Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
dstore is an interface for different storage formats and databases (let's call them datastores from now on).
It takes 1 kind of input, and translates this into the correct format for every storage engine.
Besides abstracting away the input format, dstore also provides a single notation for your data's schema (called blueprints).
Blueprints tell dstore what your data looks like.
This is used for:
dstore also tracks the changes you make to your blueprints.
By knowing what has changed, it is able to make the data compatible with older and never versions of your project.
This means old clients will still receive the latest data, and data that gets inserted by older clients is still available to new clients (although maybe lacking some "columns" in the data, in case new columns were added).
Currently, dstore supports PostgreSQL, Elasticsearch and LevelDB, a great stack for a modern web application.
Projects are similar to a "database" or an "elasticsearch index",
In case of dstore, a project is nothing more than an identifier under which we store blueprints and version information.
A good identifier for your project is a reverse-DNS
or a simple string like "blog" or "website"
The blueprint describes your data format, so the stores know what data they can expect and know how to serialize it.
A blueprint contains information like the table name, elasticsearch type, the columns and the validation options that should be used when data is stored.
Let's look at an example how to create a blueprint for storing posts for a blog.
For this, we use Put blueprint command, and use "myblog" as the project identifier, and "article" as the blueprint identifier.
curl -X PUT http://localhost:2020/api/myblog/article/_blueprint -d '
{
"postgresql": {
"table": "articles"
},
"elasticsearch": {
"type": "article"
},
"columns": {
"title_nl": {
"type": "string"
},
"title_en": {
"type": "string"
},
"intro_nl": {
"type": "text"
},
"intro_en": {
"type": "text"
},
"content_nl": {
"type": "text"
},
"content_en": {
"type": "text"
},
"date_created": {
"type": "datetime",
"validation": {
"required": true
}
},
"date_changed": {
"type": "datetime",
"validation": {
"required": true
}
}
}
}'
This command created a "myblog" project, containing a "article" blueprint. All we have to do next is tag the "myblog" project to make it ready for accepting data. But first, take a look at the column types that dstore supports and what they translate to for the different datastores.
column type | postgresql type | elasticsearch type | leveldb type |
---|---|---|---|
uuid | UUID | string | String (JSON) |
uuid[] | UUID[] | string | Array (JSON) |
string | STRING | string | String (JSON) |
string[] | STRING[] | string | Array (JSON) |
text | TEXT | text | String (JSON) |
text[] | TEXT[] | text | Array (JSON) |
point | GEOMETRY(Point, 4326) | geo_point | Object (GeoJSON) |
point[] | GEOMETRY(MultiPoint, 4326) | geo_point | Object (GeoJSON) |
linestring | GEOMETRY(LineString, 4326) | geo_shape | Object (GeoJSON) |
linestring[] | GEOMETRY(MultiLineString, 4326) | geo_shape | Object (GeoJSON) |
polygon | GEOMETRY(Polygon, 4326) | geo_shape | Object (GeoJSON) |
polygon[] | GEOMETRY(MultiPolygon, 4326) | geo_shape | Object (GeoJSON) |
date | DATE | date (format: yyyy-MM-dd) | String (JSON) |
date[] | DATE[] | date (format: yyyy-MM-dd) | Array (JSON) |
datetime | TIMESTAMP WITH TIMEZONE | date (format: yyyy-MM-dd HH:mm:ss) | String (JSON) |
datetime[] | TIMESTAMP WITH TIMEZONE[] | date (format: yyyy-MM-dd HH:mm:ss) | Array (JSON) |
float | REAL | float | Number (JSON) |
float[] | REAL[] | float | Array (JSON) |
integer | INTEGER | integer | Number (JSON) |
integer[] | INTEGER[] | integer | Array (JSON) |
boolean | BOOLEAN | boolean | Boolean (JSON) |
boolean[] | BOOLEAN[] | boolean | Array (JSON) |
json | JSON | object | Object (JSON) |
json[] | JSON[] | object | Array (JSON) |
As you can see, we follow PostgreSQL's [] notation for defining an array of something.
When you are done adding blueprints to a project, it's time to create a project tag.
By creating a tag we are saving the current state of all blueprints, and assign a tag version number to it.
The migrators for every store will kick into action to prepare themselves for accepting data in this new format.
In practice, this means that a new database and elasticsearch index is created with it's name being a combination of your project's identifier, a "v" and the tagged version. (e.g. myblogv1, myblogv2 etc...).
For LevelDB, it's quite easy. Since it's schemaless we don't have to migrate anything.
You can create a tag with the Tag project command:
curl -X POST http://localhost:2020/api/myblog/_version
When the request completes, the storage engines are ready to handle data with the new blueprint.
