In this article I want to explain how to setup a nonce-microservice using docker.

Nonce are one-time tokens that are used to ensure that an action can only be taken once. In a project, we needed to ensure that a pay button is only pressed once. Note that nonces are not used to sign requests or identify a user. This is a separate mechanism.

ArangoDB contains a nonce implementation which is a variation of Bloom-filters. It allows to store nearly unlimited nonces within a limited amount of memory. Nonce are allowed to age, that is after an hour they might expire. If there is sufficient interest, I will explain the algorithm implemented in a separate blog post.

The Crypto Functions

The functions provided by ArangoDB are createNonce and checkAndMarkNonce. The first creates a new nonce, while the latter will check and mark the nonce as used, it will return true if it was not yet used.

In order to use these functions from our node.js application, I have created two endpoints using the Foxx framework available in ArangoDB.

will create a new nonce and return it in the form of a JSON object with a single string attribute nonce.

checks the nonce and marks it as used, it will return true or false. The Foxx application is straightforward and consists of a small controller file, which wraps the two crypto functions.

and

The complete source code can be found on github.

Testing it locally

First of all, let’s test our shiny new application locally. Startup an ArangoDB and use the frontend to install the nonce service from github

FOXX1

We can now tests the service using the interactive documentation. Using the “POST” route, we create a new nonce.

FOXX2

The first time we validate it, the validation succeeds.

FOXX3

After that, the token is used

FOXX4

Create a Docker Container

For easy deployment, I’m going to create a docker container. A Dockerfile for a vanilla installation of ArangoDB is available at

I’ll go for version 2.6

The standard Dockerfile comes without any installed foxxes. It is, however, easily possible to create mounted foxxes during initialization. Create a file foxxes/mounts.json with your mount points.

You also need to copy the Foxx zip of the nonce application into the directory foxxes. The zip can either be downloaded from the local installation via the download button or created from the repository on GITHUB.

The access to ArangoDB is password protected by default. However, we want to access the service without a password.

This will waive the password restriction for any installed foxx, while keeping the administration interface and the standard API protected.

That’s it. Create a Docker container and be happy.

You can now test the service using CURL

Final remarks

This was easy, wasn’t it?

Please note that we have already prepared foxx apps in our ArangoDB store that deal with oauth2 authentication, session service (for a complete worked example see sessions-example) and the like. The installation and deployment work equally simple and completely analogously to the above.

Microservices are the future. With this technology it can arrive even faster than anticipated anyway.