@noveo/swagger-middleware

The package is a wrapper for swagger-express-middleware@1.1.1 It helps you to deal with swagger@2.0 defined apis. It does NOT support openapi@3

install

npm i --save @noveo/swagger-middleware

or

npm i --save git+https://gitlab%2Bdeploy-token-10:y6fu7AnyXgsxn1sJ6zxz@gitlab.noveogroup.com/devteam/back/swagger-middleware.git

usage

1const swagger = require('@noveo/swagger-middleware');
2
3// Load modules
4const loaded = await swagger.loaders.byPackageJson({
5  folders: ['essences', 'scenarios'],
6  root: __dirname,
7  logger: log.child('modules-loader'),
8  baseApiPath: resolve(__dirname, './api.yml'),
9  app: { name: appName, version },
10  server: { protocol, host, port }
11});
12
13const app = express();
14
15// Init secureCollection for adding secure adapters 
16const secureCollection = swagger.secureCollection;
17// Adapters presets for security
18const adapters = swagger.adapters;
19
20// Initiate adapter with apiKey presets to secureCollection, passing function secure ad 2nd parameter for checking security
21await secureCollection.add(adapters.apiKey, {
22    check(key) {
23        return key === 'authKey'
24    }
25});
26
27// Initiate adapter with basic auth presets to secureCollection, passing function secure ad 2nd parameter for checking security
28await secureCollection.add(adapters.basic, {
29    check(email, password) {
30        const user  = db.users.findOne({email}, ['password', 'salt']).lean();
31        
32        if (! user) {
33            return false;
34        }
35        
36        const cryptoPassword = sha512(password, user.salt);
37        
38        return (cryptoPassword === user.password);
39    }
40});
41
42
43// Init Doc UI and schema get endpoint
44app.use(api.basePath, middleware.docs({
45  jsonPath: '/swagger.json',
46  yamlPath: '/swagger.yaml',
47  ui: {
48    baseUrl: '/ui/',
49    docUrl: `${api.basePath}/swagger.json`
50  }
51}));
52
53app.use(
54  // Checks out the correctness of json-response via the provided 
55  // OpenAPI 2 or OpenAPI 3 schema
56  middleware.validateResponse(),  
57  // Annotates each request with all the relevant information from the Swagger definition. 
58  // The path, the operation, the parameters, the security requirements. 
59  // They’re all easily accessible at req.swagger. It just parses parameters definitions from the API, not the values.
60  // Values are parsed by parseRequest
61  middleware.metadata(),    
62  // Initiate secure middleware passing secureCollection to it
63  middleware.secure(secureCollection),
64  // Adds the appropriate CORS headers to each request and automatically responds to CORS preflight requests,
65  // all in compliance with your Swagger API definition.
66  middleware.CORS(),
67  // Parses incoming requests and converts everything into the correct data types, 
68  // according to your Swagger API definition.
69  // It uses body-parser, cookie-parser, multer
70  middleware.parseRequest(),
71  // Ensures that every request complies with your Swagger API definition, 
72  // or returns the appropriate HTTP error codes if needed
73  middleware.validateRequest(),
74  // You may put handlerStorage made by modules loader or by your hands
75  middleware.handler({
76    handlerStorage: loaded.handlerStorage
77  }),
78  // It is for mocks
79  middleware.mock(),
80);
81
82app.listen(8000);

QnA

Why do we use our docs middleware? Why don't we use swagger-express-middleware files middleware

Our middleware provides not only json api definition, but It provides yaml definition too. Then our middleware provides api definition explorer UI. You may use files middleware if you need or if you find docs middleware incompatible for you or insecure etc. Please, notice the maintainer if you have any issues

Debug and logging

It uses debug with main prefix as swagger as default logger ;

API

Exported lib is an object with two properties: initMiddleware and loaders

• initMiddleware(options)
  • initMiddlewareResponse
    • middlewareFactories
      • docs(options)
      • handler(options)
      • validateResponse(options)
• loaders
  • loaderResponse
  • byPackageJsonLoader(options)
    • byPackageJsonLoader-packageDef

initMiddleware(options) ⇒ Promise.<initMiddlewareResponse>

It is a wrapper for swagger-express-middleware#createMiddleware. It initializes middlewares

