Forwarded from Hacker News
Show HN: Auto-generate an OpenAPI spec by listening to localhost (Score: 151+ in 16 hours)
Link: https://readhacker.news/s/64K34
Comments: https://readhacker.news/c/64K34
Hey HN! We've developed OpenAPI AutoSpec, a tool for automatically generating OpenAPI specifications from localhost network traffic. It’s designed to simplify the creation of API documentation by just using your website or service, especially useful when you're pressed for time.
Documenting endpoints one by one sucks. This project originated from us needing it at our past jobs when building 3rd-party integrations.
It acts as a local server proxy that listens to your application’s HTTP traffic and automatically translates this into OpenAPI 3.0 specs, documenting endpoints, requests, and responses without much effort.
Installation is straightforward with NPM, and starting the server only requires a few command-line arguments to specify how and where you want your documentation generated ex. npx autospec --portTo PORT --portFrom PORT --filePath openapi.json
It's designed to work with any local website or application setup without extensive setup or interference with your existing code, making it flexible for different frameworks. We tried capturing network traffic on Chrome extension and it didn't help us catch the full picture of backend and frontend interactions.
We aim in future updates to introduce features like HTTPS and OpenAPI 3.1 specification support.
For more details and to get started, visit our GitHub page (https://github.com/Adawg4/openapi-autospec). We also have a Discord community (https://discord.com/invite/CRnxg7uduH) for support and discussions around using OpenAPI AutoSpec effectively.
We're excited to hear what you all think!
Link: https://readhacker.news/s/64K34
Comments: https://readhacker.news/c/64K34
Hey HN! We've developed OpenAPI AutoSpec, a tool for automatically generating OpenAPI specifications from localhost network traffic. It’s designed to simplify the creation of API documentation by just using your website or service, especially useful when you're pressed for time.
Documenting endpoints one by one sucks. This project originated from us needing it at our past jobs when building 3rd-party integrations.
It acts as a local server proxy that listens to your application’s HTTP traffic and automatically translates this into OpenAPI 3.0 specs, documenting endpoints, requests, and responses without much effort.
Installation is straightforward with NPM, and starting the server only requires a few command-line arguments to specify how and where you want your documentation generated ex. npx autospec --portTo PORT --portFrom PORT --filePath openapi.json
It's designed to work with any local website or application setup without extensive setup or interference with your existing code, making it flexible for different frameworks. We tried capturing network traffic on Chrome extension and it didn't help us catch the full picture of backend and frontend interactions.
We aim in future updates to introduce features like HTTPS and OpenAPI 3.1 specification support.
