@backstage/plugin-proxy-backend 0.0.0-nightly-20219322159

package/CHANGELOG.md

@@ -0,0 +1,162 @@
+# @backstage/plugin-proxy-backend
+
+## 0.0.0-nightly-20219322159
+
+### Patch Changes
+
+- 957e4b3351: Updated dependencies
+
+## 0.2.12
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/backend-common@0.9.0
+  - @backstage/config@0.1.8
+
+## 0.2.11
+
+### Patch Changes
+
+- 13da7be3c: Clean up proxy creation log messages and make them include the mount path.
+
+## 0.2.10
+
+### Patch Changes
+
+- 3108ff7bf: Make `yarn dev` respect the `PLUGIN_PORT` environment variable.
+- 6ffcf9ed8: Bump http-proxy-middleware from 0.19.2 to 2.0.0
+- Updated dependencies
+  - @backstage/backend-common@0.8.3
+
+## 0.2.9
+
+### Patch Changes
+
+- 875809a59: Fixed proxy requests to the base URL of routes without a trailing slash redirecting to the `target` with the full path appended.
+- Updated dependencies [92963779b]
+- Updated dependencies [eda9dbd5f]
+  - @backstage/backend-common@0.8.2
+
+## 0.2.8
+
+### Patch Changes
+
+- Updated dependencies [22fd8ce2a]
+- Updated dependencies [f9fb4a205]
+  - @backstage/backend-common@0.8.0
+
+## 0.2.7
+
+### Patch Changes
+
+- cdb3426e5: Prefix proxy routes with `/` if not present in configuration
+- Updated dependencies [e0bfd3d44]
+- Updated dependencies [38ca05168]
+- Updated dependencies [d8b81fd28]
+  - @backstage/backend-common@0.7.0
+  - @backstage/config@0.1.5
+
+## 0.2.6
+
+### Patch Changes
+
+- Updated dependencies [8686eb38c]
+- Updated dependencies [0434853a5]
+- Updated dependencies [8686eb38c]
+  - @backstage/backend-common@0.6.0
+  - @backstage/config@0.1.4
+
+## 0.2.5
+
+### Patch Changes
+
+- 1987c9341: Added a verification for well formed URLs when processing proxy targets. Otherwise users gets a cryptic error message thrown from Express which makes it hard to debug.
+- 9ce68b677: Fix for proxy-backend plugin when global-agent is enabled
+- Updated dependencies [497859088]
+- Updated dependencies [8adb48df4]
+  - @backstage/backend-common@0.5.5
+
+## 0.2.4
+
+### Patch Changes
+
+- Updated dependencies [0b135e7e0]
+- Updated dependencies [294a70cab]
+- Updated dependencies [0ea032763]
+- Updated dependencies [5345a1f98]
+- Updated dependencies [09a370426]
+  - @backstage/backend-common@0.5.0
+
+## 0.2.3
+
+### Patch Changes
+
+- Updated dependencies [38e24db00]
+- Updated dependencies [e3bd9fc2f]
+- Updated dependencies [12bbd748c]
+- Updated dependencies [e3bd9fc2f]
+  - @backstage/backend-common@0.4.0
+  - @backstage/config@0.1.2
+
+## 0.2.2
+
+### Patch Changes
+
+- 6a6c7c14e: Filter the headers that are sent from the proxied-targed back to the frontend to not forwarded unwanted authentication or
+  monitoring contexts from other origins (like `Set-Cookie` with e.g. a google analytics context). The implementation reuses
+  the `allowedHeaders` configuration that now controls both directions `frontend->target` and `target->frontend`.
+- 3619ea4c4: Add configuration schema for the commonly used properties
+- Updated dependencies [612368274]
+  - @backstage/backend-common@0.3.3
+
+## 0.2.1
+
+### Patch Changes
+
+- Updated dependencies [1722cb53c]
+- Updated dependencies [1722cb53c]
+- Updated dependencies [7b37e6834]
+- Updated dependencies [8e2effb53]
+  - @backstage/backend-common@0.3.0
+
+## 0.2.0
+
+### Minor Changes
+
+- 5249594c5: Add service discovery interface and implement for single host deployments
+
+  Fixes #1847, #2596
+
+  Went with an interface similar to the frontend DiscoveryApi, since it's dead simple but still provides a lot of flexibility in the implementation.
+
+  Also ended up with two different methods, one for internal endpoint discovery and one for external. The two use-cases are explained a bit more in the docs, but basically it's service-to-service vs callback URLs.
+
+  This did get me thinking about uniqueness and that we're heading towards a global namespace for backend plugin IDs. That's probably fine, but if we're happy with that we should leverage it a bit more to simplify the backend setup. For example we'd have each plugin provide its own ID and not manually mount on paths in the backend.
+
+  Draft until we're happy with the implementation, then I can add more docs and changelog entry. Also didn't go on a thorough hunt for places where discovery can be used, but I don't think there are many since it's been pretty awkward to do service-to-service communication.
+
+- 9226c2aaa: Limit the http headers that are forwarded from the request to a safe set of defaults.
+  A user can configure additional headers that should be forwarded if the specific applications needs that.
+
+  ```yaml
+  proxy:
+    '/my-api':
+      target: 'https://my-api.com/get'
+      allowedHeaders:
+        # We need to forward the Authorization header that was provided by the caller
+        - Authorization
+  ```
+
+### Patch Changes
+
+- Updated dependencies [5249594c5]
+- Updated dependencies [56e4eb589]
+- Updated dependencies [e37c0a005]
+- Updated dependencies [f00ca3cb8]
+- Updated dependencies [6579769df]
+- Updated dependencies [8c2b76e45]
+- Updated dependencies [440a17b39]
+- Updated dependencies [8afce088a]
+- Updated dependencies [7bbeb049f]
+  - @backstage/backend-common@0.2.0

