DotNetBrightener.SecuredApi 2024.0.14.6-rc-242761801

This is a prerelease version of DotNetBrightener.SecuredApi.
There is a newer prerelease version of this package available.
See the version list below for details.
dotnet add package DotNetBrightener.SecuredApi --version 2024.0.14.6-rc-242761801                
NuGet\Install-Package DotNetBrightener.SecuredApi -Version 2024.0.14.6-rc-242761801                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="DotNetBrightener.SecuredApi" Version="2024.0.14.6-rc-242761801" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add DotNetBrightener.SecuredApi --version 2024.0.14.6-rc-242761801                
#r "nuget: DotNetBrightener.SecuredApi, 2024.0.14.6-rc-242761801"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install DotNetBrightener.SecuredApi as a Cake Addin
#addin nuget:?package=DotNetBrightener.SecuredApi&version=2024.0.14.6-rc-242761801&prerelease

// Install DotNetBrightener.SecuredApi as a Cake Tool
#tool nuget:?package=DotNetBrightener.SecuredApi&version=2024.0.14.6-rc-242761801&prerelease                

Secured API Endpoints for ASP.NET Core Application

© 2024 DotNet Brightener

NuGet Version

Inspiration

Ever wonder how you could make an API that cannot be inspected via Developer Tools? This can be useful in some very secured scenarios, such as APIs related to financial transactions, where you don't want the API requests can be inspected using browser's deveoper tool. This is where this library comes in. It allows you to create secured API endpoints that, theoretically, cannot be inspected via Developer Tools.

What Does It Mean?

The library helps you to create API endpoints in your application, that accept the protected payload from the request and responds with protected payload in byte-array. At the client side, you will need to prepare the payload in JSON format, convert the payload to byte-array data, compress it, and then include it in the HTTP request body. When the server responds to the request, it'll also return in byte[] type, which you will need to accept responseType = arraybuffer to be able to access the data, then you can convert to the original object.

How Do I Implement It?

Server Side


// Add the secured API services
builder.Services.AddSecuredApi();

// omitted. Other services configuration

var app = builder.Build();

// omitted - Configure the HTTP request pipeline.

// Map the secured API, without specifying the subpath
app.UseSecureApiHandle(); 

// Or use this
// app.UseSecureApiHandle("subpath"); // Map the secured API to a subpath

// Map the secured API handler to /syncUser endpoint, of you didn't specify the subpath
// The endpoint will be /subpath/syncUser if you specify the subpath
app.MapSecuredPost<SyncUserService>("syncUser");


// define your data model
public class UserRecord
{
    // Define the properties of the request object
}

// optional: define the response data model
public class SyncedUserResult
{
    // Define the properties of the response object
}

// define the secured API handler

public class SyncUserService : BaseApiHandler<UserRecord>
{
    protected override async Task<UserRecord> ProcessRequest(UserRecord message)
    {
        // TODO: Implement your logic to process the request

        // Return the processed data. 
        // In this case, the response data has the same type as the requested data
        return message;
    }
}

public class SyncUserService : BaseApiHandler<UserRecord, SyncedUserResult>
{
    protected override async Task<SyncedUserResult> ProcessRequest(UserRecord message)
    {
        // TODO: Implement your logic to process the request

        // Return the processed data. 
        // In this case, the response data has different type as the requested data
        return new SyncUserResult 
        {
            // Set the properties of the response object
        };
    }
}

Client Side

  • Javascript:

You will need a gzip compression library to pre-process the data sent to server. You can use pako library for this purpose. Here is an example of how you can use it:


<script src="https://unpkg.com/pako@2.1.0/dist/pako.min.js"></script>
/**
*  Compresses the given message using GZIP compressor
* */
function _compress(message) {
    const jsonMessage = JSON.stringify(message);
    const jsonBytes = new window.TextEncoder().encode(jsonMessage);

    return window.pako.gzip(jsonBytes);
}

/**
*  Decompresses the given message using GZIP compressor then converts it to JSON object
* */
function _decompress(compressedMessage) {
    const bytes = new Uint8Array(compressedMessage);
    const decompressedBytes = window.pako.ungzip(bytes);
    const decodedMessage = new window.TextDecoder().decode(decompressedBytes);
    return JSON.parse(decodedMessage);
}

Below is an example of how you prepare and send a request to the secured API endpoint:


const yourApiEndpoint = ''; // The actual URL of your API endpoint

// define the body data to be sent to the server
const bodyData = {
};

const requestOptions = {
    method: 'PUT', // The actual method of your API endpoint
    body: _compress(bodyData),
    headers: {
    }
};

const responseData = await fetch(yourApiEndpoint, requestOptions)
    .then(response => {
        if (!response.ok) {
            throw new Error('Network response was not ok');
        }
        return response.arrayBuffer();
    })
    .then(buffer => {
        const decompressedData = _decompress(buffer);
        console.log(decompressedData);

        return decompressedData;
    })
    .catch(error => {
        console.error('There was a problem with the fetch operation:', error);
    });

