netflix / falcor-express Goto Github PK
View Code? Open in Web Editor NEWExpress Middleware for Hosting Falcor Data Sources.
License: Apache License 2.0
Express Middleware for Hosting Falcor Data Sources.
License: Apache License 2.0
I am trying to test express api with supertest, but this POST
request
https://gist.github.com/designeng/5af79b921ec5965a3924#file-falcor-model-spec-js-L13-L20
fails because of JSON.parse()
.
The situation seems can be improved with this hack:
https://gist.github.com/designeng/5af79b921ec5965a3924#file-requesttocontext-js-L19
What do you think?
> nsp check
(+) 2 vulnerabilities found
┌───────────────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ │ Regular Expression Denial of Service │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Name │ ms │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Installed │ 0.7.0 │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Vulnerable │ <=0.7.0 │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Patched │ >0.7.0 │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Path │ web@undefined > [email protected] > [email protected] > [email protected] > [email protected] │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ More Info │ https://nodesecurity.io/advisories/46 │
└───────────────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────┘
Currently the examples use hard coded uri escaping for the path string. Not exactly scalable.
On the other hand, it seems is is not so easy simply escaping the entire string using urlencode
or querystring
modules (which I tried), since they also escape the [
correctly which apparently falcor doesn't know how to deal with? So I came up with this:
Why not enable POST requests for queries using pure JSON like they do in GraphQL?
OK, not exactly proper REST semantics, but it does the job...
function pathify(arg) {
var str = JSON.stringify(arg);
return str
.replace(/"(.+?)"/g, function(match,$1) {
return '"' + urlencode($1) + '"';
})
.replace(/"/g, '%22');
}
it('should return the JSON Graph', done => {
var params = pathify([['test']]);
// console.log('params', params);
let query = '/todo?paths=' + params + '&method=get';
request(app.listen())
.get(query)
.expect(200)
.expect('Content-Type', /json/)
.expect({
"jsonGraph": {
"test": "Hello Test"
}
})
.end(done)
This response is implemented here: https://github.com/Netflix/falcor-express/blob/master/src/index.js#L19-L21
But requestToContext
currently never sets a method
property.
Currently we use the term "middleware" which i think is inappropriate. Usually middleware is code that executes before the code that finally emits the response. Middleware tends to handle transparent portions of the pipelined like authentication for example. The handler that we provide for serving model data is responsible for serving the actual response. We should rename expressMiddleware to "modelRoute".
var falcorExpress = require("falcor-express");
app.use("/model.json", falcorExpress.modelRoute((req, res)=> new Model(...));
cc @dzannotti for falcor-hapi
If any query string args are invalid, for example invalid JSON in path, we need to catch these errors and send back HTTP 400.
I have an Rich Text Editor that convert quotes to """ but the "&" breaks falcor-express. I am currently converting the & -> ~ as a work around
Every middleware function must invoke the next argument once it has finished its job. See this article: http://expressjs.com/guide/using-middleware.html
Note that when we handle a request we neglect to call the next parameter.
falcor-express appears to require no dependencies at all - remove them from package.json
Recommend switch from res.send
to res.json
in order to ensure appropriate JSON content header -- preferable for integration and various dev tools.
Tracks issue with post not working.
Just found that 0.1.3
is missing from npm registry. Love to see it on registry since it includes some updates :) Thanks
$ npm info [email protected]
undefined
$ npm info falcor-express
{ name: 'falcor-express',
description: 'A falcor server for express.',
'dist-tags': { latest: '0.1.2' },
versions: [ '0.1.1', '0.1.2' ],
maintainers: [ 'michael.paulson <[email protected]>' ],
time:
{ modified: '2015-09-05T00:07:09.185Z',
created: '2015-08-17T13:47:19.201Z',
'0.1.1': '2015-08-17T13:47:19.201Z',
'0.1.2': '2015-08-17T13:55:30.376Z' },
homepage: 'https://github.com/Netflix/falcor-express',
repository:
{ type: 'git',
url: 'git+https://github.com/Netflix/falcor-express.git' },
author: 'Netflix (https://github.com/Netflix/falcor-express/authors.txt)',
bugs: { url: 'https://github.com/Netflix/falcor-express/issues' },
readmeFilename: 'README.md',
users: { gdi2290: true, brandonccx: true, ovrmrw: true },
version: '0.1.2',
main: 'src/index.js',
licenses:
[ { type: 'Apache License, Version 2.0',
url: 'http://www.apache.org/licenses/LICENSE-2.0.html' } ],
scripts:
{ lint: 'node node_modules/gulp/bin/gulp.js lint',
test: 'node node_modules/gulp/bin/gulp.js test' },
dependencies: { 'body-parser': '^1.12.4', express: '~4.11.1', rx: '~2.3.24' },
devDependencies:
{ chai: '^3.2.0',
eslint: '^0.21.0',
'falcor-router': '0.2.4',
gulp: '^3.9.0',
'gulp-eslint': '^0.15.0',
'gulp-mocha': '^2.1.3',
sinon: '^1.15.4' },
gitHead: '9be37563569f746f7da639123eaad83851f38e2d',
dist:
{ shasum: '9e6906a221a030d51fafe21fb8484f94dbc6fae2',
tarball: 'https://registry.npmjs.org/falcor-express/-/falcor-express-0.1.2.tgz' },
directories: {} }
I know this rename is annoying, but it's definitely worth doing before we open source. If we go out like this, it makes it appears that we are a express plug-in.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.