create account

Introducing Steem-Browsifier (Full Access to the Steem API from the BROWSER) by digital-wisdom

View this thread on: hive.blogpeakd.comecency.com
steemit · @digital-wisdom · (edited)
$76.13
Introducing Steem-Browsifier (Full Access to the Steem API from the BROWSER)
<html>
<h1>Value Proposition: &nbsp;Never allow your keys off your machine</h1>
<p>We were working on a toy example for @Ned's Bounty System when we realized -- there was no way to access the most important Steem functions (including commenting, voting, paying/transferring money or escrow) from the browser!</p>
<h1>There was no way to avoid transmitting your password or keys!</h1>
<p>We contacted several of the other developers working on Steem-related projects but some expected users to trust transmission to their server while others were insisting on developing proprietary single-purpose plug-ins. &nbsp;No one had a verifiable multi-purpose solution that didn't transmit your critical information across the internet.</p>
<h1>Thus Steem-Browserify was born!</h1>
<p><img src="https://www.steemimg.com/images/2016/09/22/sb-githubbfe93.png" width="800" height="467"/></p>
<h1><a href="https://www.npmjs.com/package/steem-browserify">https://www.npmjs.com/package/steem-browserify</a><br>
<a href="https://github.com/D161T4L-W15D0M/steem-browserify">https://github.com/D161T4L-W15D0M/steem-browserify</a></h1>
<p>@Fabien has created the excellent steem.js project (https://github.com/adcpm/steem) and released a subset for the browser (<a href="https://www.npmjs.com/package/steem">https://www.npmjs.com/package/steem</a>) but didn't include any of the functions that required the cryptographic functions (i.e. your keys). &nbsp;We asked him about including the rest of the functions but, while he eventually has plans to include them, they are not a priority and he had absolutely no interest in our offer to do it for his project. &nbsp;Therefore, we forked the project.</p>
<h2>Starting with steem@0.3.21 (because the newest version fails with errors), we</h2>
<ol>
  <li>merged steem and steemauth</li>
  <li>merged steem.api and steem.broadcast to create on uniform steem api</li>
  <li>replaced crypto with crypto-browserify</li>
  <li>cleaned up a number of browser-specific errors</li>
  <li>repackaged it all nicely as steem-browserify@0.5.1</li>
</ol>
<h1><em>It has the standard open source MIT license -- and we ask/hope that steemit.com will consider auditing and hosting it.</em></h1>
<p>Developer contributions (pull requests) are more than welcome.</p>
<p>One of the first improvements we intend to make is to prune unneeded code paths in an effort to make steem.min.js smaller.</p>
<h1>With Steem-Browserify, it's trivial to create systems like <a href="https://steemit.com/steemit/@digital-wisdom/introducing-steem-safepay">SafePay</a>.</h1>
<p>Stay tuned as our next post will show how to use it to add a simple bounty to a post using <a href="https://steemit.com/bounty/@mark-waser/a-totally-different-approach-to-ned-s-bounty-system">A Totally Different Approach to Ned’s Bounty System</a>.</p>
<p><img src="https://www.steemimg.com/images/2016/09/21/SafePayBrowserb1baf.png" width="800" height="515"/></p>
</html>
πŸ‘  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and 164 others
πŸ‘Ž  ,
properties (23)
authordigital-wisdom
permlinkintroducing-steem-browsifier-full-access-to-the-steem-api-from-the-browser
categorysteemit
json_metadata{"tags":["steemit","security","programming","payment","bounty"],"image":["https://www.steemimg.com/images/2016/09/22/sb-githubbfe93.png","https://www.steemimg.com/images/2016/09/21/SafePayBrowserb1baf.png"],"links":["https://www.npmjs.com/package/steem-browserify","https://github.com/D161T4L-W15D0M/steem-browserify","https://github.com/adcpm/steem","https://www.npmjs.com/package/steem","https://steemit.com/steemit/@digital-wisdom/introducing-steem-safepay","https://steemit.com/bounty/@mark-waser/a-totally-different-approach-to-ned-s-bounty-system"]}
created2016-09-22 20:35:36
last_update2016-09-22 21:01:39
depth0
children9
last_payout2016-10-24 00:35:24
cashout_time1969-12-31 23:59:59
total_payout_value58.211 HBD
curator_payout_value17.924 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length2,942
author_reputation11,845,108,803,952
root_title"Introducing Steem-Browsifier (Full Access to the Steem API from the BROWSER)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id1,331,277
net_rshares46,031,693,244,612
author_curate_reward""
vote details (230)
@pfunk · 
This looks neat. What Steem node is this connecting to to broadcast transactions? 