package/README.md

@@ -0,0 +1,32 @@
+# Proxy backend plugin
+
+This is the backend plugin that enables proxy definitions to be declared in,
+and read from, `app-config.yaml`.
+
+Relies on the `http-proxy-middleware` package.
+
+## Getting Started
+
+This backend plugin can be started in a standalone mode from directly in this package
+with `yarn start`. However, it will have limited functionality and that process is
+most convenient when developing the plugin itself.
+
+The proxy is already installed in the Backstage backend per default, so you can also
+start up the full example backend to experiment with the proxy.
+
+```bash
+yarn workspace example-backend start
+```
+
+## Configuration
+
+See [the proxy docs](https://backstage.io/docs/plugins/proxying).
+
+## Links
+
+- [Call Existing API](https://backstage.io/docs/plugins/call-existing-api) helps the
+  decision process of what method of communication to use from a frontend plugin to
+  your API
+- [The proxy plugin documentation](https://backstage.io/docs/plugins/proxying) describes
+  configuration options and more
+- [http-proxy-middleware](https://www.npmjs.com/package/http-proxy-middleware)

package/config.d.ts

@@ -0,0 +1,55 @@
+/*
+ * Copyright 2020 The Backstage Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export interface Config {
+  /**
+   * A list of forwarding-proxies. Each key is a route to match,
+   * below the prefix that the proxy plugin is mounted on. It must
+   * start with a '/'.
+   */
+  proxy?: {
+    [key: string]:
+      | string
+      | {
+          /**
+           * Target of the proxy. Url string to be parsed with the url module.
+           */
+          target: string;
+          /**
+           * Object with extra headers to be added to target requests.
+           */
+          headers?: { [key: string]: string };
+          /**
+           * Changes the origin of the host header to the target URL. Default: true.
+           */
+          changeOrigin?: boolean;
+          /**
+           * Rewrite target's url path. Object-keys will be used as RegExp to match paths.
+           * If pathRewrite is not specified, it is set to a single rewrite that removes the entire prefix and route.
+           */
+          pathRewrite?: { [regexp: string]: string };
+          /**
+           * Limit the forwarded HTTP methods, for example allowedMethods: ['GET'] to enforce read-only access.
+           */
+          allowedMethods?: string[];
+          /**
+           * Limit the forwarded HTTP methods. By default, only the headers that are considered safe for CORS
+           * and headers that are set by the proxy will be forwarded.
+           */
+          allowedHeaders?: string[];
+        };
+  };
+}

