4.2 C
New York
Friday, March 21, 2025
Home Blog Page 3793

File add API server in Vapor 4

codesanitize
-
0
File add API server in Vapor 4


Discover ways to construct a quite simple file add API server utilizing Vapor 4 and URLSession add process on the consumer facet.

A easy file add server written in Swift

For this easy file add tutorial we’ll solely use the Vapor Swift bundle as a dependency. 📦

// swift-tools-version:5.3
import PackageDescription

let bundle = Bundle(
    identify: "myProject",
    platforms: [
       .macOS(.v10_15)
    ],
    dependencies: [
        .package(url: "https://github.com/vapor/vapor", from: "4.35.0"),
    ],
    targets: [
        .target(
            name: "App",
            dependencies: [
                .product(name: "Vapor", package: "vapor"),
            ],
            swiftSettings: [
                .unsafeFlags(["-cross-module-optimization"], .when(configuration: .launch))
            ]
        ),
        .goal(identify: "Run", dependencies: [.target(name: "App")]),
        .testTarget(identify: "AppTests", dependencies: [
            .target(name: "App"),
            .product(name: "XCTVapor", package: "vapor"),
        ])
    ]
)

You possibly can setup the mission with the required information utilizing the Vapor toolbox, alternatively you may create the whole lot by hand utilizing the Swift Bundle Supervisor, lengthy story quick, we simply want a starter Vapor mission with out further dependencies. Now in the event you open the Bundle.swift file utilizing Xcode, we will setup our routes by altering the configure.swift file.

import Vapor

public func configure(_ app: Utility) throws {

    /// allow file middleware
    app.middleware.use(FileMiddleware(publicDirectory: app.listing.publicDirectory))

    /// set max physique measurement
    app.routes.defaultMaxBodySize = "10mb"

    /// setup the add handler
    app.publish("add") { req -> EventLoopFuture in
        let key = attempt req.question.get(String.self, at: "key")
        let path = req.utility.listing.publicDirectory + key
        return req.physique.acquire()
            .unwrap(or: Abort(.noContent))
            .flatMap { req.fileio.writeFile($0, at: path) }
            .map { key }
    }
}

First we use the FileMiddleware, this can enable us to server information utilizing the Public listing inside our mission folder. In case you don’t have a listing named Public, please create one, because the file add server will want that. Don’t neglect to offer correct file system permissions if needed, in any other case we received’t be capable to write our knowledge contained in the listing. 📁

The following factor that we set is the default most physique measurement. This property can restrict the quantity of knowledge that our server can settle for, you don’t actually wish to use this methodology for giant information as a result of uploaded information will probably be saved within the system reminiscence earlier than we write them to the disk.

If you wish to add giant information to the server it is best to think about streaming the file as an alternative of gathering the file knowledge from the HTTP physique. The streaming setup would require a bit extra work, nevertheless it’s not that sophisticated, if you’re all in favour of that answer, it is best to learn the Information API and the physique streaming part utilizing official Vapor docs website.

This time we simply desire a useless easy file add API endpoint, that collects the incoming knowledge utilizing the HTTP physique right into a byte buffer object, then we merely write this buffer utilizing the fileio to the disk, utilizing the given key from the URL question parameters. If the whole lot was executed with out errors, we will return the important thing for the uploaded file.

File add duties utilizing the URLSession API
The Basis frameworks provides us a pleasant API layer for frequent networking duties. We will use the URLSession uploadTask methodology to ship a brand new URLRequest with a knowledge object to a given server, however IMHO this API is sort of unusual, as a result of the URLRequest object already has a httpBody property, however you need to explicitly go a “from: Knowledge?” argument once you assemble the duty. However why? 🤔

import Basis

extension URLSession {

    func uploadTask(with request: URLRequest, completionHandler: @escaping (Knowledge?, URLResponse?, Error?) -> Void) -> URLSessionUploadTask {
        uploadTask(with: request, from: request.httpBody, completionHandler: completionHandler)
    }
}

Anyway, I made just a little extension methodology, so after I create the URLRequest I can set the httpBody property of it and safely go it earlier than the completion block and use the contents because the from parameter. Very unusual API design alternative from Apple… 🤐

We will put this little snippet right into a easy executable Swift bundle (or after all we will create a whole utility) to check our add server. In our case I’ll place the whole lot right into a foremost.swift file.

