api

module:api

Description:
  • HTTP API to the server from the clients, this module implements the basic HTTP(S) API functionality with some common features.

    The API module incorporates the middleware app via api.app function.

    The server spawns Web workers to perform actual operations, monitors the worker processes if they die and restart them automatically.

    How many processes to spawn can be configured via -app-workers config parameter.

Source:

Members

(static) app :Router

Description:
  • Default router

Source:

(static) args :Array.<ConfigOptions>

Source:
Default Value:
  • [
      {
        "name": "version",
        "descr": "Custom Server: header to return for all requests"
      },
      {
        "name": "port",
        "type": "number",
        "min": 0,
        "descr": "port to listen for the HTTP server, this is global default"
      },
      {
        "name": "bind",
        "descr": "Bind to this address only, if not specified listen on all interfaces"
      },
      {
        "name": "backlog",
        "type": "int",
        "descr": "The maximum length of the queue of pending connections, used by HTTP server in listen."
      },
      {
        "name": "ssl",
        "type": "map",
        "obj": "ssl",
        "merge": 1,
        "descr": "SSL params: port, bind, key, cert, pfx, ca, passphrase, crl, ciphers"
      },
      {
        "name": "allow-middleware",
        "type": "regexp",
        "descr": "Modules allowed to call configureMiddleware, i.e. only allowed endpoints"
      },
      {
        "name": "accesslog-disabled",
        "obj": "accesslog",
        "type": "bool",
        "descr": "Disable access logging in both file or syslog"
      },
      {
        "name": "accesslog-file",
        "obj": "accesslog",
        "descr": "File for access logging"
      },
      {
        "name": "accesslog-level",
        "obj": "accesslog",
        "type": "int",
        "descr": "Syslog level priority, default is local5.info, 21 * 8 + 6"
      },
      {
        "name": "accesslog-fields",
        "obj": "accesslog",
        "array": 1,
        "type": "list",
        "descr": "Additional fields from the request or user to put in the access log, prefix defines where the field is lcoated: q: - query, b: - body, o: - options, h: - headers, u: - user otherwise from the request",
        "example": "api-log-fields = h:Referer,u:name,q:action,b:id"
      },
      {
        "name": "max-requests",
        "type": "number",
        "min": 0,
        "descr": "Max number of requests in the processing queue, if exceeds this value server returns 503 too busy error"
      },
      {
        "name": "requests-per-socket",
        "type": "int",
        "min": 0,
        "descr": "The maximum number of requests a socket can handle before closing keep alive connection"
      },
      {
        "name": "idle-timeout",
        "type": "number",
        "min": 0,
        "max": 3600000,
        "descr": "HTTP request idle timeout for servers in ms, how long to keep the connection socket open, this does not affect Long Poll requests"
      },
      {
        "name": "keep-alive-timeout",
        "type": "int",
        "descr": "Number of milliseconds to keep the HTTP conection alive"
      },
      {
        "name": "request-timeout",
        "type": "int",
        "min": 0,
        "descr": "Number of milliseconds to receive the entire request from the client"
      },
      {
        "name": "reuse-port",
        "type": "bool",
        "descr": "Allow multiple sockets on the same host to bind to the same port"
      },
      {
        "name": "exit-on-error",
        "type": "bool",
        "descr": "Exit on uncaught exception in the route handler, shutdown the worker process gracefully"
      },
      {
        "name": "run-mode",
        "descr": "als - run inside async local storage `lib.als`, domain - run inside node:domain, other - direct callback"
      },
      {
        "name": "trust-proxy",
        "type": "bool",
        "descr": "Trust proxy headers for IP/Host"
      },
      {
        "name": "defaults-([a-z0-9_]+)-(.+)",
        "obj": "defaults.$2",
        "make": "$1",
        "autotype": 1,
        "descr": "Global body limits for `api.validate`, format is: api-defaults-LIMIT-NAME, where LIMIT is an property that performs limiting like max, maxlist, min, required.., NAME is a schema property, it can be path specific",
        "example": "# Limit all names length up to 128 chars\napi-defaults-max-name = 128\n# Limit groups list size for /endpoint to 255\napi-defaults-maxlist-/endpoint-groups = 255"
      },
      {
        "name": "restart-hours",
        "type": "list",
        "datatype": "int",
        "descr": "List of hours when to restart api workers, only done once for each hour"
      },
      {
        "name": "restart-process",
        "descr": "On address in use error condition restart the specified servers, this assumes an external monitor like monit to handle restarts"
      },
      {
        "name": "err-(.+)",
        "descr": "Error messages for various cases"
      }
    ]

