Public vals
118
maxm
discordSignatureVerifyExample
// Your public key can be found on your application in the Developer Portal
HTTP
maxm
wide
WIDE Store any unstructured JSON data. Retrieve it with an expressive and efficient query system. WIDE is a library and service hosted on Val Town. Authenticate and use it with your Val Town credentials, or fork it and connect it to your own Clickhouse Instance. import { ValSession } from 'https://esm.town/v/maxm/valSession';
import { Wide } from 'https://esm.town/v/maxm/wide';
// Use your Val Town API Token to create a session
const wide = new Wide(await ValSession.new(Deno.env.get("valtown")))
// Write any data.
await wide.write([
{ user: {id: 1, name: 'Alice', email: 'alice@example.com' }},
{ user: {id: 2, name: 'Bob', email: 'bob@example.com' }},
{ user: {id: 3, name: 'Charlie', email: 'charlie@example.com' }},
]);
await wide.fields("user.")
// => [
// { fieldName: "user.email", fieldType: "string", count: 3 },
// { fieldName: "user.id", fieldType: "number", count: 3 },
// { fieldName: "user.name", fieldType: "string", count: 3 }
// ]
await wide.values("user.email")
// [
// { value: "bob@example.com", count: 1 },
// { value: "charlie@example.com", count: 1 },
// { value: "alice@example.com", count: 1 }
// ]
await wide.search({
start: new Date(Date.now() - 1000 * 60 * 10),
end: new Date(),
filters: [{ fieldName: "user.name", operator: "equals", value: "Alice" }],
})
// [{ user: { name: "Alice", email: "alice@example.com", id: 1 } }];
HTTP
maxm
valSession
Val Session import { ValSession } from "https://esm.town/v/maxm/valSession";
// Generate a token from your valtown api key.
const token = await ValSession.newSession(Deno.env.get("valtown"));
// Other services can use it to authenticate
const user = await ValSession.validate(token); Fork it, provide your own VT_SESSION_PRIVATE_KEY, and update the hardcoded public key. You can generate your own keys like so: import { crypto } from "https://deno.land/std@0.198.0/crypto/mod.ts";
// Generate a key pair for JWT signing and verification
const { privateKey, publicKey } = await crypto.subtle.generateKey(
{
name: "RSASSA-PKCS1-v1_5",
modulusLength: 2048,
publicExponent: new Uint8Array([1, 0, 1]),
hash: "SHA-256",
}, true, ["sign", "verify"],
);
function formatPEM(b64: string, type: "PRIVATE KEY" | "PUBLIC KEY"): string {
const lines = b64.match(/.{1,64}/g) || [];
return `-----BEGIN ${type}-----\n${lines.join("\n")}\n-----END ${type}-----`;
}
const privateKeyPem = formatPEM(
btoa(String.fromCharCode(...new Uint8Array(exportPrivateKey))),
"PRIVATE KEY",
);
const publicKeyPem = formatPEM(
btoa(String.fromCharCode(...new Uint8Array(exportPublicKey))),
"PUBLIC KEY",
);
console.log(privateKeyPem, publicKeyPem);
HTTP
maxm
simpleWikipediaInstantSearch
Simple Wikipedia Instant Search A quick demo of getting fuzzy matching and instant search working on Val Town
HTTP
maxm
eval
Eval web demo Security Caveats This code runs in a Worker with { permissions: { write: false, read: false, net: false } } . This is likely very safe, but if you enable network access keep in mind that users might generate junk network traffic or attempt to make infinite loops. If sandboxed code knows the name of one of your private vals it will be able to import the code with import "https://esm.town/v/maxm/private" . If you enabled write: true in the Worker, the unix socket that Deno uses to communicate with the host can be deleted and intercepted. This might mean that evaluated code can steal the socket and read the next request. You should not use this to evaluate code that should not be read by a previous evaluation. All code is running on the same process and you are not protected from exotic attacks like speculative execution. Overview You can use this library to evaluate code: import { evalCode } from "https://esm.town/maxm/eval"
console.log(await evalCode("export const foo = 1")) // => 1 You can use this library with https://www.val.town/v/maxm/transformEvalCode to return the last value without needing to export it. This is how the /eval api endpoint used to work and makes the library preform similarly to a repl. import { evalCode } from "https://esm.town/maxm/eval"
import { transform } from "https://esm.town/maxm/transformEvalCode"
console.log(await evalCode(transform("1+1"))) // => 2 Here's an example UI application that demonstrates how you can string this all together: https://maxm-evalui.web.val.run/ (source: https://www.val.town/v/maxm/evalUI) Security Model Code is evaluated using a dynamic import within a Worker. await import(`data:text/tsx,${encodeURIComponent(e.data)}`); Running the code withing a Worker prevents access to GlobalThis and window from leaking between evals. Similarly, access to Deno.env is prevented and evaluations will see errors when trying to access any environment variables. TODO: what else?
Script