DotNetBrightener.SecuredApi 2024.0.14.6-preview-1900901

This is a prerelease version of DotNetBrightener.SecuredApi.
There is a newer version of this package available.
See the version list below for details.
dotnet add package DotNetBrightener.SecuredApi --version 2024.0.14.6-preview-1900901                
NuGet\Install-Package DotNetBrightener.SecuredApi -Version 2024.0.14.6-preview-1900901                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="DotNetBrightener.SecuredApi" Version="2024.0.14.6-preview-1900901" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add DotNetBrightener.SecuredApi --version 2024.0.14.6-preview-1900901                
#r "nuget: DotNetBrightener.SecuredApi, 2024.0.14.6-preview-1900901"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install DotNetBrightener.SecuredApi as a Cake Addin
#addin nuget:?package=DotNetBrightener.SecuredApi&version=2024.0.14.6-preview-1900901&prerelease

// Install DotNetBrightener.SecuredApi as a Cake Tool
#tool nuget:?package=DotNetBrightener.SecuredApi&version=2024.0.14.6-preview-1900901&prerelease                

Secured API Endpoints for ASP.NET Core Application

© 2024 DotNet Brightener

NuGet Version

Inspiration

Ever wonder how you could make an API that cannot be inspected via Developer Tools? This can be useful in some very secured scenarios, such as APIs related to financial transactions, where you don't want the API requests can be inspected using browser's deveoper tool. This is where this library comes in. It allows you to create secured API endpoints that, theoretically, cannot be inspected via Developer Tools.

What Does It Mean?

The library helps you to create API endpoints in your application, that accept the protected payload from the request and responds with protected payload in byte-array. At the client side, you will need to prepare the payload in JSON format, convert the payload to byte-array data, compress it, and then include it in the HTTP request body. When the server responds to the request, it'll also return in byte[] type, which you will need to accept responseType = arraybuffer to be able to access the data, then you can convert to the original object.

How Do I Implement It?

Server Side


// Add the secured API services
builder.Services.AddSecuredApi();

// omitted. Other services configuration

var app = builder.Build();

// omitted - Configure the HTTP request pipeline.

// Map the secured API, without specifying the subpath
app.UseSecureApiHandle(); 

// Or use this
// app.UseSecureApiHandle("subpath"); // Map the secured API to a subpath

// Map the secured API handler to /syncUser endpoint, of you didn't specify the subpath
// The endpoint will be /subpath/syncUser if you specify the subpath
app.MapSecuredPost<SyncUserService>("syncUser");


// define your data model
public class UserRecord
{
    // Define the properties of the request object
}

// optional: define the response data model
public class SyncedUserResult
{
    // Define the properties of the response object
}

// define the secured API handler

public class SyncUserService : BaseApiHandler<UserRecord>
{
    protected override async Task<UserRecord> ProcessRequest(UserRecord message)
    {
        // TODO: Implement your logic to process the request

        // Return the processed data. 
        // In this case, the response data has the same type as the requested data
        return message;
    }
}

public class SyncUserService : BaseApiHandler<UserRecord, SyncedUserResult>
{
    protected override async Task<SyncedUserResult> ProcessRequest(UserRecord message)
    {
        // TODO: Implement your logic to process the request

        // Return the processed data. 
        // In this case, the response data has different type as the requested data
        return new SyncUserResult 
        {
            // Set the properties of the response object
        };
    }
}

Client Side

  • Javascript:

You will need a gzip compression library to pre-process the data sent to server. You can use pako library for this purpose. Here is an example of how you can use it:


<script src="https://unpkg.com/pako@2.1.0/dist/pako.min.js"></script>
/**
*  Compresses the given message using GZIP compressor
* */
function _compress(message) {
    const jsonMessage = JSON.stringify(message);
    const jsonBytes = new window.TextEncoder().encode(jsonMessage);

    return window.pako.gzip(jsonBytes);
}

/**
*  Decompresses the given message using GZIP compressor then converts it to JSON object
* */
function _decompress(compressedMessage) {
    const bytes = new Uint8Array(compressedMessage);
    const decompressedBytes = window.pako.ungzip(bytes);
    const decodedMessage = new window.TextDecoder().decode(decompressedBytes);
    return JSON.parse(decodedMessage);
}

Below is an example of how you prepare and send a request to the secured API endpoint:


const yourApiEndpoint = ''; // The actual URL of your API endpoint

// define the body data to be sent to the server
const bodyData = {
};

const requestOptions = {
    method: 'PUT', // The actual method of your API endpoint
    body: _compress(bodyData),
    headers: {
    }
};

const responseData = await fetch(yourApiEndpoint, requestOptions)
    .then(response => {
        if (!response.ok) {
            throw new Error('Network response was not ok');
        }
        return response.arrayBuffer();
    })
    .then(buffer => {
        const decompressedData = _decompress(buffer);
        console.log(decompressedData);

        return decompressedData;
    })
    .catch(error => {
        console.error('There was a problem with the fetch operation:', error);
    });