Kind: Function
Returns: Promise.<initMiddlewareResponse>

Param	Type	Mandatory	Default	Example	Description
options.apiDef	Object or String	REQUIRED		'./api.yml'	A Swagger Object, or the json file path or URL of your Swagger API. It is forwarded to swagger-parser.dereference
options.app	express#Router	REQUIRED		express()	An Express app It is forwarded to swagger-express-middleware#createMiddleware method
options.logger	loggerInstance	Optional	debug with main prefix as swagger	noveoLogger.getLogger('swagger')	Logger instance
	thisisforcellwithyeah			thisisforcellwidthyeah

initMiddlewareResponse

middleware is initialized by swagger-express-middleware#createMiddleware. Then some middleware factories like docs and handler were added to middleware. api and parser are from swagger-express-middleware#createMiddleware. They are forwarded to callback as third and fourth params, but it is not documented.

Kind: Object

Property	Type	Description
middleware	middlewareFactories	Container with swagger-express-middleware middlewares and our middlewares
api	Object	It is a Swagger Object, dereferenced by swager-parser.dereference
parser	SwaggerParser	It is a Swagger Object, dereferenced by swager-parser.dereference

middlewareFactories

Kind: Object extends instance of swagger-express-middleware Middleware class

Property	Type	Description
docs	docsMiddlewareFactory	Factory for creating docs middleware
handler	handlerMiddlewareFactory	Factory for creating handlerMiddleware
<String>		Other factories of swagger-express-middleware

docsMiddlewareFactory(options) ⇒ express.Router

Factory for middleware, which creates routes with json and yaml api definitions and ui documentation explorer. The recommended way of usage is to hang it on express route defined as application basePath. For example, app.use('/base-path', middleware.docs())

Kind: Function
Returns: express.Router instance

Param	Type	Mandatory	Default	Example	Description
options.jsonPath	String	Optional	undefined	'/swagger.json'	Path for json api definition route. Route does not initialize if the option is falsey
options.yamlPath	String	Optional	undefined	'/swagger.yaml'	Path for yaml api definition route. Route does not initialize if the option is falsey
options.ui.baseUrl	String	Optional	undefined	'/ui/'	Url for hanging on some ui routes for html, css, js files. Explorer UI does not initialize if the option is falsey
options.ui.docUrl	String	Optional	'https://petstore.swagger.io/v2/swagger.json'	'/base-path/swagger.json'	Url could be relative or absolute. It should contains json api definition. Explorer UI helps to explore the api definition
options.router	express.Router constructor	Optional	express.Router of express@4.16.4	express.Router	You may put your own express.Router class of your express version
options.api	Object	Optional	api produced by initMiddleware	{ swagger: '2.0', ... }	You may put your own dereferenced api def object
options.logger	loggerInstance	Optional	logger put to initMiddleware or debug with main prefix as swagger	noveoLogger.getLogger('swagger')	Logger instance
	thisisforcellwidthyeh		thisisforcellwidthyeh	thisisforcellwidthyeah

Notice

Use options.ui.baseUrl with finishing slash like /ui/ but not like /ui. It uses wildcard like /ui/* for express routing and swagger-ui-dist package, that uses relative paths like ./swagger-ui.css. So, the relative with /base/ui (without finishing slash) would be /base/swagger-ui.css, which is incorrect. The relative with /base/ui/ will be /base/ui/swagger-ui.css, which is correct.

handlerMiddlewareFactory(options) ⇒ express.Middleware

It is a factory for producing a middleware that handles a handlers which are indexed by operationId. It chooses an operationId by req.swagger data provided by middleware.metadata middleware. It fails without middleware.metadata middleware.

Kind: Function
Returns: express.Middleware

Param	Type	Mandatory	Default	Example	Description
options.handlerStorage	Map	REQUIRED		new Map([['operationId', (req, res, next) => {}]])	A storage of operations handlers
options.logger	loggerInstance	Optional	logger put to initMiddleware or debug with main prefix as swagger	noveoLogger.getLogger('swagger')	Logger instance

validateResponseFactory(options) ⇒ express.Middleware

It is a factory for response validation

Kind: Function
Returns: express.Middleware

Param	Type	Mandatory	Example	Default	Description
options.schema	Object	Optional	{ swagger: '2.0', ... }	api produced by initMiddleware	You may put your own dereferenced api def object
options.logger	loggerInstance	Optional	noveoLogger.getLogger('swagger')	logger put to initMiddleware or debug with main prefix as swagger	Logger instance

loaders

Container for loaders. We have one implemented loader. Each loader should be a Function, that returns Promise.<loaderResponse

