Security News
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
The best way to create REST APIs (is GraphQL).
yarn add sofa-api
# or
npm install sofa-api
Here's complete example with no dependency on frameworks, but also integratable with any of them:
import http from 'http';
import getStream from 'get-stream';
import { useSofa } from 'sofa-api';
const server = http.createServer(
useSofa({
basePath: '/api',
schema,
})
);
Another example with builtin express-like frameworks support
import { useSofa } from 'sofa-api';
import express from 'express';
const app = express();
app.use(
'/api',
useSofa({
basePath: '/api',
schema,
})
);
// GET /api/users
// GET /api/messages
Sofa takes your GraphQL Schema, looks for available queries, mutations and subscriptions and turns all of that into REST API.
Given the following schema:
type Chat {
id: ID
text: String
}
type Query {
chat(id: ID): Chat
chats: [Chat]
me: Chat
recentChats: [Chat]
}
Routes that are being generated:
GET /chat/:id
GET /chats
GET /me
GET /recent-chats
Sofa treats some types differently than others, those are called Models.
The idea behind Models is to not expose full objects in every response, especially if it's a nested, not first-level data.
For example, when fetching a list of chats you don't want to include all messages in the response, you want them to be just IDs (or links). Those messages would have to have their own endpoint. We call this type of data, a Model. In REST you probably call them Resources.
In order to treat particular types as Models you need to provide two queries, one that exposes a list (with no non-optional arguments) and the other to fetch a single entity (id field as an argument). The model itself has to have an id
field. Those are the only requirements.
# Message is treated as a Model
type Query {
messages: [Message]
message(id: ID): Message
}
type Message {
id: ID
# other fields ...
}
In order for Sofa to resolve operations based on a Context, you need te be able to provide some. Here's how you do it:
api.use(
'/api',
useSofa({
basePath: '/api',
schema,
async context({ req }) {
return {
req,
...yourContext,
};
},
})
);
You can pass a plain object or a function.
There are some cases where sending a full object makes more sense than passing only the ID. Sofa allows you to easily define where to ignore the default behavior:
api.use(
'/api',
useSofa({
basePath: '/api',
schema,
ignore: ['Message.author'],
})
);
Whenever Sofa tries to resolve an author of a message, instead of exposing an ID it will pass whole data.
Pattern is easy:
Type.field
orType
Sofa allows you to cutomize the http method, path and response status. For example, in case you need POST
instead of GET
method in one of your query, you do the following:
api.use(
'/api',
useSofa({
schema,
routes: {
'Query.feed': { method: 'POST' },
},
})
);
When Sofa tries to define a route for feed
of Query
, instead of exposing it under GET
(default for Query type) it will use POST
method.
Pattern is easy:
Type.field
whereType
is your query or mutation type.
You can also specify path
with dynamic params support (for example /feed/:offset/:limit
) and responseStatus
.
Sofa prevents circular references by default, but only one level deep. In order to change it, set the depthLimit
option to any number:
api.use(
'/api',
useSofa({
basePath: '/api',
schema,
depthLimit: 2,
})
);
By default, Sofa uses graphql
function from graphql-js
to turn an operation into data but it's very straightforward to pass your own logic. Thanks to that you can even use a remote GraphQL Server (with Fetch or through Apollo Links).
api.use(
'/api',
useSofa({
basePath: '/api',
schema,
async execute(args) {
return yourOwnLogicHere(args);
},
})
);
Sofa enables you to run GraphQL Subscriptions through WebHooks. It has a special API to start, update and stop a subscription.
POST /webhook
- starts a subscriptionDELETE /webhook/:id
- stops itPOST /webhook/:id
- updates itTo start a new subscription you need to include following data in request's body:
subscription
- subscription's name, matches the name in GraphQL Schemavariables
- variables passed to run a subscription (optional)url
- an url of your webhook receiving endpointAfter sending it to POST /webhook
you're going to get in return a unique ID that is your started subscription's identifier.
{
"id": "SUBSCRIPTION-UNIQUE-ID"
}
In order to stop a subscription, you need to pass its id and hit DELETE /webhook/:id
.
Updating a subscription looks very similar to how you start one. Your request's body should contain:
variables
- variables passed to run a subscription (optional)After sending it to POST /webhook/:id
you're going to get in return a new ID:
{
"id": "SUBSCRIPTION-UNIQUE-ID"
}
Given the following schema:
type Subscription {
onBook: Book
}
Let's start a subscription by sending that to POST /webhook
:
{
"subscription": "onBook",
"variables": {},
"url": "https://app.com/new-book"
}
In return we get an id
that we later on use to stop or update subscription:
DELETE /webhook/:id
Thanks to GraphQL's Type System Sofa is able to generate OpenAPI (Swagger) definitions out of it. Possibilities are endless here. You get all the information you need in order to write your own definitions or create a plugin that follows any specification.
import { useSofa, OpenAPI } from 'sofa-api';
import { writeFileSync } from 'fs';
const openApi = OpenAPI({
schema,
info: {
title: 'Example API',
version: '3.0.0',
},
});
app.use(
'/api',
useSofa({
basePath: '/api',
schema,
onRoute(info) {
openApi.addRoute(info, {
basePath: '/api',
});
},
})
);
// writes every recorder route
writeFileSync('./swagger.json', JSON.stringify(openApi.get(), null, 2));
OpenAPI (Swagger) with Bearer Authentication
import { useSofa, OpenAPI } from 'sofa-api';
import { writeFileSync } from 'fs';
const openApi = OpenAPI({
schema,
info: {
title: 'Example API',
version: '3.0.0',
},
components: {
securitySchemes: {
bearerAuth: {
type: 'http',
scheme: 'bearer',
bearerFormat: 'JWT',
},
},
},
security: [
{
bearerAuth: [],
},
],
});
app.use(
'/api',
useSofa({
basePath: '/api',
schema,
onRoute(info) {
openApi.addRoute(info, {
basePath: '/api',
});
},
})
);
// writes every recorder route
writeFileSync('./swagger.json', JSON.stringify(openApi.get(), null, 2));
OpenAPI (Swagger) with custom tags, summary and description
const openApi = OpenAPI({
schema,
info: {
title: 'Example API',
version: '3.0.0',
},
tags: [
{
name: 'Book',
description: 'Book related operations',
},
{
name: 'Author',
description: 'Author related operations',
},
],
});
@Resolver(Book)
export class BookResolver {
@Query(() => Book, { description: 'Get book by id' }) // custom summary tag
getBookById(@Arg('id', () => Int) id: number) {
return 'book';
}
}
const routes: SofaConfig['routes'] = {
'Query.getBookById': {
method: 'POST',
path: '/book/:id',
tags: ['Book'],
description: 'This is a custom detailed description for getBookById',
},
};
const createSofaMiddleware = (
schema: GraphQLSchema,
openApi: ReturnType<typeof OpenAPI>,
basePath = ''
): ReturnType<typeof useSofa> => {
return useSofa({
routes,
basePath,
schema,
onRoute(info) {
openApi.addRoute(info, { basePath });
},
});
};
// writes every recorder route
openApi.save('./swagger.yml');
MIT © Uri Goldshtein
FAQs
Create REST APIs with GraphQL
The npm package sofa-api receives a total of 8,766 weekly downloads. As such, sofa-api popularity was classified as popular.
We found that sofa-api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.