It is the framework component for openage services. It implements some of the boilerplate code like
- User Authentication
- Endpoint Authorization
- Repsonse Standardization
- Response Caching
- Response Remapping
- Bulk Request
It also builds the context and adds following mechanisms to it:
- Caching
- Configuration
- Logging
- Rules Evaluation
- Implemented session validation with the authentication provider for a more robust authentication mechanism.
- Implemented session caching to save round trips (see session caching)
- Improved exception handling by hiding server errors and sending the one in
api.errorssection.
- Separated all the errors into it own error file
- Implemented caching of the response.
TODO:
- [ ] Complete documentation
TODO:
- [ ] Complete documentation
- Add the package
npm install @open-age/express-api --save- Add dependencies
TODO:
- [ ] Complete documentation
This component uses config package. The configuration can be defined at multiple levels.
- Code Level
- Installation Level
- Organization Level
- Tenant Level
You need to configure the application to use the cache configuration. Here is an example:
{
"cacheServer": {
"type":"redis",
"config": {
"host": "${env:cacheServer.host}",
"port": "${env:cacheServer.port}",
"options": {
"password": "${env:cacheServer.password}",
"maxmemory": "1gb",
"maxmemoryPolicy": "allkeys-lru"
}
}
}
}Following cache servers are supported
This would also be used to cache the authentication data
You need to set the endpoint to cache the response. It can be defined at one of the following places (in the order of decreasing preference):
- In the tenant configuration
{
"config": {
"api": {
"resource-get-by-id": {
"cache": {
}
}
}
}
}- At service level
{
"api": {
"resource-get-by-id": {
"cache": {
}
}
}
}- In the spec path file
specs/paths/:resource.js.
{
"url": "/",
"get": {
"id": "resource-get-by-id",
"cache":{
}
}
}The endpoint id, resource-get-by-id is defined in spec/paths/resource.js file. Even if the id the not defined it will be automatically created according to convention.
The cache section above would take following configuration
{
// unique id with which value will be saved
"key": "resource_${query}",
// seconds after which key and it's value will get deleted
"ttl": 2000,
// action to perfom when the endpoint is hit (defaults to add)
"action": "add",
// the condition(optional) that needs to be met
// for the response to be cache response
"condition": {
"operator": "AND",
"value": [{ "key": "query.field","operator": "==", "value": "value" }]
}
}TODO:
- [ ] Add examples with more conditions
Just like cache you need to configure the endpoint by adding permissions to it
TODO:
- [ ] Complete documentation
TODO:
- [ ] Complete documentation
{
"auth": {
"validate": {
"ip": true,
}
}
}TODO:
- [ ] support for region in the ip like
in-*
- Following setting will check the expiry of the token against the current time
{
"auth": {
"validate": {
"expiry": true,
}
}
}- Following setting will check the status of the session. It should not be
inactiveorexpired
{
"auth": {
"validate": {
"session": true,
}
}
}- Set the
auth.providerasdirectory
{
"auth": {
"provider": "directory"
}
}- Configure
providers.directory. Note the system would fetch the session (from id) of the user under the credentials ofproviders.directory.role.key
{
"providers": {
"directory": {
"url": "http://api.openage.in/directory/v1/api", // prod url
"role": {
"key": "<role key of the tenant owner>"
}
}
}
}
Add sessions endpoints to the directory provider, and add the cache setting to it. You need to also add cacheServer setting
{
"providers": {
"directory": {
"endpoints": {
"sessions": {
"get": {
"cache": {
"ttl": 60000 // 60 seconds
}
}
}
}
}
}
}If the cache is not defined, then the session won't be cahced
{
"api": {
"errors": {
"UNKNOWN": {
"code": "UNKNOWN",
"message": "Internal Server Error"
},
"ACCESS_DENIED": {
"code": "ACCESS_DENIED",
"message": "Insufficient Permission"
}
}
}
}