incident-response

Getting Started

Prerequisites

Running the application requires the following tools to be installed in your environment:

Node.js v12.0.0 or later
yarn
Docker

Running the application

Install dependencies by executing the following command:

$ yarn install

Bundle:

$ yarn webpack

Run:

$ yarn start

The applications's home page will be available at https://localhost:3000

Running with Docker

Create docker image:

  docker-compose build

Run the application by executing the following command:

  docker-compose up

This will start the frontend container exposing the application's port (set to 3000 in this template app).

In order to test if the application is up, you can visit https://localhost:3000 in your browser. You should get a very basic home page (no styles, etc.).

Developing

Code style

We use ESLint alongside sass-lint

Running the linting with auto fix:

$ yarn lint --fix

Running the tests

This template app uses Jest as the test engine. You can run unit tests by executing the following command:

$ yarn test

Here's how to run functional tests (the template contains just one sample test):

$ yarn test:routes

Running accessibility tests:

$ yarn test:a11y

Make sure all the paths in your application are covered by accessibility tests (see a11y.ts).

Security

CSRF prevention

Cross-Site Request Forgery prevention has already been set up in this template, at the application level. However, you need to make sure that CSRF token is present in every HTML form that requires it. For that purpose you can use the csrfProtection macro, included in this template app. Your njk file would look like this:

{% from "macros/csrf.njk" import csrfProtection %}
...
<form ...>
  ...
    {{ csrfProtection(csrfToken) }}
  ...
</form>
...

Helmet

This application uses Helmet, which adds various security-related HTTP headers to the responses. Apart from default Helmet functions, following headers are set:

There is a configuration section related with those headers, where you can specify:

referrerPolicy - value of the Referrer-Policy header

Here's an example setup:

    "security": {
      "referrerPolicy": "origin",
    }

Make sure you have those values set correctly for your application.

Healthcheck

The application exposes a health endpoint (https://localhost:3000/health), created with the use of Nodejs Healthcheck library. This endpoint is defined in health.ts file. Make sure you adjust it correctly in your application. In particular, remember to replace the sample check with checks specific to your frontend app, e.g. the ones verifying the state of each service it depends on.

License

This project is licensed under the MIT License - see the LICENSE file for details

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Warning

These dependencies are deprecated:

Datasource	Name	Replacement PR?
npm	`@types/copy-webpack-plugin`
npm	`@types/helmet`
npm	`@types/mini-css-extract-plugin`
npm	`@types/webpack-dev-middleware`
npm	`csurf`
npm	`request`
npm	`tslint`

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

Detected dependencies

docker-compose

docker-compose.yml

dockerfile

Dockerfile

hmctspublic.azurecr.io/base/node 18-alpine

github-actions

.github/workflows/cd.yml

actions/checkout v3

actions/setup-node v3

actions/checkout v3

actions/github-script v6.4.1

azure/docker-login v1

ubuntu 20.04

helm-requirements

charts/incident-response/requirements.yaml

helm-values

charts/incident-response/values.yaml

npm

package.json

@hmcts/info-provider 1.0.0

@hmcts/nodejs-healthcheck 1.7.3

@hmcts/nodejs-logging 4.0.4

@hmcts/properties-volume 0.0.14

@slack/bolt 3.13.1

@types/config 0.0.41

@types/cookie-parser 1.4.7

@types/csurf 1.11.5

@types/es6-promisify 6.0.4

@types/express 4.17.13

@types/helmet 4.0.0

@types/node 18.0.3

@types/nunjucks 3.2.2

@types/require-directory 2.1.6

@types/serve-favicon 2.5.7

config 3.3.7

cookie-parser 1.4.6

csurf 1.11.0

date-fns 2.29.0

date-fns-tz 1.3.8

express 4.19.2

express-nunjucks 2.2.5

got 11.8.6

govuk-frontend 4.2.0

helmet 5.1.0

jquery 3.7.1

node-cache 5.1.2

nunjucks 3.2.4

require-directory 2.1.1

serve-favicon 2.5.0

ts-node 10.9.2

tsconfig-paths 4.0.0

typescript 4.7.4

@types/chai-as-promised 7.1.8

@types/copy-webpack-plugin 10.1.0

@types/jest 28.1.6

@types/mini-css-extract-plugin 2.5.1

@types/supertest 2.0.16

@types/webpack-dev-middleware 5.3.0

@typescript-eslint/eslint-plugin 5.56.0

@typescript-eslint/eslint-plugin-tslint 5.56.0

@typescript-eslint/parser 5.56.0

chai 4.3.6

chai-as-promised 7.1.2

copy-webpack-plugin 11.0.0

css-loader 6.11.0

debug 4.3.4

eslint 8.23.1

eslint-config-prettier 8.10.0

eslint-plugin-import 2.26.0

eslint-plugin-jest 26.6.0

eslint-plugin-prettier 4.2.1

html-webpack-plugin 5.5.0

husky 8.0.3

jest 28.1.3

mini-css-extract-plugin 2.9.0

nock 13.2.9

nodemon 2.0.22

pa11y 6.2.3

prettier 2.7.1

request 2.88.2

sass 1.53.0

sass-loader 13.0.2

sinon 14.0.2

sinon-chai 3.7.0

style-loader 3.3.4

stylelint 14.9.1

stylelint-config-standard-scss 5.0.0

supertest 6.2.4

ts-jest 28.0.8

ts-loader 9.3.1

tslint 6.1.3

uglifyjs-webpack-plugin 2.2.0

webpack 5.73.0

webpack-cli 4.10.0

webpack-dev-middleware 5.3.4

webpack-node-externals 3.0.0

node >=12.0.0

nvm

.nvmrc

node 18.18.0

Check this box to trigger a request for Renovate to run again on this repository

hmcts / incident-response-frontend Goto Github PK