Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
urgot
Advanced tools
Readme
Urgot 是一个轻量级高性能的 Node.js 框架,可以用TypeScript构建服务器端应用程序。
支持 http body 解析(x-www-form-urlencoded/form-data/binary)
支持 Session,基于 redis 等储存的会话信息,和JWT(JSON Web Token)的验证储存方式
npm i urgot
import { Server } from 'urgot'
const server = new Server()
server.use(async (context, next) => {
context.body = 'Hello World'
await next()
})
server.listen(5611)
调用 use
方法注册一个中间件,接受一个异步函数,当监听到请求时传入请求上下文(Context
)和一个Next
函数用于响应并执行下一个中间件
server.use(async (context, next) => {
const start = Date.now()
await next()
const ms = Date.now() - start
context.setHeader('X-Response-Time', `${ms}ms`)
context.body = 'Hello World'
})
中间件使用洋葱模型,从请求(next()前)到响应(next()后),每一个中间件都有两次处理时机。
1.安装 typescript
npm i -g typescript
2.创建项目目录
mkdir myapp
cd myapp
npm i urgot
3.初始化项目和安装依赖
npx urgot init
npm i
4.运行开发环境
npx urgot dev
调用 createApp 创建您的应用程序并传入您的应用和配置项,
import { App } from 'urgot'
class MyApp extends App {
//实现
}
const server = new Server()
server.createApp([MyApp])
server.listen(5611)
使用 Router
注解去设置路由和HTTP方法
import { App, Server, Router } from 'urgot'
class MyApp extends App {
@Router('GET')
find() {
const { searchParams } = this.context.url
return { id: searchParams.get('id') }
}
}
const server = new Server()
server.createApp([MyApp],{ onResponse: (vlaue, context) => context.body = vlaue as object })
server.listen(5611)
访问地址:http://localhost/?id=123456
页面响应:{ id: 123456 }
Router
不仅可以注解方法,还可注解控制器类来添加固定的路由前缀
import { App, Router } from 'urgot'
@Router('/video')
class MyApp extends App {
@Router('GET','/list')
find() {
const { searchParams } = this.context.url
return { targets: searchParams.getAll('name') }
}
}
访问地址:http://localhost/video/list?name=Yone&name=Yasuo
页面响应: { tagrets: ["Yone", "Yasuo"] }
PS:Router
可以注册多次来定义多对一的路由
使用 Use 注解来注册自定义的拦截器
import { App, use, Router, Context } from 'urgot'
const auth = (context: Context) => {
if (!context.url.searchParams.get('authed')) throw 'Please login'
}
@Router('/video')
class MyApp extends App {
@Use(auth)
@Router('GET','/list')
find() {
const { searchParams } = this.context.url
return { targets: searchParams.getAll('name') }
}
}
获取请求提交的参数是必不可少的一项,使用 Parameter 参数注解获取和转换用户提交的参数
import { App, Use, Router, Context } from 'urgot'
class Params {
id!: number
constructor(context: Context) { }
async onCreate() {
const { searchParams } = this.context.url
this.id = Number(searchParams.get('id'))
}
}
@Router('/video')
class MyApp extends App {
@Parameter(Params)
@Router('GET','/list')
find(params: Params) {
return { upload: params.id }
}
}
所有注解在抛出错误后都会阻止继续执行,并响应该错误值,利用这个特性来拦截一些操作。
可以使用 urgot
命令行来使用 urgot 的内置命令
命令 | 说明 | 示例 |
---|---|---|
init | 初始化项目 (会覆盖当前文件夹) | urtot init MyApp |
dev | 运行开发环境 | urtot dev |
context.request.body()
解析请求Body,它返回一个Promise
(注意多次调用仅在第一次解析,后续调用将返回缓存值context.session
需要在实例化Server
时配置session
实现参数,否则在调用时将抛出错误const server = new Server({
session: {
handlers: {
//实现方法,建议使用IORedis库,传递client即可
}
}
})
server.createApp()
时传递 options
选项来处理返回值import { Server } from 'urgot'
const server = new Server()
server.createApp([],{
//当路由方法返回时触发
onResponse: (value, context) => {
context.body = value as object
}
})
server.listen(5611)
FAQs
a Node.js web framework
The npm package urgot receives a total of 20 weekly downloads. As such, urgot popularity was classified as not popular.
We found that urgot demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.