Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
The Volos SNS connector is a Node.js module that lets you use Amazon Simple Notification Service (SNS) through a RESTful API. The module is designed to work on Apigee Edge but can be run anywhere Node.js applications can run. You can use this module without any dependency on Apigee.
This module allows maps SNS operations to RESTful API resources and query parameters. You can perform CRUD operations on objects like subscriptions, publications, and topics.
For example, you might ask for a list of your SNS subscriptions like this:
curl http://localhost:9099/subscriptions
and get back a JSON response like this:
{
"ResponseMetadata": {
"RequestId": "d6cc8493-8c95-5389-bbe4-c8a9e4de09ec"
},
"Subscriptions": [
{
"SubscriptionArn": "arn:aws:sns:us-east-1:650324470758:connector-test2:5c3f491e-5c4c-4bed-965f-666c95287211",
"Owner": "650324470758",
"Protocol": "sms",
"Endpoint": "15105526538",
"TopicArn": "arn:aws:sns:us-east-1:650324470758:connector-test2"
},
...
To get a larger set of attributes, use the query parameter expand=true
. This option gives you the flexibility to have a small message payload for a subset of fields if those are all that are required. For example:
curl http://localhost:9058/subscriptions?expand=true
The volos-sns
module is designed for Node.js and is available through npm:
$ npm install volos-sns
There are two examples below, one basic example and one that uses the avault
(Apigee Vault) Node.js module, which is a secure local storage module. Apigee Vault is used to encrypt sensitive login credentials sent to the backend database.
The example below shows a simple usage of the volos-sns
connector using the http
module to proxy requests to the connector.
Note: For this example, the SNS credentials are specified in plaintext. This is not a best practice.
var snsConnector = require('volos-sns');
var http = require('http');
var configuration = require('./configuration.js');
var profile = {
region: 'myregion'
accessKeyId: 'myaccesskeyid',
secretAccessKey: 'mysecretkey'
};
var snsConnectorObject = new snsConnector.SnsConnector({"profile": profile, "configuration": configuration});
var svr = http.createServer(function (req, resp) {
snsConnectorObject.dispatchRequest(req, resp);
});
svr.listen(9089, function () {
snsConnectorObject.initializePaths(configuration);
console.log(snsConnectorObject.applicationName + ' node server is listening');
});
This example shows the usage of the avault
module to provide a secure local storage option for credentials and endpoint configuration.
This example assumes you have configured a vault and loaded a configuration profile with a key 'my_profile_key'. See the section "SNS configuration profile" below for a quick example. For a complete description of the avault
module see the Apigee Vault page on GitHub.
var snsConnector = require('volos-sns');
var http = require('http');
var vault = require('avault').createVault(__dirname);
var restMap = require('./configuration.js');
var sns;
vault.get('my-profile-key', function(profileString) {
if (!profileString) {
console.log('Error: required vault not found.');
} else {
var profile = JSON.parse(profileString);
var svr = http.createServer(function(req, resp) {
sns.dispatchRequest(req, resp);
});
svr.listen(9099, function() {
sns = new snsConnector.SnsConnector({"profile": profile, configuration: configuration});
sns.initializePaths(configuration.restMap);
console.log(sns.applicationName + ' server is listening');
});
}
});
To use this connector you need a correctly configured SNS connection for your AWS SNS account.
The SNS configuration profile is used by the connector to establish a connection to the backend SNS account. The profile includes the following fields:
Tip: Log in to your SNS account to find your security credentials, including AWS access keys.
Example:
var profile = {
region: 'myregion',
accessKeyId: 'myaccesskeyid',
secretAccessKey: 'mysecretkey'
};
The avault
module provides local, double-key encrypted storage of sensitive information such as credentials and system endpoints. This provides an option to store these kinds of data in a format other than text/plain
.
In order to insert a value into the vault a command-line tool is provided called vaultcli
. This tool comes with the avault
module. Here's an example:
$ vaultcli --verbose --value='{"region"; "myregion", "accessKeyId":"myaccesskeyid", "secretAccessKey": "mysecretaccesskey"}' my-vault-name
Note that these are the same keys that are required in the plaintext version of the profile. If this command completes successfully you will find two new files: store.js
and keys.js
. Place them in the root directory of the volos-sns
module.
For more detailed usage of the avault
module refer to the Apigee Vault page on GitHub.
If you run the Node.js server and call the API like this:
curl http://localhost:9058/
The server will return the following API usage information:
{
"usage": {
"Commands": [
"GET /subscriptions Query Parameters: arn",
"POST /subscriptions FormVars: arn, phone",
"DELETE /subscriptions Query Parameters: arn",
"POST /publications FormVars: message, subject, arn",
"POST /topics FormVars: name, displayName",
"GET /topics Query Parameters: arn",
"GET /platformApplications Query Parameters: arn"
],
"Common Optional Parameters": [
"limit=<maxResults>",
"expand=true"
]
}
}
For example, to get a list of all of your subscriptions:
curl http://localhost:9099/subscriptions
To get a list of all the objects in a specific subscription:
curl http://localhost:9099/subscriptions?arn=arn:aws:sns:us-east-1:650324475555:emailsupport:cd7ac02f-5555-5555-5555-6ea6b51cdfb5
You might get a response like this:
{
"ResponseMetadata": {
"RequestId": "afdad9f2-555-5555-b71c-55555555"
},
"Attributes": {
"Owner": "65032555558",
"ConfirmationWasAuthenticated": "false",
"Endpoint": "support@apigee.com",
"RawMessageDelivery": "false",
"Protocol": "email",
"TopicArn": "arn:aws:sns:us-east-1:555555555:emailsupport",
"SubscriptionArn": "arn:aws:sns:us-east-1:650324470758:emailsupport:cd7ac02f-5555-5555-5555-6ea65555dfb5"
}
}
To send a subscription offer to a given mobile phone
curl -X POST http://localhost:9099/subscriptions-d 'phone=15105551212&arn=arn:aws:sns:us-east-1:650324470758:mytopic'
To send an SMS message to a mobile phone that has opted in:
curl -X POST http://localhost:9099/publications -d 'message=Want to go to dinner tonight&subject=Dinner?&arn=asd&arn=arn:aws:sns:us-east-1:650324470758:mytopic'
FAQs
Volos AWS SNS Connector
We found that volos-sns demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.