jonathanbennett / akamaiopen-edgegrid-node Goto Github PK

In current implementation, AkamaiOPEN-edgegrid-node requires the user to call 2 methods with each request: 1) #auth 2) #send.

(Additionally, #auth accepts an undocumented & seemingly unnecessary callback -- can this be removed?)

In my mind, it would substantially simplify usage if authentication were abstracted behind #send, thus saving the user from needing to call 2 methods.

Please let me know your thoughts -- I am happy to implement this.

Thanks!

AkamaiOPEN-edgegrid-node fails to perform successful HTTP requests when behind a proxy. While it's difficult to assess, I believe it may fail to properly respect the common HTTP(S)_PROXY environment variable(s).

As a proof-of-concept, I was able to address this issue with the use of the request module in place of the http module. See my request-cleanup branch for further details.

I am also happy to put together a PR & related tests addressing this issue.

Despite that the log level is apparently set to ERROR, I see console.info and console.debug data logged.

In my mind, this is somewhat problematic, as I would prefer not to log my Akamai API credentials.

Please let me know if I'm overlooking something.

Thanks!

When an Akamai API request returns a response with a status code indicating a redirect, AkamaiOPEN-edgegrid-node automatically follows the redirect, but fails to generate a new Authorization header based on the Location. As a result, the request fails, returning a response status code of 401 ("The signature does not match").

This can be reproduced by performing a request against the PAPI latest property version endpoint:

var eg = new EdgeGrid(clientToken, clientSecret, accessToken, base);

eg.auth({
  path: '/papi/v0/properties/prp_123/versions/latest?contractId=ctr_123&groupId=grp_123&activatedOn=STAGING'
});

eg.send(function (data, response) {
  console.log(data);
});

In current implementation, AkamaiOPEN-edgegrid-node explicitly checks for an undefined path.

However, it is my belief that this is inadequate, as the path could also be an empty string, a boolean, or a non-string value. In my mind, simply checking for !path is preferable.

I am working on a PR/tests addressing this issue. See my edgerc-cleanup branch for further details.

Thanks!

Per Akamai documentation, the size of the POST body must be less than or equal to the value specified by the service.

While auth checks that the body does not exceed a default maximum, the public-facing api methods don't allow the user a means of overriding the 2048 default.

Thanks!