Commit graph

82 commits

Author SHA1 Message Date
Andrew Nicolaou
0b5180d26c Configure CORS localhost origin via CORS_ALLOW_LOCALHOST env var 2020-05-03 13:20:14 +02:00
Andrew Nicolaou
edc0e6ffb3 Always allow localhost CORS requests 2020-04-19 13:39:00 +02:00
Andrew Nicolaou
13c45490a2 Merge branch 'feature/public-api' into feature/sketch-collections 2019-11-10 22:12:14 +01:00
Cassie Tarakajian
0d061a9dea merge in master 2019-11-07 15:03:01 -05:00
Cassie Tarakajian
a4a01cef4c update server code to work with updated mongoose version 2019-11-07 13:38:02 -05:00
Andrew Nicolaou
95f6105a8b Assets routes should be parsed after server routes so /add-to-collection URL will work 2019-09-25 12:07:17 -04:00
Andrew Nicolaou
c9551a3142 Adds Collections model and Editor API to manage collections
- List any user's collections
- Create new collection
- Modify collection metadata
- Delete collection
- Add/remove any project to/from a collection
2019-09-25 12:01:39 -04:00
Cassie Tarakajian
7f2529a973 merge master 2019-09-11 19:05:15 -04:00
Andrew Nicolaou
1f4bd581a8 Public API: Namespace private and public APIs (#1148)
* Converts import script to use public API endpoints

The endpoints don't exist yet, but this is a good way to see how
the implementation of the data structures differ.

* Exposes public API endpoint to fetch user's sketches

* Implements public API delete endpoint

* Adds helper to create custom ApplicationError classes

* Adds create project endpoint that understand API's data structure

This transforms the nested tree of file data into a mongoose
Project model

* Returns '201 Created' to match API spec

* Removes 'CustomError' variable assignment as it shows up in test output

* transformFiles will return file validation errors

* Tests API project controller

* Tests toModel()

* Creates default files if no root-level .html file is provided

* Do not auto-generate a slug if it is provided

Fixes a bug where the slug was auto-generated using the sketch name,
even if a slug property had been provided.

* Validates uniqueness of slugs for projects created by the public API

* Adds tests for slug uniqueness

* Configures node's Promise implementation for mongoose (fixes warnings)

* Moves createProject tests to match controller location

* Adds support for code to ApplicationErrors

* deleteProject controller tests

* getProjectsForUser controller tests

- implements tests
- update apiKey tests to use new User mocks

* Ensure error objects have consistent property names

`message` is used as a high-level description of the errors
`detail` is optional and has an plain language explanation of the
individual errors
`errors` is an array of each individual problem from `detail` in a
machine-readable format

* Assert environment variables are provided at script start

* Version public API

* Expect "files" property to always be provided

* Fixes linting error

* Converts import script to use public API endpoints

The endpoints don't exist yet, but this is a good way to see how
the implementation of the data structures differ.

* Exposes public API endpoint to fetch user's sketches

* Implements public API delete endpoint

* Adds helper to create custom ApplicationError classes

* Adds create project endpoint that understand API's data structure

This transforms the nested tree of file data into a mongoose
Project model

* Returns '201 Created' to match API spec

* Removes 'CustomError' variable assignment as it shows up in test output

* transformFiles will return file validation errors

* Tests API project controller

* Tests toModel()

* Creates default files if no root-level .html file is provided

* Do not auto-generate a slug if it is provided

Fixes a bug where the slug was auto-generated using the sketch name,
even if a slug property had been provided.

* Validates uniqueness of slugs for projects created by the public API

* Adds tests for slug uniqueness

* Configures node's Promise implementation for mongoose (fixes warnings)

* Moves createProject tests to match controller location

* deleteProject controller tests

* Adds support for code to ApplicationErrors

* getProjectsForUser controller tests

- implements tests
- update apiKey tests to use new User mocks

* Ensure error objects have consistent property names

`message` is used as a high-level description of the errors
`detail` is optional and has an plain language explanation of the
individual errors
`errors` is an array of each individual problem from `detail` in a
machine-readable format

* Assert environment variables are provided at script start

* Version public API

* Expect "files" property to always be provided

* Fixes linting error

* Checks that authenticated user has permission to create under this namespace

Previously, the project was always created under the authenticated user's
namespace, but this not obvious behaviour.