For more details and to get started, visit our GitHub page (https://github.com/Adawg4/openapi-autospec). We also have a Discord community (https://discord.com/invite/CRnxg7uduH) for support and discussions around using OpenAPI AutoSpec effectively.
We're excited to hear what you all think!
GitHub
GitHub - Adawg4/openapi-autospec: Proxy server that generates API specs for any app or website on localhost.
Proxy server that generates API specs for any app or website on localhost. - Adawg4/openapi-autospec
🆒13👍2
https://app.suno.ai/song/0722576b-ff11-4074-a461-57b06f9282bd/
很难绷得住
ai 歌曲生成器之剁椒鱼头
(Suno 是一个 AI 音乐生成模型 最近出了 v3 所以好多人在尝鲜
很难绷得住
ai 歌曲生成器之剁椒鱼头
(Suno 是一个 AI 音乐生成模型 最近出了 v3 所以好多人在尝鲜
😇24👍1
Cohere的新模型 c4ai-command-r-plus (104b) 开源出来了,听说可以有 GPT3.5(削前)/ Claude Sonnet 的水平,还可以涩涩 ,群友可以试试
104b大家可能都很难跑起来 这里有在线版,注册就可以玩,Randomness可以拉到0.8往上,会更有意思一点
关于 API 的话,Trial Key有速率限制(5次/分钟),Production Key无限制,要付费,价格我找了一圈都没看到,有群友看到了可以发发( 价格群友找到了,输入 $3/1M Token,输出 $15/1M Token,是GPT4-Turbo的一半左右,GPT3.5-Turbo的10倍
(话说这个模型是好久不见的 FP16,好像大家都是 BF16 了,有点稀奇
104b大家可能都很难跑起来 这里有在线版,注册就可以玩,Randomness可以拉到0.8往上,会更有意思一点
关于 API 的话,Trial Key有速率限制(5次/分钟),Production Key无限制,要付费,
(话说这个模型是好久不见的 FP16,好像大家都是 BF16 了,有点稀奇
🆒28👍5
基于 Satori Protocol 的即时聊天软件 Satori App For Android 原型做好啦~
Satori 是一个通用的聊天协议,能够抹平不同聊天平台之间的差异,让开发者以更低的成本开发出跨平台、可扩展、高性能的聊天应用
目前,Satori 官方提供了超过 15 个聊天平台的适配器,完全覆盖了世界上主流的聊天平台:
钉钉 Discord KOOK 飞书
LINE 邮件 Matrix Slack
QQ (Chronocat/OneBot/Red)
Telegram 微信公众号 Zulip
企业微信 WhatsApp
更有更多非官方的适配器:
VoceChat JustChat Minecraft
Villa IIROSE(蔷薇花园) Bark
IRC 企业微信客服 Discourse论坛
微信(Wechaty等)
Satori 是一个通用的聊天协议,能够抹平不同聊天平台之间的差异,让开发者以更低的成本开发出跨平台、可扩展、高性能的聊天应用
目前,Satori 官方提供了超过 15 个聊天平台的适配器,完全覆盖了世界上主流的聊天平台:
钉钉 Discord KOOK 飞书
LINE 邮件 Matrix Slack
QQ (Chronocat/OneBot/Red)
Telegram 微信公众号 Zulip
企业微信 WhatsApp
更有更多非官方的适配器:
VoceChat JustChat Minecraft
Villa IIROSE(蔷薇花园) Bark
IRC 企业微信客服 Discourse论坛
微信(Wechaty等)
🥰78👍3
Forwarded from Rosmontis's Daily🔆
This media is not supported in your browser
VIEW IN TELEGRAM
⚠️⚠️⚠️⚠️警告⚠️⚠️⚠️⚠️
Telegram Desktop版本远程代码执行漏洞已被确认
危害程度极高,建议用户根据文章建议关闭自动下载功能
▎情况介绍
・4月9日
一条视频宣称Telegram Desktop客户端有漏洞,能轻松实现远程代码执行恶意攻击
当日,Telegram 称无法确认 Desktop 版本远程代码执行漏洞
・4月12日
笔者发现,Telegram Desktop Github库下一条PR中提到一个Bug,能通过某种方式发送pyzw格文件,Telegram会将其识别为视频文件,实现伪装视频效果,且客户端默认设置条件下,会自动下载文件,用户看到后常常会下意识点击执行,攻击生效。
▎危害示例
点击后会打开CMD,完全没有危害性,感兴趣可以点我跳转测试。
▎防范方法
1. 出于安全考虑,请禁用自动下载功能。
按照以下步骤操作:
2. 仔细观察,不要随意点击附件
3. 等待Telegram官方修复后,及时更新客户端至最新版本
▎技术细节
正在编写,感兴趣可以关注一下频道后续。
- 转载请标明来源谢谢❤️
Telegram Desktop版本远程代码执行漏洞已被确认
危害程度极高,建议用户根据文章建议关闭自动下载功能
▎情况介绍
・4月9日
一条视频宣称Telegram Desktop客户端有漏洞,能轻松实现远程代码执行恶意攻击
当日,Telegram 称无法确认 Desktop 版本远程代码执行漏洞
・4月12日
笔者发现,Telegram Desktop Github库下一条PR中提到一个Bug,能通过某种方式发送pyzw格文件,Telegram会将其识别为视频文件,实现伪装视频效果,且客户端默认设置条件下,会自动下载文件,用户看到后常常会下意识点击执行,攻击生效。
▎危害示例
点击后会打开CMD,完全没有危害性,感兴趣可以点我跳转测试。
▎防范方法
1. 出于安全考虑,请禁用自动下载功能。
按照以下步骤操作:
进入设置(Settings) —— 点击“高级(Advanced)” —— 在“自动下载媒体文件(Automatic Media Download")”部分,禁用所有聊天类型(私聊(Private chats)、群组(Groups)和频道(Channels))中 “照片(Photos)”、“视频(Videos)”和“文件(Files)”的自动下载
2. 仔细观察,不要随意点击附件
3. 等待Telegram官方修复后,及时更新客户端至最新版本
▎技术细节
正在编写,感兴趣可以关注一下频道后续。
- 转载请标明来源谢谢❤️
😱67👍9