How to run Vault from my app instead of CLI? - node.js

I'm trying to start a Vault service in my NodeJS app.
Using CLI to use Vault is ok,
but i need it to work automatically when the app is started.
I try this
async started(ctx) {
var options = {
apiVersion: 'v1', // default
endpoint: 'http://127.0.0.1:8500', // default
};
// get new instance of the client
var vault = require("node-vault")(options);
// init vault server
vault.init({ secret_shares: 1, secret_threshold: 1 })
.then( (result) => {
var keys = result.keys;
// set token for all following requests
vault.token = result.root_token;
// unseal vault server
return vault.unseal({ secret_shares: 1, key: keys[0] })
})
.catch(console.error);
// see if it is ok
vault.status()
.then (res => {
console.log('STATuuuuuuuuuuusS', res);
})
.catch((err) => {
console.log("errrrrrreur status");
console.error(err.message);
});
But i've got this error:
RequestError: Error: connect ECONNREFUSED 127.0.0.1:8500
[...]
cause: Error: connect ECONNREFUSED 127.0.0.1:8500
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1141:16) {
errno: 'ECONNREFUSED',
code: 'ECONNREFUSED',
syscall: 'connect',
address: '127.0.0.1',
port: 8500
},
If i run this before, it worked
vault server -config=config.hcl
Even when i kill it, it seems to work without reloading it. I'm missing something here, for sure :)
I'm wondering if node-vault should start Vault server ? If not, i'm wondering how to start the Vault server from the app and not the CLI ?
If you know the good way to do it, or have clues, i'm all ears.
Nicolas

No, usually the code shouldn't start the server.
Yes, your code is working correctly. If you have not started the server, the error means that it is impossible to connect to the specified IP address and port, they are closed.
The vault server has nothing to do with it, the same behavior will be the database server or any other.

Related

syscall: 'write', code: 'EPROTO', errno: -4046, or AxiosError: read ECONNRESET

I am trying to test out using proxies for the first time in my coding career and been trying for a while now. However I keep getting this weird error that doesnt make any sense in my head. The proxy I use here is taken from http://free-proxy.cz/en/proxylist/country/US/https/date/all. I have no problem paying for some proxy servers I just wanna make sure it works before paying for anything.
However I keep getting the error AxiosError: read ECONNRESET OR AxiosError: Client network socket disconnected before secure TLS connection was established OR write EPROTO E0DA0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:c:\ws\deps\openssl\openssl\ssl\record\ssl3_record.c:355:
I am running the code on Localhost so my connection to the proxy server is not https.
Here is the code I am trying to excecute. I have imported
var HttpsProxyAgent = require('https-proxy-agent');
But this clearly is not the problem.
router.get("/userInvTest", async (req, res) => {
try {
const axiosDefaultConfig = {
proxy: false,
httpsAgent: new HttpsProxyAgent('https://205.134.235.132:3129'),
};
const axiosUse = require('axios').create(axiosDefaultConfig);
const steamInventory = await axiosUse.get("https://steamcommunity.com/inventory/76561198027016127/730/2?l=english&count=5000");
console.log(steamInventory.data)
res.status(200).send(steamInventory.data)
} catch (err) {
console.log(err)
}
})

Executing ksql query using node npm ksqlDb-client throwing an timeout error

Hi am trying to execute the KSQL query using npm package ksqlDb-client package, it throws an timeout error. I have attached the code as well, please let me know any issues over there.
when am hit this GET URL below method will execute https://localhost:5000/testKsql
exports.getKSQLStream = async () => {
const options = {
authorization: {
username: "admin",
password: "pw",
ssl: {
ca: CAs,
crt: myClientCert,
key: myClientKey,
}
},
host: 'https://ixxxx.xcxx.net',
timeout: 20000
}
const client = new KsqldbClient(options);
await client.connect();
const streamRes = await client.query('list streams;');
console.log("streams",streamRes);
await client.disconnect();
}
when I hit that URL from postman am getting below response in node console.
Error on Http2 client. Error: connect ETIMEDOUT 16.2XX.X4.xxx:8088
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1159:16) {
errno: -4039,
code: 'ETIMEDOUT',
syscall: 'connect',
address: '16.2XX.X4.xxx',
port: 8088
}
I faced recently with the same issue and found that library has bug with authorization. I pushed PR in repo, but you can patch your local copy in the same way.
https://github.com/Streaminy/ksqldb-client/pull/4

"EC2 Metadata roleName request returned error" using aws encryption library with NestJS

