Skip to content

The First Roast

Compare
Choose a tag to compare
@line-o line-o released this 08 Jan 11:50
· 116 commits to master since this release
8b0b2da

Rebranding

The name changes to "roaster". A new library module of the same name is also the main entry point for users of this library now.
roaster:route#2, roaster:route#3 for routing and roaster:respond#2 to roaster:respond#4 to control what is returned from a route handler.

The test application is now called "roasted" :)

Namespaces all start with http://e-editiones.org/roaster
And we added a logo for good measure.

Authentication

You can now define custom authentication handlers and pass them to roaster.
The function MUST return the user it has identified. That information is then added to the request map.
If a route has x-constraints with groups or users, the user information in the request map is checked if it matches.
If it does not an error will be returned.

That will already handle a great deal of authorization needs in the router itself. So, your route handlers can
already assume a valid and authorised user. Of course this can still be deferred to the route handler, for more
complex checks.

The test application has a second API definition file that shows how to extend an API with arbitrary middleware, how to add headers and how to add JWT authorisation as an example.

NOTE:
For the second API definition to work you will have to install crypto-lib in version 1.0.0 and exist-jwt from the public package repository.

BREAKING CHANGES:

  • the use of router:route is discouraged, use roaster:route instead.
  • the $lookup-function expects only one parameter and should not catch errors

ENHANCEMENTS:

  • all errors are catched uniformly with additional information passed to error handlers
  • enable arbitrary middleware to transform all incoming requests
  • rewrite authentication as a middleware
  • enables custom authentication strategies
  • adds "user" property to request map
  • rewrite parameter retrieval as a middleware
  • return status code 405 for matching route but non-matching method
  • throw errors:OPERATION on configuration errors in API definition
  • log incoming and outgoing requests with unique request-id
  • use gulp tasks for comfortable development and installation

FIXES:

  • order catch statements by status code
  • convert map:get to $map?($key)
  • throw on wrong paths in router:resolve-ref
  • change variable names to use snake-case where possible
  • refactor module for readability
  • split up modules by concern
  • add tests for binary up and download