godbox-dev v1.0.4

JohnnyKins-GodBox Also Could be named Pheonix Box

• We Have a Production release which is the godbox and the developement release which is godbox-dev
• The isolated VM Express Webserver hosting solution for nodeJS.
• Without The Need for Obfuscation Due to the unique Fact and Nature of Pure Merkle Verification setup with Proper scopage to not pose a backdoor from webserver side to stop it. Like my johnnykins-blackbox and johnnykins-blackbox-dev setups!
• This utilizes a VM Context and A Child Process with its own environment variables Setup!
• This Utilizes a Recreation tactic like how a pheonix dies and rebirths itself very similar thing here utilizings a merkle tree verification setup!
• So when Something is found wrong with the server files it will stop it and restart it! And Properly Resetup the files and remove the infected directory!
• This is why i want to include the simple path traversal exploit protection thus would allow for pure webserver setup in a secure manner! And Help streamlining setup for developers!
• Will work on example codes here soon But I have done some tests so far and will be uploading to the this Github repository.

What is our purpose

Well with the growing hacking issues in todays technologies, specifically the application layer of nodeJS and the express runtime! There tends to be issues when making express apps using just helmet, cors setups one can still run the risk of accidental backdoors in there applications as they develop! So I have decided to help streamline developers today with my utility package I really hope this helps add and secure those in mind!

• We offer basic Request Header Size limit setting for protecting headers of requests!! <-Coming Soon!
• v|Finished|v
• Removes Basic path traversal exploits in express static serving!
• Removes Path Traversal Exploits via query parameters!
• We will not offer Request Body Sanitizations that is up to the Web Server Developer at that point to properly sanitize your endpoints!
• Example of how to use bodyParser a great module which offers this solution!
• Merkle Verification Express request interceptor middleware design solution to prevent malicious server from being able to execute payload by accepting final request to make it read said payload and execute!
• Which tends to be the most scariest of hacks going around these days exploiting backdoors in ones application to infect it to open up the machine to be a botnet!
• So to help New coming developers in there web development process and have peace of mind in working with there servers without worrying of potential backdoors like this!
• And To Help Junior developers / Senior Developers Educate in a faster streamlined manner on ones security practices and principles!
• Specifically in the NodeJS Express Realm of Developement as this is my main root stack per say! Anybody is welcome to convert, this utility to other programming languages as they wish and is actually is recommended to do so!

const express = require('express');
const bodyParser = require('body-parser');

const app = express();

app.use(bodyParser.json({ limit: '50mb' })); // Support JSON-encoded bodies up to 50MB
app.use(bodyParser.urlencoded({ limit: '50mb', extended: true })); // Support URL-encoded bodies up to 50MB

// Your routes

• Due to the Potential of it conflicting with the sole purpose of being a fail safe process for your webserver is really what this utility is utilizing merkle tree verification techniques in private function in a class setup to properly keep out of context!

Examples

• Newest Setup Style the one Below will be updated with the following!
• main.js
• production mode
• NPM Site
• server doesnt have console logs but merkle process does!

const { GodBox } = require('godbox');
try {

    //Merkle Interval waz deprecated
    //Due to the ability to modifiy interval and bypass security Box system!
    /*** 
    * @param {string} serverFile - Main Server File to Run in VM!
    * @param {string} serverFolder - Main Process Folder to Run in VM!
    * @param {number} interval - Main Server Restarting Interval in VM
    * @param {boolean} useEnv - Are you using dotenv? true or false = yes or no!
    * @deprecated {number} merkleInterval - Merkle Protection Check Interval Removed No Longer Used!
    */
const test = new GodBox('./server.js', './test/public', 60000, false);

}catch(err){
 console.log(err);
}

• development mode
• NPM Site
• offers console logs on server side!

const { GodBox } = require('godbox-dev');
try {
    //Merkle Interval waz deprecated
    //Due to the ability to modifiy interval and bypass security Box system!
    /*** 
    * @param {string} serverFile - Main Server File to Run in VM!
    * @param {string} serverFolder - Main Process Folder to Run in VM!
    * @param {number} interval - Main Server Restarting Interval in VM
    * @param {boolean} useEnv - Are you using dotenv? true or false = yes or no!
    * @deprecated {number} merkleInterval - Merkle Protection Check Interval Removed no longer used!
    */
const test = new GodBox('./server.js', './test/public', 60000, false);

}catch(err){
 console.log(err);
}

• server.js

const express = require('express');
const app = express();
const isExpressSymbol = GLOBALLY.getGlobalSymbol(); //This is a safety type check setup!
app[isExpressSymbol] = true; //Which is required to be set to true to pass it to the setExpressApp(app, Globally);
GLOBALLY.setExpressApp(app, GLOBALLY);
//GLOBALLY.setExpressApp(app, GLOBALLY);//Call Twice to test Express lock out! This Prevents double calling this after its been set!
//Make sure to ^ Set your expressApp via the globally to attach middlewares properly! Obviously still utilize helmet and cors!
//Make sure to utilize the following here!

app.use('/', express.static(path.join(process.cwd, 'public')));
//For this utility to work properly the app.listen() call must be saved to variable named listen in camelCasing aka lowercase cause its one word!!
const listen = app.listen(3001);
//This is required as well!
process.child.on(GLOBALLY.getGlobalString(), ()=>{
    const fs = require('node:fs');
    console.log('Shutting down Server from parent before timeout!');
    app.removeAllListeners();
    listen.closeAllConnections();
    listen.close();
    setTimeout(() =>{
        console.log('Shutting Down Server from parent message to stop after timeout!');
    },10);
});


//I Really hope this utility helps Protect Application and Web Servers here in the future for streamline development process and production release!
//With a nice safety net design principle which utilizes the fact the merkle verification upon failure literally Denies
//The express app any requests prevents a modified malicious server from being able to execute the payload potentially!
//Solving alot of todays issues with express servers in nodeJS runetime and maybe might shed light on how they can convert this over to solve it in other applications and softwares!

• Here is the link click to check out the example!

Background Story

Well Among my days of making nodeJS applications and on my journey to become a successful senior developer in the industry i've personally always suffered from needing to properly secure every application I've attempted to make, ...sadly some made using my own utility files and sometimes finding myself loosing these files just to have to remake them all again! I sometimes grow restless over this and I Feel releasing our security tools and utilitys for public usage would solve this and also help junior developers succeed in there future careers from the public knowledge being available. So Ive Decided to make a simple answer and solution on how to protect ones NodeJS applications or programs! Ive come up with simple merkle verification setup process in nodeJS sadly i released it while back ago but thought to make service to sell it! But I personally rather publicly release it for the future of developers to utilize and be able to succeed in there future creations. Ive personally helped make the Nodes for BTC specifically the core template pseudo design all in NodeJS and came up with this utility solution file for protecting incase of potential backdoors! and I feel its time to publicly release this utility as we see today the security of such a system in design I did this because I personally never made any successful applications or services but ive passed very good utility solutions in the pass which helped others developers succeed in there careers which they where only personal developers I knew and as I grow older the more I feel its time not to share with just who I choice but with the world. I will still continue my journey as developer always and will hopefully one day release successfuly application and service or software of my own. But for now! I release my greatest creation as a utility tool. - Sincerely Satoshi Johnathan Edward Brown August 20, 2024