@aikidosec/firewall
Version:
Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks
51 lines (50 loc) • 2.13 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.updateApiInfo = updateApiInfo;
const getApiInfo_1 = require("./getApiInfo");
const mergeApiAuthTypes_1 = require("./mergeApiAuthTypes");
const mergeDataSchemas_1 = require("./mergeDataSchemas");
/**
* Updates the body, query, and auth info of an existing route with new info from the context.
* Only the first 10 hits of a route during one heartbeat window are sampled.
* Unless process.env.MAX_API_DISCOVERY_SAMPLES is set to a different value.
*/
function updateApiInfo(context, existingRoute, maxSamples) {
var _a;
// Only sample first x hits of a route during one heartbeat window
if (existingRoute.hits > maxSamples) {
return;
}
try {
const { body: newBody, query: newQuery, auth: newAuth, } = (0, getApiInfo_1.getApiInfo)(context) || {};
const existingSpec = existingRoute.apispec;
// Merge body schemas if both exists, otherwise set the new body schema if it exists
if (existingSpec.body && newBody) {
existingSpec.body = {
type: newBody.type,
schema: (0, mergeDataSchemas_1.mergeDataSchemas)((_a = existingSpec.body) === null || _a === void 0 ? void 0 : _a.schema, newBody.schema),
};
}
else if (newBody) {
existingSpec.body = newBody;
}
if (newQuery &&
typeof newQuery === "object" &&
Object.keys(newQuery).length > 0) {
if (existingSpec.query && newQuery) {
existingSpec.query = (0, mergeDataSchemas_1.mergeDataSchemas)(existingSpec.query, newQuery);
}
else {
existingSpec.query = newQuery;
}
}
existingSpec.auth = (0, mergeApiAuthTypes_1.mergeApiAuthTypes)(existingSpec.auth, newAuth);
// Normalize empty apispec so we do not get something like { auth: undefined }
if (!existingSpec.body && !existingSpec.query && !existingSpec.auth) {
existingRoute.apispec = {};
}
}
catch {
// ignore
}
}