// your responsed data is here. It'll be decompressed and converted to a JSON object
console.log('responsed dat: ', responseData);

Here is the example if you use axios library for making Http requests:


const httpClient = axios.create({
    baseURL: 'your_api_based_url'
});

const responseData = await httpClient.put(yourApiEndpoint, _compress(syncData),
    {
        responseType: 'arraybuffer'
    })
    .then(response => {
        const decompressedData = _decompress(response.data);
        console.log(decompressedData);

        return decompressedData;
    })
    .catch(error => {
        console.error(error);
    });

  • Dart:

Work In Progress

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
2024.0.14.6-rc-243031001 53 10/29/2024
2024.0.14.6-rc-243030701 58 10/29/2024
2024.0.14.6-rc-242840501 73 10/10/2024
2024.0.14.6-rc-242820305 61 10/8/2024
2024.0.14.6-rc-242771401 60 10/3/2024
2024.0.14.6-rc-242770501 60 10/3/2024
2024.0.14.6-rc-242770201 60 10/3/2024
2024.0.14.6-rc-242761801 63 10/2/2024
2024.0.14.6-rc-242761601 58 10/2/2024
2024.0.14.6-rc-242761501 64 10/2/2024
2024.0.14.6-rc-242761401 62 10/2/2024
2024.0.14.6-rc-242760701 66 10/2/2024
2024.0.14.6-rc-242751002 61 10/1/2024
2024.0.14.6-rc-242750901 61 10/1/2024
2024.0.14.6-rc-242750502 62 10/1/2024
2024.0.14.6-rc-242750201 59 10/1/2024
2024.0.14.6-rc-242741501 68 9/30/2024
2024.0.14.6-rc-242730701 66 9/29/2024
2024.0.14.6-preview-2730501 61 9/29/2024
2024.0.14.6-preview-2701501 68 9/26/2024
2024.0.14.6-preview-2620901 82 9/18/2024
2024.0.14.6-preview-2570701 68 9/13/2024
2024.0.14.6-preview-2510703 94 9/7/2024
2024.0.14.6-preview-2480501 82 9/4/2024
2024.0.14.6-preview-2430401 96 8/30/2024
2024.0.14.6-preview-242730701 70 9/29/2024
2024.0.14.6-preview-2421703 84 8/29/2024
2024.0.14.6-preview-2421701 87 8/29/2024
2024.0.14.6-preview-2420901 83 8/29/2024
2024.0.14.6-preview-2390101 98 8/26/2024
2024.0.14.6-preview-2381603 96 8/25/2024
2024.0.14.6-preview-2341601 102 8/21/2024
2024.0.14.6-preview-2321602 92 8/20/2024
2024.0.14.6-preview-2190801 69 8/6/2024
2024.0.14.6-preview-2041501 91 7/22/2024
2024.0.14.6-preview-1920603 95 7/10/2024
2024.0.14.6-preview-1920301 79 7/10/2024
2024.0.14.6-preview-1911302 74 7/9/2024
2024.0.14.6-preview-1901001 95 7/8/2024
2024.0.14.6-preview-1900901 83 7/8/2024
2024.0.14.6-preview-1900801 90 7/8/2024
2024.0.14.6-preview-1860304 76 7/4/2024
2024.0.14.5 104 7/1/2024
2024.0.14.5-preview-1811601 88 6/29/2024
2024.0.14.5-preview-1810501 90 6/29/2024
2024.0.14.5-preview-180132 73 6/28/2024
2024.0.14.5-preview-180131 84 6/28/2024
2024.0.14.5-preview-180121 74 6/28/2024
2024.0.14.4 100 6/27/2024
2024.0.14.4-preview-7 91 6/27/2024
2024.0.14.3 100 6/21/2024
2024.0.14.1 100 6/6/2024
2024.0.14.1-preview 83 6/6/2024
2024.0.14-preview-1 87 6/6/2024
2024.0.13.8-preview 88 6/6/2024
2024.0.13.1-preview-0146 87 6/6/2024
2024.0.12.15803-preview-03 81 6/6/2024
2024.0.12.15608 99 6/4/2024
2024.0.12.15515 101 6/3/2024
2024.0.12.15220 94 5/31/2024
2024.0.12.15220-alpha31-240... 76 5/31/2024
2024.0.12.14911 105 5/28/2024
2024.0.12.14910-alpha28-240... 87 5/28/2024
2024.0.12.14823 103 5/27/2024
2024.0.12.14522-alpha7-2405... 99 5/24/2024
2024.0.12.14514-alpha6-2405... 102 5/24/2024
2024.0.12.14511 104 5/24/2024
2024.0.12.14314 106 5/22/2024
2024.0.12.14114 109 5/20/2024