Versionen im Vergleich

Alte Version 3

changes.mady.by.user Florian Wolff

Gespeichert am

verglichen mit

Neue Version 4

changes.mady.by.user Florian Wolff

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

Codeblock
languagejs
/// <reference path="../../../.vscode.js"/>

import { RouterBuilder } from '@de.pinuts.apirouter/shared/routing.es6';

const list = (req, res) => {
    // Will be called when requesting GET <http://localhost:8080/cmsbs/rest/de.mycompany.restdemo.api/document>
    res.json({
        message: 'list has been called'
    });
}

const show = (req, res) => {
    // Will be called when requesting GET <http://localhost:8080/cmsbs/rest/de.mycompany.restdemo.api/document/123>
    res.json({
        message: 'show has been called!',
        req.params
    });
}

const update = (req, res) => {
    // Will be called when requesting PUT <http://localhost:8080/cmsbs/rest/de.mycompany.restdemo.api/document/123>
    res.json({
        message: 'update has been called',
        req.params
    });
}

const create = (req, res) => {
    // Will be called when requesting POST <http://localhost:8080/cmsbs/rest/de.mycompany.restdemo.api/document>
    res.json({
        message: 'create has been called',
        req.params
    });
}

const remove = (req, res) => {
    // Will be called when requesting DELETE <http://localhost:8080/cmsbs/rest/de.mycompany.restdemo.api/document/123>
    res.json({
        message: 'remove has been called',
        req.params
    });
}

const basicAuth = (username, password) => {
    const e = UM.getEntry('login_name', username);
    return e && e.testPassword(password) && e.get('entrytype') == 'apiuser';
}

const routerBuilder = new RouterBuilder()
    // .protectFromForgery()
    .protectFromCaching()
    .allowCors()
    .handlePreflightRequests()
    // .requireOpenPassword()
    // .requireBasicAuth('api-realm', basicAuth)
    .get('/document/:id', show)
    .get('/document', list)
    .put('/document/:id', update)
    .post('/document', create)
    .delete('/document/:id', remove);

de.mycompany.restdemo.apiController = routerBuilder.build();

...

handlePreflightRequests() tells the Router to respond to all OPTIONS (=preflight) requests by setting the appropriate Access-Control-Allow headers according to the global default settings defined in the CORS app instance.
This is necessary to allow POST, PUT and DELETE requests in a Cross Origin situation.

requireOpenPassword

requireOpenPassword tells the Router to expect the API token (aka “open password”) to be present in a request header named X-Cmsbs-Open.

This allows to provide basic protection for a non-public REST API.

requireBasicAuth

requireBasicAuth tells the Router to require Basic Auth for all routes.

The Basic Auth Realm and a callback to check the given credentials must be specified. (See const basicAuth in the example above.)

Consuming a REST API

REST APIs that make use of the allowCors() function require a special request header to be sent with every non-GET request:

...