WARP signature server API
Project description
warp-server
FastAPI implementation of the WARP signature server API.
Development
git submodule update --init # fetch warp/ schemas
uv sync
uv run warp-server # start dev server on :8000
uv run pytest # run tests
Installation with uvx
If installed via uvx, use --from warp-server to run either command:
uvx --from warp-server warp-server # start the server
uvx --from warp-server warp-ctl bootstrap # manage users/sources/keys
Regenerating FlatBuffer bindings
The Python FlatBuffer bindings are generated from the .fbs schemas in warp/. To regenerate:
brew install flatbuffers # if not already installed
flatc --python -o src/warp_server/gen_flatbuffers warp/*.fbs
Bootstrap: Create a User with an API Key
The server uses Bearer token auth via API keys. Use the warp-ctl CLI to manage users and keys.
Quick bootstrap (admin + key in one step)
uv run warp-ctl bootstrap
# Created admin user id=1 username=admin
# API key: <key>
Options: --email, --username to customize the admin account.
Managing users
# create a regular user
uv run warp-ctl user create --email alice@example.com --username alice
# create an admin
uv run warp-ctl user create --email ops@example.com --username ops --role Admin
# list all users
uv run warp-ctl user list
# delete a user
uv run warp-ctl user delete 2
Managing API keys
# create a key for user id 1
uv run warp-ctl key create --user-id 1 --name dev-key
# list all keys (or filter by --user-id)
uv run warp-ctl key list
uv run warp-ctl key list --user-id 1
# revoke a key
uv run warp-ctl key revoke 3
Managing sources
# create a source owned by user 1
uv run warp-ctl source create --name my-signatures --user-id 1
# list sources
uv run warp-ctl source list
Ingesting .warp files directly
For large files or batch imports, use warp-ctl ingest to bypass the HTTP server
and insert directly into the SQLite database:
# ingest a single file (creates the source if it doesn't exist)
uv run warp-ctl ingest /path/to/file.warp --source my-signatures --user-id 1
# ingest multiple files at once
uv run warp-ctl ingest *.warp --source my-signatures --user-id 1
# with optional commit metadata
uv run warp-ctl ingest file.warp --source my-signatures --user-id 1 \
--name "libc v2.38" --description "glibc signatures"
Using the API key
# verify auth
curl -H "Authorization: Bearer <key>" http://localhost:8000/api/v1/users/me
# create a source via the API
curl -X POST http://localhost:8000/api/v1/sources \
-H "Authorization: Bearer <key>" \
-H "Content-Type: application/json" \
-d '{"name": "my-source", "user_ids": []}'
Web UI
A built-in web interface is available at /web-ui for managing the server:
http://localhost:8000/web-ui
Log in with your username and API key. The UI lets you:
- Browse and search symbols
- Create and delete sources
- Manage users (admin only)
- Create API keys
- Browse functions and commits
- Upload, browse, and download BNDBs
BNDB Sharing
The server supports uploading and downloading Binary Ninja Database (.bndb) files.
Files are stored on disk as gzip-compressed blobs in a configurable directory, keeping
the SQLite metadata database lightweight.
Any authenticated user can upload or download BNDBs. Only the uploader (or an admin) can delete them.
API
# upload a BNDB
curl -X POST http://localhost:8000/api/v1/bndbs \
-H "Authorization: Bearer <key>" \
-F "file=@firmware.bndb" \
-F "name=firmware.bndb" \
-F "description=Extracted from router firmware"
# list / search BNDBs
curl -X POST http://localhost:8000/api/v1/bndbs/query \
-H "Authorization: Bearer <key>" \
-H "Content-Type: application/json" \
-d '{"name": "firmware", "limit": 20, "page": 1}'
# get metadata
curl -H "Authorization: Bearer <key>" \
http://localhost:8000/api/v1/bndbs/<uuid>
# download
curl -H "Authorization: Bearer <key>" -o output.bndb \
http://localhost:8000/api/v1/bndbs/<uuid>/download
# delete (owner or admin)
curl -X DELETE -H "Authorization: Bearer <key>" \
http://localhost:8000/api/v1/bndbs/<uuid>
BNDBs can also be managed from the BNDBs tab in the web UI.
Storage
BNDB files are stored as <uuid>.bndb.gz in the directory configured by
WARP_BNDB_STORAGE_DIR (default ./bndb_storage). The directory is created
automatically on server startup. Compression is transparent — clients always
upload and download raw .bndb files.
Configuration
The server is configured via environment variables, all prefixed with WARP_.
| Variable | Default | Description |
|---|---|---|
WARP_DEBUG |
false |
Enable debug mode: exposes Swagger UI at /docs. |
WARP_DATABASE_URL |
sqlite+aiosqlite:///./warp.db |
SQLAlchemy async database URL. |
WARP_HOST |
127.0.0.1 |
Bind address. |
WARP_PORT |
8000 |
Listen port. |
WARP_LOG_LEVEL |
info |
Uvicorn log level (debug, info, warning, error). |
WARP_RELOAD |
false |
Enable auto-reload on file changes (dev only). |
WARP_BNDB_STORAGE_DIR |
./bndb_storage |
Directory for uploaded BNDB files (created automatically). |
WARP_CORS_ORIGINS |
[] |
JSON list of allowed CORS origins, e.g. '["https://app.example.com"]'. |
WARP_TRUSTED_PROXIES |
[] |
JSON list of trusted reverse-proxy IPs allowed to set X-Forwarded-For. |
WARP_MAX_LOGIN_ATTEMPTS |
5 |
Failed attempts before an IP or user account is locked. |
WARP_LOCKOUT_DURATION_MINUTES |
30 |
Minutes before a locked IP or account is automatically unlocked. |
Warning:
WARP_DEBUG=trueexposes Swagger UI at/docsand ReDoc at/redoc. Never enable it in production.
Docker
docker build -t warp-server .
docker run -p 8000:8000 -v warp-data:/data warp-server
Run warp-ctl commands against the same volume:
docker run -v warp-data:/data warp-server sh -c "warp-ctl bootstrap"
Environment variables (WARP_DATABASE_URL, WARP_CORS_ORIGINS, etc.) can be
passed with -e:
docker run -p 8000:8000 -v warp-data:/data \
-e WARP_CORS_ORIGINS='["http://localhost:3000"]' \
warp-server
Migrations
A single migrate command runs all pending database migrations:
# dry-run — shows what would change
uv run warp-ctl migrate
# apply all pending migrations
uv run warp-ctl migrate --apply
Migrations are idempotent and safe to re-run. Current migrations:
- hash-keys — hashes any plaintext API keys (SHA-256). After migration, previously issued raw keys become invalid; create new ones via
warp-ctl key createor the web UI. - lockout-columns — adds
locked,failed_login_count, andlocked_atcolumns to theuserstable for account lockout support. - purge-auto-names — deletes functions and symbols with auto-generated names (
sub_,nullsub,j_sub_,outlined_sub_,_OUTLINED_FUNCTION).
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file warp_server-0.3.0-py3-none-any.whl.
File metadata
- Download URL: warp_server-0.3.0-py3-none-any.whl
- Upload date:
- Size: 93.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.18 {"installer":{"name":"uv","version":"0.9.18","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
170f56d912fa8a27cd90a18a2f22e28a3c96f23302d41e63b982e4a727c15f90
|
|
| MD5 |
9e79ce6f8b4e28206c9cdfff38dabade
|
|
| BLAKE2b-256 |
27aaf4067601fd40269a37216220109f8a750417dc3da4fb68a7c15860fee98b
|