I am trying to use aws encryption sdk in a NestJS application, the next code source shows the implementation.
import { Controller, Get } from '#nestjs/common';
import {KmsKeyringNode, encrypt} from '#aws-crypto/client-node'
#Controller('encryption')
export class EncryptionController {
// constructor() {}
#Get()
async crypt() {
const generatorKeyId = "generatior key";
const masterKeyId = "master key id";
const keyring = new KmsKeyringNode({keyIds:[masterKeyId], generatorKeyId: generatorKeyId});
const plainText = "My passwords for senstive data";
const context = {
accountId: "100",
purpose: "youtube demo",
country: "Sri Lanka"
};
const { result } = await encrypt(keyring, plainText, { encryptionContext: context });
console.log(result)
}
}
but when I execute a request to see the result of my implementation I receive the next error
Error: connect EHOSTUNREACH 169.254.169.254:80
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1128:14) {
message: 'Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1',
errno: 'EHOSTUNREACH',
code: 'CredentialsError',
syscall: 'connect',
address: '169.254.169.254',
port: 80,
time: 2020-06-09T11:41:47.638Z,
originalError: {
message: 'Could not load credentials from any providers',
errno: 'EHOSTUNREACH',
code: 'CredentialsError',
syscall: 'connect',
address: '169.254.169.254',
port: 80,
time: 2020-06-09T11:41:47.638Z,
originalError: {
message: 'EC2 Metadata roleName request returned error',
errno: 'EHOSTUNREACH',
code: 'EHOSTUNREACH',
syscall: 'connect',
address: '169.254.169.254',
port: 80,
time: 2020-06-09T11:41:47.637Z,
originalError: [Object]
}
}
}
However I copy a nodejs script from this tutorial to see if it works with my aws sdk set up
and I did not receive any error, also if a execute aws kms encryption methods in the cli I hadn't any error.
I tried to export AWS_SDK_LOAD_CONFIG=1 variable how I saw in other similar errors.
Does anyone know what's going on?
I had the same problem. It cost me quite some head ache because I had this running in AWS Fargate and debugging is not that easy there.
The error means the Javascript SDK can not find the AWS credentials.
Here you can see in what order the SDK tries to load the credentials from:
https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-node.html
My error was quite embarrassing, I just had a typo in my environment variables. My variable was AWS_ACCESSS_KEY_ID instead of AWS_ACCESS_KEY_ID. (Quite hard to see the difference, right?)
So probably double check the names of your environment variables (or config files)

could connect to kafka instance in node?

I have two computer running in the local network, one computer is installed with kafka instance on 192.168.1.3:9092. In another computer a short test program is running a kafka client to connect kafka instance and subscribe a topic.
my kafka-node is latest version, v4.1.3
const kafka = require('kafka-node');
const bp = require('body-parser');
//const config = require('./config');
try {
const Consumer = kafka.HighLevelConsumer;
const client = new kafka.KafkaClient("kafkaHost: '192.168.1.3:9092'");
let consumer = new kafka.Consumer(
client,
[{ topic: "dbserver1", partition: 0 }],
{
autoCommit: true,
fetchMaxWaitMs: 1000,
fetchMaxBytes: 1024 * 1024,
encoding: 'utf8',
fromOffset: false
}
);
consumer.on('message', async function(message) {
console.log('here');
console.log(
'kafka-> ',
message.value
);
})
consumer.on('error', function(err) {
console.log('error', err);
});
}
catch(e) {
console.log(e);
}
The code is shown above. However the code is always telling me
{ Error: connect ECONNREFUSED 127.0.0.1:9092
at Object._errnoException (util.js:992:11)
at _exceptionWithHostPort (util.js:1014:20)
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1186:14)
code: 'ECONNREFUSED',
errno: 'ECONNREFUSED',
syscall: 'connect',
address: '127.0.0.1',
port: 9092 }
why it is showing 127.0.0.1 not 192.168.1.3?
Based on the comments, you're running the Debezium Kafka docker container... From the Debezium Docker tutorial...
If we wanted to connect to Kafka from outside of a Docker container, then we’d want Kafka to advertise its address via the Docker host, which we could do by adding -e ADVERTISED_HOST_NAME= followed by the IP address or resolvable hostname of the Docker host, which on Linux or Docker on Mac this is the IP address of the host computer (not localhost).
Sounds like your node code is not running in a container, or at least not on the same machine / Docker network
So you'll have to add -e ADVERTISED_HOST_NAME=192.168.1.3 to your docker run command

Error using instagram-node

This is my code run on a node.js server. I have the proper access token obtained from OAuth2.0 protocol as defined in the Instagram developer page.
function getMedia(accessToken) {
var instagram = require('instagram-node').instagram();
instagram.use({
access_token: accessToken
});
instagram.user_self_media_recent(function(err, medias, pagination, remaining, limit) {
if(err) {
console.log(err);
}
console.log(medias);
});
}
I'm getting this in my error response:
{ Error: getaddrinfo ENOTFOUND api.instagram.com api.instagram.com:443
at errnoException (dns.js:28:10)
at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:76:26)
code: 'ENOTFOUND',
errno: 'ENOTFOUND',
syscall: 'getaddrinfo',
hostname: 'api.instagram.com',
host: 'api.instagram.com',
port: 443,
retry: [Function: retry] }
Does anyone know what this error response means?
Quick follow up. I was using Google's Firebase for my backend. On the "Spark" plan you get this warning:
Billing account not configured. External network is not accessible and
quotas are severely limited. Configure billing account to remove these
restrictions
I upgraded to "Blaze" plan and now retrieve data from Instagram.
The answer posted below suggests that I need to initialize the Instagram client with a client_id and client_secret, this is not true. I am getting media posts with just the access_token.
Thanks
When you initialize the instagram client you should use your app's client Id and client secret.
instagram.use({
client_id: INSTA_CLIENT_ID,
client_secret: INSTA_CLIENT_SECRET,
});
Then use the access token you have to authenticate the specific instagram user and request medias on their behalf.
instagram.use({
access_token: accessToken
});
instagram.user_self_media_recent(function(err, medias, pagination, remaining, limit) {
if(err) {
console.log(err);
}
console.log(medias);
});
When you first initialize your instagram node client you must use the authentication credentials that you receive from instagram when you register your app here.

Resources