Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
yarn add dx-server jchain
Check below sample with comment for more details.
Simple server
import {Server} from 'node:http'
import chain from 'jchain'
import dxServer, {getReq, getRes, router, setHtml, setText,} from 'dx-server'
new Server().on('request', (req, res) => chain(
dxServer(req, res),
async next => {
try {
getRes().setHeader('Cache-Control', 'no-cache')
console.log(getReq().method, getReq().url)
await next()
} catch (e) {
console.error(e)
setHtml('internal server error', {status: 500})
}
},
router.get({
'/'() {setHtml('hello world')},
'/health'() {setText('ok')}
}),
() => setHtml('not found', {status: 404}),
)()
).listen(3000, () => console.log('server is listening at 3000'))
File server:
import {Server} from 'node:http'
import chain from 'jchain'
import dxServer, {chainStatic, getReq, getRes, setHtml} from 'dx-server'
import {resolve, dirname} from 'node:path'
import {fileURLToPath} from 'node:url'
new Server().on('request', (req, res) => chain(
dxServer(req, res),
async next => {
try {
getRes().setHeader('Cache-Control', 'no-cache')
console.log(getReq().method, getReq().url)
await next()
} catch (e) {
console.error(e)
setHtml('internal server error', {status: 500})
}
},
chainStatic('/', {root: resolve(dirname(fileURLToPath(import.meta.url)), 'public')}),
() => setHtml('not found', {status: 404}),
)()
).listen(3000, () => console.log('server is listening at 3000'))
More complex server with express.
This sample additionally requires: yarn install express morgan
import {Server} from 'node:http'
import {promisify} from 'node:util'
import chain from 'jchain'
import dxServer, {
getReq, getRes,
getJson, getRaw, getText, getUrlEncoded, getQuery,
setHtml, setJson, setText, setBuffer, setRedirect, setNodeStream, setWebStream, setFile,
router, connectMiddlewares, chainStatic
} from 'dx-server'
import {expressApp} from 'dx-server/express'
import express from 'express'
import morgan from 'morgan'
import {AsyncLocalStorage} from 'node:async_hooks'
// it is best practice to create custom error class for non-system error
class ServerError extends Error {
name = 'ServerError'
constructor(message, status = 400, code = 'unknown') {
super(message)
this.status = status
this.code = code
}
}
const authStorage = new AsyncLocalStorage()
const authChain = async next => {
const auth = getReq().headers.authorization ? {id: 1, name: 'joe'} : undefined
return authStorage.run(auth, next)
}
const requireAuth = () => {
if (!authStorage.getStore()) throw new ServerError('unauthorized', 401, 'unauthorized')
}
const serverChain = chain(
next => {
// this is the difference between express and dx-server
// req, res can be accessed from anywhere via context which uses NodeJS's AsyncLocalStorage under the hood
getRes().setHeader('Cache-Control', 'no-cache')
return next() // must return or await
},
async next => {// global error catching for all following middlewares
try {
await next()
} catch (e) {// only app error message should be shown to user
if (e instanceof ServerError) setHtml(`${e.message} (code: ${e.code})`, {status: e.status})
else {// report system error
console.error(e)
setHtml('internal server error (code: internal)', {status: 500})
}
}
},
connectMiddlewares(
morgan('common'),
// cors(),
),
await expressApp(app => {// any express feature can be used. This requires express installed, with for e.g., `yarn add express`
app.set('trust proxy', true)
if (process.env.NODE_ENV !== 'production') app.set('json spaces', 2)
app.use('/public', express.static('public'))
}),
authChain,
router.post({// example of catching error for all /api/* routes
async '/api'({next}) {
try {
await next()
} catch (e) {
if (e instanceof ServerError) setJson({// only app error message should be shown to user
error: e.message,
code: e.code,
}, {status: e.status})
else {// report system error
console.error(e)
setJson({
message: 'internal server error',
code: 'internal'
}, {status: 500})
}
}
}
}, {end: false}), // note: {end: false} is required to match all /api/* routes. This option is passed directly to path-to-regexp
router.post({
'/api/sample-public-api'() { // sample POST router
setJson({name: 'joe'})
},
'/api/me'() { // sample private router
requireAuth()
setJson({name: authStorage.getStore().name})
},
}),
router.get({ // sample GET router
'/'() {
setHtml('ok')
},
'/health'() {
setHtml('ok')
}
}),
() => { // not found router
throw new ServerError('not found', 404, 'not_found')
},
)
const tcpServer = new Server()
.on('request', async (req, res) => {
try {
await chain(
dxServer(req, res, {jsonBeautify: process.env.NODE_ENV !== 'production'}), // basic dx-server context
serverChain,
)()
} catch (e) {
console.error(e)
}
})
await promisify(tcpServer.listen.bind(tcpServer))(3000)
console.log('server is listening at 3000')
getBuffer, getJson, getRaw, getText, getUrlEncoded, getQuery
are all synchronous functions.
The associated results are calculated in the first time they are called and cached for subsequent calls.
If you want to get these values synchronously, you can do as follows:
import {AsyncLocalStorage} from 'node:async_hooks'
import {getJson} from 'dx-server'
const jsonStorage = new AsyncLocalStorage()
chain(
async next => jsonStorage.run(await getJson(), next),
next => {
console.log(jsonContext.value) // json body can be accessed synchronously
return next()
}
)
FAQs
## Install ```bash yarn add dx-server jchain ```
The npm package dx-server receives a total of 5 weekly downloads. As such, dx-server popularity was classified as not popular.
We found that dx-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.