world-class / compass Goto Github PK
View Code? Open in Web Editor NEWCompass is a suite of tools for students enrolled in the University of London's online BSc in Computer Science program.
License: MIT License
Compass is a suite of tools for students enrolled in the University of London's online BSc in Computer Science program.
License: MIT License
I don't know if you want to but it might be worth having EJS escape all output just as a precaution to avoid any potential XSS issues.
The code looks safe but escaping all output would prevent any issues if some user input did accidentally sneak in. I can create a PR for it if you want to do it.
On creating an account I encountered the error message attached.
Steps taken:
Followed the login -> register for an account steps from the home page
Entered name, email, and password, hit 'submit' or equivalent button.
Was taken to the route: http://www.ucompass.tech/profile where I saw this error message.
Review pages are currently showing all reviews at once.
Add pagination support on all review pages (common and filtered by subjects)
This might be helpful: https://www.npmjs.com/package/express-paginate
We can use express-validator for this.
Add TLS support
Reference:
Add a markdown editor to add/edit review forms.
Currently routes file is >300 lines long. It should be split into different files.
e.g.
Two more files with routes following this pattern:
/auth/*
or /user/*
or equivalent./reviews/*
express.Router
can be used for creating routes that share common "prefix".
Documentation: https://expressjs.com/en/guide/routing.html
Use Google or Slack to verify that user is enrolled in the degree program.
User authentication should cover following pages:
Replace all instances of REPL-reviews branding with Compass. e.g. logo, titles, package names etc.
At present secrets are present in files. Since they are dummy secrets, it's okay but storing auth secrets in files is not a good idea as we might accidentally commit them.
I propose using dotenv: https://www.npmjs.com/package/dotenv it seems straightforward to setup and will integrate nicely with rest of the system.
"Report" button next to reviews, in case of abusive comments. Or if the review appears to be, for example, completely the wrong course. Could lead to a simple form with a free text box to type the reason to report in, to email the admin for a human to review it.
Could maybe have some text around it with valid (and invalid) reasons to report reviews?
Some pages do not clearly specify absence of relevant data.
/review/id/num
should let user know if review with id num
does not exist. Right now it's a blank page./reviews?course_id=subjcode
should let user know if subject code is not valid. right now it returns blank page.Issues
Summary of slack discussions:
Sub goal of #32
Users should be able to edit or delete their reviews somehow.
We can achieve this by giving each review a specific page e.g. /review/id/ or as get parameter. Either way it would work.
Another way is to have per user reviews page. A page showing all reviews from logged in user.
Depends on #31
See slack discussion here for more context: https://londoncs.slack.com/archives/G01C41CSD16/p1601327287080200?thread_ts=1601326818.076000&cid=G01C41CSD16
The idea is to limit the session options to current or past sessions in the add review form.
Journey:
I will upload a screen recording on Slack, makes it clearer.
Improve review text in cards in reviews.html. For example, paragraphs defined in addreview form are not observed. Everything get's condensed to a continuous line.
In long term, I think we should support basic formatting like headings and lists.
Best way IMO is to use some sort of markdown-to-html library with basic MD syntax support.
Example library: https://github.com/showdownjs/showdown
If supplied session doesn't exist in database then server crashes instead of asking user to login again.
User has to manually remove the cookie to get it to work again.
Currently user sessions are in MemoryStore, so when server reboots all users will get logged out.
Use mysql or any other persistent method for session storage.
Documentation: https://www.npmjs.com/package/express-session#compatible-session-stores
Something like https://omscentral.com/course/CS-6035.
Where each table row is a link to the associated course's page where you can find the review data and all reviews for that course.
On http://ucompass.tech/reviews?course_id=CMxxxx page it might be good to have an "Add a review for this course" button (if you have not already reviewed it). If the button just goes to the normal Add review page that's good, but maybe it could auto-populate the course in the drop-down list?
At the moment, from this page you have to go to Courses > Add a review > Drop down the list, which is slightly non-intuitive.
Nasty raw JS error when review text is too large (afraid I didn't note how many characters it was, I just pasted a lot). Suggest a more user-friendly error, or some validation:
PayloadTooLargeError: request entity too large
at readStream (/home/ubuntu/compass/node_modules/raw-body/index.js:155:17)
at getRawBody (/home/ubuntu/compass/node_modules/raw-body/index.js:108:12)
at read (/home/ubuntu/compass/node_modules/body-parser/lib/read.js:77:3)
at urlencodedParser (/home/ubuntu/compass/node_modules/body-parser/lib/types/urlencoded.js:116:5)
at Layer.handle [as handle_request] (/home/ubuntu/compass/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/home/ubuntu/compass/node_modules/express/lib/router/index.js:317:13)
at /home/ubuntu/compass/node_modules/express/lib/router/index.js:284:7
at Function.process_params (/home/ubuntu/compass/node_modules/express/lib/router/index.js:335:12)
at next (/home/ubuntu/compass/node_modules/express/lib/router/index.js:275:10)
at serveStatic (/home/ubuntu/compass/node_modules/serve-static/index.js:75:16)
Journey:
Suggest after hitting Submit, the new review remains on the page, in case the user has selected the wrong module by accident. Then their text isn't lost.
Some suggestions received:
- [ ] Password double-typing to improve accessibility.
- [ ] Fix duplicate alerts for account/profile verification.
- [ ] Show proper errors in login/registration forms
- [ ] Account creation form: Change the label of the button from "Submit" to "Create account"
- [ ] Use red alerts only if an error occurred, use amber or blue otherwise
- [ ] "Already an account?" -> "Already have an account?"
UI of review cards is very basic and textual. Some CSS jazz can be added to improve the looks of it.
Some suggestions:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.