Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
github.com/akurczyk/golang_echo_blogging_platform
- Version published
- Created
Golang Echo blogging platform
Technologies
Description
A group of snippet projects made with Golang, Echo framework, and multiple libraries and databases (SQL and NoSQL) providing an API backend allowing users to register, login, and write posts and comments.
Each of these projects is Dockerized with the multi-stage build and unprivileged user execution in the final image. In the future addition of Kubernetes Helm charts is planned and another flavors with Cassandra and Scylla is planned.
To run a single project, execute docker-compose up in the project directory and go to http://127.0.0.1:1323/. Swagger
with API reference will be available at http://127.0.0.1:1323/swagger/index.html. Prometheus metrics will be accessible
at http://127.0.0.1:1323/metrics.
Authorization
Most of the endpoints require an authorization with HTTP bearer token with the prefix Bearer<space>. To obtain the
token, issue a POST request to /token endpoint with form-encoded values of user's name and password gathered by
creating the user with POST request to /user endpoint. An example of these transactions has been shown in the API
reference in 999 directory.
Versions
-
001_postgres_and_redis – Version with PostgreSQL database used to store users, posts, and comments and Redis used to store session data. The authentication is done with Bearer Tokens. Swagger and Prometheus are available.
-
002_mysql_and_redis – Almost the same as described above but with the use of MySQL instead of PostgreSQL.
-
003_MONGO_and_redis – The same as above but with MongoDB used to store content.
-
999_memory – Basic version with no real database. The data are stored in RAM during the execution of the program. This can not be scaled. The API is "documented" in
api_reference.mdas there is no Swagger. Also, there is no Prometheus included. This is the version that any other one described above is based on. The authentication is done with Bearer Tokens.
TODO
- Write tests
- Add Helm charts
- Add Cassandra and Scylla flavours
FAQs
Unknown package
Package last updated on 14 Dec 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024