spot-server

Part of the spot-framework, spot-server provides a connection a to a database (currently PostgreSQL) instead of the default crossfilter backend. It will also host a static website fi. spot using Express.

API documenation can be found here.

prerequisites

PostgreSQL v9.5 or higher

Spot requires either a local or a remote service to run. Commutication between the client and the database server is achieved by using web socket. Before running the scripts, make sure that the Postgres server is up and running.

Hint: You may want to use PostreSQL Docker image for quick testing, if you don't have postgress installed on your system
make sure your postgres user does not need a password
pg_isready command might be useful to check the server status.

scripts

spot-server

Combines this library with Express to host a website. It uses a session file to keep track of database tables to serve.

Usage:

node scripts/spot-server.js -c 'postgres://USER@localhost/DATABASE' -s 'session_file.json' -w <SPOT_DIST>

Here, SPOT_DIST should be an absolute path to the directory with the built version of spot app. You can either use the pre-built dist directory or build it yourself using npm run dist.

run following command to see available options:

node scripts/spot-server.js --help

You can get a bit more performance using the native PostgreSQL bindings (turned off by default to make travisCI easier). Just install the pg-native package:

npm install pg-native

This in only tested on linux, could work on other OSs.

spot-import

Import files (CSV, JSON) into the database. It also creates a session file. Usage:

node ./scripts/spot-import.js -c 'postgres://USER@localhost/DATABASE' \
-t 'data_table' \
-s 'session_file.json' \
-u 'http://DATA_URL' \
-d 'Dataset description' \
--csv -f 'test_data.csv'

run following command to see available options:

node server/spot-import.js --help

Notes

heap out of memory

If node crashes with heap out of memory, increase it using node --max_old_space_size=4096.

Security concerns

sql injection via `facet.accessor` and `dataset.datasetTable`

Facet accessor can be set by the client, and is used unchecked in the query. Recommended to limit spot-server PostgreSQL privilege to read only. See for instance this blog post

Name		Name	Last commit message	Last commit date
Latest commit History 49 Commits
Docker		Docker
docs		docs
example		example
scripts		scripts
spec		spec
src		src
.env		.env
.gitignore		.gitignore
.istanbul.yml		.istanbul.yml
.jsdoc.json		.jsdoc.json
.travis.yml		.travis.yml
CHANGELOG		CHANGELOG
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE.txt		LICENSE.txt
README.md		README.md
build_docker.sh		build_docker.sh
docker-compose.yml		docker-compose.yml
package-lock.json		package-lock.json
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

spot-server

prerequisites

scripts

spot-server

spot-import

Notes

heap out of memory

Security concerns

sql injection via `facet.accessor` and `dataset.datasetTable`

About

Releases 2

Packages

Languages

License

NLeSC/spot-server

Folders and files

Latest commit

History

Repository files navigation

spot-server

prerequisites

scripts

spot-server

spot-import

Notes

heap out of memory

Security concerns

sql injection via facet.accessor and dataset.datasetTable

About

Topics

Resources

License

Stars

Watchers

Forks

Releases 2

Packages 0

Languages

sql injection via `facet.accessor` and `dataset.datasetTable`

Packages