Kind: Object

Property	Type	Description
byPackageJson	byPackageJsonLoader	Loader with algorithm based on package.json file

loaderResponse

An object that loader should resolves

Kind: Object

Property	Type	Description
api	Object	Dereferenced api definition object
handlerStorage	Map<String,express.Middleware>	A storage of operations handlers

byPackageJsonLoader(options) ⇒ Promise<loaderResponse>

Kind: Function
Returns: Promise<loaderResponse>

Param	Type	Mandatory	Default	Example	Description
options.folders	String[]	Optional	[]	['essences', 'modules']	Array of paths for modules directories. Paths are relative to the root path defined in the root option
options.root	String	Optional	process.cwd()	'./home/web/app/modules-container'	It is path to root directory of modules.
options.baseApiPath	String	REQUIRED		'./home/web/app/swagger.yml'	Path to the api def with base api information
options.app.name	String	Optional	undefined	'my-app'	App name could be merge into api def info.title field
options.app.version	String	Optional	undefined	'v0'	App version could be merged into api def info.version field
options.server.protocol	String	Optional	undefined	'https'	Server protocol could be merges into api def schemes#0 field
options.server.host	String	Optional	undefined	'localhost'	Server host partly could be merged into api def host field
options.server.port	String or Number	Optional	undefined	'8000'	Server port partly could be merged into api def host filed
options.logger	loggerInstance	Optional	debug with main prefix as swagger	noveoLogger.getLogger('swagger')	Logger instance
	thisisforcellwidth		thisisforcellwidth	thisisforcellwidth

How it loads modules

• It looks for directories into the folders you pointed as folders option

• It looks for files package.json in the directories

• It considers package.json as object of byPackageJsonLoader-packageDef type

• It loads api definitions from files described in api definition options

• It loads controllers from files described in api actions options

• If it finds valid package.json it loads the module as defined in package.json. That means it advances common api definition with module routes.

byPackageJsonLoader-packageDef

It is an object that describes how to load module using byPackageJsonLoader

Kind: Object

Property	Type	Example	Description
name	String	'Module name'	Name of the module
api[].definition	String	'./api.yml'	Path to the module api definition. It is forwarded to swagger-parser to .dereference() method. Look at swagger-parser if you have any questions
api[].actions	String	'./controllers.js'	Path to the js file that exports object with props keys like operationIds in the module api definition. And props values should be route controllers which implement such interface as function (req, res, next). Yes, it should be handlers like for express and for swagger-express-middleware. Each should responds with res.send() or res.json() or forwards errors with next(err)
	thisisforcellwidth	thisisforcellwidth

loggerInstance

Kind: Object instance of logger with defined methods

Property	Type	Description
info	logMethod	logger on info level
debug	logMethod	logger on debug level
warn	logMethod	logger on warn level
error	logMethod	logger on error level
	thisisforcellwidth

logMethod(msg)

Kind: Function Returns: void

Param	Type	Mandatory	Default	Example	Description
msg	String	Optional	''	'controller is requestd'	Message for logging
				thisisforcellwidth

secure

Kind: Function Description Main secure middleware, checking every response for contain security Returns: void

Param	Type	Mandatory	Description
secureCollection	Object	REQUIRED	Object that contains initiated secure functions

secureCollection

Kind: Factory Description Factory that used for adding/getting and store all security functions that passed to her. Returns: void

Functions	Example	Description
add	secureCollection.add(adapters.apiKey, {check => {}})	Add adapter to registeredAdapters list
get	secureCollection.get(apiKey)	Get adapter by name from registeredAdapters list

adapters

Kind: Object Description Collection that contains auth type templates like apiKey,basicAuth. Each element of collection is an object and contains adapter defaultType and init function Returns: Object with adapters

Param	Type	Example	Description
apiKey	Object	{defaultType: 'apiKey', init() => {}	apiKey auth object
basic	Object	{defaultType: 'basic', init() => {}	basic auth object

TODO and questions

• Add logging to responseValidation
• Check with security definitions
• Add tests
• Put secure and validateResponse into middlewareFactories description (documentation)
• Put secure and adapters into Index (documentation)
• Update swagger-express-middleware to v2.0.0