Versionen im Vergleich

Version Alte Version 3 Neue Version Aktuell
Änderungen wurden vorgenommen von

Florian Wolff

Florian Wolff

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

Codeblock
languagejs
/// <reference path="../../../.vscode.js"/>

import { RouterBuilder } from '@de.pinuts.apirouter/shared/routing.es6';

const list = (req, res) => {
    // Will be called when requesting GET <http://localhost:8080/cmsbs/rest/de.mycompany.restdemo.api/document>
    res.json({
        message: 'list has been called'
    });
}

const show = (req, res) => {
    // Will be called when requesting GET <http://localhost:8080/cmsbs/rest/de.mycompany.restdemo.api/document/123>
    res.json({
        message: 'show has been called!',
        req.params
    });
}

const update = (req, res) => {
    // Will be called when requesting PUT <http://localhost:8080/cmsbs/rest/de.mycompany.restdemo.api/document/123>
    res.json({
        message: 'update has been called',
        req.params
    });
}

const create = (req, res) => {
    // Will be called when requesting POST <http://localhost:8080/cmsbs/rest/de.mycompany.restdemo.api/document>
    res.json({
        message: 'create has been called',
        req.params
    });
}

const remove = (req, res) => {
    // Will be called when requesting DELETE <http://localhost:8080/cmsbs/rest/de.mycompany.restdemo.api/document/123>
    res.json({
        message: 'remove has been called',
        req.params
    });
}

const basicAuth = (username, password) => {
    const e = UM.getEntry('login_name', username);
    return e && e.testPassword(password) && e.get('entrytype') == 'apiuser';
}

const routerBuilder = new RouterBuilder()
    // .protectFromForgery()
    .protectFromCaching()
    .allowCors()
    .handlePreflightRequests()
    // .requireOpenPassword()
    // .requireBasicAuth('api-realm', basicAuth)
    // .requireApiKey({permission: 'de.mycompany.restdemo:DemoPerm'})   // Since UM 7.55.1
    .get('/document/:id', show)
    .get('/document', list)
    .put('/document/:id', update)
    .post('/document', create)
    .delete('/document/:id', remove);

de.mycompany.restdemo.apiController = routerBuilder.build();

...

handlePreflightRequests() tells the Router to respond to all OPTIONS (=preflight) requests by setting the appropriate Access-Control-Allow headers according to the global default settings defined in the CORS app instance.
This is necessary to allow POST, PUT and DELETE requests in a Cross Origin situation.

requireApiKey(options)

(since UM 7.55.1)

requireApiKey tells the Router to expect an API key being presented in the Authorization HTTP header following Basic Auth conventions.

If a specific permission should be required, it must be given in the following format: PLUGIN:PERMISSION where PLUGIN is the package name of the respective plugin (de.mycompany.restdemo in the example above) and PERMISSION is the name of a plugin-specific permission that must be declared in the plugin descriptor like this:

Codeblock
languagejson
{
    "name": "de.mycompany.restdemo",
    "apiPermissions": [
        "DemoPerm",
        "GetFoo",
        "CreateFoo"
    ]
}

requireOpenPassword

requireOpenPassword tells the Router to expect the API token (aka “open password”) to be present in a request header named X-Cmsbs-Open.

This allows to provide basic protection for a non-public REST API.

requireBasicAuth

requireBasicAuth tells the Router to require Basic Auth for all routes.

The Basic Auth Realm and a callback to check the given credentials must be specified. (See const basicAuth in the example above.)

Consuming a REST API

REST APIs that make use of the allowCors() function require a special request header to be sent with every non-GET request:

...