Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
backtrace-service
Advanced tools
Library of common functions needed for Node.js Backtrace services.
$ npm install
$ npm run build
$ npm run test
Then in your code you can include by using
import * as backtrace-service from 'backtrace-service'
or use require instead
const backtraceService = require('backtrace-service');
To start using Service Layer Integration you have to create new object of a IdentityManager
class.
After that you can use serviceRequest
and authenticateRequest
methods.
Services are expected to configure one or more authentication tokens, which will be distributed to
coronerd instances using the service. While a service is running, it may receive registration
requests at ${url_prefix}/service
, which enable the service to integrate new coronerd instances on
the fly.
Coronerd URLs provided as the url
parameter to coronerdCallback
are the base URLs, for example,
https://backtrace.sp.backtrace.io/
. Services may expect to append the appropriate resource for
their needs, e.g. /api/config
, to reach that resource on the coronerd instance.
What data coronerd will send to service to register? Coronerd via HTTP POST will send in a request body:
https://yolo.sp.backtrace.io/
)TypeScript:
import { ICoronerRequestOption, IdentityManager } from 'backtrace-service';
...
const idm = new IdentityManager(serviceName, serviceSecret);
app.post(
'/api/{serviceName}/service',
idm.serviceRequest({
name: serviceName,
secret: serviceSecret,
coronerdCallback: (url: string) => {
//coroner callback
},
logger: logger
} as ICoronerRequestOption),
);
JavaScript:
const btservice = require('backtrace-service');
const idm = new btservice.IdentityManager(serviceName, serviceSecret);
app.post(
'${url_prefix}/service',
idm.serviceRequest({
name: 'simple',
secret: 'asdfghjk',
coronerdCallback: (url) => {
console.log('heard from coronerd at: ' + url);
},
}),
);
The following options are accepted as the sole argument for the call:
log
function which can be logged to. For example,
winston logger instances.This function is intended as an additional middleware which may be used in application routes to
validate requests that involve a session token issued by a remote coronerd. The actual call can
reuse the same options argument used for serviceRequest
, although it does not use
coronerdCallback
.
In the route middleware list, prior to authenticateRequest
, the application must attach a
req.coronerAuth
object which contains:
For example:
req.coronerAuth = {
url: "https://backtrace.sp.backtrace.io/",
token: "f5af46b8eb32adb860ef46a9e714cfde",
}
If req.coronerAuth
object is undefined, authenticateRequest
method will try to retrieve token
and location information from headers. If you prefer to use headers instead of extending request
object please set X-Coroner-Token
and X-Coroner-Location
This normalized form is used due to the fact that different services take these parameters from clients in different ways.
Middlewares that come after authenticateRequest
will have access to the validated coronerd
/api/config
response in req.coronerAuth.cfg
.
Example of sample middleware
TypeScript:
import { ICoronerRequestOption, IdentityManager } from 'backtrace-service';
...
@Middleware({ type: 'before' })
export class AuthMiddleware implements ExpressMiddlewareInterface {
private readonly _identityManager = new IdentityManager(serviceName, serviceSecret);
public use(req: express.Request, res: express.Response, next: express.NextFunction): any {
return this._identityManager.authenticateRequest()(req, res, next);
}
}
In example above middleware will try to retrieve X-Coroner-Token
and X-Coroner-Location
from
request headers.
JavaScript:
const idm = new btservice.IdentityManager();
// create express app...
// prepare utility method
function prepAuth(req, res, next) {
const auth = {
token: req.get('X-Coroner-Token'),
url: req.get('X-Coroner-Location'),
};
req.coronerAuth = auth;
next();
}
// create application options
const svcOpts = {
name: 'simple',
secret: 'asdfghjk',
coronerdCallback: (url) => {
log('info', 'heard: ' + url);
},
logger: logger,
};
app.post('/api/{name}/{action}', prepAuth, idm.authenticateRequest(svcOpts), (req, res) => {
res.json(req.coronerAuth);
});
Backtrace-Service tools offers few utility methods. By using them we want to standarize how we read application configurations/log application messages/create custom auth methods.
Service Layer Integration using IdentityManager
class to provide integrations methods with
coronerd. If you want to write auth method to coronerd or check if token is valid you can use
methods available in aIdentityManager
instance.
import { IdentityManager } from 'backtrace-service';
const token = //auth token
const universeUrl = //universe url: https://yolo.sp.backtrace.io
const identityManager = new IdentityManager(serviceName, serviceSecret);
// get configuration from coronerd
const configuration = await identityManager.getConfiguration(universeUrl, token);
// validate token
const validToken = await identityManager.isValidToken(universeUrl, token)
IdentityManager
method that allows you to prepare a request to coronerd to retrieve configuration.
Please keep in mind, if you're using SL integration, configuration should be available in
request.coronerAuth.cfg
. GetConfiguration
method using Promise
API to get data from a server.
IdentityManager
method that allows you to validate token with coronerd. In this case
IdentityManager
will return boolean information - true
if coronerd returns valid configuration,
otherwise false. IsValidToken
method using Promise
API. Please keep in mind to use await
or
then/catch
syntax to get a result from method.
Backtrace-Service
package allows you to read service configuration file. To standarize paths used
in your service to configuration files we suggest to use these methods to easily integrate service
with other services.
getBackupConfig
fetches a config file provided by the service itself. Path used to read
configuration: ${process.cwd()}/${serviceName}.conf
getProperConfig
fetches from the expected place on the machine (outside the service). Path used to
read configuration: /etc/backtrace/${serviceName}/${serviceName}.conf
getConfig
fetches configuration from the expected place on the machine (outside the service). If
configuration doesn't exists then getConfig method will try to fetch configuration from internal
service path Algorithm:
/etc/backtrace/${serviceName}/${serviceName}.conf
${process.cwd()}/${serviceName}.conf
example:
import { getBackupConfig, getProperConfig, getConfig } from 'backtrace-service';
//read backup configuration - service internal configuration
const serviceConf = getBackupConfig('service-name');
//read production configuration - outside service
const prodConf = getProperConfig('service-name');
//get configuration - depends on preferences
const conf = getConfig('service-name');
Utility methods that allows you to get more information about Backtrace universe from a url.
GetBacktraceHostName
method allows you to get Backtrace host name from provided urlString
. For
example - method will return https://yolo.sp.backtrace.io
from url
https://yolo.sp.backtrace.io/blah/poop/doop?query=123&anotherQuery=nbgaubakgb
GetBacktaceUniverseName
method allows you to retrieve a Backtrace universe name. For example:
method will return yolo
from url https://yolo.sp.backtrace.io
or
https://submit.backtrace.io/yolo/....
example:
import { UniverseHelper } from 'backtrace-service';
const url = 'https://yolo.sp.backtrace.io/blah?a=1&b=bgj';
const url2 = 'https://submit.backtrace.io/bolo/token/json';
// method below will print a string 'https://yolo.sp.backtrace.io
console.log(UniverseHelper.getBacktraceHostName(url));
//method below will print a string 'bolo
console.log(UnvierseHelper.getBacktraceUniverseName(url2));
FAQs
Common tools for Backtrace Node services
The npm package backtrace-service receives a total of 452 weekly downloads. As such, backtrace-service popularity was classified as not popular.
We found that backtrace-service demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.