@aikidosec/firewall
Version:
Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.
51 lines (50 loc) • 2.13 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.updateApiInfo = updateApiInfo;
const getApiInfo_1 = require("./getApiInfo");
const mergeApiAuthTypes_1 = require("./mergeApiAuthTypes");
const mergeDataSchemas_1 = require("./mergeDataSchemas");
/**
* Updates the body, query, and auth info of an existing route with new info from the context.
* Only the first 10 hits of a route during one heartbeat window are sampled.
* Unless process.env.MAX_API_DISCOVERY_SAMPLES is set to a different value.
*/
function updateApiInfo(context, existingRoute, maxSamples) {
var _a;
// Only sample first x hits of a route during one heartbeat window
if (existingRoute.hits > maxSamples) {
return;
}
try {
const { body: newBody, query: newQuery, auth: newAuth, } = (0, getApiInfo_1.getApiInfo)(context) || {};
const existingSpec = existingRoute.apispec;
// Merge body schemas if both exists, otherwise set the new body schema if it exists
if (existingSpec.body && newBody) {
existingSpec.body = {
type: newBody.type,
schema: (0, mergeDataSchemas_1.mergeDataSchemas)((_a = existingSpec.body) === null || _a === void 0 ? void 0 : _a.schema, newBody.schema),
};
}
else if (newBody) {
existingSpec.body = newBody;
}
if (newQuery &&
typeof newQuery === "object" &&
Object.keys(newQuery).length > 0) {
if (existingSpec.query && newQuery) {
existingSpec.query = (0, mergeDataSchemas_1.mergeDataSchemas)(existingSpec.query, newQuery);
}
else {
existingSpec.query = newQuery;
}
}
existingSpec.auth = (0, mergeApiAuthTypes_1.mergeApiAuthTypes)(existingSpec.auth, newAuth);
// Normalize empty apispec so we do not get something like { auth: undefined }
if (!existingSpec.body && !existingSpec.query && !existingSpec.auth) {
existingRoute.apispec = {};
}
}
catch {
// ignore
}
}