Security News
Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
CLI which ingests smart contract metadata & autogenerates a RESTful nodejs server API
Autogenerate a nodejs
server with a RESTful OpenAPI so you can communicate with your smart contract of choice via web3. Encapsulate your smart contract so you can leverage the power of blockchain with the convenience of HTTP.
abi2api
is a simple CLI, it has one command which takes two arguments:
abi2api <path_to_config_json> <server_output_path>
The paths should be relative to wherever you are calling the command. abi2api
will then convert your smart contract (specified in the config) on a function-by-function basis. Your chosen output path will now contain a file structure like:
/api
swagger.yaml
: YAML version of output OpenAPI spec/controllers
contractFxnAScope.js
: File connecting /contractFxnA to a dedicated resolvercontractFxnAScopeService.js
: File which uses our generic ethereum connector to make actual web3 calls to FxnA on our contract/utils
writer.js
: Swagger util for writing to HTTP requestsindex.js
: Boilerplate code for running a connect
server with all Swagger features set up.package.json
: Boilerplate values from SwaggerREADME.md
: Boilerplate text from SwaggerYou can find a more thorough explanation of how abi2api maps smart contracts to an OpenAPI spec over at the abi2oas
repository.
Install the package globally from npm using your favorite package manager:
npm install -g abi2api
// OR
yarn global add abi2api
You will also need to Java (v7 or higher) installed, as this tool depends on Swagger Codegen v2.2.1.
The configuration JSON is the key to using abi2api
. It would look something like this (comments just added for explanation):
sample configuration...
{
"version": "1.0.0", // Required: API Version for Swagger
"schemes": ["https"], // Optional: Allowed Access Schemes for Swagger
"host": "localhost:8080", // Optional: Host for Swagger
"basePath": "/", // Optional: Base Path for Swagger
"contract": "<path_to_contract_metadata.json>", // Required: Relative to directory of config file
"tags": [... Optional: custom Swagger tags, see below ...],
"api": {... Optional: custom Swagger tag config, see below ...},
"eth": { // Required: Ethereum Configuration
"provider": "http://localhost:8545", // Required: Web3 provider
"default_gas": 0, // Required: Default Gas for transactions
"default_gasPrice": 40 // Required: Default Gas Price for transactions
}
}
If schemes
, host
, or basePath
are left blank, then abi2api
will use the values shown above. The tags
and api
keys let you create additional Swagger tags and connect them to contract methods, you can find more information in the relevant section of abi2oas
.
abi2api
builds a server for your web contract by leveraging the OpenAPI Spec and Swagger Codegen, along with some custom sauce cooked up in-house at Eximchain:
abi2oas
, an Eximchain library which generates a JSON according to the OpenAPI spec.swagger-codegen-cli@2.2.1
to generate the nodejs
server stub code. These methods do not yet communicate with web3.abi2lib
, an Eximchain library which generates boilerplate web3
calls matching the contract spec.abi2api
does some cleanup work to join the nodejs
server stubs from Swagger with the boilerplate web3 calls from abi2lib
.abi2api
is developed & maintained by Eximchain, released for public use under the Apache-2.0 License.
Output from abi2api
uses the same license.
FAQs
Autogenerates a nodejs Swagger API for making web3.js calls to a smart contract of your choice.
We found that abi2api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.