Offline signing tools have been a niche feature that certain users have wanted or needed but has so far been unfilled. Can this be adapted to do offline signing as well?
properties (22)
authorpfunk
permlinkre-digital-wisdom-introducing-steem-browsifier-full-access-to-the-steem-api-from-the-browser-20160923t013401169z
categorysteemit
json_metadata{"tags":["steemit"]}
created2016-09-23 01:34:12
last_update2016-09-23 01:34:12
depth1
children3
last_payout2016-10-24 00:35:24
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length253
author_reputation221,632,045,904,452
root_title"Introducing Steem-Browsifier (Full Access to the Steem API from the BROWSER)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id1,333,587
net_rshares0
@digital-wisdom · 
Currently wss://steemit.com/wspa but it could easily be made configurable.

I'm not sure that I understand your question about offline signing.  Since it basically signs off-line before transmitting only the transaction that was signed -- yes, it could easily be adapted to sign anything . . . .
properties (22)
authordigital-wisdom
permlinkre-pfunk-re-digital-wisdom-introducing-steem-browsifier-full-access-to-the-steem-api-from-the-browser-20160923t030921483z
categorysteemit
json_metadata{"tags":["steemit"]}
created2016-09-23 03:09:30
last_update2016-09-23 03:09:30
depth2
children2
last_payout2016-10-24 00:35:24
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length295
author_reputation11,845,108,803,952
root_title"Introducing Steem-Browsifier (Full Access to the Steem API from the BROWSER)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id1,334,155
net_rshares0
@pfunk · (edited)
Like you can sign Bitcoin transactions using a computer that isn't connected to the net, then take that transaction and broadcast it from a node that is online. Kind of a secure, air-gapped solution. The demand isn't super high, but it's one of those features that is good to have to have airtight paranoid security.

Maybe I'm ignorant and that kind of thing isn't possible with Steem, as I'm not familiar with the technical details of transactions, and they might need up-to-date block information.
πŸ‘  
properties (23)
authorpfunk
permlinkre-digital-wisdom-re-pfunk-re-digital-wisdom-introducing-steem-browsifier-full-access-to-the-steem-api-from-the-browser-20160923t043619497z
categorysteemit
json_metadata{"tags":["steemit"]}
created2016-09-23 04:36:30
last_update2016-09-23 04:37:33
depth3
children1
last_payout2016-10-24 00:35:24
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length500
author_reputation221,632,045,904,452
root_title"Introducing Steem-Browsifier (Full Access to the Steem API from the BROWSER)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id1,334,648
net_rshares61,682,267,237
author_curate_reward""
vote details (1)
@realskilled · 
Hi @digital-wisdom,

Nice tool !

I'm looking for an API that allows me to create content (POSTs). I have been reading the documentation and it seems that we can only retrieve information or just create a comments or up-vote.

I wonder if you could point me to some API that allows creating POST in steemit.com.

