I saw one example uses an Sqlite database but only one process at a time can write to them. Does trusted-cgi only run a single function at a time on the server?

Hello,

When the service is restarted, all scheduled jobs are started one, even when outside the specified schedule.

I'm not sure if it's a feature or not, but it would be great to at least have an option not to have this behavior :)

I tried to look inside the code but didn't find any obvious location, with some pointers I would be happy to write a PR if wanted.

Thanks,

Hello,

It would be great to have dynamic content types for files in static. E.g. if a small CSS is needed for a project, it's doesn't work because (at least Firefox) refuse to use CSS that have the wrong content type.

Some basic rules (for css, js and images) should be enough, but more advanced options like per-extention header or automatic mime type detection would do the job :)

Thanks a lot and have a nice daym

OS: Windows 10
Shell: PowerShell Core 7.1
Version: 0.3.6

On Windows, I am running into the following error message when attempting to download a newly-created lambda from my VPS:

PS> cgi-ctl download -l admin -p <mypassword> -u https://<mydomain>.dev -U 93470b46-f74a-4352-9c74-c7bbbfdd5eb9
2021/01/23 07:48:28 login...
2021/01/23 07:48:28 download...
download: -30000: archive/tar: write too long

Is there some combination of options that immediately strikes you as odd here, using SSL and being on Windows maybe?
According to some research this seems to be a common issue in Go, but I have 0 knowledge about the language. If you were to make a release with more verbose error handling then I could provide a more detailed error description :)

I see that headers are being parsed in the web UI, but I'd like to know how I can get access to that information inside my handler. It would also be nice to get the HTTP method that's in use. Does this exist already?

the method_env key is duplicated

Hi! I stumbled upon this and excited to try it out, however I encountered this issue upon login:

Error: 403: token validation failed: Token used before issued

Downgrading to 0.3.6 seems to fix the issue.

Hello, I like the project, but the docker support seems to be abandoned. You can upgrade alpine to 3.17

Hi!

I would like to run some of my lambdas periodically and it seems there is no straightforward way to do that. What I did was I created a ping action, which curls lambda url and thus invokes it.

ping:
	curl https://my.function.url/

This is a hacky solution, but what is the intended way?

Is it possible to add launcher as an action into the scheduler?

ping action on the screenshot is what I use right now and run is what I would like to have

I am using latest docker image of trusted-cgi and was not able to create a lambda from Nim template with an error saying:

Error: -30000: create lambda: write file src/lambda.nim content: open /data/b37de1ee-1e86-4209-b817-7ecb321d696f/src/lambda.nim: no such file or directory

Nim template is the only one that has directory in the template definition - src/lambda.nim. So I then went through the sources and discovered, that files are created with WriteFile:

But WriteFile can't handle directories. It should be possible to parse file path and do something like MkdirAll with it. What do you think?

PS: I am not a Nim developer and have just discovered trusted-cgi a couple of days ago; you have done an amazing job, thank you for that simple and straightforward solution!

In some circumstances, initializing time for a lambda could be quite large. it would be great to be able to configure some lambdas with a configurable number of pre-provisionned processes.

Once a lambda is pre-provisionned, it is started unconditionally in a pool. The lambda can then initialize all it wants and once initialized will stop waiting on I/O (stdin and stdout). Upon invocation, one lambda from the pool would be used and the standard input will be written to and standard output will be read to, motioning the lambda forward. Once a lambda from the pool is taken, a new lambda would be started to refill the pool.

edit: This is incompatible with MethodEnv, PathEnv, InputHeaders and Query.

Implementation could be:

• in lambda interface add Start() and Stop() functions that notifies when the lambda is made available and the lambda is destroyed.
• Start() should probably be called in

  trusted-cgi/application/platform/platform.go

  Line 211 in c76c262

  func (platform *platform) setupLambda(lambda application.Lambda) error {

• Stop() should be probably called from

  trusted-cgi/application/platform/platform.go

  Line 180 in c76c262

  func (platform *platform) Remove(uid string) {

• Start() should run a specialized invoke function where stdin and stdout are pipes. The other end of pipes should be stored in a pool data structure as well as a context cancel function (for lambda timeout)
• Invoke() should either take a running lambda from the pool and connect the pipes (io.Copy for that), ensure the cancel function is called at the timeout event, or if there is nothing on the pool, should invoke a new lambda instance
• Stop() should cancel all running lambda instances in the pool
• When updating the lambda manifest SetManifest() and reloadManifest() the pool should be adjusted

Bintray is no longer available since JFrog shut it down in May of 2021. See this article here for more details. If and when another home is found for binary hosting the install guide will need to be updated to reflect this change.

This project is really cool, BTW!

In trying to avoid creating temporary files to store data which could just be kept in variables it is possible in bash to use the following syntax of process substitution and input redirection in order to pass data onto other commands:

{ read -d '' result ; }< <( curl http://myjsonapi.com/page1 | jq '.[0].somedatapoint' ) && anothercommand <<< "$result"

unfortunately this syntax isn't supported in 'sh' and an unexpected redirect error is received.
Is it possible to use bash in the docker containers instead.

See screencast ⬆️

I am a little confused as to how it's supposed to behave here, is this a bug or is the problem between keyboard and chair?

If you have the trusted-cgi running behind a reverse proxy then the Remote IP address detected will be the internal IP address of the reverse proxy.

Is it possible to detect the client IP address using the Request Header Value e.g. X-Forwarded-For
This is usually the header that the proxies pass on to the backend server so they are aware of the original client IP address.

