bluzi / jsonstore Goto Github PK

Hey, I think your project is amazing, but I am wondering who is paying the bill? If this get's expensive to you, how can we be safe about these servers not going down?

Can I suggest you create a donation/patreon button, etc? :)

oh, my I also suggest you the email of your users in case you need to explain why this project is shutting down in the future, etc.

Maybe a login with github would be enough.

After requiring jsonstore, then creating a new client, without error, when I use jsonstore, apparently, jsonstore.get is not a function along with all others except .delete which works.

Using ReJSON can reduce overhead when retrieving JSON with filter, avoiding loading the full JSON from the database.

https://oss.redislabs.com/rejson/

Also it can allow adding update partial JSON.

seems like there is an issue with service as it redirects to heroku's application error asking to check logs. Before redirecting there it's been a while with response of status 500 and JSON response:

{ "ok": false }

JSONStore is an amazing tool to store JSON data, which can be used to consume data from endpoints. The random URL is going to provide a certain level of data security. But if you could add additional security to this using something like - password protection for POST, PUT and DELETE requests.

Imagine, I am using JSONStore to store some data which will be consumed in my app. The app is only going to make GET requests only. But I being the owner of the app and the endpoint, can go ahead and make updates to the JSONStore endpoint. This way some third party can consume the endpoint data, but cannot make any changes to it.

This is just a suggestion that triggered in me. I am thinking of using JSONStore for one of my android apps. But since it does not provide endpoint protection, I am a bit skeptical about using this service.

Amazing work, by the way.

This is a major issue, since it prevents storing email addresses, which is a very important use case.

Post Body: {"silas.reinagel":"value"}

Result:

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <title>Error</title>
    </head>
    <body>
        <pre>Internal Server Error</pre>
    </body>
</html>

It's extremely simple to write a small program to provide a workaround for the 100kb upload limit. Even if you added storage limits per key, it would be trivial to bypass that. I don't quite know where the data is being stored or how, but if you don't want users to flood your service with data, then I suggest making users sign up before giving them a key.

I only say this because I really like this service, and I don't want to see it forced to shutdown, as other services such as https://ptpb.pw have in the past due to people abusing their nature. I have two Proof-Of-Concepts that would, one, allow me to flood the service with large amounts of data indefinitely, and two, store large (think gigabyte) files by spreading them across multiple keys. These took barely any time to write, and it's only a matter of time before someone else thinks of this or acts.

Please make users sign up, with something to stop automation (maybe just a captcha instead), before giving them a key.

What is this dashboard used for?

For example we need to know how much size we can store, how much it is secure, etc.

When I want to create a data like "user", I'd like to make a request like this:

fetch('rooturl/users', {
    method: 'POST',
    body: { username: 'xxxx', passwd: '*****' }
})

instead of:

fetch('rooturl/users/1', {
    method: 'POST',
    body: { username: 'xxxx', passwd: '*****' }
})

then you assign an id to this data.
Now the data structure should look like this:

{
     users: [
         { id: 0, username: 'xxxx', passwd: '*****' }
     ]
}   

then I can get all users:

fetch('rooturl/users', {
    method: 'GET'
})

and get one of them:

// id = 0
fetch('rooturl/users/${id}', {
    method: 'GET'
})

update it:

// id = 0
fetch('rooturl/users/${id}', {
    method: 'PUT',
    body: { username: 'xxx', passwd: '******' }
})

or

// id = 0
fetch('rooturl/users', {
    method: 'PUT',
    body: { id: id, username: 'xxx', passwd: '******' }
})

and delete it:

// id = 0
fetch('rooturl/users/${id}', {
    method: 'DELETE'
})

Do you think so?
In addition, why don't you open the dashboard?

I think that the use of the Referer header in the backend code should be removed completely.

curl www.jsonstore.io/get-link
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Internal Server Error</pre>
</body>
</html>

The backend should not depend on the client to send a valid Referer header:

curl -H 'Referer: http://bogus.url' www.jsonstore.io/get-link
{"link":"http://bogus.url/fbbee72d1ac49a589480c578963aa13f71d53416510bdfd87974f300aa886282/"}

Powered by is floating in the middle of screen. Maybe change the position property of footer.

