Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
twilio-functions-utils
Advanced tools
This lib was created with the aim of simplifying the use of serverless Twilio, reducing the need to apply frequent try-catches and improving context management, making it no longer necessary to return the callback() method in all functions.
npm install twilio-functions-utils
The lib provides a function useInjection
who returns a brand function for every execution. This returned function is ready to receive the Twilio Handler arguments and make them available as this
properties as this.request
, this.cookies
and this.env
at the Function level and this.client
and this.env
at the Provider function level.
The useInjection method takes two parameters. The first to apply as a handler and the last is an object of configuration options.
Must be writen in standard format, this will be your handler
function.
function createSomeThing (event) {
...
}
An object that can contain providers that will be defined, which act as use cases to perform internal actions in the handler function through the this.providers
method.
You can pass validateToken
equal true to force Flex Token validation using Twilio Flex Token Validator
useInjection(yourFunction,
{
providers: { create, remove },
validateToken: true
}
);
When using Token Validator, the Request body must contain a valid Token from Twilio Flex.
// Event
{
Token: "Twilio-Token-Here"
}
The responses coming from the function destined to the handler must be returned as an instance of Response.
Response receives a string and a number (status code):
return new Response('Your pretty answer.', 200);
There are two failure response models, BadRequest and NotFound. Its use follows the same model.
const notFound = new NotFoundError('Your error message here.');
const badRequest = new BadRequestError('Your error message here.');
There is a proper response template to use with the TwiML format:
const twimlVoice = new Twilio.twiml
.VoiceResponse();
const enqueueVoice = twimlVoice
.enqueue({
action,
workflowSid,
})
.task('{}');
return new TwiMLResponse(twimlVoice, 201)
IMPORTANT TO USE REGULAR FUNCTIONS ➜ With arrow functions it doesn't work as expected as this
cannot be injected correctly.
function yourFunctionName() {
// ...
}
Separate your actions from the main routine of the code. Break it down into several smaller parts that interact with your event, to facilitate future changes. You can create functions such as Assets or Functions, then just import them through the Runtime and pass them to the provider.
// File: assets/create.private.js
/**
* @param { object } event
* @this { {
* client: import('twilio').Twilio,
* env: {
* TWILIO_WORKFLOW_SID: string,
* DOMAIN_NAME: string
* } } }
* @returns { Promise<unknown> }
*/
exports.create = async function (event) {
// Here you can acess Twilio Client as client and Context as env (so you can get env vars).
const { client, env } = this
return new Promise((resolve, reject) => {
const random = Math.random();
if (random >= 0.5) {
return resolve({ sucess: 'Resolved' });
}
return reject(new Error('Unresolved'));
});
};
In your handler you will have access to the function through the providers property, internal to the this of the function that precedes the handler.
// File: functions/create.js
const { useInjection, Response } = require('twilio-functions-utils');
const { create } = require(Runtime.getAssets()['/create.js'].path)
/**
* @param { object } event
* @this { {
* request: object,
* cookies: object,
* env: {
* TWILIO_WORKFLOW_SID: string,
* DOMAIN_NAME: string
* },
* providers: {
* create: create,
* } } }
* @returns { Promise<unknown> }
*/
async function createAction(event) {
// You can perform all your "controller" level actions, as you have access to the request headers and cookies.
const { cookies, request, env } = this
// Then just call the providers you provided to handler by using useInjection.
const providerResult = await this.providers.create(event)
// Just put it on a Response object and you are good to go!
return new Response(providerResult, 201);
}
exports.handler = useInjection(createAction, {
providers: {
create,
},
validateToken: true, // When using Token Validator, the Request body must contain a valid Token from Twilio.
});
A simple method to discovery a value type. This is more specific then the original JavaScript typeof
.
It will return as Array
, Object
, String
, Number
, Symbol
.
Could be any JavaScript primitive value to be type checked.
const { typeOf } = require('twilio-functions-utils');
const type = typeOf('my name is Lorem');
const typeArray = typeOf(['one', 'two']);
const original = typeof ['one', 'two']
console.log(type) // String
console.log(typeArray) // Array
console.log(original) // object
The Twilio Serverless structure make it hard for testing sometimes. So this provides a method that works perfectly with useInjection ready functions. The useMock
act like useInjection but mocking some required fragments as getAssets
and getFunctions
.
The same function as used in useInjection
.
Unlike useInjection
, the useMock
method only receives the Options.providers
property.
(Required) Set your jest
testing script with NODE_ENV=test
:
"scripts": {
"test": "NODE_ENV=test jest --collect-coverage --watchAll",
"start": "twilio-run",
"deploy": "twilio-run deploy"
}
Your files structures must be have assets
and functions
into first or second levels starting from src
(when in second level):
app/
├─ package.json
├─ node_modules/
├─ src/
│ ├─ functions/
│ ├─ assets/
or:
app/
├─ package.json
├─ functions/
├─ assets/
├─ node_modules/
Exports your function to be tested and your handler so it can be used by Twilio when in runtime:
async function functionToBeTested(event) {
const something = await this.providers.myCustomProvider(event)
return Response(something)
}
const handler = useInjection(functionToBeTested, {
providers: {
myCustomProvider,
},
});
module.exports = { functionToBeTested, handler }; // <--
(Required) You always need to import the twilio.mock
for Response Twilio Global object on your testing files begining.
require('twilio-functions-utils/lib/twilio.mock');
Use Twilio Functions Utils useMock
to do the hard job and just write your tests with the generated function.
/* global describe, it, expect */
require('twilio-functions-utils/lib/twilio.mock');
const { useMock, Response } = require('twilio-functions-utils');
const { functionToBeTested } = require('../../functions/functionToBeTested'); // <-- Import here!
// Create the test function from the function to be tested
const fn = useMock(functionToBeTested, {
providers: {
myCustomProvider: async (sid) => ({ sid }), // Mock the providers implementation.
},
});
describe('Function functionToBeTested', () => {
it('if {"someValue": true}', async () => {
const request = { TaskSid: '1234567', TaskAttributes: '{"someValue": true}' };
const res = await fn(request);
expect(res).toBeInstanceOf(Response);
expect(res.body).not.toEqual(request);
expect(res.body).toEqual({ sid: '1234567' });
});
});
FAQs
Twilio Functions utils library
The npm package twilio-functions-utils receives a total of 37 weekly downloads. As such, twilio-functions-utils popularity was classified as not popular.
We found that twilio-functions-utils demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.