slpclient-slpserve
v0.0.9
Published
SLPDB microservice
Downloads
3
Readme
UNTESTED -- do not use yet
[] - Add BitDB validation too
SLPClient server.
Allowing clients to run arbitray read queries on big databases creates a vulnerability for DDOS. The TL;DR for this library is that it's just a combination of SLPServe and SLPSockServe, with validation of each query by SLPClient. Check out those READMEs if you need to.
Install and run:
If you're just getting started, you will need an SLPDB instance running on your local machine.
Some other differences from SLPServe and SLPSockServe is that this server runs on a single port, and no raw or aggregate queries are allowed.
We currently get an error with node-jq trying to install these libraries. Please use these installation commands:
cp .env.example .env;
npm install --save --unafe-perm --no-bin-links;
npm run start
Summary of validation
// A new SLP Client is initialized:
var slpclient = new SLPClient()
... later ...
// When a query comes in, it's validated using the validateQuery function
function validateQuery(query){
...
if(query!= slpclient[query.slpclient.func](...query.slpclient.args).query)return {"error":"Invalid query"};
}
... later ...
if(validateQuery(query).error){
res.json(validateQuery(query));
return;
}
Other validations
The creator of BitD uses a 'header' variable to authenticate users based on an API key. This header is also supported by SLPClient (but not this server). You can extend this server with your own header logic for this purpose.