Exposing Swagger-UI documentation through Google Cloud Endpoints - google-cloud-endpoints

I am trying to publish my API docs in the same Nodejs application as my API, using Google Cloud Endpoints.
It looks easy following this guide:
Adding Swagger UI
The tricky part is exposing the /docs path via Google Cloud Endpoints (it also uses the same openapi.yaml).
I have tried defining the /docs path in my openapi.yaml like this:
"/docs":
get:
description: "Swagger UI API documentation"
operationId: "docs"
produces:
- "text/html"
responses:
200:
description: "Swagger UI"
The HTML page itself gets served but any assets like swagger-ui.css are not found.
It looks to me I am doing this wrong, as documentation is not an API endpoint. However I haven't been able to find a nice solution. Is there a way to proxy all traffic for /docs path?

I think you're going to find that there is no nice way of doing this. Your best bet is going to be to break off documentation publishing as a separate step in your deployment pipeline. That, or wait 6 months. Google Cloud is evolving rapidly and they've probably got this on their roadmap.

You can try creating the Swagger UI dist in one file (index.html)
or you can add
x-google-allow: all
in your openapi.yaml file to to expose all paths that don't have any form of authentication already set. Please note that this will allow all paths that follow the basepath of the .yaml file to be exposed in your Endpoints. (So for instance, if your basepath is /api then x-google-allow: all will only apply to paths following this (i.e. /api/users)
Also, please see: https://groups.google.com/forum/#!topic/google-cloud-endpoints/2h-2fotar9k

Related

I can't find any swagger configuration file in api platform

I'm using the last version of Api-platform, shipped with swagger.io .
I'm having an issue with swagger interface. When I try to use it to Get a resource, it doesn't seem to be able to find any base url or server url.
Logically, I tried to find if I could tell Swagger where to fetch my resources.
I tried to tell swagger what the base path or the url of my server is but I can't find any swagger configuration file.
My question is : is there any swagger configuration file in api_platform files ? Is there any way to create one where I could tell swagger where to look for my resources and what server to fetch them from.
By the way, swagger shows me no 'base url' header below the title of my API.
Thank you for your help.
API Platform create OpenAPI specification automatically based on your resources configuration.
You can use #ApiProperty.attributes.openapi_context annotation or api_platform.swagger.normalizer.documentation decorator for customization.

How to create list of all available resources for Laravel api?

I am working on a Laravel api in localhost. How do I create a route that lists everything available in a resource like the WordPress api does here http://example.com/wordpress/wp-json/wp/v2?
Research shows that I can use the command php artisan routes to get a list of routes but how do I make this available to a user as an endpoint?
You can use the Route::getRoutes() method to get all routing data.
Just loop through the routes and use ->getPath() to generate the list of paths.
For all other properties take a look at the API at: https://laravel.com/api/7.x/Illuminate/Routing/RouteCollection.html
An alternative is this useul api document generator https://github.com/mpociot/laravel-apidoc-generator

How to setup nginx.conf on IBM bluemix cloud foundry for single page application routing and how to set url rewrite to support spa routes?