import Basis
import Dispatch

extension URLSession {

    func uploadTask(with request: URLRequest, completionHandler: @escaping (Knowledge?, URLResponse?, Error?) -> Void) -> URLSessionUploadTask {
        uploadTask(with: request, from: request.httpBody, completionHandler: completionHandler)
    }
}


let fileData = attempt Knowledge(contentsOf: URL(fileURLWithPath: "/Customers/[user]]/[file].png"))
var request = URLRequest(url: URL(string: "http://localhost:8080/add?key=(UUID().uuidString).png")!)
request.httpMethod = "POST"
request.httpBody = fileData

let process = URLSession.shared.uploadTask(with: request) { knowledge, response, error in
    guard error == nil else {
        fatalError(error!.localizedDescription)
    }
    guard let response = response as? HTTPURLResponse else {
        fatalError("Invalid response")
    }
    guard response.statusCode == 200 else {
        fatalError("HTTP standing error: (response.statusCode)")
    }
    guard let knowledge = knowledge, let outcome = String(knowledge: knowledge, encoding: .utf8) else {
        fatalError("Invalid or lacking HTTP knowledge")
    }
    print(outcome)
    exit(0)
}

process.resume()
dispatchMain()

The above instance makes use of the Dispatch framework to attend till the asynchronous file add finishes. It is best to change the situation (and the extension) of the file if needed earlier than you run this script. Since we outlined the add route as a POST endpoint, we have now to set the httpMethod property to match this, additionally we retailer the file knowledge within the httpBody variable earlier than we create our process. The add URL ought to comprise a key, that the server can use as a reputation for the file. You possibly can add extra properties after all or use header values to test if the person has correct authorization to carry out the add operation. Then we name the add process extension methodology on the shared URLSession property. The good factor about uploadTask is you can run them on the background if wanted, that is fairly helpful if it involves iOS improvement. 📱

Contained in the completion handler we have now to test for a couple of issues. To start with if there was an error, the add will need to have failed, so we name the fatalError methodology to interrupt execution. If the response was not a legitimate HTTP response, or the standing code was not okay (200) we additionally cease. Lastly we wish to retrieve the important thing from the response physique so we test the info object and convert it to a UTF8 string if doable. Now we will use the important thing mixed with the area of the server to entry the uploaded file, this time I simply printed out the outcome, however hey, that is only a demo, in an actual world utility you may wish to return a JSON response with further knowledge. 😅

Vanilla JavaScript file uploader

Yet one more factor… you should utilize Leaf and a few Vanilla JavaScript to add information utilizing the newly created add endpoint. Truly it’s very easy to implement a brand new endpoint and render a Leaf template that does the magic. You’ll want some primary HTML and some traces of JS code to submit the contents of the file as an array buffer. It is a primary instance.



  
    
    
    File add
  
  
      
      
File add API server in Vapor 4

As you may see it’s a normal XHR request mixed with the FileReader JavaScript API. We use the FileReader to transform our enter to a binary knowledge, this fashion our server can write it to the file system within the anticipated format. Most often individuals are utilizing a multipart-encoded type to entry information on the server, however when you need to work with an API you can even switch uncooked file knowledge. If you wish to be taught extra about XHR requests and AJAX calls, it is best to learn my earlier article.

I even have a publish about completely different file add strategies utilizing normal HTML kinds and a Vapor 4 server as a backend. I hope you’ll discover the fitting answer that you just want to your utility. 👍

Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group

codesanitize
-
0
Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group


Aug 19, 2024Ravie LakshmananCybercrime / Community Safety

Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group

Cybersecurity researchers have found new infrastructure linked to a financially motivated menace actor often called FIN7.

The 2 clusters of potential FIN7 exercise “point out communications inbound to FIN7 infrastructure from IP addresses assigned to Put up Ltd (Russia) and SmartApe (Estonia), respectively,” Crew Cymru mentioned in a report printed this week as a part of a joint investigation with Silent Push and Stark Industries Options.

Cybersecurity

The findings construct on a latest report from Silent Push, which discovered a number of Stark Industries IP addresses which can be solely devoted to internet hosting FIN7 infrastructure.

The newest evaluation signifies that the hosts linked to the e-crime group had been seemingly procured from one in every of Stark’s resellers.

“Reseller applications are widespread within the internet hosting business; lots of the largest VPS (digital non-public server) suppliers provide such providers,” the cybersecurity firm mentioned. “Clients procuring infrastructure by way of resellers usually should observe the phrases of service outlined by the ‘mother or father’ entity.”

FIN7 Cybercrime Group

What’s extra, Crew Cymru mentioned it was capable of establish extra infrastructure linked to FIN7 exercise, together with 4 IP addresses assigned to Put up Ltd, a broadband supplier working in Southern Russia and three IP addresses assigned to SmartApe, a cloud internet hosting supplier working from Estonia.