Thanks,

@realskilled
properties (22)
authorrealskilled
permlinkre-digital-wisdom-introducing-steem-browsifier-full-access-to-the-steem-api-from-the-browser-20171008t213952543z
categorysteemit
json_metadata{"tags":["steemit"],"users":["digital-wisdom","realskilled"],"app":"steemit/0.1"}
created2017-10-08 21:39:51
last_update2017-10-08 21:39:51
depth1
children0
last_payout2017-10-15 21:39:51
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length334
author_reputation-65,196,368,224
root_title"Introducing Steem-Browsifier (Full Access to the Steem API from the BROWSER)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id17,141,271
net_rshares0
@sneak · (edited)
Note that minifying javascript code in security-related browser extensions is highly discouraged, as the only reason to minify is to save transfer bandwidth and browser extensions are downloaded *once* and then locally cached.

It also has the unfortunate side effect of making the extension-as-installed very difficult to audit/review for security vulnerabilities, errors, bugs, or backdoors.
properties (22)
authorsneak
permlinkre-digital-wisdom-introducing-steem-browsifier-full-access-to-the-steem-api-from-the-browser-20161008t033851568z
categorysteemit
json_metadata{"tags":["steemit"]}
created2016-10-08 03:38:45
last_update2016-10-08 03:39:15
depth1
children0
last_payout2016-10-24 00:35:24
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length393
author_reputation28,694,344,106,492
root_title"Introducing Steem-Browsifier (Full Access to the Steem API from the BROWSER)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id1,475,035
net_rshares0
@timcliff · 
This seems cool. Can you please explain a little bit more about how it works? How can I try it out or see what it does?
properties (22)
authortimcliff
permlinkre-digital-wisdom-introducing-steem-browsifier-full-access-to-the-steem-api-from-the-browser-20160922t220541246z
categorysteemit
json_metadata{"tags":["steemit"]}
created2016-09-22 22:05:42
last_update2016-09-22 22:05:42
depth1
children2
last_payout2016-10-24 00:35:24
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length119
author_reputation272,954,445,077,789
root_title"Introducing Steem-Browsifier (Full Access to the Steem API from the BROWSER)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id1,332,173
net_rshares0
@mark-waser · 
Sure!  Basically "all" if does is allow you to perform any Steem operation without requiring a website or some other external party to do it for you (generally a real security no-no).  An example of it in action is the very simple SafePay system (follow the link above to see all the details on and links for that) -- composed of two files necessary.  One is a very simple HTML file.  The other is the result of building the github project.
πŸ‘  
properties (23)
authormark-waser
permlinkre-timcliff-re-digital-wisdom-introducing-steem-browsifier-full-access-to-the-steem-api-from-the-browser-20160922t235637757z
categorysteemit
json_metadata{"tags":["steemit"]}
created2016-09-22 23:56:48
last_update2016-09-22 23:56:48
depth2
children1
last_payout2016-10-24 00:35:24
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length440
author_reputation3,513,410,950,995
root_title"Introducing Steem-Browsifier (Full Access to the Steem API from the BROWSER)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id1,332,933
net_rshares9,118,272,934
author_curate_reward""
vote details (1)
@timcliff · 
I added it to the discussion we are having in this post (in the comments):
https://steemit.com/security/@timcliff/steem-tools-development-centralized-steemit-com-vs-decentralized-app-center-security-concerns
properties (22)
authortimcliff
permlinkre-mark-waser-re-timcliff-re-digital-wisdom-introducing-steem-browsifier-full-access-to-the-steem-api-from-the-browser-20160923t173418254z
categorysteemit
json_metadata{"tags":["steemit"],"links":["https://steemit.com/security/@timcliff/steem-tools-development-centralized-steemit-com-vs-decentralized-app-center-security-concerns"]}
created2016-09-23 17:34:15
last_update2016-09-23 17:34:15
depth3
children0
last_payout2016-10-24 00:35:24
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length207
author_reputation272,954,445,077,789
root_title"Introducing Steem-Browsifier (Full Access to the Steem API from the BROWSER)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id1,339,780
net_rshares0
Help/Feedback