Creating a Lambda Web Service
source link: https://www.tuicool.com/articles/hit/qE7j2aQ
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
A Lambda Web Service is something I doubt you have ever seen before, even though it is a highly interesting idea. It is a web service endpoint with "reversed responsibility." What I mean by that is that it's not the job of the web service to provide the code it is executing, but rather the responsibility of the client. Hence, the web service endpoint is simply given some code, which it executes using an "eval" construct.
What? This Is Insecure and Dangerous!
No, in fact, it's perfectly safe and secure! Depending upon which language you are using to implement the web service, and what constructs you have available in that language. I have created such a web service myself in Hyperlambda. It took me roughly 15-30 minutes, and it allows you to execute Hyperlambda on my server. Still, I doubt that you'd be able to execute malicious code since I use an overload of "eval" that allows me to use a ( secure ) subset of my server's vocabulary of "functions" and "keywords."
For instance, if you try to save a file, an exception will be raised, since the "function" [save-file] is not in my web service endpoint's list of "whitelisted keywords." If you try to select something from my database, an exception will be raised. This allows me to "whitelist" only those functions that I consider to be safe, and thus control what legal functions and keywords any consumer is legally allowed to use on my server. So even though any random visitor to my web service can literally execute code on my server this should pose no security risk for my server. In fact, I am so confident in that fact, that I have created a GUI for my web service endpoint, allowing anyone to execute their own code, on my server. Try it out below if you want to.
I want to emphasize, I spent 30 minutes creating the above web service, which is kind of the point. Because, arguably, this allows me to "externalize the cost" of consuming my web service to the clients that need to consume it for some reason. Making my job dead simple, while also arguably providing every single feature a web service endpoint might possibly need. In such a way, one single web service endpoint can easily replace thousands or millions of specialized web service implementations. In fact, below is 84 lines of code that have the capacity to replace every single web service endpoint you have ever written in your entire life ! Below is a screenshot of its front-end.
In the above screenshot, you can see my code editor's AutoComplete dialogue. If I choose any of these keywords or functions, besides the 6 functions and keywords that are on my "whitelist ," the execution will raise an exception. This allows me to whitelist only those API functions I happen to know for a fact are secure, preventing malicious coders from breaking into my server or somehow executing malicious code on it.
In my web service I have exposed 4 "keywords" and 2 "functions," allowing you to search through my Hyperlambda snippets database, and see what "snippets" I have there. Since these functions are using SQL parameters, this eliminates any risk in regards to SQL injection, or similar constructs. Basically, I can allow any random visitor to execute code on my web service, and I can do this without compromising my server's security!
Or download Phosphorus Five here . The latter allows you to play around with this construct on your own development machine. At which point you can use the following code to create a Hypereval "page" snippet, save it, and have your own Lambda web service endpoint.
/*
* Creates our Web Service, both its GUI and its service implementation.
*/
p5.web.request.get-method
if:x:/-?value
=:POST
/*
* Web Service invocation.
*
* Retrieving body of request, and executing it using [eval-whitelist],
* and echoing the result of the execution to caller.
*/
p5.web.request.get-body
hyper2lambda:x:/-?value
eval-whitelist:x:/-
events
set
add
src
return
hypereval.snippets.load
hypereval.snippets.search
lambda2hyper:-
p5.web.echo:x:/-?value
return
/*
* Not a POST request, hence creating our Web Service's GUI.
* Which contains a code editor, allowing the user to supply
* his own code, for then to execute the code on my server.
*/
create-widget
class:container
oninit
/*
* Including Micro CSS file, serious skin, and fonts.
*/
micro.css.include
widgets
div
class:row
widgets
div
class:col
widgets
h1
innerValue:A Lambda Web Server
/*
* CodeMirror instance.
*/
micro.widgets.codemirror:hyperlambda
mode:hyperlambda
auto-focus:true
/*
* Wrapper around our "execute Hyperlambda" button.
*/
div
class:right
widgets
button
innerValue:Execute
onclick
/*
* Retrieves code, executes it, and creates a modal window with
* the results of the execution.
*/
micro.widgets.codemirror.get-value:hyperlambda
hyper2lambda:x:/-/*?value
eval-whitelist:x:/-
events
set
add
src
return
hypereval.snippets.load
hypereval.snippets.search
/*
* Displaying the result of execution.
*
* Hint; use [return] in your own code to have your
* invocation actually "return" something ...
*/
eval-x:x:/+/*/*/*/*
create-widgets
micro.widgets.modal
widgets
pre
innerValue:x:/@eval-whitelist
84 lines of code, although heavily commented, arguably replacing every single web service endpoint you'd otherwise need.
And it even comes with a GUI front-end, to allow your consumers to play around with their code, before consuming it in their clients!
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK