I have set up an OpenAPI connector in Loopback 4 as described here and for unauthorized requests, it is working well; I managed to create the respective datasource, service and controller. My service is similar to the GeocoderProvider example, but, let's say, with the following service interface.
export interface MyExternalService {
search_stuff(params: {query?: string}): Promise<MyExternalServiceResponse>;
}
export interface MyExternalServiceResponse {
text: string;
}
From my controller, I invoke it like this, where this.myExternalService is the injected service (kind of unrelated, but can Loopback also implicitly parse a JSON response from an external API datasource?):
#get('/search')
async searchStuff(#param.query.string('query') query: string): Promise<void> {
return JSON.parse(
(await this.myExternalService.search_stuff({query})).text,
);
}
Now, the external endpoint corresponding to myExternalService.search_stuff needs an Authorization: Bearer <token> header, where the token is sent to Loopback by the client, i.e. it's not a static API key or so. Assuming I added #param.query.string('token') token: string to the parameter list of my searchStuff controller method, how can I forward that token to the OpenAPI connector? This is the relevant part of the underlying OpenAPI YAML definition file:
paths:
/search:
get:
security:
- Authorization: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SearchResults'
operationId: search-stuff
components:
securitySchemes:
Authorization:
type: http
scheme: Bearer
I am now using the underlying execute function of the OpenAPI connector and manually intercept the request (the object that is passed to requestInterceptor is later passed directly to the http module by Swagger):
return JSON.parse(
(
await this.myExternalService.execute(
'search_stuff',
{query},
{
requestInterceptor: (req: {headers: {Authorization: string}}) => {
req.headers.Authorization = 'Bearer ' + token;
return req;
},
},
)
).text,
);
I also added the following method to the MyExternalService interface, inspired by the connector's actual execute function:
execute(
operationId: string,
parameters: object,
options: object,
): Promise<MyExternalServiceResponse>;
Some things I found:
Loopback internally uses the swagger-client module to do OpenAPI-based requests.
Specifically the securities option of Swagger's execute function expects a Security Definitions Object. There are some quirks with actually passing it to Swagger as well.
Internally, Swagger builds the final HTTP request that is sent out here in its source code. There, the securities key is mentioned, yet is is never actually used for the request. This means that manually specifying it in the third parameter of this.myExternalService.execute will change nothing.
I'll not accept this answer yet and I'm looking forward to finding a more Loopback-like approach.
I configured my service like this, to inject the basic authentication.
import {inject, lifeCycleObserver, LifeCycleObserver} from '#loopback/core';
import {juggler} from '#loopback/repository';
const SwaggerClient = require('swagger-client');
const config = {
name: 'jira',
connector: 'openapi',
spec: 'swagger-v2.json',
validate: false,
httpClient: (request: any) => {
request.headers["Authorization"] = "Basic " + Buffer.from("test:test").toString('base64');
return SwaggerClient.http(request);
},
};
#lifeCycleObserver('datasource')
export class JiraDataSource extends juggler.DataSource
implements LifeCycleObserver {
static dataSourceName = 'jira';
static readonly defaultConfig = config;
constructor(
#inject('datasources.config.jira', {optional: true})
dsConfig: object = config,
) {
super(dsConfig);
}
}
Related
I would like to use a postman pre-fetch script to refresh my app secret from an api protected by aws signature. I am able to make a basic authentication like this. However I need an aws signature authentication
var url = "https://some.endpoint"
var auth = {
type: 'basic',
basic: [
{ key: "username", value: "postman" },
{ key: "password", value: "secrets" }
]
};
var request = {
url: url,
method: "GET",
auth: auth
}
pm.sendRequest(request, function (err, res) {
const json = res.json() // Get JSON value from the response body
console.log(json)
});
hi just create a normal postman request that work properly and then copy that request to a variable by adding the below line in test script
pm.environment.set("awsrequest", pm.request)
Now you can use the awsrequest variable to send use in pm.sendRequest
pm.sendRequest(pm.environment.get("awsrequest"))
I have a Lambda function integrated with API Gateway and the stack was deployed as cloud formation template. When I try to test the endpoint in the AWS web console I got correct response but when I try to invoke the deployed version of the API I got that error.
"message": "Could not parse request body into json: Unrecognized token ....etc"
I tried this mapping { "body" : $input.json('$') } in the integration request, but didn't work.
Here is the JSON I am trying to send using POSTMAN
{
"description": "test description",
"status": "test status"
}
and the request has header: Content-Type: application/json
Here you are screenshots for POSTMAN request body & headers, and the response from the API:
Any Solution guys?
UPDATE:
I put a mapping template at integration request level as the following:
{
"body-json" : $input.json('$')
}
And updated the lambda function to log the coming request, then made 2 requests:
First one: from API Gateway test web console:
I found the following in the cloudwatch logs:
INFO {
body: {
description: 'test',
projectId: 23,
action: 'test',
entity: 'test',
startDate: '01-01-2020',
endDate: '01-01-2020'
}
}
Second one: from POSTMAN:
I found the following in the cloudwatch logs:
INFO {
body: 'ewogICAgImRlc2NyaXB0aW9uIjogInRlc3QiLAogICAgInByb2plY3RJZCI6IDIzLAogICAgImFjdGlvbiI6ICJ0ZXN0IiwKICAgICJlbnRpdHkiOiAidGVzdCIsCiAgICAic3RhcnREYXRlIjogIjAxLTAxLTIwMjAiLAogICAgImVuZERhdGUiOiAiMDEtMDEtMjAyMCIKfQ=='
}
That indicates that in case of making the request using POSTMAN, the JSON payload is stringified automatically. What can cause such thing? and how to deal with it?
