Tall Paul

node.js (5)


File injection and security breaking…..

I’ve just updated my dynamic proxy server in node.js to support file injection, and the stripping of headers that prevent loading targeted pages in iframes.  This may all sound very nefarious, but I actually require this functionality in a (super secret) project I’m working on….



Dynamic proxy server in Node.js

Recently I’ve been tinkering with an idea I call nodeploy, for which I needed a dynamic proxy server…. ie, one I could change the configuration of on the fly.  I looked at HaProxy and nginx, both of which offer very limited or overly complex functionality that kind of did what I needed, but not really… so I decided to write something myself.



Mortix.net on indiegogo

So, today I announce a new project I’ve been working away on for the past few weeks in my spare time.

Mortix.net.

Still in the prototype stage (so the website isn’t up and running yet) this is a secure platform for developing apps that ensure your privacy on the internet.

Check out the indiegogo campaign here for more information.  And spread the word!

 



Node.js app framework demo site

I’ve started running a test site for the new framework here

There’s not much there yet, a couple of pages (dynamically loading content from the database, ooooh!) and not much else… but I’ll add more to it as I add features.

It’s currently running on an old laptop in my front room, so don’t expect too much in the way of performance!



New project: Node.js application framework

So I decided to learn a new language / architecture last weekend and since Node.js has been getting a lot of attention lately I thought I might as well go with that.

I’ve put maybe 6 hours into it so far, and you can see the fruits of my labour over at github: https://github.com/Tall-Paul/node-framework

I don’t have it up and running anywhere yet, and there’s still some work to do but so far I have:

  • A routing system that takes a json config file and routes requests to ‘handlers’
  • A packaging system that allows related code to be grouped together
  • An ORM based on sequelize that lets you easily define database backed models for data
  • Automatic Ajax loading of models.

You can see an example of this in the ‘blog’ package that comes with the framework.

Currently there’s a model (/packages/blog/models/post.js) that looks like this:

module.exports = function(sequelize, DataTypes) {
  return sequelize.define("Post", {
    title: DataTypes.STRING,
    content: DataTypes.TEXT,
    author: DataTypes.STRING,
    slug: DataTypes.STRING,
    category: DataTypes.INTEGER,
  })
}
A custom handler / route that currently just takes any request of the form /blog/foo/bar.html and returns the first blog entry (this obviously needs work so it translates the request into the correct blog post) and finally a simple template that looks like this:
<html>
<head>
{{{js_includes}}}
{{{framework_get_object("blog_post",post_id,"post")}}}
</head>
<body>
<div id="post_id"></div>
<div id="post_title"></div>
<div id="post_content"></div>
</body>
</html>
It may not look much, but that template is doing some pretty funky stuff behind the scenes, it embeds some javascript on the page that trundles off and gets the blog post you asked for (post_id in that function call is a template variable that’s set by the handler, but it doesn’t have to be… you can get any content you want with a similar call) and then puts the data from the object into the page in the divs you specify.  Pretty neat (if I do say so myself).  Remember that Ajax stuff is built for you by the framework, just by defining a model of ‘post’ in the package ‘blog’ we automatically get the ability to load instances of that model via ajax.
This is clearly still a work in progress, and doesn’t actually ‘do’ very much yet… but by the weekend I hope to have automagic ajax searching of data in place and then I’m going to think about moving this site over to the new framework, possibly hosted on Engine Yard (depending on how pricey that turns out to be).  So check back soon for a demo of the framework in action.
Also, if anyone can think of a better name for this than ‘node.js web framework’ drop me a line



Tall Paul, 2020. Theme Material for Coders