Home Blog Talks

Serverless Best Practices for Network Requests (Part 2)

2019-11-17

This article will provide solutions to the following problems:

How to conveniently read and write cookies in cloud functions?

The native cloud function passes in the cookie information through the headers in the Context, and writes the cookie by returning the set-cookie of the headers. This method is obviously not friendly enough for developers, so FaasJS encapsulates its read and write operations in @faasjs In the /http plug-in, you can read and write cookies in the following ways:

import { Func } from '@faasjs/func';
import { Http } from '@faasjs/http';

const http = new Http(); // Create http plug-in instance

export default new Func({
   plugins: [http], // Put the http plugin instance into the cloud function plugin
   async handler(){
     console.log(http.cookie.read('key')); // Read cookie
     http.cookie.write('key', 'value'); // Write cookie
   }
});

How to store and use Session in Serverless?

In the serverless scenario, each cloud function is independent of each other. If the Session is processed uniformly, it will cause a large performance loss.

Therefore, in order to enable each cloud function to process Session information independently, it is recommended to encrypt the Session and store it in Cookie. In order to avoid too much Cookie information, it is recommended to store only necessary information, such as user_id.

Session usage examples are as follows:

import { Func } from '@faasjs/func';
import { Http } from '@faasjs/http';

const http = new Http();

export default new Func({
   plugins: [http],
   handler(){
     // Write distinct_id in session as user_id
     http.session.write('user_id', http.session.read('distinct_id'));
   }
});

Input parameter verification

As network security becomes more and more important, FaasJS also has built-in parameter verification to avoid some attacks. Input parameter verification mainly supports the following functions:

The code example is as follows:

const http = new Http({
   validator: { // Configure input parameter verification
     params: { // Verify request parameters
       whitelist: 'error', // If a non-whitelist input parameter is found, an error will be reported
       rules: { // Verification rules for each parameter
         key: { // parameter name
           required: true, // required
           type: 'object', // parameter type
           config: { //Multi-layer verification
             whitelist: 'error',
             rules: {
               subKey: { // parameter name
                 in: [1, 2], // Enumeration value verification
                 default: 1 //Set the default value
               }
             }
           }
         }
       }
     }
   }
});

Since the input parameter verification function supports Session, it can be used for simple authentication. For example, the user_id in the Session is required to be verified to determine whether the user is logged in.

Back to all posts