In this case we need to edit the mapping template since we are not using a proxy integration.
"body-json" : $input.json('$')
//also if binary data type is enabled for your api your body will be a base64
//encoded string which could be decoded using
$util.base64Decode($input.json('$'))
Also binary data types maybe enabled by default, search for these in the SAM template
x-amazon-apigateway-binary-media-types:
- '*/*'
You need to add a custom header in your response for it to respond correctly.
// The output from a Lambda proxy integration must be
// in the following JSON object. The 'headers' property
// is for custom response headers in addition to standard
// ones. The 'body' property must be a JSON string. For
// base64-encoded payload, you must also set the 'isBase64Encoded'
// property to 'true'.
let response = {
statusCode: responseCode,
headers: {
"x-custom-header" : "my custom header value"
},
body: JSON.stringify(responseBody)
};
I've got express js server code:
...
const server = new GraphQLServer({
typeDefs: `schema.graphql`,
resolvers,
context: context => {
let cookie = get(context, 'request.headers.cookie');
return { ...context, cookie, pubsub };
},
});
such that I can attach cookie to resolvers' requests:
...
method: 'GET',
headers: {
cookie: context.cookie,
},
Now I want to be able to use Relay (as a GraphQL client) and I want to be able to attach a cookie to Relay's requests as well.
I've found a similar question but it's not clear to me where can I insert that code:
Relay.injectNetworkLayer(
new Relay.DefaultNetworkLayer('/graphql', {
credentials: 'same-origin',
})
);
since I don't import Relay in Environment.js.
Update: I tried to add
import { Relay, graphql, QueryRenderer } from 'react-relay';
Relay.injectNetworkLayer(
new Relay.DefaultNetworkLayer('http://example.com/graphql', {
credentials: 'same-origin',
})
);
to a file where I send GraphQL queries (e.g., client.js), but it says that Relay is undefined.
Update #2: this repo looks interesting.
I write an app in Angular 4 that calls a REST API (DJANGO).
The code is as followed:
export class ForecastUnitService {
private path = 'forecastunit/';
private options;
constructor (private http: Http, private c:CentralService) {
this.options=this.c.createOptions();
}
getForecastUnits(): Observable<ForecastUnit[]> {
return this.http.get(this.c.createURL(this.path),this.options)
.map(this.extractData)
.catch(this.handleError);
}
...
}
I add options that contains an authorization header, but still I get
a 403 forbidden. However when I try the call with cUrl or Postman or in swagger, with the same token I get results.
So first tought, the headers aren't correct but when I log options I get:
{"method":null,"headers":{"Authorization":["**Correct Token**"],"Content-Type":["application/json"]},"body":null,"url":null,"withCredentials":null,"responseType":null}
So that is not the problem, when I look in the response from Chrome I see the following:
{"detail":"Authentication credentials were not provided."}
So again no credentials, but I really passed them, what is going wrong?
Angular's http module changes all header names to lowercase. This might be an issue because some API services aren't following the spec and their header checks are case-sensitive when these should be case-insensitive.
Check the configuration of your API.
I assume that your CentralService creates valid options.
interface RequestOptionsArgs {
url: string|null
method: string|RequestMethod|null
search: string|URLSearchParams|{[key: string]: any | any[]}|null
params: string|URLSearchParams|{[key: string]: any | any[]}|null
headers: Headers|null
body: any
withCredentials: boolean|null
responseType: ResponseContentType|null
}
Headers:
class Headers {
static fromResponseHeaderString(headersString: string): Headers
constructor(headers?: Headers|{[name: string]: any}|null)
append(name: string, value: string): void
delete(name: string): void
forEach(fn: (values: string[], name: string|undefined, headers: Map<string, string[]>) => void): void
get(name: string): string|null
has(name: string): boolean
keys(): string[]
set(name: string, value: string|string[]): void
values(): string[][]
toJSON(): {[name: string]: any}
getAll(name: string): string[]|null
entries()
}
Could you show us the CentralService ?
Also you might want to avoid calling it in the constructor , instead implement OnInit
Trying to use loopback framework for simulating a backend service. I need to retrieve an object using POST method. I know REST services typically allow POST to update/create a resource, but here, I cannot use GET with resource details for retrieving data.
In my case, POST data contains a few query fields that have to be used to query an object and send json back. Is this possible with loopback? I cannot use GET with query parms due to security restrictions with sending data as query parms in a GET URL.
here is post request data
[ { customer:"sam", city:"noWhere", } ]
the POST event should query by customer and city, then return matching customer object
[ { customer:"sam", postcode:"352345", city:"noWhere", country:"US" } ]
I think that what you need is an express http method override middleware: https://github.com/expressjs/method-override
And defining middleware in loopback:
http://docs.strongloop.com/display/LB/Defining+middleware
You can override default loopback endpoint, like this
// Define custom remote method
Customer.fetch = function(oRequest, fnResponseCb) {
/* Do staff to find customer and finally call fnResponseCb(null, oCustomer) */
}
// Override custom remote method
Customer.remoteMethod('fetch', {
accepts: {
arg: 'oRequest',
type: 'object',
http: { source: 'body' }
},
returns: {
type: 'object',
root: true
},
http: {
path: '/',
verb: 'POST'
},
description : 'Fetch Customer'
});