: "oauth",
method: "POST",
requires: {
form: {
username: "{{client.req.body.username}}", //bruff knows to use username from the client request
password: "{{client.req.body.password}}",
client_id: context => context.client.req.body.clientId,
client_secret: context => context.client.req.body.clientSecret
}
}
}, {
url: ["localhost:8787/me", "localhost:8787/me"], //will select only one
title: "me",
cacheKey: "{{responses.0.access_token}}", //bruff knows to cache the response of this endpoint with access token from the response of the endpoint above
method: "GET",
requires: {
headers: {
Authorization: "Bearer {{responses.0.access_token}}" //bruff knows to send the request with header set to access token from response of the request above
}
},
after: [] //functions to run when response return from upstream server
}],
order: "sync" //tells bruff that the _to endpoints need to happen one after the other because the last one neeeds the response from the first one
}
],
config: {
cache: {
time: 3600, //number of seconds to cache
get: function () {},
set: function () {}
}
}
}
Once you have your configuration set you can then go to your app.js and do :
var bruff = require('bruff-express');
var bruffConfig = require('./gateway);
var express = require('express);
var app = express();
app.use(bruff(bruffConfig));
app.list(8989);
FAQs
An API gateway inspired by Netflix Zuul
The npm package sbbruff receives a total of 1 weekly downloads. As such, sbbruff popularity was classified as not popular.
We found that sbbruff demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.