package/dist/index.cjs.js

@@ -0,0 +1,94 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var Router = require('express-promise-router');
+var httpProxyMiddleware = require('http-proxy-middleware');
+
+function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }
+
+var Router__default = /*#__PURE__*/_interopDefaultLegacy(Router);
+
+const safeForwardHeaders = [
+  "cache-control",
+  "content-language",
+  "content-length",
+  "content-type",
+  "expires",
+  "last-modified",
+  "pragma",
+  "host",
+  "accept",
+  "accept-language",
+  "user-agent"
+];
+function buildMiddleware(pathPrefix, logger, route, config) {
+  var _a;
+  const fullConfig = typeof config === "string" ? {target: config} : {...config};
+  if (typeof fullConfig.target !== "string") {
+    throw new Error(`Proxy target must be a string`);
+  }
+  try {
+    new URL(fullConfig.target);
+  } catch {
+    throw new Error(`Proxy target is not a valid URL: ${(_a = fullConfig.target) != null ? _a : ""}`);
+  }
+  if (fullConfig.pathRewrite === void 0) {
+    let routeWithSlash = route.endsWith("/") ? route : `${route}/`;
+    if (!pathPrefix.endsWith("/") && !routeWithSlash.startsWith("/")) {
+      routeWithSlash = `/${routeWithSlash}`;
+    } else if (pathPrefix.endsWith("/") && routeWithSlash.startsWith("/")) {
+      routeWithSlash = routeWithSlash.substring(1);
+    }
+    fullConfig.pathRewrite = {
+      [`^${pathPrefix}${routeWithSlash}?`]: "/"
+    };
+  }
+  if (fullConfig.changeOrigin === void 0) {
+    fullConfig.changeOrigin = true;
+  }
+  fullConfig.logProvider = () => logger;
+  const requestHeaderAllowList = new Set([
+    ...safeForwardHeaders,
+    ...fullConfig.headers && Object.keys(fullConfig.headers) || [],
+    ...fullConfig.allowedHeaders || []
+  ].map((h) => h.toLocaleLowerCase()));
+  const filter = (_pathname, req) => {
+    var _a2, _b;
+    const headerNames = Object.keys(req.headers);
+    headerNames.forEach((h) => {
+      if (!requestHeaderAllowList.has(h.toLocaleLowerCase())) {
+        delete req.headers[h];
+      }
+    });
+    return (_b = (_a2 = fullConfig == null ? void 0 : fullConfig.allowedMethods) == null ? void 0 : _a2.includes(req.method)) != null ? _b : true;
+  };
+  filter.toString = () => route;
+  const responseHeaderAllowList = new Set([
+    ...safeForwardHeaders,
+    ...fullConfig.allowedHeaders || []
+  ].map((h) => h.toLocaleLowerCase()));
+  fullConfig.onProxyRes = (proxyRes) => {
+    const headerNames = Object.keys(proxyRes.headers);
+    headerNames.forEach((h) => {
+      if (!responseHeaderAllowList.has(h.toLocaleLowerCase())) {
+        delete proxyRes.headers[h];
+      }
+    });
+  };
+  return httpProxyMiddleware.createProxyMiddleware(filter, fullConfig);
+}
+async function createRouter(options) {
+  var _a;
+  const router = Router__default['default']();
+  const externalUrl = await options.discovery.getExternalBaseUrl("proxy");
+  const {pathname: pathPrefix} = new URL(externalUrl);
+  const proxyConfig = (_a = options.config.getOptional("proxy")) != null ? _a : {};
+  Object.entries(proxyConfig).forEach(([route, proxyRouteConfig]) => {
+    router.use(route, buildMiddleware(pathPrefix, options.logger, route, proxyRouteConfig));
+  });
+  return router;
+}
+
+exports.createRouter = createRouter;
+//# sourceMappingURL=index.cjs.js.map

