@accedo/accedo-one-express 中文文档教程
The Accedo One Express middleware 
_ _ ___
/_\ ___ ___ ___ __| | ___ /___\_ __ ___
//_\\ / __/ __/ _ \/ _` |/ _ \ // // '_ \ / _ \
/ _ \ (_| (_| __/ (_| | (_) | / \_//| | | | __/
\_/ \_/\___\___\___|\__,_|\___/ \___/ |_| |_|\___|
Summary
这是 Express 的官方 Accedo One 中间件。
[Accedo One SDK] for Javascript(https://github.com/Accedo-Products/accedo-one-sdk-js/) 提供了一种使用 Accedo One API 的简单方法。 这个中间件提供了额外的好处,并在 Express 应用程序的上下文中使事情变得更加容易。
Compatibility
这个中间件是用 ES6 编写的(使用 CommonJS 模块而不是 ES6 模块)。
这应该从版本 4 开始工作,但我们测试并建议使用最新的 LTS 版本的 Node(目前是 Node 6,很快是 Node 8)。
对于较早的 Node 版本,您可以尝试向 ES5 引入编译步骤(例如通过 Babel 或 Buble)。 请注意,我们没有对此进行测试,并且强烈建议不要使用已弃用的 Node 版本,因为它们可能缺少重要的安全修复程序。
关于 Express,我们支持版本 4 并对其进行测试。
Features
继承自 Accedo One SDK for Javascript 的功能:
- easy access to Accedo One APIs
- automatic deviceId creation when none was provided
- automatic session creation when none was provided (lazy - only when needed)
- automatic session re-creation when the existing one has expired (lazy)
- ensures only one session will be created at a time, even if a request triggers concurrent Accedo One calls
此 Express 中间件提供的额外功能:
- automatic creation of Accedo One client instances for each request, attached to the response object for further use
- automatically passes the requester's IP onto Accedo One calls for analytics and geolocated services
- automatic reuse of the deviceId through cookies (can be customized to use anything else based on requests)
- automatic reuse of the sessionKey through cookies (can be customized to use anything else based on requests)
注意当您使用中间件时,您还应该 配置 Express 以正确处理代理,因为我们依赖它提供给我们的 IP。 请务必阅读 Express 文档,以及下面的注释。
例如:app.set('trust proxy', ['loopback', 'linklocal', 'uniquelocal'])
Documentation
| What | Link |
|---|---|
| The Accedo One Express middleware (this project) | https://accedo-products.github.io/accedo-one-sdk-express/ |
| The Accedo One JS SDK | https://accedo-products.github.io/accedo-one-sdk-js/ |
| The Accedo One REST APIs | https://developer.one.accedo.tv |
每个 Express 响应都关联到一个 Accedo One 客户端实例,在 中找到res.locals.accedoOneClient(当 res 是响应变量名时)。
要查找这些实例上可用的方法,请参阅上面列出的 Accedo One JS SDK 的 API 文档。
REST API 的文档也列为 Accedo One,其中定义了特定术语。
Installation
| Your preferred CLI tool | Command |
|---|---|
| Yarn | yarn add @accedo/accedo-one @accedo/accedo-one-express |
| NPM | npm install --save @accedo/accedo-one @accedo/accedo-one-express |
然后您可以获得默认导出以使用中间件:
| Method | Code |
|---|---|
| CommonJS | const accedoOne = require('@accedo/accedo-one-express') |
| ES6 Module | import accedoOne from '@accedo/accedo-one-express' |
Examples
Use the middleware to persist deviceId and sessionKey via cookies
const accedoOne = require('@accedo/accedo-one-express');
const express = require('express');
const PORT = 3000;
express()
// handle proxy servers if needed, to pass the user's IP instead of the proxy's. Read more about this further.
.set('trust proxy', ['loopback', 'linklocal', 'uniquelocal'])
// place the accedoOne middleware before your request handlers
.use(accedoOne({ appKey: '56ea6a370db1bf032c9df5cb' }))
.get('/test', (req, res) => {
// access your client instance, it's already linked to the deviceId and sessionKey via cookies
res.locals.accedoOneClient.getEntryById('56ea7bd6935f75032a2fd431')
.then(entry => res.send(entry))
.catch(err => res.status(500).send('Failed to get the result'));
})
.listen(PORT, () => console.log(`Server is on ! Try http://localhost:${PORT}/test`));
另请参阅上面链接的文档中的示例。
SDK development
- Clone/fork this repo
- Run
yarn(install it first if needed) - Develop !
