A secure, lightweight JavaScript library for making HTTP requests with built-in security features and flexible configuration options.
- 🔒 Multi-level Security: Three security levels (low, medium, high) with automatic input sanitization
- 🛡️ CSRF Protection: Built-in CSRF token handling for secure requests
- ⚡ Rate Limiting: Configurable request rate limiting to prevent abuse
- 🔑 API Key Support: Secure API key authentication for high-security applications
- ⏱️ Timeout Management: Configurable request timeouts with automatic handling
- 🌐 Base URL Support: Set a base URL for all requests
- 📝 Input Sanitization: Automatic sanitization of request data based on security level
- 🚫 Request Size Limits: Configurable limits to prevent oversized requests
npm install a2jax
Or include directly in your HTML:
<script src="https://cdn.jsdelivr.net/npm/a2jax@latest/dist/a2jax.min.js"></script>
// Basic usage with default medium security
const xhr = new A2jax();
// Make a GET request
xhr.get('/api/users')
.then(response => {
console.log('Users:', response.data);
})
.catch(error => {
console.error('Error:', error);
});
// Make a POST request
xhr.post('/api/users', {
name: 'John Doe',
email: 'john@example.com'
})
.then(response => {
console.log('User created:', response.data);
});
const xhr = new A2jax({
security: true,
securityLevel: 'high',
timeout: 15000,
baseURL: 'https://api.example.com',
apiKey: 'your-api-key-here'
});
Level | Features |
---|---|
Low | Basic input sanitization, no CSRF protection, no rate limiting |
Medium (Default) | Input sanitization, CSRF protection, rate limiting (10 req/sec), SSL validation, 1MB request limit |
High | All medium features + enhanced rate limiting (5 req/sec), 512KB limit, API key requirement, session validation |
// Method 1: During initialization
const xhr = new A2jax({
security: true,
securityLevel: 'high',
apiKey: 'your-api-key'
});
// Method 2: Using configuration methods
const xhr2 = new A2jax();
xhr2.setSecurity(true, 'medium')
.setApiKey('your-api-key')
.setBaseURL('https://api.example.com');
// Method 3: Static factory method
const xhr3 = A2jax.create({
security: true,
securityLevel: 'high',
timeout: 20000
});
// Basic GET request
xhr.get('/api/users')
.then(response => console.log(response.data));
// GET with custom headers
xhr.get('/api/users/123', {
headers: {
'Authorization': 'Bearer your-token',
'Accept': 'application/json'
}
})
.then(response => console.log(response.data));
// GET with query parameters
const params = new URLSearchParams({ include: 'profile,settings' });
xhr.get(`/api/users/123?${params}`)
.then(response => console.log(response.data));
// Basic POST request
xhr.post('/api/users', {
name: 'John Doe',
email: 'john@example.com',
age: 30
})
.then(response => console.log(response.data));
// POST with custom headers
xhr.post('/api/login', {
username: 'johndoe',
password: 'securepassword'
}, {
headers: {
'Content-Type': 'application/json',
'X-Client-Version': '1.0.0'
}
})
.then(response => {
localStorage.setItem('authToken', response.data.token);
});
class APIClient {
constructor(baseURL, apiKey) {
this.client = new A2jax({
security: true,
securityLevel: 'high',
baseURL: baseURL,
apiKey: apiKey,
timeout: 30000,
defaultHeaders: {
'Accept': 'application/json',
'User-Agent': 'MyApp/1.0'
}
});
}
async getUsers() {
try {
const response = await this.client.get('/users');
return response.data;
} catch (error) {
throw new Error(`Failed to fetch users: ${error.error}`);
}
}
async createUser(userData) {
try {
const response = await this.client.post('/users', userData);
return response.data;
} catch (error) {
if (error.status === 400) {
throw new Error('Invalid user data provided');
}
throw new Error(`Failed to create user: ${error.error}`);
}
}
}
// Usage
const api = new APIClient('https://api.myapp.com', 'your-api-key');
const users = await api.getUsers();
async function handleAPICall() {
try {
const response = await xhr.post('/api/sensitive-data', {
data: 'sensitive information'
});
console.log('Success:', response.data);
} catch (error) {
if (error.error === 'Rate limit exceeded. Please slow down your requests.') {
console.warn('Too many requests, waiting before retry...');
setTimeout(() => handleAPICall(), 2000);
} else if (error.error === 'Request timeout') {
console.error('Request timed out, check your connection');
} else if (error.status === 413) {
console.error('Request too large, reduce data size');
} else if (error.status >= 500) {
console.error('Server error, try again later');
} else {
console.error('Request failed:', error);
}
}
}
async function retryRequest(url, data, maxRetries = 3) {
const xhr = new A2jax({
security: true,
securityLevel: 'medium'
});
for (let attempt = 1; attempt <= maxRetries; attempt++) {
try {
const response = await xhr.post(url, data);
return response;
} catch (error) {
if (attempt === maxRetries) {
throw error;
}
// Wait with exponential backoff
const delay = Math.pow(2, attempt) * 1000;
await new Promise(resolve => setTimeout(resolve, delay));
}
}
}
const devXhr = new A2jax({
security: true,
securityLevel: 'low',
baseURL: 'http://localhost:3000/api',
timeout: 5000
});
const prodXhr = new A2jax({
security: true,
securityLevel: 'high',
baseURL: 'https://secure-api.production.com',
apiKey: process.env.API_KEY,
timeout: 15000,
defaultHeaders: {
'X-App-Version': '2.1.0',
'X-Client-ID': 'web-client'
}
});
async function submitContactForm(formData) {
const xhr = new A2jax({
security: true,
securityLevel: 'medium'
});
try {
const response = await xhr.post('/api/contact', {
name: formData.name,
email: formData.email,
message: formData.message,
timestamp: Date.now()
});
showNotification('Message sent successfully!', 'success');
return response.data;
} catch (error) {
showNotification('Failed to send message. Please try again.', 'error');
throw error;
}
}
async function loadUserDashboard(userId) {
const xhr = new A2jax({
security: true,
securityLevel: 'high',
apiKey: getAuthToken()
});
showLoadingSpinner(true);
try {
const [userResponse, statsResponse] = await Promise.all([
xhr.get(`/api/users/${userId}`),
xhr.get(`/api/users/${userId}/stats`)
]);
updateUserProfile(userResponse.data);
updateUserStats(statsResponse.data);
} catch (error) {
if (error.status === 401) {
redirectToLogin();
} else {
showErrorMessage('Failed to load dashboard data');
}
} finally {
showLoadingSpinner(false);
}
}
A2jax automatically sanitizes input data based on the configured security level, preventing XSS attacks and other malicious input.
Medium and high security levels include automatic CSRF token handling to prevent cross-site request forgery attacks.
Built-in rate limiting prevents abuse:
- Medium security: 10 requests per second
- High security: 5 requests per second
Configurable limits prevent oversized requests:
- Medium security: 1MB limit
- High security: 512KB limit
A2jax supports all modern browsers that support:
- Promises
- Fetch API or XMLHttpRequest
- ES6 features
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature
) - Commit your changes (
git commit -m 'Add some amazing feature'
) - Push to the branch (
git push origin feature/amazing-feature
) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
For support, please open an issue on GitHub or contact the maintainers.
A2jax - Secure HTTP requests made simple.