This request work as expected:

curl -X POST -H 'Content-Type: application/json' -d '{"foo":120}' https://www.jsonstore.io/1ba7860f742fc15d5b6e1508e2de1e0cde2c396f7c52a877905befb4e970eaaf/id
{"result":true}

This on the other hand erases the data at /id:

curl -X POST -d '{"foo":120}' https://www.jsonstore.io/1ba7860f742fc15d5b6e1508e2de1e0cde2c396f7c52a877905befb4e970eaaf/id
{"result":true}

There are currently two projects under https://github.com/topics/jsonstore

• https://github.com/lmangani/gunstore.io
• https://github.com/peterhellberg/jsonstore

We should add the jsonstore topic to this project as well.

http://jsonpatch.com/

The idea is to avoid retrieving the entire JSON content of a database to alter a single value and resubmit the entire modified content. So better perfs & concurrency.

Any reason you shipping the frontend in dev mode?

Seems like an interesting project? Can you pls post some use cases?

In my case:
While making a coding test/interview its easy to give them an endpoint and tell them easily create a todo app, show a map from existing lat/lng in that json etc..

Any other ideas? What made you think to create this project?

Again, thanks for such amazing project. Make sure people won't misuse it. I've seen many projects like this closed due to hosting charges

With any new DB I create, fetching data always returns

{
"ok": false
}

Can you please get on this ASAP?
Many of my projects rely on jsonstore

Not a negative comment. It's just that it happens that I've been working on a project with a similar aspect recently, i.e. it might need to store some data submitted by different users, which they should be able to retrieve later via a publicly available user interface, identifying themselves.

Making sure that nobody is able to retrieve the data from other users is easy, e.g. with a login mechanism or simply with a long string as I've seen in your example usage. However, how do you assure the users that you, the service host, don't look into their data. Is there some sort of encryption mechanism so that only the users who have a private key for themselves will be able to decode the data they send to the service? Sorry if this is obvious from the source code. I haven't been able to identify such a mechanism from a glance at the project documentation etc. If the users can't be sure that their data stays private, they might have some doubts on using the service? This is also my concern on my project, thus I am curious about how you solve this issue. Thanks!

As it for now from the source code it seems, that there are no restrictions in size and amount of JSONs sent to this service. This is not safe at all. It will either force you to sell kidney in order to pay heroku/google bills, or service will stop working (if you limited quotas).
The easiest way, or 'first line' of defense may be restricting size/ amount of JSONs per endpoint. The other may be implementing OAuth via github and short live span of unregistered user's JSONs

Hello,
An idea would be to have two differents keys: one to do GET requests, that can be only used to read data, and another private key that let us to write data on our store.
Thanks !

So the site is working, but my endpoints went down, and any newly generated endpoints also say "ok: false". Has my IP been banned?

If the JSON contains a version field, then it would be possible to prevent accidental overwrites by having each writer pass in the version it's updating. The first would succeed and the second would get an status indicating that the write failed due to the 'optimistic version lock', at which point the operation would be retried by first re-reading the current version.

Another approach which could be better in some cases is support for PATCH where incremental addition/update/delete could be made to a document.

Endpoints are returning ok: false
https://dood.wheres-my-ta.co/EIbnzy.png

Is jsonstore down? I've been using it for a while but nothing is working right now. When I do a curl -XGET in my terminal, I see

<!DOCTYPE html>
	<html>
	  <head>
		<meta name="viewport" content="width=device-width, initial-scale=1">
		<meta charset="utf-8">
		<title>Application Error</title>
		<style media="screen">
		  html,body,iframe {
			margin: 0;
			padding: 0;
		  }
		  html,body {
			height: 100%;
			overflow: hidden;
		  }
		  iframe {
			width: 100%;
			height: 100%;
			border: 0;
		  }
		</style>
	  </head>
	  <body>
		<iframe src="//www.herokucdn.com/error-pages/application-error.html"></iframe>
	  </body>
	</html>

I'm having a situation here where I've settled on using a finite set of keys for storing unbounded number of items by binning them. During dev/testing I've run into a condition where the request seems to get dropped (as in ignored SYN).

What are the limitations? I've already spent more time than I ever expect to save.

GET might have an Accept header though.

