elective-stereophonic
elective-stereophonic
Ardor Node JS module singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Nxt Client: Nxt 1.11.15

Author Topic: Ardor Node JS module  (Read 6502 times)

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +438/-42
  • Offline Offline
  • Posts: 1783
    • View Profile
Ardor Node JS module
« on: February 18, 2017, 02:54:03 pm »

Greetings,

Earlier attempts to develop robust client API library for NXT and subsequently Ardor were faced with several challenges:
1. The API library had to send the passphrase directly to a remote node in order to sign transactions, this meant that the remote node had to be trusted, this severely limited the usability of the API library.
2. Some client libraries did implement local transaction signing but still were unable to validate unsigned bytes data returned from a random remote node thus still making it somewhat insecure to submit transactions to a random remote node.
3. Client API libraries were developed by 3rd party developers which sometimes couldn't keep up with the protocol changes.

In order to address these problems, in release 2.0.1e we introduced for the first time a Node JS module which can be used for JavaScript application development using the Ardor platform APIs.
This node JS module is now integral part of the core and in fact is just a thin layer of Node JS wrapper on top of the existing Ardor Wallet JavaScript code.

Being so this node module has several advantages:
1. The Node JS module is able to work securely against any random Ardor node
2. Transaction data submitted to a remote node is validated against the returned unsigned bytes
3. Transactions are signed locally so that the account passphrase is never submitted to a remote node
4. Message encrytption can be performed client side
5. API calls work at a higher level compared to the APIs provided by the existing test page, so that for example, complex numeric conversions and various formatting functions are alreayd implemented by the API library
6. Updates to this API library will follow the standard Ardor release process and will be maintained by core developers

To quickly get started using the node JS module, see instructions in the ./html/www/js/README file which is part of the 2.0.1e release.
The ./html/www/js/sample folder contains several code examples to get you started quickly and provide a reference implementation.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

MrV777

  • Hero Member
  • *****
  • Karma: +112/-4
  • Offline Offline
  • Posts: 981
    • View Profile
Re: Ardor Node JS module
« Reply #1 on: February 18, 2017, 03:24:42 pm »

Great work on this!
Logged
NXT: NXT-BK2J-ZMY4-93UY-8EM9V
NXT nodes: 209.222.98.250, 216.155.128.10

apenzl

  • Hero Member
  • *****
  • Karma: +246/-10
  • Offline Offline
  • Posts: 2490
    • View Profile
    • Nxter.org
Re: Ardor Node JS module
« Reply #2 on: February 18, 2017, 11:21:43 pm »

Greetings.

Whoa, this is very very cool. thanks devs. !

Evan

  • Sr. Member
  • ****
  • Karma: +18/-2
  • Offline Offline
  • Posts: 333
    • View Profile
Re: Ardor Node JS module
« Reply #3 on: February 22, 2017, 03:23:58 am »

Nxt already have the local signing feature. Reading through the OP, I got a feeling that it is somewhat insecure. Most likely I misunderstand something. Could you explain the difference?
Logged
8897015223734827770
NXT-BYRU-8NKZ-PEYJ-9E6YQ

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +438/-42
  • Offline Offline
  • Posts: 1783
    • View Profile
Re: Ardor Node JS module
« Reply #4 on: February 22, 2017, 07:33:34 am »

The node js module is as secure as the official client wallet. The advantage over other libraries which perform local signing is that it also validates the unsigned bytes returned by the remote node before signing. This is very important since the remote node may try to change recipient account for example or the amount. One remaining issue is that the remote node can still try to return malicios data from query apis like getAccount as a sort of social engineering attack. To protect against this you can connect to multiple remote nodes and compare the returned data.  Actually there are existing functions which already implements this in the client. I'll code an example for this technique later.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

ThomasVeil

  • Hero Member
  • *****
  • Karma: +183/-11
  • Offline Offline
  • Posts: 1400
    • View Profile
Re: Ardor Node JS module
« Reply #5 on: February 22, 2017, 07:43:21 am »

Sounds cool - is it correct that this means more third party apps like online wallets will be secure, since transactions can be signed just on the client hardware? ... or if I misunderstand, what would be a use case.

Great to hear the development continues so strongly.
Logged
ARDOR-BPV3-837M-QZTQ-9DQ69  oxpal.com

Evan

  • Sr. Member
  • ****
  • Karma: +18/-2
  • Offline Offline
  • Posts: 333
    • View Profile
Re: Ardor Node JS module
« Reply #6 on: February 23, 2017, 07:10:51 am »

I think I confused it with the offline transaction signing
https://nxtwiki.org/wiki/Offline_Transaction_Signing

1. The API library had to send the passphrase directly to a remote node in order to sign transactions, this meant that the remote node had to be trusted, this severely limited the usability of the API library.
Here the remote node corresponds to the offline nxt node, which has to be trusted, right?
With Node JS module, dose it mean that we can do offline signing without an actual nxt node, instead, we just need the Node JS module?
Logged
8897015223734827770
NXT-BYRU-8NKZ-PEYJ-9E6YQ

sirpask

  • Jr. Member
  • **
  • Karma: +9/-0
  • Offline Offline
  • Posts: 93
    • View Profile
Re: Ardor Node JS module
« Reply #7 on: March 11, 2017, 10:06:49 pm »

shit, what am i doing bad?