I am using React single page app for my application. I have hosted solution on IBM Bluemix using cloud foundry. I want 2 help.
How to override existing nginx configuration with new one to support URL rewrite for my react routes?
What are the url rewrites configuration for nginx server? (I am using nginx for the firs time)
Here is my manifest.yml which I have used to host on cloud foundry. I am using staticfile-buildpack for node.js.
applications:
- buildpack: https://github.com/cloudfoundry/staticfile-buildpack.git
name: xyz
memory: 128M
stack: cflinuxfs2
path: build/
routes:
- route: xyz.eu-gb.mybluemix.net/
- route: xyz.eu-gb.mybluemix.net/store
- route: xyz.eu-gb.mybluemix.net/checkout
Here xyz is my app domain. I am able to load my app and pass through click action to other routes but when I hard refresh or change url from browser address bar it shows me 404 error.
Can someone please guide me here to resolve above issue.
Thanks.
How to override existing nginx configuration with new one to support URL rewrite for my react routes?
You can override the nginx.conf, but it's not recommended with the staticfile buildpack. Instead, try to use the configuration options provided by the buildpack to achieve your goal. The buildpack has a lot of common options, so you don't need to drop down to the level of configuring Nginx yourself.
https://docs.cloudfoundry.org/buildpacks/staticfile/index.html#config-options
Here xyz is my app domain. I am able to load my app and pass through click action to other routes but when I hard refresh or change url from browser address bar it shows me 404 error.
It sounds like you need to enable pushstate support. Adding pushstate: enabled to your Staticfile I think that should fix your issue.
What are the url rewrites configuration for nginx server? (I am using nginx for the firs time)
You can look at the Nginx configuration that's generated for your app. Once your push your app and it starts, run cf ssh <app-name> -c "cat app/nginx/conf/nginx.conf". That should dump the nginx config to your screen.
buildpack: https://github.com/cloudfoundry/staticfile-buildpack.git
Don't point to the master branch of any buildpack. It's a moving target. Commit to commit can change or even break.
You should generally use the buildpack that's provided by your operator. If you run cf buildpacks you can see the list there. If that's not new enough or your provider doesn't include a buildpack you need, you can use the git repo syntax to link to a repo online, however make sure you include the #<branch|tag> in your URL.
Ex: https://github.com/cloudfoundry/staticfile-buildpack.git#v1.4.29
This locks in the buildpack to a tagged release which prevents it from changing out from under you.

How to connect CDN in magnolia?

I am using Azure CDN, where i have published all my images,css,js files.Now I would like to get all the assets from CDN instead of DAM.
Could you please suggest me?
Thanks in advance.
Actually I would suggest to just add extra step to your publishing process that, when publishing resources from dam will also publish them to azure CDN using their API. Similarly when unpublishing, you remove resources from there too.
You should do that as a first step in publishing, and upon receiving identifier for the resource from CDN, you should store that in assets metadata and only then pass it over to the next publishing step to have dam resource published to your Magnolia public instance.
Then on the public instance, you would need to replace LinkTransformers (and also LinkTransformerManager) and/or maybe just Asset implementation (if you use that exclusively for assets) with a custom implementation that when requesting link to dam asset will use CDN identifier in the assets metadata to construct correct link pointing to the CDN rather than back to Magnolia.
HTH,
Jan
See the Creating a custom content app trail in the documentation - it shows how to integrate images from Flickr, you can customize it to integrate Azure.

Adobe CQ5 API Usage

1.
I am managing a website which uses Adobe CQ5 as their management system. I am aware that there is a tool querybuilder.json in the /bin folder -- My question is, if an outside user would use this tool which API-syntax would they use to query "important" or "sensitive information". I need to know this so that I can block access to those syntax strings during GET or POST. Any help is appreciated, thanks!
So, what I'm asking is, if an attacker got access to the query builder link, would he be able to query passwords or internal login's, if so how? And if that, which syntax for the query builder can i remove to provoke this?
2.
Also, would anyone be able to tell me the proper syntax for the adobe querybuilder that can give you the hostname or web location where the directory that it lists is located?
So for example, if I got back /apps/geometrixx/user/login as output, I would also want to get the url that this file path is at on my server. Is there a syntax available for this action?
Please consider disabling all requests to paths starting with /bin prefix for your publish instance.
This is a common storage for all servlets that are very useful for authoring but not as much for the other instance.
If you have any custom servlets in the application please take a look at Apache Sling documentation and consider using resource based servlets.
#SlingServlet(
resourceTypes = "sling/servlet/default",
selectors = "hello",
extensions = "html",
methods = "GET")
public class MyServlet extends SlingSafeMethodsServlet {
This way you can control the access to the servlet using ACLs - if you have an access to the node (i.e. you can see it/render a component based on this resource) you will have an access to the servlet.
The best way to prevent unauthorized access to tools like this, is to deny *.json on your dispatcher and only allow calls to your application specific json. A good start what you should do can be found in the Security Checklist.
A documentation regarding the Query Builder can be found here: http://docs.adobe.com/docs/en/aem/6-0/develop/search/querybuilder-api.html

Resources