package/dist/index.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.cjs.js","sources":["../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Config } from '@backstage/config';\nimport express from 'express';\nimport Router from 'express-promise-router';\nimport {\n  createProxyMiddleware,\n  Options,\n  RequestHandler,\n} from 'http-proxy-middleware';\nimport { Logger } from 'winston';\nimport http from 'http';\nimport { PluginEndpointDiscovery } from '@backstage/backend-common';\n\n// A list of headers that are always forwarded to the proxy targets.\nconst safeForwardHeaders = [\n  // https://fetch.spec.whatwg.org/#cors-safelisted-request-header\n  'cache-control',\n  'content-language',\n  'content-length',\n  'content-type',\n  'expires',\n  'last-modified',\n  'pragma',\n\n  // host is overridden by default. if changeOrigin is configured to false,\n  // we assume this is a intentional and should also be forwarded.\n  'host',\n\n  // other headers that we assume to be ok\n  'accept',\n  'accept-language',\n  'user-agent',\n];\n\nexport interface RouterOptions {\n  logger: Logger;\n  config: Config;\n  discovery: PluginEndpointDiscovery;\n}\n\nexport interface ProxyConfig extends Options {\n  allowedMethods?: string[];\n  allowedHeaders?: string[];\n}\n\n// Creates a proxy middleware, possibly with defaults added on top of the\n// given config.\nexport function buildMiddleware(\n  pathPrefix: string,\n  logger: Logger,\n  route: string,\n  config: string | ProxyConfig,\n): RequestHandler {\n  const fullConfig =\n    typeof config === 'string' ? { target: config } : { ...config };\n\n  // Validate that target is a valid URL.\n  if (typeof fullConfig.target !== 'string') {\n    throw new Error(`Proxy target must be a string`);\n  }\n  try {\n    // eslint-disable-next-line no-new\n    new URL(fullConfig.target! as string);\n  } catch {\n    throw new Error(\n      `Proxy target is not a valid URL: ${fullConfig.target ?? ''}`,\n    );\n  }\n\n  // Default is to do a path rewrite that strips out the proxy's path prefix\n  // and the rest of the route.\n  if (fullConfig.pathRewrite === undefined) {\n    let routeWithSlash = route.endsWith('/') ? route : `${route}/`;\n\n    if (!pathPrefix.endsWith('/') && !routeWithSlash.startsWith('/')) {\n      // Need to insert a / between pathPrefix and routeWithSlash\n      routeWithSlash = `/${routeWithSlash}`;\n    } else if (pathPrefix.endsWith('/') && routeWithSlash.startsWith('/')) {\n      // Never expect this to happen at this point in time as\n      // pathPrefix is set using `getExternalBaseUrl` which \"Returns the\n      // external HTTP base backend URL for a given plugin,\n      // **without a trailing slash.**\". But in case this changes in future, we\n      // need to drop a / on either pathPrefix or routeWithSlash\n      routeWithSlash = routeWithSlash.substring(1);\n    }\n\n    // The ? makes the slash optional for the rewrite, so that a base path without an ending slash\n    // will also be matched (e.g. '/sample' and then requesting just '/api/proxy/sample' without an\n    // ending slash). Otherwise the target gets called with the full '/api/proxy/sample' path\n    // appended.\n    fullConfig.pathRewrite = {\n      [`^${pathPrefix}${routeWithSlash}?`]: '/',\n    };\n  }\n\n  // Default is to update the Host header to the target\n  if (fullConfig.changeOrigin === undefined) {\n    fullConfig.changeOrigin = true;\n  }\n\n  // Attach the logger to the proxy config\n  fullConfig.logProvider = () => logger;\n\n  // Only return the allowed HTTP headers to not forward unwanted secret headers\n  const requestHeaderAllowList = new Set<string>(\n    [\n      // allow all safe headers\n      ...safeForwardHeaders,\n\n      // allow all headers that are set by the proxy\n      ...((fullConfig.headers && Object.keys(fullConfig.headers)) || []),\n\n      // allow all configured headers\n      ...