The primary cluster has been noticed conducting outbound communications with at the very least 15 Stark-assigned hosts beforehand found by Silent Push (e.g., 86.104.72[.]16) over the previous 30 days. Likewise, the second cluster from Estonia has been recognized as speaking with at least 16 Stark-assigned hosts.

Cybersecurity

“As well as, 12 of the hosts recognized within the Put up Ltd cluster had been additionally noticed within the SmartApe cluster,” Crew Cymru famous. The providers have since been suspended by Stark following accountable disclosure.

“Reviewing metadata for these communications confirmed them to be established connections. This evaluation relies on an analysis of noticed TCP flags and sampled knowledge switch volumes.”

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.



Vulnerability in Microsoft apps allowed hackers to spy on Mac customers

codesanitize
-
0
Vulnerability in Microsoft apps allowed hackers to spy on Mac customers


Microsoft updates Outlook for Mac with Profiles feature

A vulnerability present in Microsoft apps for macOS allowed hackers to spy on Mac customers. Safety researchers from Cisco Talos reported in a weblog publish how the vulnerability might be exploited by attackers and what Microsoft has been doing to repair the exploits.

Hackers can use Microsoft apps to entry Mac customers’ cameras and microphones

Cisco Talos, a cybersecurity group specializing in malware and system prevention, shared particulars on how a vulnerability in apps like Microsoft Outlook and Groups could lead on attackers to entry a Mac’s microphone and digicam with out the person’s consent. The assault relies on injecting malicious libraries into Microsoft apps to realize their entitlements and user-granted permissions.

Apple’s macOS has a framework referred to as Transparency Consent and Management (TCC), which manages app permissions to entry issues like location companies, digicam, microphone, library images, and different information.

Every app wants an entitlement to request permissions from TCC. Apps with out these entitlements received’t even ask for permissions, and consequently received’t have entry to the digicam and different elements of the pc. Nonetheless, the exploit allowed malicious software program to make use of the permissions granted to Microsoft apps.

“We recognized eight vulnerabilities in varied Microsoft purposes for macOS, by means of which an attacker might bypass the working system’s permission mannequin through the use of present app permissions with out prompting the person for any extra verification,” the researchers clarify.

For instance, a hacker might create malicious software program to file audio from the microphone and even take images with none person interplay. “All apps, aside from Excel, have the flexibility to file audio, some may even entry the digicam,” the group provides.

macOS Sequoia Gatekeeper

Microsoft is engaged on a repair – but it surely doesn’t appear to be a precedence

In response to Cisco Talos, Microsoft considers this exploit to be “low danger” because it depends on loading unsigned libraries to assist third-party plugins.

After the exploits have been reported, Microsoft up to date the Microsoft Groups and OneNote apps for macOS with adjustments to how these apps deal with the library validation entitlement. Nonetheless, Excel, PowerPoint, Phrase, and Outlook are nonetheless weak to the exploit.

The researchers query why Microsoft had the necessity to disable library validation, particularly when extra libraries usually are not anticipated to be loaded. “Through the use of this entitlement, Microsoft is circumventing the safeguards supplied by the hardened runtime, probably exposing its customers to pointless dangers.”

On the identical time, the researchers word that Apple might additionally implement adjustments to the TCC to make the system safer. The group means that the system ought to immediate customers when loading third-party plugins into apps that have already got granted permissions.

Extra particulars concerning the exploit may be discovered on the Cisco Talos weblog.

Learn additionally

FTC: We use earnings incomes auto affiliate hyperlinks. Extra.

UK Prime Minister Keir Starmer and Prince William deepfaked in funding rip-off marketing campaign

codesanitize
-
0
UK Prime Minister Keir Starmer and Prince William deepfaked in funding rip-off marketing campaign


Scammers are as soon as once more utilizing deepfake know-how to dupe unwary web Fb and Instagram customers into making unwise cryptocurrency investments.

AI-generated movies selling fraudulent cryptocurrency buying and selling platform Fast Edge have used deepfake footage of British Prime Minister Sir Keir Starmer and His Royal Highness Prince William to succeed in an estimated 890,000 folks by way of Meta’s social media platforms.

In a single instance, deepfake video footage of Sir Keir Starmer assured viewers that “this isn’t a rip-off”, whereas claiming that they had been chosen to earn a “life-changing” amount of cash:

“Your life is about to alter. I’m Keir Starmer, Prime Minister of the UK and chief of the Labour Celebration. I’ve been ready for you. At the moment is your fortunate day. I do not understand how you discovered this web page, however you will not remorse it.”

