Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
eo-services-functions-sls
Advanced tools
In this repo you'll find the backend functions for web (micro) services.
Currently available 'services':
services/content-hub
: Contains micro services to communicate with headless CMS / Content HUB
Filters (url params):
Related
services/contact
: Microservice for contact by email
services/poms
: Microservice for Poms data
Please make sure to have following dependencies installed locally:
$ nvm use
)$ npm i serverless -g
)$ brew update && brew install azure-cli
)... install npm packages (make sure you have set env var NPM_TOKEN
that corresponds with NPM Org eo
):
$ npm i
Decrypt and copy the .env-file from EO's "Veilige Opslag":
$ veilige-opslag fetch -elus api
To run a Serverless API server locally (offline), run this in root folder:
$ npm run dev
This will create local folders and fire up a webserver at http://0.0.0.0:7071. Find local endpoints in Terminal logs Http Functions:
.
When server has started, you can make API calls to localhost. Event data will be outputted to terminal.
Status:
serverless.yml
at root$ sls invoke local -f {functionName}
Make sure you're not logged in with Azure in your shell
$ az logout
Easily activate Azure service principal by loading the appropriate environment variables using EO's CLI for "Veilige Opslag":
$ source ./loadenv.sh
To deploy to (default) dev stage, run:
$ sls deploy
Make sure to add the environment variables as "Application settings" in Azure Function App. https://docs.microsoft.com/bs-latn-ba/azure/azure-functions/functions-how-to-use-azure-function-app-settings
We've adopted (a clone of) the serverless-openapi-documentation plugin to document our API. This makes it possible to maintain our documentation right within our serverless.yml. As close to the code as possible!
Please refer to the [https://www.serverless.com/plugins/serverless-openapi-documentation/ ](Serverless OpenAPI Documentation) to write your docs.
Just use the following command to generate the specification:
$ serverless openapi generate
We import the resulting OpenAPI specification in our SwaggerHub: https://app.swaggerhub.com/apis-docs/EO-Studio-Digitaal/eo-api/1 (credentials reside in our LastPass account).
##ARTICLES ###=list= http://localhost:7071/api/articles
##PAGES ###=list= http://localhost:7071/api/pages
##PRESSRELEASES ###=list= http://localhost:7071/api/pressreleases http://localhost:7071/api/pressreleases?offset=0&limit=2 http://localhost:7071/api/pressreleases?offset=0&limit=20&domain=corporate-eo-staging ###=textsearch= http://localhost:7071/api/pressreleases?offset=0&limit=20&domain=corporate-eo-staging&textsearch=Anne%20Frank ###=get by id= http://localhost:7071/api/pressreleases/65dee676-6852-4f6c-8e38-166b35f83ac4 ###=get by slug= http://localhost:7071/api/pressreleases?slug=het-is-weer-tijd-voor-een-nieuwe-naam-voor-de-afdeling-die-internet-dingen-doet
##PERSONS ###=list= http://localhost:7071/api/persons ###=get by slug= http://localhost:7071/api/persons?slug=deborah-van-geest ###=get by id= http://localhost:7071/api/persons/6eefb87b-4854-4866-9ace-d46bbc501e06 ###=textsearch= http://localhost:7071/api/persons?textsearch=knevel ###=nested= http://localhost:7071/api/persons/:personId/pressreleases?personType=contact|presenter http://localhost:7071/api/persons/6eefb87b-4854-4866-9ace-d46bbc501e06/pressreleases?personType=contact http://localhost:7071/api/persons/ec8dc644-505f-487d-af76-511489b1c547/pressreleases?personType=presenter http://localhost:7071/api/persons/ec8dc644-505f-487d-af76-511489b1c547/pressreleases -> not implemented
FAQs
EO Web Services as Serverless functions
We found that eo-services-functions-sls demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.