Here a quick hack to fix that.

diff --git a/api/services/lambda_srv.go b/api/services/lambda_srv.go
index 1a4601c..8ffef74 100644
--- a/api/services/lambda_srv.go
+++ b/api/services/lambda_srv.go
@@ -132,7 +132,11 @@ func (srv *lambdaSrv) RenameFile(ctx context.Context, token *api.Token, uid stri
 }
 
 func (srv *lambdaSrv) Stats(ctx context.Context, token *api.Token, uid string, limit int) ([]stats.Record, error) {
-       return srv.tracker.LastByUID(uid, limit)
+       fn, err := srv.cases.Platform().FindByUID(uid)
+       if err != nil {
+               return make([]stats.Record, 0), err
+       }
+       return srv.tracker.LastByUID(uid, fn.Aliases, limit)
 }
 
 func (srv *lambdaSrv) Actions(ctx context.Context, token *api.Token, uid string) ([]string, error) {
diff --git a/stats/impl/memlog/dumped.go b/stats/impl/memlog/dumped.go
index 9ad84fa..557da81 100644
--- a/stats/impl/memlog/dumped.go
+++ b/stats/impl/memlog/dumped.go
@@ -2,6 +2,7 @@ package memlog
 
 import (
        "github.com/reddec/trusted-cgi/stats"
+       "github.com/reddec/trusted-cgi/types"
        "github.com/tinylib/msgp/msgp"
        "io/ioutil"
        "os"
@@ -105,8 +106,8 @@ func (d *dumped) Track(record stats.Record) {
        d.mem.Track(record)
 }
 
-func (d *dumped) LastByUID(uid string, limit int) ([]stats.Record, error) {
-       return d.mem.LastByUID(uid, limit)
+func (d *dumped) LastByUID(uid string, aliases types.JsonStringSet, limit int) ([]stats.Record, error) {
+       return d.mem.LastByUID(uid, aliases, limit)
 }
 
 func (d *dumped) Last(limit int) ([]stats.Record, error) {
diff --git a/stats/impl/memlog/nop.go b/stats/impl/memlog/nop.go
index 211e7a6..3532695 100644
--- a/stats/impl/memlog/nop.go
+++ b/stats/impl/memlog/nop.go
@@ -2,6 +2,7 @@ package memlog
 
 import (
        "github.com/reddec/trusted-cgi/stats"
+       "github.com/reddec/trusted-cgi/types"
 )
 
 func New(depth uint) *statLogger {
@@ -16,7 +17,7 @@ func (s *statLogger) Track(record stats.Record) {
        s.buffer.Add(record)
 }
 
-func (s *statLogger) LastByUID(uid string, limit int) ([]stats.Record, error) {
+func (s *statLogger) LastByUID(uid string, aliases types.JsonStringSet, limit int) ([]stats.Record, error) {
        if limit < 0 {
                return []stats.Record{}, nil
        } else if n := s.buffer.Len(); limit > n {
@@ -27,6 +28,8 @@ func (s *statLogger) LastByUID(uid string, limit int) ([]stats.Record, error) {
        for i := len(clone) - 1; i >= 0 && len(ans) < limit; i-- {
                if clone[i].UID == uid {
                        ans = append(ans, clone[i])
+               } else if _, ok := aliases[clone[i].UID]; ok {
+                       ans = append(ans, clone[i])
                }
        }
        return ans, nil
diff --git a/stats/interface.go b/stats/interface.go
index 92de645..7458bf3 100644
--- a/stats/interface.go
+++ b/stats/interface.go
@@ -25,7 +25,7 @@ type Recorder interface {
 // Reader from tracking systems. All returned records should be sorted from newest to oldest (by insertion moment)
 type Reader interface {
        // Last records for specific app with limits
-       LastByUID(uid string, limit int) ([]Record, error)
+       LastByUID(uid string, aliases types.JsonStringSet, limit int) ([]Record, error)
        // Last all records
        Last(limit int) ([]Record, error)
 }

This is awesome, thank you for this.
I tried running a python function and it seems quite fast too!

In the last years I've been observing & rethinking exactly the same phenomenon as this project seems to adress: offering a alternative to container bloat & complexity.
Sometimes scaling jobs horizontally is fine without kubernetes but using ssh (https://github.com/coderofsalvation/clussh e.g.) or Nats.io.
I realized how 'trusted' CGI would save so much development/maintenance time.
I think the adoption of this project will grow inherent to the people realizing the container-dungeons they find themselves in.

Tips:

Perhaps the description of this repo could include these (albeit cringy) words: serverless, FaaS, PaaS, baremetal, lowcode, polyglot e.g.

(That way I would have found it earlier I think. I really think this project is heavily underrated, I might do a video on it soon)

Another suggestion: you could mention in the docs/UI using https://github.com/containers/bubblewrap for untrusted processes (it allows sandboxing processes on a real lowlevel, and is a quite popular solution to the notorious slow startup time of kubernetes/docker ephemeral containers).
Ultimately shipping templates with bubblewrap, nice, or ionice would be epic.
Where can I submit templates?

Sidenote: I'm also curious how it could play with fellow go-binaries like nats.io, websocketd and pocketbase.

Anyways, just my few cents, you can consider this issue done btw.

I hope the function can customize the status code of the response, because there are some services that determine the result by the HTTP status code.

First off: awesome project, much less overhead than all the other solutions I tried.

It would be great if the debian packages for the service (trusted-cgi) and the cli tool would be seperate. So you can install it on a server and use it remotely without installing the service, too.

Have a great day!

I just wanted to read the installation instructions in the README-File.

I wanted to click on the following content:
See [installation manual](https://trusted-cgi.reddec.net/installation)

Unfortunately the link did not work. Where can I find the detailed installation instructions?
Thanks for updating.