- Before pushing, remember to:
- add tests and check they all pass (
npm test) - document any public API with JSDoc comments and generate the new doc (
npm run doc)
- add tests and check they all pass (
More information & Links
On the Express trust proxy setting, and propagating the right IP
当向 Accedo One 发送请求时,此中间件将在 x-forwarded-for (XFF) 标头中设置传入请求 IP(我们称之为 ∑)。 ∑的值就是Express决定的用户IP。
1/ Express 在未设置信任代理时使用传入连接 IP 正常运行。 因此,它将 ∑ 设置为用户直接访问时的正确 IP,以及用户访问时代理(或 CDN 等)的 IP。
您希望避免报告任何代理的 IP,因为这会阻止 Accedo One 的分析和地理定位功能可靠地工作。
2/ 将信任代理设置为 true(或启用它,做同样的事情)时,行为会发生变化。 现在,∑ 的值将是传入请求的 XFF 标头中给出的第一个值。 “第一个值”是最左边的值。 所以我们要说的是,我们信任每一个代理,并且 XFF 中的任何内容都是可信的,所以我们选择第一个设置的值(当每个人都表现得很好并尊重该顺序时,这是用户的 IP)。 另请注意,如果没有 XFF 标头,则连接的 IP 用作后备(这很好!这意味着我们可以处理 CDN 和直接连接)。
3/ 将信任代理设置为 CSV 或 IP 数组时,这些 IP 是我们信任的代理。 所以 Express 查看 XFF 最右边的 IP,它与任何受信任的代理都不匹配:这将是第一个“不受信任”的 IP,我们认为在这之前出现的任何东西都是垃圾。 在这种情况下,最右边的不受信任 IP 用作 ∑ 的值。 同样,如果没有 XFF,则使用连接 IP。
总之,我们建议将 trust proxy 值设置为信任 loopback、linklocal、uniquelocal、AND 在运行 accedo-one-express 的服务器之前,属于代理/CDN 网络一部分的所有 IP。 根据您的基础架构,有时将信任代理设置设置为 true 或使用自定义函数通过自定义策略恢复正确的 IP 可能更合适。
Unit Tests
Mocha(与 Chai)单元测试已被编写以涵盖从该模块导出的所有 API。 请按照以下步骤运行它们:
- Follow the Getting Started steps above.
- Run
npm test
License
请参阅LICENSE 文件以了解许可权利和限制 (Apache 2.0)
The Accedo One Express middleware
_ _ ___
/_\ ___ ___ ___ __| | ___ /___\_ __ ___
//_\\ / __/ __/ _ \/ _` |/ _ \ // // '_ \ / _ \
/ _ \ (_| (_| __/ (_| | (_) | / \_//| | | | __/
\_/ \_/\___\___\___|\__,_|\___/ \___/ |_| |_|\___|
Summary
This is the official Accedo One middleware for Express.
The [Accedo One SDK] for Javascript(https://github.com/Accedo-Products/accedo-one-sdk-js/) provides an easy way to make use of Accedo One APIs. This middleware provides additional benefits and makes things even easier in the context of an Express app.
We follow semantic versioning, and you may have a look at our change log here.
Compatibility
This middleware is written in ES6 (with CommonJS modules rather than ES6 Modules).
This should work from version 4, but we test on, and recommend to use the latest LTS version of Node (currently Node 6, soon Node 8).
For earlier Node versions, you may try introducing a compilation step to ES5 (through Babel or Buble, for instance). Note we did not test this and strongly suggest not using a deprecated Node version as they may lack important security fixes.
Regarding Express, we support and test against version 4.
Features
Features inherited from the Accedo One SDK for Javascript :
- easy access to Accedo One APIs
- automatic deviceId creation when none was provided
- automatic session creation when none was provided (lazy - only when needed)
- automatic session re-creation when the existing one has expired (lazy)
- ensures only one session will be created at a time, even if a request triggers concurrent Accedo One calls
Extra features provided by this Express middleware :
- automatic creation of Accedo One client instances for each request, attached to the response object for further use
- automatically passes the requester's IP onto Accedo One calls for analytics and geolocated services
- automatic reuse of the deviceId through cookies (can be customized to use anything else based on requests)
- automatic reuse of the sessionKey through cookies (can be customized to use anything else based on requests)
Note when you use the middleware, you should also configure Express to handle proxies correctly as we rely on the IP it gives us. Do read the Express doc, and the note on this further below.
