It would be great to have a GraphQL endpoint on top of the data-model defined for a kitsune project.

This would make it easy to consume or manage the data-model via an external non-kitsune application. GraphQL will make it easy for applications (built with .Net core, PHP, Ruby, JS, Go, Python or Scala) to access the serverless applications built with kitsune.

This is for new developers who want to learn / get used to the code architecture of kitsune IDE. Its built on React.

For us to be open source, its important that every logic in the code base is documented. We would like to invite developers to help us get the code documented for kitsune IDE.

Clean up the README.md file of the kitsune IDE project. Ensure that the following sections are covered in detail:

• Installing and running it locally
• Running the IDE locally with the backed connected to kitsune-cloud (by default)
• Code Architecture

Issue

Client side routing breaks in Single Page Applications built on Kitsune.

Expected Behaviour

If a particular link does not have an HTML file associated with it, the 'default' HTML should be returned instead, which will allow the client side router to handle routing based on client logic. This 'default' HTML could either be based on the HTTP status (200.html), or a predefined named file.

More Information

Single Page Applications with client side routing have a requirement of returning the same HTML file irrespective of path, in order to work correctly.

Currently Kitsune applications offer the option to use k-dl (Kit-dynamic link) in order to support such a use case,
For example,

<head k-dl="/path/with/[[variable-slug]]">
<!-- OR -->
<head k-dl="/[[dynamic]]/[[slugs]]/[[everywhere]]">

but this is limited, as the format and number of slugs in a link must be defined at build-time. While this is certainly possible for SPA's, it's a development, and maintenance nightmare for frameworks which are more JS heavy, than HTML (ex. React)

Problem Statement

One of the quickest ways to get started with the online editor playground is an ability to import, and deploy sample projects with minimal action.

Suggestion

Allow an Import from GitHub option, which accepts a public repo link, gets the zipped copy, and uses jszip or any similar library to reuse the existing file upload interface.

Request Type

UX improvement

Description

While the JSON editor plugin behaves well with JSON files nested up to 2 layers deep, when a heavily nested JSON is edited through the plugin, the view becomes extremely clunky.
The interface should ideally be collapsible, or manageable through some other form of toggling visibility of keys.

Attachments

Regular JSON:

Heavily nested:

While writing code, the sidebar is quite useful to quickly check the data-model. The problem is that there is no keyboard shortcut mapped to it.

Can we have a keyboard shortcut to trigger the sidebar? (Both open and close events)

If multiple tabs are open with unsaved changes and we click on close tab icon of the unsaved tab all tabs are closed.

IDE should display a fixed notification on top, when the network connection goes offline. Similar to Gmail - "Not connected. Connecting in 3s…[Try Now]"

Why?
While writing code when you trigger the build (and say internet is disconnected at that moment), it just shows a blank event tab with no response. This is confusing for developers.

This vulnerability affects the admin dashboard.

The client's Origin header is reflected in the Access-Control-Allow-Origin header from the server, granting any domain access to CORS resources behind the admin dashboard. There should be a white-list in the configuration that lists allowed Origin headers.

The issue is made worse with "Access-Control-Allow-Credentials: true". Now that any domain can access the endpoints, they also can also authenticate as another user. This can be done by sending a crafted link to a user who is logged in (presumably, unless session token is persistent) - once clicked, the script would send a CORS request to sensitive endpoints and the browser would send along their cookies since "Access-Control-Allow-Credentials: true" is set.

More info on vulnerability - https://portswigger.net/web-security/cors#server-generated-acao-header-from-client-specified-origin-header

The README.md file should elaborate on the following aspects of the kit:

• Vision / Aim of building this framework
• The key components of the framework
• Installation
• Building Serverless Applications and Publishing it to cloud - with kitsune

When we click on build button on top right corner build process doesn't start.

When we try to add k-dl="/", the compiler is failing and giving something went wrong message.  

Enable multiple tabs in the IDE. This would enable developers to manage multiple files with ease without having to deal with them one by one.

• The tab panel should be scrollable so as to support a large number of open tabs
• The current tab should be highlighted with the max opacity

When we have build errors and we click on any error in Notification Section, if the file with error is already open then also another tab is opened.

The JSON viewer within the IDE is failing to render the following file:

{ "super_app_mode": true, "reports": { "notifications": [ { "type": "PERIODIC_PERFORMANCE_REPORT", "period": 7, "email": { "body": "periodic_performance_report.html" } } ], "settings": { "email": { "host": "", "port": 0, "password": "", "username": "", "ssl_enabled": true } } }, "payments": { "preview": [ { "domain": "example.com", "gateway": "paytm", "api_secret": "Merchant_ID", "api_key": "Account_Secret_Key", "redirect_path": "/transaction_status", "api_url": "https://pguat.paytm.com", "payment_request_endpoint": "/oltp-web/processTransaction", "transaction_status_endpoint": "/oltp/HANDLER_INTERNAL/getTxnStatus?JsonData=" } ], "live": [ { "domain": "*", "gateway": "paytm", "api_secret": "API_SECRET", "api_key": "API_KEY", "redirect_path": "/transaction_status", "api_url": "https://pguat.paytm.com", "payment_request_endpoint": "/oltp-web/processTransaction", "transaction_status_endpoint": "/oltp/HANDLER_INTERNAL/getTxnStatus?JsonData=", "response_webhook": "https://yyhloe6kfg.execute-api.ap-south-1.amazonaws.com/prod/payment_response_proxy/http://bin.prayashm.com/qu0mllqu" } ] } }

Issue: When a kitsune project is build, and an error happens during Routing module processing -- no build error is shown in the IDE.

Ideal Solution The detailed error message should be shown to the developer (via the IDE).

Example
If Routing has wrong access key in the MONGO_DB_URI, then the module will fail stating "Unable to connect to DB". Such errors should be sent back to the developer.