Plugin Catalog

Preliminaries

This is a catalog of the plugins developed by Read Write Tools for the HTTP/2 Server. All of these are available on NPM and Github.

Basic patterns

These plugins serve a useful purpose on their own, while also providing basic lessons regarding patterns that can be followed when developing your own plugins. Read more about plugin patterns in the Processing Sequence note.

Plugin SDK

The Plugin SDK comprises a small collection of functions, classes, and enums that allow you to develop high quality plugins that adhere to the basic design of the HTTP/2 server software.

Custom Header

The Custom Header plugin is perhaps the simplest possible plugin that actually does something useful. A custom header and value are added to every outgoing response that matches a given path-pattern.

Lessons

• Accessing configuration variables from the plugin.
• Following the "chainable processing" pattern by omitting any calls to setStatusCode().

Visitor Count

The Visitor Count plugin is triggered each time a web browser requests your website's favicon.ico. Generally this happens the first time a visitor requests a page. Robots ignore this file, allowing this simple technique to serve as an easy way to count human visitors. Subsequent browser requests don't need to fetch this file again, so only unique new visitors are counted.

Lessons

• Accessing configuration variables from the plugin.
• Following the "chainable processing" pattern by omitting any calls to setStatusCode().
• Implementing the shutdown() method to save state.

Lowercase

The Lowercase plugin examines the incoming request path for uppercase letters and the file system is probed with its equivalent lowercase name. If the equivalent filename exists, return with a status code of 302 Found and a location header, instructing the browser to reissue the request.

Lessons

• Adding a standard response header using addStdHeader().
• Setting an "empty" response body with setEmptyPayload().
• Setting the response status code with setStatusCode().
• Following the "empty-body processing" pattern by calling setEmptyPayload().

Brute Force

The Brute Force plugin temporarily blacklists an IP address that attempts to POST too many times in a given period. This is well suited to blocking brute-force attacks on login pages.

Lessons

• Passing configuration variables into the plugin.
• Using the startup() method for initialization.
• Accessing each request's IP address.
• Periodically triggering a cleanup operation.
• Conditionally following the "chainable processing" pattern or the "terminal processing" pattern.

Lorem Ipsum

The Lorem Ipsum plugin generates a response body with Lorem Ipsum in deterministic or random order for testing purposes.

Lessons

• Using default values provided in the configuration file.
• Honoring request values provided in query-string variables.
• Following the "response-body processing" pattern by calling setOutgoingPayload().

Ready-to-go Plugins

Multi Upload

The Multi Upload plugin handles the saving of multipart/form-data containing client files chosen by the user, assembled with HTML's FormData object, and uploaded using a POST method.

Nodemailer

The Nodemailer plugin responds to properly prepared POSTs by sending a confirmation email to the designated recipient. The code is purposefully over-simplified, and is intended to be a starting point only, for developing a customized subscription list that fits your needs.

MySQL REST

The MySQL REST plugin accesses a MySQL database using HTTP with JSON-encoded request and response bodies. Four basic methods are available:

• PUT requests to create a new row in a specified table.
• PATCH requests to update specified columns of row(s) matching specified conditions.
• DELETE requests to delete row(s) matching specified conditions.
• GET requests to retrieve a LIMITed number of rows in a SORTed order WHERE specified conditions are met.

Third party plugins

Plugins for the HTTP/2 Server may be developed and published to NPM by anyone. Since plugins have the ability to examine and use server resources, you should exercise proper precautions to verify the security implications of plugins published by third parties.