DotNetBrightener.SecuredApi 2024.0.14.5

There is a newer prerelease version of this package available.
See the version list below for details.

dotnet add package DotNetBrightener.SecuredApi --version 2024.0.14.5

NuGet\Install-Package DotNetBrightener.SecuredApi -Version 2024.0.14.5

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="DotNetBrightener.SecuredApi" Version="2024.0.14.5" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

paket add DotNetBrightener.SecuredApi --version 2024.0.14.5

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: DotNetBrightener.SecuredApi, 2024.0.14.5"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

// Install DotNetBrightener.SecuredApi as a Cake Addin
#addin nuget:?package=DotNetBrightener.SecuredApi&version=2024.0.14.5

// Install DotNetBrightener.SecuredApi as a Cake Tool
#tool nuget:?package=DotNetBrightener.SecuredApi&version=2024.0.14.5

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Secured API Endpoints for ASP.NET Core Application

NuGet Version

Inspiration

Ever wonder how you could make an API that cannot be inspected via Developer Tools? This can be useful in some very secured scenarios, such as APIs related to financial transactions, where you don't want the API requests can be inspected using browser's deveoper tool. This is where this library comes in. It allows you to create secured API endpoints that, theoretically, cannot be inspected via Developer Tools.

What Does It Mean?

The library helps you to create API endpoints in your application, that accept the protected payload from the request and responds with protected payload in byte-array. At the client side, you will need to prepare the payload in JSON format, convert the payload to byte-array data, compress it, and then include it in the HTTP request body. When the server responds to the request, it'll also return in byte[] type, which you will need to accept responseType = arraybuffer to be able to access the data, then you can convert to the original object.

How Do I Implement It?

Server Side


// Add the secured API services
builder.Services.AddSecuredApi();

// omitted. Other services configuration

var app = builder.Build();

// omitted - Configure the HTTP request pipeline.

// Map the secured API, without specifying the subpath
app.UseSecureApiHandle(); 

// Or use this
// app.UseSecureApiHandle("subpath"); // Map the secured API to a subpath

// Map the secured API handler to /syncUser endpoint, of you didn't specify the subpath
// The endpoint will be /subpath/syncUser if you specify the subpath
app.MapSecuredPost<SyncUserService>("syncUser");


// define your data model
public class UserRecord
{
    // Define the properties of the request object
}

// optional: define the response data model
public class SyncedUserResult
{
    // Define the properties of the response object
}

// define the secured API handler

public class SyncUserService : BaseApiHandler<UserRecord>
{
    protected override async Task<UserRecord> ProcessRequest(UserRecord message)
    {
        // TODO: Implement your logic to process the request

        // Return the processed data. 
        // In this case, the response data has the same type as the requested data
        return message;
    }
}

public class SyncUserService : BaseApiHandler<UserRecord, SyncedUserResult>
{
    protected override async Task<SyncedUserResult> ProcessRequest(UserRecord message)
    {
        // TODO: Implement your logic to process the request

        // Return the processed data. 
        // In this case, the response data has different type as the requested data
        return new SyncUserResult 
        {
            // Set the properties of the response object
        };
    }
}

Client Side

Javascript:

You will need a gzip compression library to pre-process the data sent to server. You can use pako library for this purpose. Here is an example of how you can use it:


<script src="https://unpkg.com/pako@2.1.0/dist/pako.min.js"></script>

/**
*  Compresses the given message using GZIP compressor
* */
function _compress(message) {
    const jsonMessage = JSON.stringify(message);
    const jsonBytes = new window.TextEncoder().encode(jsonMessage);

    return window.pako.gzip(jsonBytes);
}

/**
*  Decompresses the given message using GZIP compressor then converts it to JSON object
* */
function _decompress(compressedMessage) {
    const bytes = new Uint8Array(compressedMessage);
    const decompressedBytes = window.pako.ungzip(bytes);
    const decodedMessage = new window.TextDecoder().decode(decompressedBytes);
    return JSON.parse(decodedMessage);
}

Below is an example of how you prepare and send a request to the secured API endpoint:


const yourApiEndpoint = ''; // The actual URL of your API endpoint

// define the body data to be sent to the server
const bodyData = {
};

const requestOptions = {
    method: 'PUT', // The actual method of your API endpoint
    body: _compress(bodyData),
    headers: {
    }
};

const responseData = await fetch(yourApiEndpoint, requestOptions)
    .then(response => {
        if (!response.ok) {
            throw new Error('Network response was not ok');
        }
        return response.arrayBuffer();
    })
    .then(buffer => {
        const decompressedData = _decompress(buffer);
        console.log(decompressedData);

        return decompressedData;
    })
    .catch(error => {
        console.error('There was a problem with the fetch operation:', error);
    });

// your responsed data is here. It'll be decompressed and converted to a JSON object
console.log('responsed dat: ', responseData);

Here is the example if you use axios library for making Http requests:


const httpClient = axios.create({
    baseURL: 'your_api_based_url'
});

const responseData = await httpClient.put(yourApiEndpoint, _compress(syncData),
    {
        responseType: 'arraybuffer'
    })
    .then(response => {
        const decompressedData = _decompress(response.data);
        console.log(decompressedData);

        return decompressedData;
    })
    .catch(error => {
        console.error(error);
    });

Dart:

Work In Progress

Product	Compatible and additional computed target framework versions.
.NET	net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net8.0
- Newtonsoft.Json (>= 13.0.3)

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last updated
2024.0.14.6-preview-1860304	20	7/4/2024
2024.0.14.5	67	7/1/2024
2024.0.14.5-preview-1811601	45	6/29/2024
2024.0.14.5-preview-1810501	49	6/29/2024
2024.0.14.5-preview-180132	47	6/28/2024
2024.0.14.5-preview-180131	50	6/28/2024
2024.0.14.5-preview-180121	48	6/28/2024
2024.0.14.4	61	6/27/2024
2024.0.14.4-preview-7	49	6/27/2024
2024.0.14.3	73	6/21/2024
2024.0.14.1	70	6/6/2024
2024.0.14.1-preview	58	6/6/2024
2024.0.14-preview-1	61	6/6/2024
2024.0.13.8-preview	66	6/6/2024
2024.0.13.1-preview-0146	62	6/6/2024
2024.0.12.15803-preview-03	57	6/6/2024
2024.0.12.15608	71	6/4/2024
2024.0.12.15515	74	6/3/2024
2024.0.12.15220	65	5/31/2024
2024.0.12.15220-alpha31-240...	51	5/31/2024
2024.0.12.14911	82	5/28/2024
2024.0.12.14910-alpha28-240...	63	5/28/2024
2024.0.12.14823	73	5/27/2024
2024.0.12.14522-alpha7-2405...	76	5/24/2024
2024.0.12.14514-alpha6-2405...	79	5/24/2024
2024.0.12.14511	81	5/24/2024
2024.0.12.14314	83	5/22/2024
2024.0.12.14114	87	5/20/2024