https://registry.npmjs.org/ ¿what name?

thanks,

sirpask@xxxx:~/Ardor$ npm install ArdorRoot ~/Ardor/html/www/js
npm ERR! Linux 3.16.0-4-amd64
npm ERR! argv "/usr/bin/nodejs" "/usr/bin/npm" "install" "ArdorRoot" "~/Ardor/html/www/js"
npm ERR! node v6.10.0
npm ERR! npm  v3.10.10
npm ERR! code E404

npm ERR! 404 Registry returned 404 for GET on https://registry.npmjs.org/ArdorRoot
npm ERR! 404
npm ERR! 404  'ArdorRoot' is not in the npm registry.
npm ERR! 404 Your package name is not valid, because
npm ERR! 404  1. name can no longer contain capital letters
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

npm ERR! Please include the following file with any support request:
npm ERR!     ~/Ardor/npm-debug.log
Logged

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +438/-42
  • Offline Offline
  • Posts: 1783
    • View Profile
Re: Ardor Node JS module
« Reply #8 on: March 11, 2017, 10:13:44 pm »

I assume you installed Ardor into folder ~/Ardor
Therefore the command should be:
Code: [Select]
npm install ~/Ardor/html/www/js
The term <ArdorRoot> in the README file is used as a place holder for the actual installation root folder.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +438/-42
  • Offline Offline
  • Posts: 1783
    • View Profile
Re: Ardor Node JS module
« Reply #9 on: March 11, 2017, 10:26:29 pm »

I think I confused it with the offline transaction signing
https://nxtwiki.org/wiki/Offline_Transaction_Signing

1. The API library had to send the passphrase directly to a remote node in order to sign transactions, this meant that the remote node had to be trusted, this severely limited the usability of the API library.
Here the remote node corresponds to the offline nxt node, which has to be trusted, right?
With Node JS module, dose it mean that we can do offline signing without an actual nxt node, instead, we just need the Node JS module?

The Node JS module still has to submit the transaction to a functional Ardor/NXT node so that this transaction is broadcast to the network.
The novelty here is that this remote node does not have to be trusted by the Node JS module since it never sends the passphrase to it and since it validates the unsigned bytes returned by the remote node.
As long as the remote node is able to accept transactions and generate unsigned transaction bytes it can be used by the Node JS code.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

sirpask

  • Jr. Member
  • **
  • Karma: +9/-0
  • Offline Offline
  • Posts: 93
    • View Profile
Re: Ardor Node JS module
« Reply #10 on: March 11, 2017, 11:08:26 pm »

Thanks, im a poor Cobol developer  and im using nodejs for first time hehe.

now, im have this problem making the first example of Ardor Client:



i have in www/js/sample/config.json , the default settings... ¿have i change any setting?

{
  "comment": "Node JS module configuration file",
  "url": "http://107.170.3.62:26876",
  "secretPhrase": "hope peace happen touch easy pretend worthless talk them xxxxx yyyyy zzzz",
  "recipientPublicKey": "0b4e505972149e7ceb51309edc76729795cabe1f2cc42d87688138d0966db436",
  "isTestNet": true,
  "chain": "2",
  "mandatoryParams": {
    "feeNQT": "100000000",
    "feeRateNQTPerFXT": "1",
    "deadline": "1440"
  }
}


edit:

mmm... I think... i would change the path "Node Inspector v0.12.10" Visit http://127.0.0.1:8080/?port=5858 for: http://107.170.3.62:26876/index.html ...

edit 2:
Node Inspector v0.12.10
Cannot start the server at 107.170.3.62:26876. Error: listen EADDRNOTAVAIL 107.170.3.62:26876.
Cannot start Node Inspector: EADDRNOTAVAIL



 ???  :-\
« Last Edit: March 11, 2017, 11:37:18 pm by sirpask »
Logged

MrV777

  • Hero Member
  • *****
  • Karma: +112/-4
  • Offline Offline
  • Posts: 981
    • View Profile
Re: Ardor Node JS module
« Reply #11 on: July 05, 2017, 03:00:45 pm »

Hmm, this doesn't seem to work easily with Angular 2/4.  I will have to look more, but I get this error when I try to run 'loader.init'

Code: [Select]
ERROR in ./~/jsdom/lib/jsdom/living/xmlhttprequest.js
Module not found: Error: Can't resolve 'child_process' in '/home/mrv/ardorClient/node_modules/jsdom/lib/jsdom/living'
 @ ./~/jsdom/lib/jsdom/living/xmlhttprequest.js 4:18-42
 @ ./~/jsdom/lib/jsdom/browser/Window.js
 @ ./~/jsdom/lib/jsdom.js
 @ ./~/ardor-blockchain/nrs.node.bridge.js
 @ ./src/app/home/home.component.ts
 @ ./src/app/app.module.ts
 @ ./src/main.ts
Logged
NXT: NXT-BK2J-ZMY4-93UY-8EM9V
NXT nodes: 209.222.98.250, 216.155.128.10
 

elective-stereophonic
elective-stereophonic
assembly
assembly