// your responsed data is here. It'll be decompressed and converted to a JSON object
console.log('responsed dat: ', responseData);

Here is the example if you use axios library for making Http requests:


const httpClient = axios.create({
    baseURL: 'your_api_based_url'
});

const responseData = await httpClient.put(yourApiEndpoint, _compress(syncData),
    {
        responseType: 'arraybuffer'
    })
    .then(response => {
        const decompressedData = _decompress(response.data);
        console.log(decompressedData);

        return decompressedData;
    })
    .catch(error => {
        console.error(error);
    });

  • Dart:

Work In Progress

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
2025.0.2 70 1/21/2025
2025.0.2-preview-278 61 1/21/2025
2025.0.2-preview-277 86 12/16/2024
2025.0.1-rc-243301701 72 11/25/2024
2024.0.14.6 96 11/25/2024
2024.0.14.6-rc-243031001 73 10/29/2024
2024.0.14.6-rc-243030701 78 10/29/2024
2024.0.14.6-rc-242840501 91 10/10/2024
2024.0.14.6-rc-242820305 74 10/8/2024
2024.0.14.6-rc-242771401 77 10/3/2024
2024.0.14.6-rc-242770501 73 10/3/2024
2024.0.14.6-rc-242770201 72 10/3/2024
2024.0.14.6-rc-242761801 76 10/2/2024
2024.0.14.6-rc-242761601 75 10/2/2024
2024.0.14.6-rc-242761501 77 10/2/2024
2024.0.14.6-rc-242761401 73 10/2/2024
2024.0.14.6-rc-242760701 79 10/2/2024
2024.0.14.6-rc-242751002 73 10/1/2024
2024.0.14.6-rc-242750901 74 10/1/2024
2024.0.14.6-rc-242750502 73 10/1/2024
2024.0.14.6-rc-242750201 73 10/1/2024
2024.0.14.6-rc-242741501 83 9/30/2024
2024.0.14.6-rc-242730701 82 9/29/2024
2024.0.14.6-preview-2730501 74 9/29/2024
2024.0.14.6-preview-2701501 79 9/26/2024
2024.0.14.6-preview-2620901 93 9/18/2024
2024.0.14.6-preview-2570701 79 9/13/2024
2024.0.14.6-preview-2510703 103 9/7/2024
2024.0.14.6-preview-2480501 92 9/4/2024
2024.0.14.6-preview-2430401 105 8/30/2024
2024.0.14.6-preview-242730701 83 9/29/2024
2024.0.14.6-preview-2421703 93 8/29/2024
2024.0.14.6-preview-2421701 97 8/29/2024
2024.0.14.6-preview-2420901 95 8/29/2024
2024.0.14.6-preview-2390101 107 8/26/2024
2024.0.14.6-preview-2381603 105 8/25/2024
2024.0.14.6-preview-2341601 113 8/21/2024
2024.0.14.6-preview-2321602 101 8/20/2024
2024.0.14.6-preview-2190801 80 8/6/2024
2024.0.14.6-preview-2041501 100 7/22/2024
2024.0.14.6-preview-1920603 111 7/10/2024
2024.0.14.6-preview-1920301 92 7/10/2024
2024.0.14.6-preview-1911302 89 7/9/2024
2024.0.14.6-preview-1901001 113 7/8/2024
2024.0.14.6-preview-1900901 97 7/8/2024
2024.0.14.6-preview-1900801 102 7/8/2024
2024.0.14.6-preview-1860304 87 7/4/2024
2024.0.14.5 118 7/1/2024
2024.0.14.5-preview-1811601 100 6/29/2024
2024.0.14.5-preview-1810501 102 6/29/2024
2024.0.14.5-preview-180132 88 6/28/2024
2024.0.14.5-preview-180131 97 6/28/2024
2024.0.14.5-preview-180121 86 6/28/2024
2024.0.14.4 118 6/27/2024
2024.0.14.4-preview-7 100 6/27/2024
2024.0.14.3 115 6/21/2024
2024.0.14.1 116 6/6/2024
2024.0.14.1-preview 95 6/6/2024
2024.0.14-preview-1 96 6/6/2024
2024.0.13.8-preview 97 6/6/2024
2024.0.13.1-preview-0146 97 6/6/2024
2024.0.12.15803-preview-03 91 6/6/2024
2024.0.12.15608 115 6/4/2024
2024.0.12.15515 117 6/3/2024
2024.0.12.15220 108 5/31/2024
2024.0.12.15220-alpha31-240... 86 5/31/2024
2024.0.12.14911 119 5/28/2024
2024.0.12.14910-alpha28-240... 99 5/28/2024
2024.0.12.14823 117 5/27/2024
2024.0.12.14522-alpha7-2405... 107 5/24/2024
2024.0.12.14514-alpha6-2405... 112 5/24/2024
2024.0.12.14511 117 5/24/2024
2024.0.12.14314 120 5/22/2024
2024.0.12.14114 121 5/20/2024