(fullConfig.allowedHeaders || []),\n    ].map(h => h.toLocaleLowerCase()),\n  );\n\n  // Use the custom middleware filter to do two things:\n  //  1. Remove any headers not in the allow list to stop them being forwarded\n  //  2. Only permit the allowed HTTP methods if configured\n  //\n  // We are filtering the proxy request headers here rather than in\n  // `onProxyReq` because when global-agent is enabled then `onProxyReq`\n  // fires _after_ the agent has already sent the headers to the proxy\n  // target, causing a ERR_HTTP_HEADERS_SENT crash\n  const filter = (_pathname: string, req: http.IncomingMessage): boolean => {\n    const headerNames = Object.keys(req.headers);\n    headerNames.forEach(h => {\n      if (!requestHeaderAllowList.has(h.toLocaleLowerCase())) {\n        delete req.headers[h];\n      }\n    });\n\n    return fullConfig?.allowedMethods?.includes(req.method!) ?? true;\n  };\n  // Makes http-proxy-middleware logs look nicer and include the mount path\n  filter.toString = () => route;\n\n  // Only forward the allowed HTTP headers to not forward unwanted secret headers\n  const responseHeaderAllowList = new Set<string>(\n    [\n      // allow all safe headers\n      ...safeForwardHeaders,\n\n      // allow all configured headers\n      ...(fullConfig.allowedHeaders || []),\n    ].map(h => h.toLocaleLowerCase()),\n  );\n\n  // only forward the allowed headers in backend->client\n  fullConfig.onProxyRes = (proxyRes: http.IncomingMessage) => {\n    const headerNames = Object.keys(proxyRes.headers);\n\n    headerNames.forEach(h => {\n      if (!responseHeaderAllowList.has(h.toLocaleLowerCase())) {\n        delete proxyRes.headers[h];\n      }\n    });\n  };\n\n  return createProxyMiddleware(filter, fullConfig);\n}\n\nexport async function createRouter(\n  options: RouterOptions,\n): Promise<express.Router> {\n  const router = Router();\n\n  const externalUrl = await options.discovery.getExternalBaseUrl('proxy');\n  const { pathname: pathPrefix } = new URL(externalUrl);\n\n  const proxyConfig = options.config.getOptional('proxy') ?? {};\n  Object.entries(proxyConfig).forEach(([route, proxyRouteConfig]) => {\n    router.use(\n      route,\n      buildMiddleware(pathPrefix, options.logger, route, proxyRouteConfig),\n    );\n  });\n\n  return router;\n}\n"],"names":["createProxyMiddleware","Router"],"mappings":";;;;;;;;;;;AA6BA,MAAM,qBAAqB;AAAA,EAEzB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAIA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA;yBAiBA,YACA,QACA,OACA,QACgB;AAnElB;AAoEE,QAAM,aACJ,OAAO,WAAW,WAAW,CAAE,QAAQ,UAAW,IAAK;AAGzD,MAAI,OAAO,WAAW,WAAW,UAAU;AACzC,UAAM,IAAI,MAAM;AAAA;AAElB,MAAI;AAEF,QAAI,IAAI,WAAW;AAAA,UACnB;AACA,UAAM,IAAI,MACR,oCAAoC,iBAAW,WAAX,YAAqB;AAAA;AAM7D,MAAI,WAAW,gBAAgB,QAAW;AACxC,QAAI,iBAAiB,MAAM,SAAS,OAAO,QAAQ,GAAG;AAEtD,QAAI,CAAC,WAAW,SAAS,QAAQ,CAAC,eAAe,WAAW,MAAM;AAEhE,uBAAiB,IAAI;AAAA,eACZ,WAAW,SAAS,QAAQ,eAAe,WAAW,MAAM;AAMrE,uBAAiB,eAAe,UAAU;AAAA;AAO5C,eAAW,cAAc;AAAA,OACtB,IAAI,aAAa,oBAAoB;AAAA;AAAA;AAK1C,MAAI,WAAW,iBAAiB,QAAW;AACzC,eAAW,eAAe;AAAA;AAI5B,aAAW,cAAc,MAAM;AAG/B,QAAM,yBAAyB,IAAI,IACjC;AAAA,IAEE,GAAG;AAAA,IAGH,GAAK,WAAW,WAAW,OAAO,KAAK,WAAW,YAAa;AAAA,IAG/D,GAAI,WAAW,kBAAkB;AAAA,IACjC,IAAI,OAAK,EAAE;AAWf,QAAM,SAAS,CAAC,WAAmB,QAAuC;AA5I5E;AA6II,UAAM,cAAc,OAAO,KAAK,IAAI;AACpC,gBAAY,QAAQ,OAAK;AACvB,UAAI,CAAC,uBAAuB,IAAI,EAAE,sBAAsB;AACtD,eAAO,IAAI,QAAQ;AAAA;AAAA;AAIvB,WAAO,sDAAY,mBAAZ,oBAA4B,SAAS,IAAI,YAAzC,YAAqD;AAAA;AAG9D,SAAO,WAAW,MAAM;AAGxB,QAAM,0BAA0B,IAAI,IAClC;AAAA,IAEE,GAAG;AAAA,IAGH,GAAI,WAAW,kBAAkB;AAAA,IACjC,IAAI,OAAK,EAAE;AAIf,aAAW,aAAa,CAAC,aAAmC;AAC1D,UAAM,cAAc,OAAO,KAAK,SAAS;AAEzC,gBAAY,QAAQ,OAAK;AACvB,UAAI,CAAC,wBAAwB,IAAI,EAAE,sBAAsB;AACvD,eAAO,SAAS,QAAQ;AAAA;AAAA;AAAA;AAK9B,SAAOA,0CAAsB,QAAQ;AAAA;4BAIrC,SACyB;AApL3B;AAqLE,QAAM,SAASC;AAEf,QAAM,cAAc,MAAM,QAAQ,UAAU,mBAAmB;AAC/D,QAAM,CAAE,UAAU,cAAe,IAAI,IAAI;AAEzC,QAAM,cAAc,cAAQ,OAAO,YAAY,aAA3B,YAAuC;AAC3D,SAAO,QAAQ,aAAa,QAAQ,CAAC,CAAC,OAAO,sBAAsB;AACjE,WAAO,IACL,OACA,gBAAgB,YAAY,QAAQ,QAAQ,OAAO;AAAA;AAIvD,SAAO;AAAA;;;;"}

