doriansmiley / serverless-tools Goto Github PK
View Code? Open in Web Editor NEWA yoemans generator for OpenAPI version 3.0
A yoemans generator for OpenAPI version 3.0
Add an option to enable IO|Pipe as a Lambda layer. Need to research exactly how to do this.
There is a benefit to setting up an isomorphic environment right off the bat, but it bloats the code and can lead to problems like we saw when we included the SpiSdk which also sets up globals.
npm i debug
See if there is an open API 3.0 compatible version of oas3Tools.swaggerValidator. Check out:
https://www.npmjs.com/package/swagger-model-validator
example: https://github.com/atlantishealthcare/swagger-model-validator/blob/master/tests/testOpenApi3.0.js
Be sure that the validator is express middleware.
Add swagger-ui-express to package.json
Refactor index.ts as follows:
// IMPORTANT: all routes that do not require JWT authentication must be declared ahead of registering the middleware with app.use
app.get('/', cors(), function (req, res) {
res.status(200).send('Hello World! I am the tenants-api API ' + process.env.API_VERSION);
});
const xssConfig = {
stripIgnoreTag: true
};
app.use('/', new XSSController(xssConfig).register());
//setup route for documents
app.use('/docs/', cors(), swaggerUi.serveWithOptions({ redirect: false }), swaggerUi.setup(swaggerDocument));
Note what we are doing here is removing JWT validation from the health check and docs route.
Add boiler plate to the serverless yaml for the docs and health check:
HealthCheck:
handler: src/index.handler
events:
- http:
path: /
method: get
cors:
origin: '*'
headers:
- Content-Type
- Authorization
- x-amzn-trace-id
warmup: true
environment:
STAGE: ${opt:stage}
JWT_SECRET: ${opt:jwt-secret}
vpc:
securityGroupIds:
- !ImportValue ${opt:networking-stack,'Zeus1-VPC'}:SecurityGroup
subnetIds:
- !ImportValue ${opt:networking-stack,'Zeus1-VPC'}:PrivateSubnet1
- !ImportValue ${opt:networking-stack,'Zeus1-VPC'}:PrivateSubnet2
- !ImportValue ${opt:networking-stack,'Zeus1-VPC'}:PrivateSubnet3
Docs:
handler: src/index.handler
events:
- http:
path: /docs/{proxy+}
method: get
cors:
origin: '*'
headers:
- Content-Type
- Authorization
- x-amzn-trace-id
warmup: true
environment:
STAGE: ${opt:stage}
JWT_SECRET: ${opt:jwt-secret}
vpc:
securityGroupIds:
- !ImportValue ${opt:networking-stack,'Zeus1-VPC'}:SecurityGroup
subnetIds:
- !ImportValue ${opt:networking-stack,'Zeus1-VPC'}:PrivateSubnet1
- !ImportValue ${opt:networking-stack,'Zeus1-VPC'}:PrivateSubnet2
- !ImportValue ${opt:networking-stack,'Zeus1-VPC'}:PrivateSubnet3
Set up CI/CD pipeline using Github actions. Toe test, run the generator against a spec file, run npm test. Make sure to remove all generated files regardless of whether or not tests pass
There is no reason to do this. Just return using return
or throw.
Refactor the AbstractController.register function to properly use XRay. Should look like this:
// you can override invoke in a subclass to adjust the return type
protected async invoke(event): Promise<any> {
return new Promise<any>((resolve, reject)=>{
// add X-Ray telemetry passing the subsegment
AWSXRay.captureAsyncFunc(this.getSegmentName(), async (subsegment) => {
try {
const result = await this.processRequest(event);
resolve(result);
} catch(e) {
this.log(LogLevels.ERROR, e.message, event, e);
reject(e);
} finally {
subsegment.close();
}
});
});
}
protected async processRequest(event): Promise<any> {
// to open a subsegment for x-ray call AWSXRay.captureAsyncFunc
// you'll have to promisfy the call or wrap in a promise like invoke
// log request received
this.log(LogLevels.INFO, this.getSegmentName() + ' Request received', event);
try {
// first validate the incoming request.
this.checkValidation(event);
// stub for override
// in your sub classes you should supply value for result and error
return null;
} catch (e) {
// log error response
this.log(LogLevels.ERROR, e.message, null, e);
throw e;
}
}
In index.ts make sure we are opening up the main segment and closing it as follows
var AWSXRay = require('aws-xray-sdk');
app.use(AWSXRay.express.openSegment('defaultName')); // required at the start of your routes
app.get('/', function (req, res) {
res.render('index');
});
app.use(AWSXRay.express.closeSegment()); //Required at the end of your routes / first in error handling routes
Reference is at: https://docs.aws.amazon.com/xray-sdk-for-nodejs/latest/reference/
Get security patches merged. Get rid of the express serverless plugin. Migrate to serverless-components express API. Include a Dockerfile and for containerization. Options in v2 should include:
I would architect the generators to handle Gateway handling (including authentication) as a separate layer. Instrumentation is done as a separate layer. The serverless component supports Lambda layers.
Generators for the express API are largely the same; I think it is nothing special to do there besides removing the serverless express plugin.
For http/2 support in express take a look at this article, and this one. Apparently Express has no support for http/2 and spdy is recommended by express as the tool to use.
For http/2 support in API Gateway both CloudFront and API Gateway support http/2. They should handle the requests natively.
For a general guide on http/s and the benefits, read this article.
Create a generator for MongoDB (next iteration can support DynamoDB) that will create standard CRUD operations for GET, POST, UPDATE, and DELETE actions. This will be a separate repo and generator. The generator should take in an output path (ie where the DAO objects will be created) and an API spec location. The output will contain:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.