Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/kamildrazkiewicz/iris
Iris project has been acquired by a Dubai-based startup.
Both sides agree that every related public data should remain open for at least 30 days.
After the period of 30 days, company has the proprietary rights to delete or transfer this repository and all its related public data forever without any warnings.
The company may or may not reveal its true identity to the public.
Transaction of the public domains still in-progress:
View-accessed users can clone the current state of the project's public repositories and use without any warranties.
From now on, Original Author owns a high position to the company's table.
At any circumstances,
Original Author keeps the creation rights.
Clone the repository today because if I can't find a new lead maintainer for the v7.2 you, as community, will have to find a way to communicate about its future, the name "iris go" was taken by the company too, so it will be nice if the future main contributor change its name too, if you don't do it I will not beat you but I don't know the full company's law-plan for this, yet.
All donators, without any exception, will have my support for at least 6 months (for all iris versions), we have a private room at the chat.
Don't worry I will not let you down, we're trying to find a decent open-source contributor to continue the Iris' open-source codebase. I'm already in touch with some good gophers but If you're willing to maintain this project please send me details about your experience, general bio and your github username.
I am really thankful for all of your support to me and the community, all donations, all bug reports, all comments without any exception. I did proceeded with all my physical abilities so far but unfortunately there weren't enough for my survivor. I'm really sorry if the latest news made iris open-source community disappointed but you have to see things from my point view, I was one step before bankruptcy, I had no other choice but accept the offer.
A fast, cross-platform and efficient web framework with robust set of well-designed features, written entirely in Go.
Build your own web applications and portable APIs with the highest performance and countless potentials.
If you're coming from Node.js world, this is the expressjs++ equivalent for the Go Programming Language.
The only requirement is the Go Programming Language, at least version 1.8
$ go get -u github.com/kataras/iris
Iris uses the vendor directory feature, so you get truly reproducible builds, as this method guards against upstream renames and deletes. For further installation support, please navigate here.
package main
import (
"github.com/kataras/iris"
"github.com/kataras/iris/context"
"github.com/kataras/iris/view"
)
// User is just a bindable object structure.
type User struct {
Username string `json:"username"`
Firstname string `json:"firstname"`
Lastname string `json:"lastname"`
City string `json:"city"`
Age int `json:"age"`
}
func main() {
app := iris.New()
// Define templates using the std html/template engine.
// Parse and load all files inside "./views" folder with ".html" file extension.
// Reload the templates on each request (development mode).
app.AttachView(view.HTML("./views", ".html").Reload(true))
// Regster custom handler for specific http errors.
app.OnErrorCode(iris.StatusInternalServerError, func(ctx context.Context) {
// .Values are used to communicate between handlers, middleware.
errMessage := ctx.Values().GetString("error")
if errMessage != "" {
ctx.Writef("Internal server error: %s", errMessage)
return
}
ctx.Writef("(Unexpected) internal server error")
})
app.Use(func(ctx context.Context) {
ctx.Application().Log("Begin request for path: %s", ctx.Path())
ctx.Next()
})
// app.Done(func(ctx context.Context) {})
// Method POST: http://localhost:8080/decode
app.Post("/decode", func(ctx context.Context) {
var user User
ctx.ReadJSON(&user)
ctx.Writef("%s %s is %d years old and comes from %s", user.Firstname, user.Lastname, user.Age, user.City)
})
// Method GET: http://localhost:8080/encode
app.Get("/encode", func(ctx context.Context) {
doe := User{
Username: "Johndoe",
Firstname: "John",
Lastname: "Doe",
City: "Neither FBI knows!!!",
Age: 25,
}
ctx.JSON(doe)
})
// Method GET: http://localhost:8080/profile/anytypeofstring
app.Get("/profile/{username:string}", profileByUsername)
usersRoutes := app.Party("/users", logThisMiddleware)
{
// Method GET: http://localhost:8080/users/42
usersRoutes.Get("/{id:int min(1)}", getUserByID)
// Method POST: http://localhost:8080/users/create
usersRoutes.Post("/create", createUser)
}
// Listen for incoming HTTP/1.x & HTTP/2 clients on localhost port 8080.
app.Run(iris.Addr(":8080"), iris.WithCharset("UTF-8"))
}
func logThisMiddleware(ctx context.Context) {
ctx.Application().Log("Path: %s | IP: %s", ctx.Path(), ctx.RemoteAddr())
// .Next is required to move forward to the chain of handlers,
// if missing then it stops the execution at this handler.
ctx.Next()
}
func profileByUsername(ctx context.Context) {
// .Params are used to get dynamic path parameters.
username := ctx.Params().Get("username")
ctx.ViewData("Username", username)
// renders "./views/users/profile.html"
// with {{ .Username }} equals to the username dynamic path parameter.
ctx.View("users/profile.html")
}
func getUserByID(ctx context.Context) {
userID := ctx.Params().Get("id") // Or convert directly using: .Values().GetInt/GetInt64 etc...
// your own db fetch here instead of user :=...
user := User{Username: "username" + userID}
ctx.XML(user)
}
func createUser(ctx context.Context) {
var user User
err := ctx.ReadForm(&user)
if err != nil {
ctx.Values().Set("error", "creating user, read and parse form failed. "+err.Error())
ctx.StatusCode(iris.StatusInternalServerError)
return
}
// renders "./views/users/create_verification.html"
// with {{ . }} equals to the User object, i.e {{ .Username }} , {{ .Firstname}} etc...
ctx.ViewData("", user)
ctx.View("users/create_verification.html")
}
$ go get -u github.com/kataras/rizla
$ cd $GOPATH/src/mywebapp
$ rizla main.go
Psst: Wanna go to _examples to see more code-snippets?
