httpheaderprovider
Advanced tools
Replacement for HttpProvider from web3.js which allows headers to be set
This module can be used in place of HttpProvider from web3.
Once in place, the constructor offers a headers parameter that is a key/value object that has the headers to be set.
The JSON-RPC endpoint on an Ethereum client provide no authentication boundary. All validation is based upon the presence of a signed transaction or not.
With no protection at layer 7, this does pose a DoS risk vector. However, by putting a simple layer 7 proxy in front of Geth or whatever Ethereum client is being used that has the RPC endpoint open, that proxy could validate something simple like an API key or potentially an OAuth token.
A reason to employ a Service such as Azure API Management off-loads other resposibilities such as dealing with both Layer 3/4 and layer 7 DoS issues.
API Managment employs simple "token" or API Key approach in addition to OAuth bearer tokens that can be granted by Azure Active Directory, then added to the Authorization : Bearer <token> header.
API Manaement can also throttle based on various policies, as well as authorize only certiain calls to specific clients, all through a configuration oriented approach.
For a scenario recently encountered, a goal was to utilize Microsoft Azure API Management for this purpose, but there is a need to inject a custom header that the web3.js libraries today do not offer a way.
This library takes advantage of subclassing and create a virtual function for HttpProvider.prepareRequest. The approach in the library uses pre-es2015 JavaScript. However, to make it clear what is being done, here is the es2015 compatible module:
class HttpHeaderProvider extends Web3.providers.HttpProvider {
constructor(host, headers) {
debug('in prv constructor');
super(host);
}
...
prepareRequest(async) {
debug('in prepare');
var request = super.prepareRequest(async);
if (this.headers){
debug('setting headers')
for (var header in this.headers){
request.setRequestHeader( header, this.headers[header]);
}
}
return request;
}
}
First you need to grab the npm package and then reference it.
npm install --save httpheaderprovider
In your JavaScript project instead of create an instance of the web3.providers.HttpProvider in place, create an instance of headerprovider with the same parameters along with a object that is a key/value property object.
var Web3 = require('web3');
var web3 = new Web3();
var HttpHeaderProvider = require('httpheaderprovider');
var headers = {
"Ocp-Apim-Subscription-Key": "mykeyfromtheapiportal",
"header2": "foobar"
}
var provider = new HttpHeaderProvider('https://scicoria.azure-api.net', headers);
web3.setProvider(provider);
var coinbase = web3.eth.coinbase;
console.log(coinbase);
var balance = web3.eth.getBalance(coinbase);
console.log(balance.toString(10));
FAQs
Replacement for HttpProvider from web3.js which allows headers to be set
The npm package httpheaderprovider receives a total of 0 weekly downloads. As such, httpheaderprovider popularity was classified as not popular.
We found that httpheaderprovider demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.