[root@centos-s-1vcpu-1gb-blr1-01 jsonstore]# npm install

> [email protected] install /root/jsonstore/node_modules/grpc
> node-pre-gyp install --fallback-to-build --library=static_library

node-pre-gyp ERR! Tried to download(403): https://storage.googleapis.com/grpc-precompiled-binaries/node/grpc/v1.10.1/node-v79-linux-x64-glibc.tar.gz
node-pre-gyp ERR! Pre-built binaries not found for [email protected] and [email protected] (node-v79 ABI, glibc) (falling back to source compile with node-gyp)
node-pre-gyp ERR! Pre-built binaries not installable for [email protected] and [email protected] (node-v79 ABI, glibc) (falling back to source compile with node-gyp)
node-pre-gyp ERR! Hit error Connection closed while downloading tarball file
make: Entering directory `/root/jsonstore/node_modules/grpc/build'
make: Entering directory `/root/jsonstore/node_modules/grpc/build'
  CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/init.o
  CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/init.o
make: g++: Command not found
make: *** [Release/obj.target/grpc/deps/grpc/src/core/lib/surface/init.o] Error 127
make: Leaving directory `/root/jsonstore/node_modules/grpc/build'
gyp ERR! build error
gyp ERR! stack Error: `make` failed with exit code: 2
gyp ERR! stack     at ChildProcess.onExit (/usr/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:194:23)
gyp ERR! stack     at ChildProcess.emit (events.js:210:5)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:272:12)
gyp ERR! System Linux 3.10.0-957.27.2.el7.x86_64
gyp ERR! command "/usr/bin/node" "/usr/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "build" "--fallback-to-build" "--library=static_library" "--module=/root/jsonstore/node_modules/grpc/src/node/extension_binary/node-v79-linux-x64-glibc/grpc_node.node" "--module_name=grpc_node" "--module_path=/root/jsonstore/node_modules/grpc/src/node/extension_binary/node-v79-linux-x64-glibc"
gyp ERR! cwd /root/jsonstore/node_modules/grpc
gyp ERR! node -v v13.0.1
gyp ERR! node-gyp -v v5.0.5
gyp ERR! not ok
make: g++: Command not found
make: *** [Release/obj.target/grpc/deps/grpc/src/core/lib/surface/init.o] Error 127
make: Leaving directory `/root/jsonstore/node_modules/grpc/build'
gyp ERR! build error
gyp ERR! stack Error: `make` failed with exit code: 2
gyp ERR! stack     at ChildProcess.onExit (/usr/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:194:23)
gyp ERR! stack     at ChildProcess.emit (events.js:210:5)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:272:12)
gyp ERR! System Linux 3.10.0-957.27.2.el7.x86_64
gyp ERR! command "/usr/bin/node" "/usr/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "build" "--fallback-to-build" "--library=static_library" "--module=/root/jsonstore/node_modules/grpc/src/node/extension_binary/node-v79-linux-x64-glibc/grpc_node.node" "--module_name=grpc_node" "--module_path=/root/jsonstore/node_modules/grpc/src/node/extension_binary/node-v79-linux-x64-glibc"
gyp ERR! cwd /root/jsonstore/node_modules/grpc
gyp ERR! node -v v13.0.1
gyp ERR! node-gyp -v v5.0.5
gyp ERR! not ok
node-pre-gyp ERR! build error
node-pre-gyp ERR! stack Error: Failed to execute '/usr/bin/node /usr/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js build --fallback-to-build --library=static_library --module=/root/jsonstore/node_modules/grpc/src/node/extension_binary/node-v79-linux-x64-glibc/grpc_node.node --module_name=grpc_node --module_path=/root/jsonstore/node_modules/grpc/src/node/extension_binary/node-v79-linux-x64-glibc' (1)
node-pre-gyp ERR! stack     at ChildProcess.<anonymous> (/root/jsonstore/node_modules/grpc/node_modules/node-pre-gyp/lib/util/compile.js:83:29)
node-pre-gyp ERR! stack     at ChildProcess.emit (events.js:210:5)
node-pre-gyp ERR! stack     at maybeClose (internal/child_process.js:1028:16)
node-pre-gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:283:5)
node-pre-gyp ERR! System Linux 3.10.0-957.27.2.el7.x86_64
node-pre-gyp ERR! command "/usr/bin/node" "/root/jsonstore/node_modules/grpc/node_modules/.bin/node-pre-gyp" "install" "--fallback-to-build" "--library=static_library"
node-pre-gyp ERR! cwd /root/jsonstore/node_modules/grpc
node-pre-gyp ERR! node -v v13.0.1
node-pre-gyp ERR! node-pre-gyp -v v0.7.0
node-pre-gyp ERR! not ok
Failed to execute '/usr/bin/node /usr/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js build --fallback-to-build --library=static_library --module=/root/jsonstore/node_modules/grpc/src/node/extension_binary/node-v79-linux-x64-glibc/grpc_node.node --module_name=grpc_node --module_path=/root/jsonstore/node_modules/grpc/src/node/extension_binary/node-v79-linux-x64-glibc' (1)
npm WARN [email protected] No repository field.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: `node-pre-gyp install --fallback-to-build --library=static_library`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2019-10-25T02_17_33_869Z-debug.log

