Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
volos-swagger
Advanced tools
This module adds support for driving Volos middleware functions entirely though configuration and the Apigee 127 Swagger Tools swagger-metadata middleware.
All Volos modules including Cache, Quota, and OAuth may be configured and tied to Swagger operations using configuration similar to the code that you would use to programmatically drive the Volos middleware.
This can be included in an Apigee-127 project as simply as this:
var a127 = require('a127-magic');
app.use(a127.middleware());
The Volos Swagger Configuration is done directly in the Swagger 2.x document:
The following sections discuss examples from this swagger yaml file.
Important: Be sure to include any referenced Volos modules in your package.json and run npm install
.
The "x-a127-services" vendors extension section defines how the modules that will be referenced in the other sections of this file will be instantiated and configured. The basic idea is that you simply define the array of parameters that would have been passed in to create the Volos module had you done it programmatically.
For example, volos-cache-memory requires a name and a hash of options. If we want to create and use a cache named "memCache" that has a time-to-live (ttl) of 1000ms, we'd do so like this:
x-a127-services:
cache:
provider: "volos-cache-memory"
options:
name: "memCache"
ttl: 10000
Note: The key (name) for this resource is "cache". This is the name that will be used later to refer to this cache, not "memCache" - which the provider's name for the cache.
Similarly, we create a volos-quota-memory ("quota") and volos-oauth-redis ("oauth2") reference in this example:
quota:
provider: "volos-quota-memory"
options:
timeUnit: "minute"
interval: 1
allow: 2
oauth2:
provider: "volos-oauth-apigee"
options:
encryptionKey: "This is the key to encrypt/decrypt stored credentials"
Volos modules are applied in a Swagger path or operation with the "x-a127-apply" extension. In the example below, we have examples of applying a cache ("cache") and a quota ("quota"). In each case, we're applying with the Volos defaults.
paths:
/cached:
x-a127-apply:
cache: {}
/quota:
x-a127-apply:
quota: {}
Once you've defined a Volos OAuth provider in x-a127-services, you may use standard Swagger 2.0 authorization constructs to delegate to it. This is done by creating a SecurityDefinition like so:
securityDefinitions:
oauth2:
type: oauth2
scopes: []
flow: accessCode
authorizationUrl: ignored
tokenUrl: ignored
SecurityDefinition Notes:
Once you've defined the SecurityDefinition, you can apply it to your operations. The following will require a valid OAuth token for the scope "scope1" on the "GET /secured" operation using the provider called "oauth2":
/secured:
get:
security:
-
oauth2:
- scope1
Deprecated: Volos authorization may also applied in a Swagger path or operation with the "x-a127-authorizations"
extension. The example below performs the same function as above: It requires that the request is using an OAuth
Token validated by the "oauth2" resource requiring the "scope1" scope. (Additional scopes could be required
by space-delimiting them or using an array.)
/secured:
x-a127-authorizations:
oauth2:
scope: "scope1"
FAQs
Middleware for bridging swagger (via swagger-tools) and volos
The npm package volos-swagger receives a total of 5 weekly downloads. As such, volos-swagger popularity was classified as not popular.
We found that volos-swagger demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.