nowfloats / kitsune-application-development-kit Goto Github PK
View Code? Open in Web Editor NEWa framework to build serverless web applications
Home Page: https://www.getkitsune.com
License: Apache License 2.0
a framework to build serverless web applications
Home Page: https://www.getkitsune.com
License: Apache License 2.0
It would be great to have a GraphQL endpoint on top of the data-model defined for a kitsune project.
This would make it easy to consume or manage the data-model via an external non-kitsune application. GraphQL will make it easy for applications (built with .Net core, PHP, Ruby, JS, Go, Python or Scala) to access the serverless applications built with kitsune.
This is for new developers who want to learn / get used to the code architecture of kitsune IDE. Its built on React.
For us to be open source, its important that every logic in the code base is documented. We would like to invite developers to help us get the code documented for kitsune IDE.
Clean up the README.md file of the kitsune IDE project. Ensure that the following sections are covered in detail:
Client side routing breaks in Single Page Applications built on Kitsune.
If a particular link does not have an HTML file associated with it, the 'default' HTML should be returned instead, which will allow the client side router to handle routing based on client logic. This 'default' HTML could either be based on the HTTP status (200.html), or a predefined named file.
Single Page Applications with client side routing have a requirement of returning the same HTML file irrespective of path, in order to work correctly.
Currently Kitsune applications offer the option to use k-dl
(Kit-dynamic link) in order to support such a use case,
For example,
<head k-dl="/path/with/[[variable-slug]]">
<!-- OR -->
<head k-dl="/[[dynamic]]/[[slugs]]/[[everywhere]]">
but this is limited, as the format and number of slugs in a link must be defined at build-time. While this is certainly possible for SPA's, it's a development, and maintenance nightmare for frameworks which are more JS heavy, than HTML (ex. React)
One of the quickest ways to get started with the online editor playground is an ability to import, and deploy sample projects with minimal action.
Allow an Import from GitHub
option, which accepts a public repo link, gets the zipped copy, and uses jszip
or any similar library to reuse the existing file upload interface.
UX improvement
While the JSON editor plugin behaves well with JSON files nested up to 2 layers deep, when a heavily nested JSON is edited through the plugin, the view becomes extremely clunky.
The interface should ideally be collapsible, or manageable through some other form of toggling visibility of keys.
While writing code, the sidebar is quite useful to quickly check the data-model. The problem is that there is no keyboard shortcut mapped to it.
Can we have a keyboard shortcut to trigger the sidebar? (Both open and close events)
If multiple tabs are open with unsaved changes and we click on close tab icon of the unsaved tab all tabs are closed.
IDE should display a fixed notification on top, when the network connection goes offline. Similar to Gmail - "Not connected. Connecting in 3s…[Try Now]"
Why?
While writing code when you trigger the build (and say internet is disconnected at that moment), it just shows a blank event tab with no response. This is confusing for developers.
kitsune-application-development-kit/KAdmin/Utils/AllowCorsFilter.cs
Lines 12 to 20 in 811be8f
This vulnerability affects the admin dashboard.
The client's Origin header is reflected in the Access-Control-Allow-Origin header from the server, granting any domain access to CORS resources behind the admin dashboard. There should be a white-list in the configuration that lists allowed Origin headers.
The issue is made worse with "Access-Control-Allow-Credentials: true". Now that any domain can access the endpoints, they also can also authenticate as another user. This can be done by sending a crafted link to a user who is logged in (presumably, unless session token is persistent) - once clicked, the script would send a CORS request to sensitive endpoints and the browser would send along their cookies since "Access-Control-Allow-Credentials: true" is set.
More info on vulnerability - https://portswigger.net/web-security/cors#server-generated-acao-header-from-client-specified-origin-header
The README.md file should elaborate on the following aspects of the kit:
When we click on build button on top right corner build process doesn't start.
When we try to add k-dl="/", the compiler is failing and giving something went wrong message.
Enable multiple tabs in the IDE. This would enable developers to manage multiple files with ease without having to deal with them one by one.
The JSON viewer within the IDE is failing to render the following file:
{ "super_app_mode": true, "reports": { "notifications": [ { "type": "PERIODIC_PERFORMANCE_REPORT", "period": 7, "email": { "body": "periodic_performance_report.html" } } ], "settings": { "email": { "host": "", "port": 0, "password": "", "username": "", "ssl_enabled": true } } }, "payments": { "preview": [ { "domain": "example.com", "gateway": "paytm", "api_secret": "Merchant_ID", "api_key": "Account_Secret_Key", "redirect_path": "/transaction_status", "api_url": "https://pguat.paytm.com", "payment_request_endpoint": "/oltp-web/processTransaction", "transaction_status_endpoint": "/oltp/HANDLER_INTERNAL/getTxnStatus?JsonData=" } ], "live": [ { "domain": "*", "gateway": "paytm", "api_secret": "API_SECRET", "api_key": "API_KEY", "redirect_path": "/transaction_status", "api_url": "https://pguat.paytm.com", "payment_request_endpoint": "/oltp-web/processTransaction", "transaction_status_endpoint": "/oltp/HANDLER_INTERNAL/getTxnStatus?JsonData=", "response_webhook": "https://yyhloe6kfg.execute-api.ap-south-1.amazonaws.com/prod/payment_response_proxy/http://bin.prayashm.com/qu0mllqu" } ] } }
Issue: When a kitsune project is build, and an error happens during Routing module processing -- no build error is shown in the IDE.
Ideal Solution The detailed error message should be shown to the developer (via the IDE).
Example
If Routing has wrong access key in the MONGO_DB_URI, then the module will fail stating "Unable to connect to DB". Such errors should be sent back to the developer.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.