2019-10-25T02_17_33_869Z-debug.log

Something up with your server configuration?

curl -X PUT -H 'Content-Type: application/json' -d '12345' https://www.jsonstore.io/1ba7860f742fc15d5b6e1508e2de1e0cde2c396f7c52a877905befb4e970eaaf/a-number

curl -X PUT -H 'Content-Type: application/json' -d 'true' https://www.jsonstore.io/1ba7860f742fc15d5b6e1508e2de1e0cde2c396f7c52a877905befb4e970eaaf/a-boolean

Both requests result in a 500:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Internal Server Error</pre>
</body>
</html>

Using a JSON object work just fine:

curl -X PUT -H 'Content-Type: application/json' -d '{"b":true, "n":12345}' https://www.jsonstore.io/1ba7860f742fc15d5b6e1508e2de1e0cde2c396f7c52a877905befb4e970eaaf/an-object

{"result":true}

I have a store where I have a list of songs:
"tracks": ['track1', 'track2']
Is it possible to push track3 to the array?

Or should I GET the tracks first, push to my local array and then PUT the result?

Having constant problems with this, keeps returning 503. Don't bother with this api.

Endpoints just went down on my end, ending up in a heroku error page.

JsonStoreException {
  name: 'Service Unavailable',
  message: 'Your request ran into an error!',
  code: 503,
  body:
   '<!DOCTYPE html>\n\t<html>\n\t  <head>\n\t\t<meta name="viewport" content="width=device-width, initial-scale=1">\n\t\t<meta charset="utf-8">\n\t\t<title>Application Error</title>\n\t\t<style media="screen">\n\t\t  html,body,iframe {\n\t\t\tmargin: 0;\n\t\t\tpadding: 0;\n\t\t  }\n\t\t  html,body {\n\t\t\theight: 100%;\n\t\t\toverflow: hidden;\n\t\t  }\n\t\t  iframe {\n\t\t\twidth: 100%;\n\t\t\theight: 100%;\n\t\t\tborder: 0;\n\t\t  }\n\t\t</style>\n\t  </head>\n\t  <body>\n\t\t<iframe src="//www.herokucdn.com/error-pages/application-error.html"></iframe>\n\t </body>\n\t</html>' }

I'm getting HTTP/1.1 500 Internal Server Error while trying to delete a resource

I'm wondering if there's any limitations on data storage, such as how much data can i Store or how frequently i can send requests?

POST request.
Origin https://gp.sookoll.ee is not allowed by Access-Control-Allow-Origin.

$ http https://www.jsonstore.io/64892bfe3d5286885ae7cc8808d1a21b60e98c51b4cdfacd225efff5b3218241
HTTP/1.1 200 OK
{
    "ok": true,
    "result": null
}

$ echo '{"a":[]}' | http POST https://www.jsonstore.io/64892bfe3d5286885ae7cc8808d1a21b60e98c51b4cdfacd225efff5b3218241
HTTP/1.1 201 Created
{
    "ok": true
}

$ http https://www.jsonstore.io/64892bfe3d5286885ae7cc8808d1a21b60e98c51b4cdfacd225efff5b3218241                  
HTTP/1.1 200 OK
{
    "ok": true,
    "result": null
}

Posting something else seems to work fine:

$ echo '{"a":1}' | http POST https://www.jsonstore.io/64892bfe3d5286885ae7cc8808d1a21b60e98c51b4cdfacd225efff5b3218241
HTTP/1.1 201 Created
{
    "ok": true
}

