Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/robbdimitrov/apiproxy
Keeping API client secrets out of the frontends and decorating the requests in the proxy
https://github.com/robbdimitrov/apiproxy
expressjs nodejs proxy security
Last synced: 24 days ago
JSON representation
Keeping API client secrets out of the frontends and decorating the requests in the proxy
- Host: GitHub
- URL: https://github.com/robbdimitrov/apiproxy
- Owner: robbdimitrov
- License: mit
- Created: 2021-03-26T19:56:25.000Z (almost 4 years ago)
- Default Branch: master
- Last Pushed: 2021-04-18T20:52:06.000Z (over 3 years ago)
- Last Synced: 2024-11-10T15:06:49.337Z (2 months ago)
- Topics: expressjs, nodejs, proxy, security
- Language: JavaScript
- Homepage:
- Size: 8.79 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Node Proxy
Proof of concept proxy using [Node](https://github.com/nodejs/node) and
[Express](https://github.com/expressjs/express). The following technique
can be used to keep secrets such as API client tokens out of your frontends.## Example usage:
Start the server:
```
$ ACCESS_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 PORT=8001 node src/server.js
```Start the proxy:
```
$ ACCESS_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 PORT=8002 node src/proxy.js
```## Testing requests:
### `GET` request
Request:
```
$ curl -i -X GET localhost:8002/hello
```
Response:
```
HTTP/1.1 200 OK
X-Powered-By: Express
Date: Fri, 26 Mar 2021 19:44:20 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked{"type":"HELLO","status":"SUCCESSFUL"}
```### `POST` request with body
Request:
```
$ curl -i -X POST localhost:8002/auth \
-H 'content-type: application/json' \
-d '{"id":1,"name":"John"}'
```
Response:
```
HTTP/1.1 200 OK
X-Powered-By: Express
Date: Fri, 26 Mar 2021 19:47:10 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked{"type":"AUTH","status":"SUCCESSFUL"}
```### `POST` request with body and path parameter
Request:
```
$ curl -i -X POST localhost:8002/user/john \
-H 'content-type: application/json' \
-d '{"name":"Jonathan"}'
```
Response:
```
HTTP/1.1 200 OK
X-Powered-By: Express
Date: Fri, 26 Mar 2021 19:48:35 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked{"type":"AUTH","status":"SUCCESSFUL"}
```### Direct requests to the server
Request:
```
$ curl -i -X GET localhost:8001/hello
```
Response:
```
HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 12
ETag: W/"c-dAuDFQrdjS3hezqxDTNgW7AOlYk"
Date: Fri, 26 Mar 2021 19:51:23 GMT
Connection: keep-alive
Keep-Alive: timeout=5Unauthorized
```## License
Licensed under the [MIT](LICENSE) License.