* Added npm last update badge
* extended NpmBase class instead of BaseJsonService.
* added scoped packages to last update.
* introduced additionalQueryParamSchema
this is to add other query params schema, other than the one present in NpmBase.
* removed version query param
* in absence of modified date, it'll fetch created.
* removed version query param.
* added dist-tags.
* Update services/npm/npm-last-update.service.js
Co-authored-by: jNullj <15849761+jNullj@users.noreply.github.com>
* refactored handle method for dist-tags.
* Update services/npm/npm-last-update.service.js
Co-authored-by: chris48s <chris48s@users.noreply.github.com>
* added date validation check.
* added date validation check.
* added date validation check.
---------
Co-authored-by: jNullj <15849761+jNullj@users.noreply.github.com>
Co-authored-by: chris48s <chris48s@users.noreply.github.com>
* allow serviceData to override cacheSeconds with a longer value
* prevent [endpoint] json cacheSeconds property exceeding service default
* allow ShieldsRuntimeError to specify a cacheSeconds property
By default error responses use the cacheLength of
the service class throwing the error.
This allows error to tell the handling layer the maxAge
that should be set on the error badge response.
* add customExceptions param
This
1. allows us to specify custom properties to pass to the exception
constructor if we throw any of the standard got errors
e.g: `ETIMEDOUT`, `ECONNRESET`, etc
2. uses a custom `cacheSeconds` property (if set on the exception)
to set the response maxAge
* customExceptions --> systemErrors
* errorMessages --> httpErrors
* fix: node service has bad colors #4809
* fix: node service has bad colors #4809
* fix: node service has bad colors #4809
* fix: node service has bad colors #4809
* fix: node service has bad colors #4809
* fix: node service has bad colors #4809
* fix: node service has bad colors #4809
* fix: node service has bad colors #4809
* fix: node service has bad colors #4809
* fix: node service has bad colors #4809
* fix: node service has bad colors #4809
* fix: node service has bad colors #4809
* fix: node service has bad colors #4809
* fix: node service has bad colors #4809
* fix: node service has bad colors #4809
* chore: minor service test rename
Co-authored-by: Caleb Cartwright <calebcartwright@users.noreply.github.com>
This is a reworking of #3410 based on some feedback @calebcartwright left on that PR.
The goals of injecting the secrets are threefold:
1. Simplify testing
2. Be consistent with all of the other config (which is injected)
3. Encapsulate the sensitive auth-related code in one place so it can be studied and tested thoroughly
- Rather than add more code to BaseService to handle authorization logic, it delegates that to an AuthHelper class.
- When the server starts, it fetches the credentials from `config` and injects them into `BaseService.register()` which passes them to `invoke()`.
- In `invoke()` the service's auth configuration is checked (`static get auth()`, much like `static get route()`).
- If the auth config is present, an AuthHelper instance is created and attached to the new instance.
- Then within the service, the password, basic auth config, or bearer authentication can be accessed via e.g. `this.authHelper.basicAuth` and passed to `this._requestJson()` and friends.
- Everything is being done very explicitly, so it should be very clear where and how the configured secrets are being used.
- Testing different configurations of services can now be done by injecting the config into `invoke()` in `.spec` files instead of mocking global state in the service tests as was done before. See the new Jira spec files for a good example of this.
Ref #3393
This is a mid-sized PR that adds query param validation to BaseService and updates most of the services which use query param validation to use it. There are a couple minor tweaks I made along the way.
Fix#2676
Continue to implement #2698:
- Add `core/base-service/index.js` (but hold off on moving the things it imports)
- Add shortcuts in `services/index.js` for Base*Service, errors, and deprecatedService. This file will be streamlined later to avoid cluttering it with rarely used bits.
- Apply consistent ordering of imports and use of `module.exports` in testers.
- Remove some renaming of imports.
- Remove obsolete tests here and there.
This adds a badge for collaborator count. When evaluating a library, it can be useful to know that there's not a single-contributor bottleneck for publishing. Having more than one collaborator is a sign of library maturity.
It adds another badge for dependency version of published dependencies, which solves a similar problem as the node-version badge. I will find this useful for making sure dependencies are up to date in a library.
The term “url” is overloaded in services, to refer to the Shields route and also the API URL. Calling the Shields URL a “route” is on the whole more descriptive, and makes it clearer and more obvious which one of these we’re talking about. It’s a small thing, though seems like an improvement.
We have a few functions called `buildUrl`. I’ve renamed them to `buildRoute` when they refer to routes, and left them as `buildUrl` when they refer to API URLs.
I included a minor style tweak and some formatting cleanup in `TUTORIAL.md`.
When JSON responses come back, they are sometimes not in the format expected by the API. As a result we have a lot of defensive coding (expressions like `(data || {}).someProperty`) to avoid exceptions being thrown in badge processing. Often we rely on the `try` blocks that wrap so much of the badge-processing code, which catch all JavaScript exceptions and return some error result, usually **invalid**. The problem with this is that these `try` blocks catch all sorts of programmer errors too, so when we see **invalid** we don't know whether the API returned something unexpected, or we've made a mistake. We also spend a lot of time writing defensive tests around malformed responses, and creating and maintaining the defensive coding.
A better solution is to validate the API responses using declarative contracts. Here the programmer says exactly what they expect from the API. That way, if the response isn't what we expect we can just say it's an **invalid json response**. And if our code then throws an exception, well that's our mistake; when we catch that we can call it a **shields internal error**. It's also less code and less error-prone. Over time we may be confident enough in the contracts that we won't need so many tests of malformed responses. The contract doesn't need to describe the entire response, only the part that's needed. Unknown keys can simply be dropped, preventing unvalidated parts of the response from creeping into the code. Checking what's in our response before calling values on it also makes our code more secure.
I used Joi here, since we're already using it for testing. There may be another contracts library that's a better fit, though I think we could look at that later.
Those changes are in base.js.
The rest is a rewrite of the remaining NPM badges, including the extraction of an NpmBase class. Inspired by @chris48s's work in #1740, this class splits the service concerns into fetching, validation, transformation, and rendering. This is treated as a design pattern. See the PR discussion for more. There are two URL patterns, one which allows specifying a tag (used by e.g. the version badge `https://img.shields.io/npm/v/npm/next.svg`), and the other which does not accept a tag (e.g. the license badge `https://img.shields.io/npm/l/express.svg`). Subclasses like NpmLicense and NpmTypeDefinitions can specify the URL fragment, examples, the validation schema for the chunk of the package data they use, and a render function. The NpmVersion subclass uses a different endpoint, so it overrides the `handle` implementation from NpmBase.
The remaining services using BaseJsonService are shimmed, so they will keep working after the changes.