{userid:int min(1)}
, {asset:path}
, {custom regexp([a-z]+)}
Small but practical examples --they cover each feature.
Wanna create your own fast URL Shortener Service Using Iris? --click here to learn how.
Godocs --for deep understanding.
I'll be glad to talk with you about your awesome feature requests, open a new discussion, you will be heard!
Thanks in advance!
Iris is free and open source but developing it has taken thousands of hours of my time and a large part of my sanity. If you feel this web framework useful to you, it would go a great way to ensuring that I can afford to take the time to continue to develop it.
I spend all my time in the construction of Iris, therefore I have no income value.
Feel free to send any amount through paypal:
Please check your e-mail after your donation.
Thanks for your gratitude and finance help ♡
Iris has its own middleware form of func(ctx context.Context)
but it's also compatible with all net/http
middleware forms. See here.
I'm sure that each of you have, already, found his own favorite list but here's a small list of third-party handlers:
Middleware | Author | Description |
---|---|---|
tollbooth | Didip Kerabat | Generic middleware to rate-limit HTTP requests. Example |
goth | Mark Bates | OAuth, OAuth2 authentication. Example |
binding | Matt Holt | Data binding from HTTP requests into structs |
cloudwatch | Colin Steele | AWS cloudwatch metrics middleware |
csp | Awake Networks | Content Security Policy (CSP) support |
delay | Jeff Martinez | Add delays/latency to endpoints. Useful when testing effects of high latency |
New Relic Go Agent | Yadvendar Champawat | Official New Relic Go Agent (currently in beta) |
gorelic | Jingwen Owen Ou | New Relic agent for Go runtime |
JWT | Auth0 | Middleware checks for a JWT on the Authorization header on incoming requests and decodes it. Example |
logrus | Dan Buch | Logrus-based logger |
onthefly | Alexander Rødseth | Generate TinySVG, HTML and CSS on the fly |
permissions2 | Alexander Rødseth | Cookies, users and permissions |
prometheus | Rene Zbinden | Easily create metrics endpoint for the prometheus instrumentation tool |
render | Cory Jacobsen | Render JSON, XML and HTML templates |
RestGate | Prasanga Siripala | Secure authentication for REST API endpoints |
secure | Cory Jacobsen | Middleware that implements a few quick security wins |
stats | Florent Messa | Store information about your web application (response time, etc.) |
VanGoH | Taylor Wrobel | Configurable AWS-Style HMAC authentication middleware |
xrequestid | Andrea Franz | Middleware that assigns a random X-Request-Id header to each request |
digits | Bilal Amarni | Middleware that handles Twitter Digits authentication |
Feel free to put up a PR your middleware!
The httptest
package is your way for end-to-end HTTP testing, it uses the httpexpect library created by our friend, gavv.
A simple test is located to ./_examples/intermediate/httptest/main_test.go
The Iris philosophy is to provide robust tooling for HTTP, making it a great solution for single page applications, web sites, hybrids, or public HTTP APIs. Keep note that, today, iris is faster than apache+nginx itself.
Iris does not force you to use any specific ORM or template engine. With support for the most popular template engines, you can quickly craft your perfect application.
The author of Iris is @kataras.
However the real Success of Iris belongs to you with your bug reports and feature requests that made this Framework so Unique.
I really need to thank each one of them because they stood up♡ to keep this project alive and active.
Juan Sebastián Suárez Valencia donated 20 EUR at September 11 of 2016
Bob Lee donated 20 EUR at September 16 of 2016
Celso Luiz donated 50 EUR at September 29 of 2016
Ankur Srivastava donated 20 EUR at October 2 of 2016
Damon Zhao donated 20 EUR at October 21 of 2016
exponity - consulting & digital transformation donated 30 EUR at November 4 of 2016
Thomas Fritz donated 25 EUR at Jenuary 8 of 2017
Thanos V. donated 20 EUR at Jenuary 16 of 2017
George Opritescu donated 20 EUR at February 7 of 2017
Lex Tang donated 20 EUR at February 22 of 2017
Conrad Steenberg donated 25 EUR at March 23 of 2017
Besides the fact that we have a community chat for questions or reports and ideas, stackoverflow section for generic go+iris questions and the iris support for bug reports and feature requests, you can also contact with me, as a person who is always open to help you:
Current: 7.2.0
Each new release is pushed to the master. It stays there until the next version. When a next version is released then the previous version goes to its own branch with gopkg.in
as its import path (and its own vendor folder), in order to keep it working "for-ever".
Community members can request additional features or report a bug fix for a specific iris version.
Developers are not forced to use the latest Iris version, they can use any version in production, they can update at any time they want.
Testers should upgrade immediately, if you're willing to use Iris in production you can wait a little more longer, transaction should be as safe as possible.
Each Iris version is independent. Only bug fixes, Router's API and experience are kept.
Previous versions can be found at releases page.
Unless otherwise noted, the source files are distributed under the BSD-3-Clause License found in the LICENSE file.
Note that some third-party packages that you use with Iris may requires different license agreements.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.