(static) defaults :object

Description:
Source:
Properties:
Name Type Description
".*" string

matches all fields of all types, maxlist: 512

"*.json" string

matches all json fields, max: 4000

"*.string" string

matches all string fields, max: 512

"*.text" string

matches all text fields, max: 512

"*.object" string

matches all object fields, max: 32000

"*.array" string

matches all array objects, max: 32000

(inner) bind :string

Description:
  • listen on the specified local interfcae,

Source:
Default Value:
  • 0.0.0.0

(inner) port :int

Description:
  • HTTP port to listen to for web server,

Source:
Default Value:
  • 8000

Methods

(async, static) alimiter(name, options) → {Object}

Description:
Source:
Parameters:
Name Type Description
name string

unique name to check, this is the cache key in other words

options object

same as in module:api.limiter

Returns:
Type Description
{err:object, info:object}

(static) createServer(port, bindopt, restartopt, sslopt, timeoutopt, keepAliveTimeoutopt, requestTimeoutopt, maxRequestsPerSocketopt, maxHeaderSizeopt, reusePortopt, nameopt)

Description:
  • Create a Web server with options and request handler, returns a server object.

    Options can have the following properties:

Source:
Parameters:
Name Type Attributes Description
port int

port number is required

bind string <optional>

address to bind

restart string <optional>

name of the processes to restart on address in use error, usually "web"

ssl objext <optional>

an object with SSL options for TLS createServer call

timeout int <optional>

number of idle milliseconds for the request to close

keepAliveTimeout int <optional>

number of milliseconds to keep the HTTP connecton alive

requestTimeout int <optional>

number of milliseconds to receive the entire request from the client

maxRequestsPerSocket int <optional>

number of requests a socket can handle before closing keep alive connection

maxHeaderSize int <optional>

maximum length of request headers in bytes

reusePort boolean <optional>

allows multiple sockets on the same host to bind to the same port

name string <optional>

server name to be assigned

(static) init()

Description:
  • Initialize API layer, this must be called before the api module can be used but it is called by the server module automatically so api.init is rearely need to called directly, only for new server implementation or if using in the shell for testing.

    Calls configureMiddleware methods to allow other modules to setup request processing.

Source:

(static) limiter(name, options, callback)

Description:
  • Perform rate limiting by name, uses shared or local cache where to keep TokenBucket object

Source:
Parameters:
Name Type Description
name string

unique name to check, this is the cache key in other words

options object
Properties
Name Type Attributes Default Description
max number

max capacity to be used by default

rate number <optional>

fill rate to be used by default

interval number <optional>
1000

interval in ms within which the rate is measured, default 1000 ms

ttl number <optional>

auto expire after specified ms since last use

reset number | boolean <optional>

if true reset the token bucket if not consumed or the total reached this value if number greater than 1

message string <optional>

more descriptive text to be used in the error message for the type, if not specified a generic error message is used

queue string <optional>

which queue to use instead of the default, some limits are more useful with global queues like Redis instead of the default in-process cache

delay number <optional>

time in ms to delay the response, slowing down request rate

multiplier number <optional>

multiply the interval after it consumed all tokens, subsequent checks use the increased interval, fractions supported, if the multiplier is positive then the interval will keep increasing indefinitely, if it is negative the interval will reset to the default value on first successful consumption

cacheName string <optional>
local

cache to use for token bucket shared rate limit

callback function(err:object, info:object)
  • the err object is { status: 429, message: string, retryAfter: ms }
  • the info object from module:cache.limiter as { delay: number, count: number, total: number, elapsed: number }
Example
api.limiter(context.path, { rate: 10, interval: 1000 }, lib.log);

api.limiter(context.ip, { rate: 100, interval: 60000 }, lib.log);

api.limiter(context.userId, { rate: 10, interval: 3600000, message: "Slow down please for %s" }, lib.log);

api.limiter([context.userId,context.path], { rate: 10, interval: 3600000 }, lib.log);

(static) shutdown()

Description:
  • Gracefully close all connections, call the callback after that

Source:

(static) validate(context, schema, optionsopt) → {object}

Description:
  • Validate body/query parameters according to the schema by using module:lib.validate, uses the context.body if parsed or context.query.

    This method uses `module:api~defaults to always limit incoming data and adjust if needed, text fields are limited to 512 chars, object to 32k, json to 4k, arrays to 512 items.

Source:
Parameters:
Name Type Attributes Description
context RequestContext
schema module:lib.ValidateOptions

schema object

options object <optional>
Properties
Name Type Attributes Description
defaults object <optional>

merged with global api.defaults

query boolean <optional>

use only context.query

Returns:
Type Description
object
  • a query object or an error { data, err }
Examples
const { err, data } = api.validate(context, { q: { required: 1 } });
 if (err) return context.reply(err)

Overriding defaults, allow longer text fields

const opts = {
    defaults: {
        "*.string": { max: 1024 },
}

const schema = {
    q: { required: 1 },
    name: {},
    amount: { type: "number", minnum: 1 }
}
const { err, data } = api.validate(context, schema, opts);

(static) writeAccesslog(context)

Description:
  • Record reauest into access log if enabled

Source:
Parameters:
Name Type Description
context RequestContext