Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
github.com/hungtd121/gorest
gorest is a starter kit, written in Golang with Gin framework, for rapid prototyping and developing a RESTful API. The source code is released under the MIT license and is free for any personal or commercial project.
1.x.y
1
: production-ready
x
: breaking changes
y
: new functionality or bug fixes in a backwards compatible manner
Version 1.6.x
contains breaking changes!
Note: For version 1.4.5
(obsolete): v1.4.5
For all projects, it is recommended to use version 1.6.x
or higher.
Go 1.19+
Note: gorest uses GORM as its ORM
Argon2id
with optional secret (NIST 800-63B
recommends using a secret value of at least 112 bits)HTML
templatesProcedures to generate HS256, HS384, HS512 keys using openssl:
openssl rand -base64 32
openssl rand -base64 48
openssl rand -base64 64
Procedures to generate public-private key pair using openssl:
openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem
openssl ec -in private-key.pem -pubout -out public-key.pem
openssl ecparam -name secp384r1 -genkey -noout -out private-key.pem
openssl ec -in private-key.pem -pubout -out public-key.pem
openssl ecparam -name secp521r1 -genkey -noout -out private-key.pem
openssl ec -in private-key.pem -pubout -out public-key.pem
openssl genpkey -algorithm RSA -out private-key.pem -pkeyopt rsa_keygen_bits:2048
openssl rsa -in private-key.pem -pubout -out public-key.pem
openssl genpkey -algorithm RSA -out private-key.pem -pkeyopt rsa_keygen_bits:3072
openssl rsa -in private-key.pem -pubout -out public-key.pem
openssl genpkey -algorithm RSA -out private-key.pem -pkeyopt rsa_keygen_bits:4096
openssl rsa -in private-key.pem -pubout -out public-key.pem
# syntax=docker/dockerfile:1
version: '3.9'
name: go
services:
goapi:
image: golang:latest
container_name: goapi
working_dir: /app/
restart: unless-stopped:10s
command: /app/goapi
ports:
- '127.0.0.1:8000:8999'
volumes:
- ./app:/app/
Please study the .env.sample
file. It is one of the most crucial files required
to properly set up a new project. Please rename the .env.sample
file to .env
,
and set the environment variables according to your own instance setup.
Tutorials:
For version 1.6.x
, please check the project in example
For version 1.4.x
and 1.5.x
, Wiki (obsolete)
import (
"github.com/gin-gonic/gin"
gconfig "github.com/pilinux/gorest/config"
gcontroller "github.com/pilinux/gorest/controller"
gdatabase "github.com/pilinux/gorest/database"
gmiddleware "github.com/pilinux/gorest/lib/middleware"
)
git
Note: For MySQL driver, please check issue: 7
Note For SQLite3:
DBUSER
, DBPASS
, DBHOST
and DBPORT
environment variables are not required.DBNAME
must contain the full or relative path of the database file name; i.e,/user/location/database.db
or,
./database.db
package | file | error code range |
---|---|---|
controller | login.go | 1011 - 1012 |
controller | twoFA.go | 1041 - 1044 |
database | dbConnect.go | 150 - 155 , 161 |
handler | auth.go | 1001 - 1003 |
handler | login.go | 1013 - 1014 |
handler | logout.go | 1016 |
handler | passwordReset.go | 1021 - 1030 |
handler | twoFA.go | 1051 - 1056 |
handler | verification.go | 1061 - 1065 |
service | common.go | 401 - 406 |
service | security.go | 501 |
For testing:
export TEST_ENV_URL="https://s3.nl-ams.scw.cloud/ci.config/github.action/gorest.pilinux/.env"
export TEST_INDEX_HTML_URL="https://s3.nl-ams.scw.cloud/ci.config/github.action/gorest.pilinux/index.html"
export TEST_KEY_FILE_LOCATION="https://s3.nl-ams.scw.cloud/ci.config/github.action/gorest.pilinux"
export TEST_SENTRY_DSN="please_set_your_sentry_DSN_here"
go test -v -cover ./...
Please see CONTRIBUTING to join this amazing project.
Please see this document.
© Mahir Hasan 2019 - 2024
Released under the MIT license
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.