github-starred/Socio
2
0
Fork 0
mirror of https://github.com/Rolands-Laucis/Socio.git synced 2026-05-21 06:46:19 -06:00
Code Issues Projects Packages Wiki Activity Actions

upd

Browse source
This commit is contained in:
Rolands 2023-07-23 09:29:01 +03:00
parent 1d3d365bde
commit 539396dc5f
1 changed files with 3 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

9
Documentation.md
View file

@ -1,7 +1,4 @@
# Simple Documentation for Socio usage.
##### Those that know, do. Those that understand, teach. /Aristotle/
## Overview
# Overview
* [WS](https://www.npmjs.com/package/ws) Socio uses on the server.
* [The WebSocket API](https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API) Socio uses on the browser.
@ -13,7 +10,7 @@ The ``./core/core-client.ts`` file contains logic to be run on the frontend brow
The ``./core/secure.ts`` file contains logic to be run on a backend server. It exports the class ``SocioSecurity`` that you instantiate and work with mostly during just the setup initialization of your backend. There is also a Vite plugin (``SocioSecurityVitePlugin``) that wraps that class, that you can use instead in your Vite app config. Should also work as a Rollup plugin, but havent tested. This securely encrypts the socio SQL query strings before serving the production code to the client, such that the client cannot see nor alter, nor impersonate the query string. However, it is still up to you to sanitize and protect yourself from SQL injections when inserting dynamic data into a query string! An identical setup of this class should be created on the backend server and handed to the SocioServer instance, for it to be able to decrypt the incoming SQL queries. Use .env files to keep your project secrets safe and consistent!
**Use HTTPS and WSS secure protocols** to protect against snooping and man-in-the-middle attacks on the dynamic query params.
Encryption and decryption uses the AES-256-GCM algorithm (symmetric encryption), which guarantees Confidentiality - cannot be read; Integrity - cannot be altered; and Authenticity - server can verify the author of the created cypher text. There is also protection against known-plain-text attacks by inserting random numbers into the raw string. So it should be fine, if an attacker sees the encrypted and decrypted ciphertexts.
**Encryption** and decryption uses the **AES-256-GCM algorithm (symmetric encryption)**, which guarantees Confidentiality - cannot be read; Integrity - cannot be altered; and Authenticity - server can verify the author of the created cypher text. There is also protection against known-plain-text attacks by inserting random numbers into the raw string. So it should be fine, if an attacker sees the encrypted and decrypted ciphertexts.
## SQL and NoSQL
Currently the lib has been developed with a main focus on SQL queries being written on the frontend. This matters, bcs i parse the sent strings with the assumption that they are valid SQL syntax. However, the lib now also supports a NoSQL paradigm in the form of what i call "Server Props".
@ -33,7 +30,7 @@ In the future i may support more of the NoSQL ecosystem.
## Example code snippets
Interesting note: The snippets marked for browser use cannot be run on Node.js, however, can be run on the Deno JS backend runtime. Though, im not sure if the rest of the socio lib is Deno friendly. The "ws" lib Socio uses for the backend might not be compatible with Deno.
Interesting note: The snippets marked for browser use cannot be run on Node.js, however, can be run on the Deno JS backend runtime. Though, im not sure if the rest of the socio lib is Deno friendly. The "ws" lib Socio uses for the backend might not be compatible with Deno. This is interesting, because Socio maintains two versions of the "admin-client" implementation. You can pick yours depending on your JS runtime engine.
### Setup of ``SocioServer``