clevertech / boilerplate Goto Github PK

• route, view, link
• remove JWT from whitelist
• invalidate any nonces if present
• expire any active cookies

Getting an errors when running the boilerplate project out of the box.

See project here: https://github.com/natron2244/cleverapp
Create log: create-logs.txt
docker/run log: docker-run-logs.txt

Developers and engineers should never reinvent the wheel.

Consider using CookieCutter or even Github repo templates

Saving time and resources

Hi!

I think it's a nice to have since thanks to esm we can now fully embrace ECMAScript imports/exports both in the frontend and in the backend. 😉

I've done some initial work here that maybe can be reused, although more effort is needed.

@gimenete what are your thoughts on this? 😄

Right now there's a fake authentication system. We should implement a react UI and backend using https://github.com/clevertech/CleverAuth/tree/master/core

Something like this:
https://github.com/clevertech/authentication-service
CleverAuth is a library extracted from that project ☝️
Now we want to use the library in the boilerplate, but you can take a look to the authentication-service project to have an idea about the UI options, workflow and configuration settings.

• script to start jest-based integration tests
• test integrations of login
• test integrations of signup
• test integrations of password reset
• test integrations of email verification

Using Passport.js and Redis:

• authenticate a user's credentials against the local database
• store a JWT in a redis whitelist with an expiration time on the entry

Pick token storage method:

• Use a Same-Site HTTP-Only Secure __Host- prefixed cookies -- CSRF issues, needs nonce
• use Authorization headers and localStorage -- XSS concerns but little to no CSRF issues

docker-compose has problems with project names with dashes.
docker/compose#869

One way to fix this is to just remove the dashes when the project name is replaced here: https://github.com/clevertech/boilerplate/blob/master/docker/run#L5

There's a script that clones the project and replaces the name of the project in multiple files: https://github.com/clevertech/boilerplate/tree/create-boilerplate-app

for docker/run it should remove the dashes

Right now we are expecting these host names to detect what configuration we need to apply:

dev    :   dev-<random>.example.com
staging: stage-<random>.example.com

But the new patter should be:

dev    :   <whatever>-dev-<random>.example.com
staging: <whatever>-stage-<random>.example.com

So instead of getting the first word of the hostname, we need to pick the penultimate (arr[arr.length - 2]).

• Similar to email verification
• user enters an email address and clicks "reset password"
• regardless of whether or not the email exists, the user should see "password reset email sent"
• A password-reset link is emailed to the user in the same way email verification links are emailed (note: #51)

Modify api/Dockerfile to use alphine-10

I suggest passport due to the flexibility of being able to eventually support saml, oauth, openid, 2fa, fido u2f, and more.

Basic UI with minimal styling using the UI scaffolding

Unit test coverage might already be at 100%, but integration test coverage is at 0

• add same coding style for the frontend
• remove semicolons from API folder

There's been lots of isolated unit testing and development happening on the steps and modules in the CBA script. The CBA script needs to be run and we need to fix all issues that prevent us from:

1. npx start'ing the CBA script
2. specifying we want apollo-apollo as our stack
3. having apollo-apollo cloned down, configured, and starting

The above is the acceptance criteria. Generally, the modules lacking integration will be a significant barrier to having this work, and will need to be addressed piece by piece.

Add subtickets as necessary

• Passport.js integration for local password auth
• page where user can register for new account
• email verification process
  - After registering, user is shown "thank you, check email"
  - any attempt to login with the account is shown the same message
  - clicking the link in the email will allow the user to login to the site
  - clicking the link will invalidate all verification links for the account
  - clicking the link will not log the user in automatically
  - after clicking the link, the user can login
  - links can only be used
  - all active links are invalidated once one link is used
  - links expire in an hour
  - clicking the link verifies the token
  - if the verification token is valid, the user sees "verified" and is redirected to the login page
  - if the token is not valid, the user is shown an "invalid token" page and redirected to the login page
  - if the token is not provided, this is treated like an invalid token.

I propose to use official alpine images for postgres & redis

The correct pattern should be:

{
  baseDir: '...'
  base: {
     prompt: {
        ...
     }
   }
  stack: {
     prompt: {
        ...
     }
   }
  admin: {
     prompt: {
        ...
     }
   }

Maybe we can make it optional. But... for now let's make it default

I think this is a legacy file that has managed to remain in the boilerplate over time and serves no purpose?

https://github.com/clevertech/boilerplate/blob/master/frontend/Dockerfile-prod

Note: I'm talking about the CBA code here: https://github.com/clevertech/create-boilerplate-app

There are several unit tests that are just "TODO" in the boilerplate code. These tests specify the functionality that was in the old boilerplate code and should be implemented.

Additionally there are failing unit tests associated with WIP tests which need to be made to pass.