Azure mobile services service to service communication

1
votes

Is there a way to call a custom api script from within a table interceptor script on the same mobile service via an internal url?

Or do you always have to use the public url(https://.azure-mobile.net). In this case together with the X-ZUMO-MASTER header because it's service to service communication. The custom api should only be called from this script, not by external applictions or authenticated users. I want to prevent that the master key leaves the server even over an encrypted channel.

1
securityazureazure-mobile-services

1 Answers

1
votes

If you're within different services, then you need to use the public URL, and mark the API you want to call as "Admin" access as you mentioned.

If you want to call a custom API from a table script in the same service, then you can just "require" the custom API and call it as a regular JS function. Notice that although the API takes a "request" and a "response" parameter, this is JavaScript, so anything that looks like a request / response will work (duck typing). For example, if I have this custom API called 'calculator' defined as follows:

exports.post = function(request, response) {
    var x = request.body.x || request.param('x');
    var y = request.body.y || request.param('y');
    var op = request.body.op || request.body.operation || request.param('op');
    calculateAndReturn(x, y, op, response);
};

exports.get = function(request, response) {
    var x = request.param('x');
    var y = request.param('y');
    var op = request.param('op') || request.param('operator');
    calculateAndReturn(x, y, op);
};

function calculateAndReturn(x, y, operator, response) {
    var result = calculate(x, y, operator);
    if (typeof result === 'undefined') {
        response.send(400, { error: 'Invalid or missing parameters' });
    } else {
        response.send(statusCodes.OK, { result : result });
    }
}

function calculate(x, y, operator) {
    var undef = {}.a;

    if (_isUndefined(x) || _isUndefined(y) || _isUndefined(operator)) {
        return undef;
    }

    switch (operator) {
        case '+':
        case 'add':
            return x + y;
        case '-':
        case 'sub':
            return x - y;
        case '*':
        case 'mul':
            return x * y;
        case '/':
        case 'div':
            return x / y;
    }

    return undef;
}

function _isUndefined(x) {
    return typeof x === 'undefined';
}

Notice that for the POST operation, it only needs from the request a 'body' parameter with three members (x, y, op), and the only function in the response that is called is send. We can call it from a table script by passing what it needs to the calculator:

function insert(item, user, request) {
    var calculator = require('../api/calculator');
    var quantity = item.quantity;
    var unitPrice = item.unitPrice;
    calculator.post({ body: { x: quantity, y: unitPrice, op: '*' } }, {
        send: function(status, body) {
            if (status === statusCodes.OK) {
                item.totalPrice = body.result;
                request.execute();
            } else {
                request.respond(status, body);
            }
        }
    });
}