Git Product home page Git Product logo

canapi's Introduction

Canapi

======== Canapi is an API Management Gateway built on Express.js. Build API management proxies based on a simple configuration file and a [RAML] (https://github.com/raml-org/raml-spec) file.

Functions

Current management tools available to API management proxies are:

  • Request URI and query parameter validation
  • Password protection
  • OAuth authorization with access tokens
  • Request logging in database

Setup Instructions

  • Install Node.js and npm
  • [Install mongodb] (http://docs.mongodb.org/manual/installation/)
  • Make a clone of Canapi
  • From cananpi/server run npm install
  • Copy any wanted raml files into canapi/server/
  • Edit the canapi configuration file to include settings for all desired api proxies (See Server Configuration)
  • Run the command "node server.js" from canapi/server
  • Check Known Issues section if there is a problem

Server configuration

Follow the example shown in the server/default-config.js file. If you are including any access_tokens in your configuration, create a server.config.js file to override the default-config.js file. This will keep your tokens from being committed.

Design Decisions

I decided to use Node.js, Express.js, and Mongodb because I have previous experience with this stack. I like to think of the overall concept of API gateways as including middleware functionalities to an API. Express allows me to code my solution to reflect that model. Adding new management functionality can be done by implementing a new middleware and simply adding it to the desired router.

My priority with this project was to enable the creation of an API gateway with request validation through the use of RAML. To do this, I used the [RAML Javascript Parser] (https://github.com/raml-org/raml-js-parser) to get a tree structure of the resources of an API. With this resource tree, I am able to build custom validation middleware for each resource endpoint in the API. Once API gateways were building from raml files, adding new gateway management functionality became a simple task.

Based on server configuration, an API endpoint is made accessible at the canapi server/api-local-path/resource-endpoint

API Gateway configuration design

For the scope of this 2 week side-project, API Gateway details and configuration are all done on the server before starting up. Going forward, it would be easy to add Canapi specific endpoints to allow admins or white-listed IPs to send new API Gateway configurations to a Canapi server for API gateway addition.

OAuth configuration design

For the scope of this 2 week side-project, OAuth compliance is done in the most simple form. If a Canapi creator wishes to enable the management of an OAuth protected API, they must include an access_token to that api in the server configuration. For the time being, only OAuth 2.0 is supported.

User login design

For the scope of this 2 week side-project, requiring user login is solely for the purpose of logging which users make a request. In the future, a authorization layer could be added to give users privileges to use APIs and endpoints. The user client must have the ability to save a cookie which is sent to them after using the /register or /authorize Canapi endpoint. The user client must save authtoken included in the cookie response from these endpoints and include it in the cookies they send to User login protected APIs.

Request logging design

For the scope of this 2 week side-project, I wasn't able to get around to creating the API for this resource. For now, when request logging is enabled, Canapi will simply save all request data to the mongo db associated with Canapi. In the future, a REST API for this resource would be simple to create.

Known Issues

You can check the github issues section to see some of the known issues with this code. Some notable ones are:

  • Only json api's supported currently
  • Post parameters are not validated due to a raml-parser problem. See this [RAML-Parser Issue] (raml-org/raml-js-parser#115)
  • URI Parameters which act as a generic variable rather than a URI segment variable are broken. Notable examples are the 1) version string included in most API RAMLs. Fix this by appending the version string to the baseURI of a raml file. 2) Media types at the end of a url. eg. Twitter's API allowing each endpoint to end in '.json' or not.

Future

My future plans for this are to more fully support the RAML Specification for server configuration. Once that is complete, adding new management functionality is as simple as adding middlewares and creating rest APIs for collected data.

canapi's People

Stargazers

avatar avatar avatar

Watchers

avatar

Forkers

gitter-badger

canapi's Issues

Get Query parameter validation

Get endpoints should all have validation on their query parameters.

  • create query parameter validation functions
  • create mapping between parameter types and their validation functions
  • in ApiProxy.prototype.makeRoute call each validation function on parameters, using the mapping

Title only says Get Query Params, but I will leave this here because it will use the same code:

  • in ApiProxy.prototype.makeRoute call each validation function on POST parameters

Create Server Config

Server configuration should define multiple parameters for the server.

  • Starting APIs with their relative subpaths and the path to their raml files
  • details on how to protect each api

Create end-to-end test suite

I would like to create a test suite that tests all management functions.

  • User login test script
  • API validation test script
  • Requestlog test script
  • OAuth required test script
  • Unit tests

Error reporting system

To save time, I haven't thought much about the error reporting system of this project.
I would like to abstract the error reporting throughout Canapi to make it more uniform from user's perspective and cleaner from a coder's perspective.

Admin Endpoints for API Configuration

At the moment all API Proxies are made at server start. This doesn't have to be the case.
I would like to make a set of IP Protected endpoints that would allow a Canapi's admin to post a RAML file and API Proxy configuration to add API Proxies at runtime.

  • Create IP whitelisted endpoints
  • POST Endpoint for RAML file and server config
  • Create API Proxy at runtime

OAuth 2.0 verification

I need to make a means for my application to go through github OAuth2_0 verification.
This will allow all endpoints to be sent with a user's oauth token.

  • Send back authentication to local user endpoint in a cookie
  • Implement small test script which can hold authentication cookie for subsequent requests
  • Implement OAuth2.0 call flow with github (Try to base functions on raml so this can be used for others later)
  • Test Oauth flow as enduser to my api gateway

Validate post parameters

Currently, post parameters are not validated.

This is specifically because of the issue at:
raml-org/raml-js-parser#115

Embedded schema parsing will need to be fixed on the javascript raml-parser before I can validate the github api post parameters.

URI Parameters not fully supported

URI Parameters are working in path segments, but not in cases like Twitter's {mediatype} fields.

This means paths that can be /resourceName or /resourceName.json are broken.

Rate Limit

Create a rate limitting middleware to be configured in server config.

  • Implement rate limiter
  • Add configuration options to server config for rate limiter
  • Refuse requests beyond rate limit

Request Cache

Decide whether to use Memcache or Reddis for a request caching layer.

  • Implement a cache layer for Canapi
  • Implement conditional requests using Canapi cache layer

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.