For instance: app.set('trust proxy', ['loopback', 'linklocal', 'uniquelocal'])
Documentation
| What | Link |
|---|---|
| The Accedo One Express middleware (this project) | https://accedo-products.github.io/accedo-one-sdk-express/ |
| The Accedo One JS SDK | https://accedo-products.github.io/accedo-one-sdk-js/ |
| The Accedo One REST APIs | https://developer.one.accedo.tv |
Each Express response gets associated to an Accedo One client instance, found in res.locals.accedoOneClient (when res is the response variable name).
To find what methods are available on these instances, refer to the API docs for the Accedo One JS SDK listed above.
The doc for the REST APIs is also listed as Accedo One-specific terminology is defined there.
Installation
| Your preferred CLI tool | Command |
|---|---|
| Yarn | yarn add @accedo/accedo-one @accedo/accedo-one-express |
| NPM | npm install --save @accedo/accedo-one @accedo/accedo-one-express |
Then you can get the default export to use the middleware:
| Method | Code |
|---|---|
| CommonJS | const accedoOne = require('@accedo/accedo-one-express') |
| ES6 Module | import accedoOne from '@accedo/accedo-one-express' |
Examples
Use the middleware to persist deviceId and sessionKey via cookies
const accedoOne = require('@accedo/accedo-one-express');
const express = require('express');
const PORT = 3000;
express()
// handle proxy servers if needed, to pass the user's IP instead of the proxy's. Read more about this further.
.set('trust proxy', ['loopback', 'linklocal', 'uniquelocal'])
// place the accedoOne middleware before your request handlers
.use(accedoOne({ appKey: '56ea6a370db1bf032c9df5cb' }))
.get('/test', (req, res) => {
// access your client instance, it's already linked to the deviceId and sessionKey via cookies
res.locals.accedoOneClient.getEntryById('56ea7bd6935f75032a2fd431')
.then(entry => res.send(entry))
.catch(err => res.status(500).send('Failed to get the result'));
})
.listen(PORT, () => console.log(`Server is on ! Try http://localhost:${PORT}/test`));
See also examples in the documentation linked above.
SDK development
- Clone/fork this repo
- Run
yarn(install it first if needed) - Develop !
- Before pushing, remember to:
- add tests and check they all pass (
npm test) - document any public API with JSDoc comments and generate the new doc (
npm run doc)
- add tests and check they all pass (
More information & Links
On the Express trust proxy setting, and propagating the right IP
This middleware will set the incoming request IP (let's call it ∑) in the x-forwarded-for (XFF) header, when sending requests to Accedo One. The value of ∑ is what Express decides is the user’s IP.
1/ Express just acts normally when no trust proxy is set, using the incoming connection IP. So it sets ∑ to the proper IP on direct user access, and the proxy (or CDN, or such)'s IP when the user went through that.
You want to avoid reporting any proxy's IP, because it would prevent Accedo One's analytics and geolocation features from working reliably.
2/ When setting trust proxy to true (or enabling it, which does the same thing), the behaviour changes. Now, the value of ∑ will be the first value given in the incoming request's XFF header. “First value” is the left-most value. So what we are saying is that we trust every single proxy, and whatever ends up in XFF is trusted, so we pick the value that was first set (which is the user's IP when everybody plays nice and respects that order). Also note, if there is no XFF header, then the connection’s IP is used as a fallback (that’s good ! it means we can handle both CDN and direct connections).
3/ When setting trust proxy to a CSV or array of IPs, those IPs are the proxies we trust. So Express looks at the XFF's right-most IP that does not match any of those trusted proxy: this would be the first “untrusted” IP, and we consider that anything that comes before that is garbage. In that case, the right-most untrusted IP is used as the value of ∑. Here again, if there’s no XFF, the connection IP is used.
In conclusion, we recommend setting the trust proxy value to trust loopback, linklocal, uniquelocal, AND all IPs that are part of your proxying / CDN network ahead of the server running accedo-one-express. Depending on your infrastructure, it may sometimes be more suitable to just set the trust proxy setting to true, or to use a custom function to recover the proper IP with a custom strategy.
Unit Tests
Mocha (with Chai) unit tests have been written to cover all of the exported APIs from this module. Follow the following steps in order to run them:
- Follow the Getting Started steps above.
- Run
npm test
License
See the LICENSE file for license rights and limitations (Apache 2.0)
