Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/architectsystematictechnology/iron
Welcome to IronFunctions! The open source serverless platform.
IronFunctions is an open source serverless platform, or as we like to refer to it, Functions as a Service (FaaS) platform that you can run anywhere.
Serverless is a new paradigm in computing that enables simplicity, efficiency and scalability for both developers and operators. It's important to distinguish the two, because the benefits differ:
The main benefits that most people refer to are on the developer side and they include:
Since you'll be running IronFunctions yourself, the paying part may not apply, but it does apply to cost savings on your infrastructure bills as you'll read below.
If you will be operating IronFunctions (the person who has to manage the servers behind the serverless), then the benefits are different, but related.
There is a lot more reading you can do on the topic, just search for "what is serverless" and you'll find plenty of information. We have pretty thorough post on the Iron.io blog called What is Serverless Computing and Why is it Important.
Join our Slack community to get help and give feedback.
This guide will get you up and running in a few minutes.
docker login
)To get started quickly with IronFunctions, just fire up an iron/functions
container:
docker run --rm -it --name functions -v ${PWD}/data:/app/data -v /var/run/docker.sock:/var/run/docker.sock -p 8080:8080 iron/functions
where ${PWD}/data is the directory where the functions application data files will be stored
This will start IronFunctions in single server mode, using an embedded database and message queue. You can find all the configuration options here. If you are on Windows, check here.
Install the IronFunctions CLI tool:
curl -LSs git.io/ironfn | sh
This will download a shell script and execute it. If the script asks for a password, that is because it invokes sudo.
Once installed close and re-open the terminal so the installed command fn
is in your path.
brew install iron-functions
Functions are small, bite sized bits of code that do one simple thing. Forget about monoliths when using functions, just focus on the task that you want the function to perform.
The following is a Go function that just returns "Hello ${NAME}!":
package main
import (
"encoding/json"
"fmt"
"os"
)
type Person struct {
Name string
}
func main() {
p := &Person{Name: "World"}
json.NewDecoder(os.Stdin).Decode(p)
fmt.Printf("Hello %v!", p.Name)
}
Make a new folder and cd into that folder then copy and paste the code above into a file called func.go
. From that folder run the following commands to build your function and deploy it:
# create func.yaml file, replace $USERNAME with your Docker Hub username.
fn init $USERNAME/hello
# build the function
fn build
# test it - you can pass data into it too by piping it in, eg: `cat hello.payload.json | fn run`
fn run
# Once it's ready, build and push it to Docker Hub
fn build && fn push
# create an app - you only do this once per app
fn apps create myapp
# create a route that maps /hello to your new function
fn routes create myapp /hello
Now you can call your function:
curl http://localhost:8080/r/myapp/hello
Or surf to it: http://localhost:8080/r/myapp/hello
To update your function:
# update a function with a new version and push it
fn bump && fn build && fn push
# then update the route
fn routes update myapp /hello
See below for more details. And you can find a bunch of examples in various languages in the examples directory. You can also write your functions in AWS's Lambda format.
This is a more detailed explanation of the main commands you'll use in IronFunctions as a developer.
An application is essentially a grouping of functions, that put together, form an API. Here's how to create an app.
fn apps create myapp
Or using a cURL:
curl -H "Content-Type: application/json" -X POST -d '{
"app": { "name":"myapp" }
}' http://localhost:8080/v1/apps
Now that we have an app, we can route endpoints to functions.
A route is a way to define a path in your application that maps to a function. In this example, we'll map
/hello
to a simple Hello World!
function called iron/hello
which is a function we already made that you
can use -- yes, you can share functions! The source code for this function is in the examples directory.
You can read more about writing your own functions here.
fn routes create myapp /hello -i iron/hello
Or using cURL:
curl -H "Content-Type: application/json" -X POST -d '{
"route": {
"path":"/hello",
"image":"iron/hello"
}
}' http://localhost:8080/v1/apps/myapp/routes
Iron Functions API supports two levels of Authentication in two seperate scopes, service level authentication, (Which authenticates all requests made to the server from any client) and route level authentication. Route level authentication is applied whenever a function call made to a specific route.
Please check Authentication documentation for more information.
Calling your function is as simple as requesting a URL. Each app has its own namespace and each route mapped to the app.
The app myapp
that we created above along with the /hello
route we added would be called via the following
URL: http://localhost:8080/r/myapp/hello
Either surf to it in your browser or use fn
:
fn call myapp /hello
Or using a cURL:
curl http://localhost:8080/r/myapp/hello
Your function will get the body of the HTTP request via STDIN, and the headers of the request will be passed in as env vars. You can test a function with the CLI tool:
echo '{"name":"Johnny"}' | fn call myapp /hello
Or using cURL:
curl -H "Content-Type: application/json" -X POST -d '{
"name":"Johnny"
}' http://localhost:8080/r/myapp/hello
You should see it say Hello Johnny!
now instead of Hello World!
.
IronFunctions supports synchronous function calls like we just tried above, and asynchronous for background processing.
Asynchronous function calls are great for tasks that are CPU heavy or take more than a few seconds to complete. For instance, image processing, video processing, data processing, ETL, etc. Architecturally, the main difference between synchronous and asynchronous is that requests to asynchronous functions are put in a queue and executed on upon resource availability so that they do not interfere with the fast synchronous responses required for an API. Also, since it uses a message queue, you can queue up millions of function calls without worrying about capacity as requests will just be queued up and run at some point in the future.
To add an asynchronous function, create another route with the "type":"async"
, for example:
curl -H "Content-Type: application/json" -X POST -d '{
"route": {
"type": "async",
"path":"/hello-async",
"image":"iron/hello"
}
}' http://localhost:8080/v1/apps/myapp/routes
Now if you request this route:
curl -H "Content-Type: application/json" -X POST -d '{
"name":"Johnny"
}' http://localhost:8080/r/myapp/hello-async
You will get a call_id
in the response:
{"call_id":"572415fd-e26e-542b-846f-f1f5870034f2"}
If you watch the logs, you will see the function actually runs in the background:
Read more on logging.
docker run --rm -it --link functions:api -p 4000:4000 -e "API_URL=http://api:8080" iron/functions-ui
For more information, see: https://github.com/iron-io/functions-ui
See Writing Functions.
And you can find a bunch of examples in the /examples directory.
See docs/ for full documentation.
These are the high level roadmap goals. See milestones for detailed issues.
You can get community support via:
You can get commercial support by contacting Iron.io
See contributing.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.