cboard-org / cboard-api Goto Github PK
View Code? Open in Web Editor NEWCboard API provides backend functionality and persistence to the Cboard application
Home Page: https://www.cboard.io/
License: GNU General Public License v3.0
Cboard API provides backend functionality and persistence to the Cboard application
Home Page: https://www.cboard.io/
License: GNU General Public License v3.0
Bring support to report a public board. Send an email to support with data received from the Front-end
We want to provide ability to create a new user by social login. Initially we want to support Facebook.
Mock the email server on test for faster feedback of unit tests
Error: E11000 duplicate key error collection: cboard-api.subscribers index: country_1 dup key: { country: "Not localized" }
Probably we need to deleate the country indexed on mongo production DB, im not really sure about that
Test /location endpoint mocking external request with nock.
Test cases for success and error requests.
I don't have enough knowledge in order to provide details here. Open to suggestions for everyone that wants to collaborate.
The updateUser
route is available to both admin and regular users. However, regular users are able to update any user and any field. This means that they can give themselves the admin
role, take away another admin's privileges, change someone's email address, etc. This is a critical issue.
name
, email
, and birthdate
.The schemas for communicators and boards currently use the email
field to identify the owner. This is problematic because a user loses access to their communicators and boards if they change their email address. A simple solution would be to update the documents when needed, but it would be preferable to use a stable identifier like the user id.
userId
field to the Communicator
and Board
schemas. Migrate existing documents.listCommunicators
and listBoards
routes to only return the caller's communicators and boards. The user id should be taken from the token rather than passed explicitly by the caller. The frontend would need to be updated to use these routes instead of the /byemail
versions.getCommunicatorsEmail
and getBoardsEmail
routes to return a 403 if a non-admin user sends the wrong email address. There would be no restriction for admins. Ideally we would only let admins call the routes, but we need to do this so that users with an older version of the app don't have to update.@martinbedouret Does this make sense?
Hi! I was just looking throughapp.js
and noticed the following in it, around line 29:
//use sessions for tracking logins
app.use(
session({
secret: 'work hard',
resave: true,
saveUninitialized: false,
store: new MongoStore({
mongooseConnection: db
})
})
);
The session secret is hard-coded to 'work hard'
... I'm not sure what the full scope of your user sessions is, but I'm curious if this could lead to any kind of security vulnerabilities. Either way, it might be useful to either change (e.g. by pulling the secret from an environment variable) or document in a comment!
As part of the repo, we need to add test cases under tests/ folder.
The proposal is to use Mocha (https://mochajs.org/) or JEST to handle unit and functional tests bassed in our swagger specification, anyway I'm quite open to using any other framework as shown below:
We need to improve the README file in order to give details on how to run and check API.
Need to include POSTman file and write some examples of calls.
Location of Postman collection is:
The collection field on response should be an array.
To match succesPayload collection type: https://github.com/j3k0/cordova-plugin-purchase/blob/v13/api/interfaces/CdvPurchase.Validator.Response.SuccessPayload.md#type-declaration
Create a root Mocha file for set up test. Mock nodemailer and Clean dB.
Evaluate the possibility of including it with --require
or a config file.
https://mochajs.org/#root-hook-plugins
https://mochajs.org/#global-fixtures
https://mochajs.org/#configuring-mocha-nodejs
We need to do some config updates for deployment on Azure.
The goal is to develop a new suite of unit tests to check the following controller:
cboard-api\api\controllers\user.js
Use the following test suite as an example of what we have to do:
cboard-api\test\controllers\board.js
Check the Readme file to understand how to run the unit tests.
Here you have a tutorial on how to develop nodejs and express unit tests: https://medium.com/@ehtemam/writing-test-with-supertest-and-mocha-for-expressjs-routes-555d2910d2c2
delete the done()
callback using async functions.
see line
Line 197 in 8175718
We want to have following structure for config:
-- config
---- env
--------development.js
--------production.js
--------xxxx.js
---- index.js
Any env value should be available in code by doing:
var config = require('./config');
var value = config.anyConfigValue
And server must be run using the right env variable:
NODE_ENV=production swagger project start
we want GPLv3, same we have for UI
following test suites are currently skipped:
Please complete them and be sure they run successfully on circleci: https://app.circleci.com/pipelines/github/cboard-org/cboard-api
Get geolocation of users and send it to cboard API.
based on these Articles:
https://www.softwaretestinghelp.com/best-ip-geolocation-api/
https://stackoverflow.com/a/35123097
Consider the uses of the following resources:
๐
๐
๐
๐
๐
๐
๐
๐
-Should store the location when a Cboard user creates a new account.
-In the case that users that already have accounts should evaluate when make the requests.
Consider checking if the location is available at a login moment. Compare if it is available to make the request or not
The deleteBoard
route currently allows callers to delete boards owned by another user, even if the caller is not an admin.
Remove done Callback on test. istead, use async functions
For subscribers:
For subscriptions:
part of #214
Currently API is accesible at https://cboard-api.appspot.com/docs/
We want to use our own domain like https://api.cboard.io/
I did some tries to upload pdf and videos with /media and I get a status 200; @sylvansson
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.