In one other model, the pretend model of the Prime Minister introduced the “Nationwide Make investments Platform” by way of which customers may begin buying and selling and generate income across the clock.

One other model of the rip-off included a deepfake of Prince William, expressing the Royal Household’s endorsement of the scheme:

“Good afternoon, honoured residents of the UK. I’m happy to announce that I, Prince William, and all the Royal Household totally help Prime Minister Keir Starmer’s initiative and his new platform.”

Researchers at Fenimore Harper say that over 250 adverts utilizing deepfakes of Sir Keir Starmer have appeared on Meta’s platforms because the election on July 4 2024, with an advert spend by the scammers of £21,053.

Utilizing Meta’s personal AI mannequin, Llama 3.1 70B, the researchers say they have been in a position to establish the fraudulent adverts immediately – elevating questions as to why Meta itself has been unable to cut back the variety of rip-off adverts about Keir Starmer, which threat outnumbering genuine ones.

The adverts declare that Fast Edge is a part of a brand new platform endorsed by the UK Prime Minister to assist customers earn life-changing sums of cash.  If customers clicked by way of to the positioning they have been taken to a touchdown web page which requested them to enter their private particulars.

Later, candidates can be hounded by scammers, who inspired them to make deposits into the pretend cryptocurrency buying and selling platform, and to speculate much more when proven a pretend portfolio purporting to indicate that nice monetary features had been made.

Even after being scammed, some victims continued to consider that Sir Keir Starmer had personally endorsed the platform.

Meta says that its techniques detected and eliminated a lot of the fraudulent adverts earlier than the researchers’ report was printed, and reiterated that it had insurance policies in place in opposition to adverts that misuse the pictures of public figures for misleading functions.

Earlier this 12 months, researchers from the identical staff found greater than 100 deepfake video adverts on Fb posing as footage of the UK’s then Prime Minister Rishi Sunak, pointing to a pretend BBC Information webpage selling an funding rip-off.

The researchers consider that regardless of protestations from Meta, disinformation on Fb and Instagram “is getting worse, not higher”

Greatest Mac backup software program | Macworld

codesanitize
-
0
Greatest Mac backup software program | Macworld



Mac Backup Guru’s prime perform is to create bootable clones of your Mac’s startup disk. Nevertheless, it may possibly additionally synchronize backed-up variations of your disk, and even of only a folder, with the present model. And it may possibly create snapshots, similar to Time Machine does. So, for instance, if you happen to set it to take a snapshot on a daily schedule, you may then revert to whichever snapshot you select.

You can too select which folders to again up and to the place, relatively than having to backup an entire disk to your Time Machines disk after which designate folders to exclude. There’s extra management over scheduling that Time Machine presents, and, after all, Apple’s utility doesn’t provide the flexibility to synchronize folders or create bootable clones.

Whereas the snapshots function is just like Time Machine, Mac Backup Guru presents extra management. You possibly can, for instance, browse snapshots within the Finder, relatively than having to make use of the Time Machine utility to revive information.

Mac Backup Guru’s interface is easy, and will likely be acquainted if you happen to’ve used a number of the different instruments listed right here. Nevertheless, a number of the menu buttons, notably these for selecting supply and vacation spot, appeared small and cramped to us. We’d have appreciated these menus and the choices contained inside them too have been somewhat greater to make them simpler to pick out from.

When you’ve chosen a supply, which could be a complete quantity or a selected folder, and a vacation spot, you may elect to exclude folders inside that from being backed up. You can too schedule computerized backups. The scheduling is pretty primary, however meaning it’s additionally simple to configure. Simply click on the times on which you need the backup to run and the time you need it to run. It’s value noting that whilst you can run the backup on which ever day you select, it’s important to run it on the identical time every day. You can too run ad-hoc backups by urgent the ‘Backup’ button on the principle window.

The ultimate possibility is to decide on what number of snapshots to maintain. When you attain the required quantity, Mac Backup Guru will begin deleting the oldest snapshot each time a brand new one is created.

Mac Backup Guru is a straightforward to make use of backup device that retains choices and settings to a minimal whereas providing a number of helpful options. It’s additionally good worth – on the time of writing it was on provide for lower than $9/£7.16, a major low cost on its standard $29/£23.05 value.

1...3,7923,7933,794...3,849Page 3,793 of 3,849

ABOUT US

Welcome to CodeSanitize, your number one source for all things coding and technology. We’re dedicated to providing you the very best of software development tutorials, tips, and resources, with a focus on clarity, practical examples, and up-to-date content.

© Copyright 2024 - codesanitize.com. All rights reserved