Storing items is done via a simple PUT command. The request body is JSON and should, at the very least contain the following keys:
You can also include a links key that is an array of UUID's, pointing to other items
Internally (and above), we refer to data as an "item", this is the same concept as a elasticsearch document or a table row.
Below is an example:
curl -X PUT http://localhost:2020/api/myblog/article/66276124-ebcd-45e1-8013-825346daa283 -d '
{
"id": "66276124-ebcd-45e1-8013-825346daa283",
"project_version": 1,
"title_nl": "De titel",
"title_en": "Some title",
"intro_nl": "De intro",
"intro_en": "The intro",
"content_nl": "De inhoud",
"content_en": "The content",
"date_created": "2014-01-17 03:50:12",
"date_changed": "2014-01-17 03:50:12"
}'
Deleting an item is not so difficult either:
curl -X DELETE http://localhost:2020/api/myblog/article/66276124-ebcd-45e1-8013-825346daa283
At this moment, the only way to communicate with dstore is via a JSON API.
We are looking to add more ways of communicating with dstore in the future.
Check the API documentation over at apiary.io for a full overview of possibilities to manage and retrieve information about projects, blueprints and version.
To run the script, you must make the following environment variables available.
export POSTGRESQL_HOST="localhost"
export POSTGRESQL_PORT="5432"
export POSTGRESQL_USER="..."
export POSTGRESQL_PASSWORD="..."
export ELASTICSEARCH_HOST="http://localhost:9200"
export QUEUE_CLIENT="kue"
export DSTORE_PATH=`pwd`
export LEVEL_PATH="$DSTORE_PATH/storage/level"
export PROJECT_FILE_PATH="$DSTORE_PATH/storage/blueprint"
export STORES=postgresql,elasticsearch,level
export API_PORT=2020
We build a .deb file that installs dstore on your system. It is made & tested on Ubuntu 14.04, but probably works in debian as well. It will go through all the instructions as seen in DIY.
git clone https://github.com/trappsnl/dstore.git
cd dstore
vagrant up
echo "==> Grab elasticsearch key"
wget -qO - https://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add -
echo "==> Add elasticsearch repository"
sudo add-apt-repository -y "deb http://packages.elasticsearch.org/elasticsearch/1.4/debian stable main"
echo "==> Installing dependencies"
curl -sL https://deb.nodesource.com/setup | sudo bash -
sudo apt-get install -y nodejs build-essential openjdk-7-jdk htop elasticsearch rabbitmq-server postgresql postgresql-contrib postgresql-9.3-postgis-2.1
echo "==> Starting elasticsearch on startup"
sudo update-rc.d elasticsearch defaults 95 10
echo "==> Starting elasticsearch"
sudo service elasticsearch start
echo "==> Grab dstore .deb"
wget https://github.com/trappsnl/dstore/raw/master/build/debinstall/dstore-1.deb
echo "Installing deb"
sudo dpkg -i dstore-1.deb
echo "==> Running apt-get -f install (enter new postgresql credentials for dstore during installation)"
sudo apt-get -f -y install
echo "==> Starting dstore on startup"
sudo update-rc.d dstore defaults 96 11
echo "==> Starting dstore"
sudo service dstore start
Follow all the steps from the Install dependencies section, after that:
# install dstore
npm install --save dstore
# install PM2 (node.js process manager)
sudo npm install -g pm2
# change user to postgres
sudo su postgres
# create postgresql database
createdb -E UTF8 -T template0 template_postgis
# create postgis template for postgresql (only if you need spatial support)
# REPLACE THE USERNAME AND PASSWORD WITH THE ONE OF YOUR LIKINGS
psql template_postgis <<EOF
CREATE EXTENSION "uuid-ossp";
CREATE EXTENSION postgis;
UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template_postgis';
CREATE USER name_of_your_dstore_postgresql_user WITH PASSWORD 'your_very_own_password';
ALTER USER name_of_your_dstore_postgresql_user SUPERUSER;
EOF
# export necessary config variables
# REPLACE THE USERNAME AND PASSWORD WITH THE ONES YOU CHOSE IN THE PREVIOUS STEP
export POSTGRESQL_HOST="localhost"
export POSTGRESQL_PORT="5432"
export POSTGRESQL_USER="..."
export POSTGRESQL_PASSWORD="..."
export ELASTICSEARCH_HOST="http://localhost:9200"
export QUEUE_CLIENT="kue"
export DSTORE_PATH=`pwd`
export LEVEL_PATH="$DSTORE_PATH/storage/level"
export PROJECT_FILE_PATH="$DSTORE_PATH/storage/blueprint"
export STORES=postgresql,elasticsearch,level
export API_PORT=2020
# start dstore
./path/to/dstore/bin/start.sh
#Dive deeper Head over to the Api docs to learn more about the internals.
FAQs
Store data in PostgreSQL, Elasticsearch and LevelDB via a simple API.
We found that dstore demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.