Versionen im Vergleich

Alte Version 3

changes.mady.by.user Florian Wolff

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user Florian Wolff

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

Codeblock
languagejs
/// <reference path="../../../.vscode.js"/>

import { RouterBuilder } from '@de.pinuts.apirouter/shared/routing.es6';

const list = (req, res) => {
    // Will be called when requesting GET <http://localhost:8080/cmsbs/rest/de.mycompany.restdemo.api/document>
    res.json({
        message: 'list has been called'
    });
}

const show = (req, res) => {
    // Will be called when requesting GET <http://localhost:8080/cmsbs/rest/de.mycompany.restdemo.api/document/123>
    res.json({
        message: 'show has been called!',
        req.params
    });
}

const update = (req, res) => {
    // Will be called when requesting PUT <http://localhost:8080/cmsbs/rest/de.mycompany.restdemo.api/document/123>
    res.json({
        message: 'update has been called',
        req.params
    });
}

const create = (req, res) => {
    // Will be called when requesting POST <http://localhost:8080/cmsbs/rest/de.mycompany.restdemo.api/document>
    res.json({
        message: 'create has been called',
        req.params
    });
}

const remove = (req, res) => {
    // Will be called when requesting DELETE <http://localhost:8080/cmsbs/rest/de.mycompany.restdemo.api/document/123>
    res.json({
        message: 'remove has been called',
        req.params
    });
}

const basicAuth = (username, password) => {
    const e = UM.getEntry('login_name', username);
    return e && e.testPassword(password) && e.get('entrytype') == 'apiuser';
}

const routerBuilder = new RouterBuilder()
    // .protectFromForgery()
    .protectFromCaching()
    .allowCors()
    .handlePreflightRequests()
    // .requireOpenPassword()
    // .requireBasicAuth('api-realm', basicAuth)
    // .requireApiKey()   // Since UM 7.55.1
    .get('/document/:id', show)
    .get('/document', list)
    .put('/document/:id', update)
    .post('/document', create)
    .delete('/document/:id', remove);

de.mycompany.restdemo.apiController = routerBuilder.build();

...

handlePreflightRequests() tells the Router to respond to all OPTIONS (=preflight) requests by setting the appropriate Access-Control-Allow headers according to the global default settings defined in the CORS app instance.
This is necessary to allow POST, PUT and DELETE requests in a Cross Origin situation.

requireApiKey

(since UM 7.55.1)

requireApiKey tells the Router to expect an API key being presented in the Authorization HTTP header following Basic Auth conventions.

requireOpenPassword

requireOpenPassword tells the Router to expect the API token (aka “open password”) to be present in a request header named X-Cmsbs-Open.

This allows to provide basic protection for a non-public REST API.

requireBasicAuth

requireBasicAuth tells the Router to require Basic Auth for all routes.

The Basic Auth Realm and a callback to check the given credentials must be specified. (See const basicAuth in the example above.)

Consuming a REST API

REST APIs that make use of the allowCors() function require a special request header to be sent with every non-GET request:

...