package/dist/index.d.ts

@@ -0,0 +1,13 @@
+import { Config } from '@backstage/config';
+import express from 'express';
+import { Logger } from 'winston';
+import { PluginEndpointDiscovery } from '@backstage/backend-common';
+
+interface RouterOptions {
+    logger: Logger;
+    config: Config;
+    discovery: PluginEndpointDiscovery;
+}
+declare function createRouter(options: RouterOptions): Promise<express.Router>;
+
+export { createRouter };

package/package.json

@@ -0,0 +1,58 @@
+{
+  "name": "@backstage/plugin-proxy-backend",
+  "description": "A Backstage backend plugin that helps you set up proxy endpoints in the backend",
+  "version": "0.0.0-nightly-20219322159",
+  "main": "dist/index.cjs.js",
+  "types": "dist/index.d.ts",
+  "license": "Apache-2.0",
+  "publishConfig": {
+    "access": "public",
+    "main": "dist/index.cjs.js",
+    "types": "dist/index.d.ts"
+  },
+  "homepage": "https://backstage.io",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/backstage/backstage",
+    "directory": "plugins/proxy-backend"
+  },
+  "keywords": [
+    "backstage"
+  ],
+  "scripts": {
+    "start": "backstage-cli backend:dev",
+    "build": "backstage-cli backend:build",
+    "lint": "backstage-cli lint",
+    "test": "backstage-cli test",
+    "prepack": "backstage-cli prepack",
+    "postpack": "backstage-cli postpack",
+    "clean": "backstage-cli clean"
+  },
+  "dependencies": {
+    "@backstage/backend-common": "^0.9.0",
+    "@backstage/config": "^0.1.8",
+    "@types/express": "^4.17.6",
+    "express": "^4.17.1",
+    "express-promise-router": "^4.1.0",
+    "http-proxy-middleware": "^2.0.0",
+    "morgan": "^1.10.0",
+    "uuid": "^8.0.0",
+    "winston": "^3.2.1",
+    "yaml": "^1.9.2",
+    "yn": "^4.0.0",
+    "yup": "^0.32.9"
+  },
+  "devDependencies": {
+    "@backstage/cli": "^0.0.0-nightly-20219322159",
+    "@types/http-proxy-middleware": "^0.19.3",
+    "@types/supertest": "^2.0.8",
+    "@types/uuid": "^8.0.0",
+    "@types/yup": "^0.29.13",
+    "supertest": "^6.1.3"
+  },
+  "files": [
+    "dist",
+    "config.d.ts"
+  ],
+  "configSchema": "config.d.ts"
+}