$ http https://www.jsonstore.io/64892bfe3d5286885ae7cc8808d1a21b60e98c51b4cdfacd225efff5b3218241                 
HTTP/1.1 200 OK
{
    "ok": true,
    "result": {
        "a": 1
    }
}

Including non-empty arrays:

$ echo '{"a":["b","c"]}' | http POST https://www.jsonstore.io/64892bfe3d5286885ae7cc8808d1a21b60e98c51b4cdfacd225efff5b3218241
HTTP/1.1 201 Created
{
    "ok": true
}

$ http https://www.jsonstore.io/64892bfe3d5286885ae7cc8808d1a21b60e98c51b4cdfacd225efff5b3218241                             
HTTP/1.1 200 OK
{
    "ok": true,
    "result": {
        "a": [
            "b",
            "c"
        ]
    }
}

Is it a bug? If it's not, where can I find documented limitations for this API?

Thanks.

I tried to POST 20MB json.

Chrome response:
Request URL: https://www.jsonstore.io/__key__/__id__
Request Method: POST
Status Code: 413 Payload Too Large

Safari response:
[Error] Origin https://localhost:3001 is not allowed by Access-Control-Allow-Origin.
[Error] XMLHttpRequest cannot load https://www.jsonstore.io/__key__/__id__ due to access control checks.
[Error] Failed to load resource: Origin https://localhost:3001 is not allowed by Access-Control-Allow-Origin.

How to make it run on Windows 10 ?

Returns {ok:true} but doesn't return any data

I have an array with 2 elements saved in jsonstore.
I then send a DELETE request to /myarray/0 and I expect it to actually delete the element but what it does is set this element to null.
How can I really remove this element from the array?

Thanks for making the service and releasing the source!

Just to be clear on the licensing, package.json claims the license is ISC. This is the default if you created the package.json file with npm init. Was your intention to release as ISC or something else? No matter what license you choose, please add an appropriate LICENSE file too

I am using a XML Http Request with POST to try and upload data to your site, but I keep getting 400 Bad request. The content type IS json, and the data IS in json format. Is the site down? Also when I use a GET request i get {result: null, okay: true}. Is that supposed to happen? Im new to this service and I don't know how it works

Hi,

just wanted to let you know that I use jsonstore in https://github.com/pascalgn/sotay

Thanks a lot for your project, it's a great idea!

Cheers,

Pascal

Shouldn't PUT requests be for updating key/value pairs within a document, and POST for overwriting/creating a document? PUT behaves the same as POST in this instance.

Since url is public? How do I prevent users from editing the database ?

Anyone can make requests and edit the database! Any workaround ?

Heroku is returning error responses for all stored JSON documents for all request verbs. This occurs for new and longer-saved documents.
The screenshot below is the result of any GET request through a browser.

Maybe this project should be moved to a GitHub organization (and have multiple collaborators/admins) in order to increase the bus factor?

I can't get orderKey to work. Here's my calls:

Request URL: https://www.jsonstore.io/11steveo117234be5bb130fcee5b573bc5fa2573dd647ec54b51075d258c3840/users/1?
Request Method: POST
{"age":1,"nums":4}

Request URL: https://www.jsonstore.io/11steveo117234be5bb130fcee5b573bc5fa2573dd647ec54b51075d258c3840/users/99?
Request Method: POST
{"age":99,"nums":3}

Request URL: https://www.jsonstore.io/11steveo117234be5bb130fcee5b573bc5fa2573dd647ec54b51075d258c3840/users/?
Request Method: GET
{"result":{"1":{"age":1,"nums":4},"99":{"age":99,"nums":3}},"ok":true}

Request URL: https://www.jsonstore.io/11steveo117234be5bb130fcee5b573bc5fa2573dd647ec54b51075d258c3840/users/?orderKey=nums
Request Method: GET
{"result":{"1":{"age":1,"nums":4},"99":{"age":99,"nums":3}},"ok":true}

Request URL: https://www.jsonstore.io/11steveo117234be5bb130fcee5b573bc5fa2573dd647ec54b51075d258c3840/users/?orderKey=age&filterValue=1&valueType=number
Request Method: GET
{"result":{"1":{"age":1,"nums":4},"99":{"age":99,"nums":3}},"ok":true}

No matter what I do orderKey filterValue and valueType are ignored.