* Splits private and public APIs

The private API is under /editor and the public API under /api
2019-08-30 14:39:45 -04:00
Andrew Nicolaou
d44a058fd8 Public API: Create new project (fixes #1095) (#1106)
* Converts import script to use public API endpoints

The endpoints don't exist yet, but this is a good way to see how
the implementation of the data structures differ.

* Exposes public API endpoint to fetch user's sketches

* Implements public API delete endpoint

* Adds helper to create custom ApplicationError classes

* Adds create project endpoint that understand API's data structure

This transforms the nested tree of file data into a mongoose
Project model

* Returns '201 Created' to match API spec

* Removes 'CustomError' variable assignment as it shows up in test output

* transformFiles will return file validation errors

* Tests API project controller

* Tests toModel()

* Creates default files if no root-level .html file is provided

* Do not auto-generate a slug if it is provided

Fixes a bug where the slug was auto-generated using the sketch name,
even if a slug property had been provided.

* Validates uniqueness of slugs for projects created by the public API

* Adds tests for slug uniqueness

* Configures node's Promise implementation for mongoose (fixes warnings)

* Moves createProject tests to match controller location

* Adds support for code to ApplicationErrors

* deleteProject controller tests

* getProjectsForUser controller tests

- implements tests
- update apiKey tests to use new User mocks

* Ensure error objects have consistent property names

`message` is used as a high-level description of the errors
`detail` is optional and has an plain language explanation of the
individual errors
`errors` is an array of each individual problem from `detail` in a
machine-readable format

* Assert environment variables are provided at script start

* Version public API

* Expect "files" property to always be provided

* Fixes linting error

* Converts import script to use public API endpoints

The endpoints don't exist yet, but this is a good way to see how
the implementation of the data structures differ.

* Exposes public API endpoint to fetch user's sketches

* Implements public API delete endpoint

* Adds helper to create custom ApplicationError classes

* Adds create project endpoint that understand API's data structure

This transforms the nested tree of file data into a mongoose
Project model

* Returns '201 Created' to match API spec

* Removes 'CustomError' variable assignment as it shows up in test output

* transformFiles will return file validation errors

* Tests API project controller

* Tests toModel()

* Creates default files if no root-level .html file is provided

* Do not auto-generate a slug if it is provided

Fixes a bug where the slug was auto-generated using the sketch name,
even if a slug property had been provided.

* Validates uniqueness of slugs for projects created by the public API

* Adds tests for slug uniqueness

* Configures node's Promise implementation for mongoose (fixes warnings)

* Moves createProject tests to match controller location

* deleteProject controller tests

* Adds support for code to ApplicationErrors

* getProjectsForUser controller tests

- implements tests
- update apiKey tests to use new User mocks

* Ensure error objects have consistent property names

`message` is used as a high-level description of the errors
`detail` is optional and has an plain language explanation of the
individual errors
`errors` is an array of each individual problem from `detail` in a
machine-readable format

* Assert environment variables are provided at script start

* Version public API

* Expect "files" property to always be provided

* Fixes linting error

* Checks that authenticated user has permission to create under this namespace

Previously, the project was always created under the authenticated user's
namespace, but this not obvious behaviour.
2019-08-30 14:26:57 -04:00
Cassie Tarakajian
8054a532d7
Update to webpack 4 (#1145)
* remove some of the react errors, start to fix webpack HMR errors

* start upgrade to webpack 4

* more stuff to update webpack

* update webpack configs to work with webpack 4

* remove linting from truncate script
2019-08-28 16:08:40 -04:00
Andrew Nicolaou
cd21e9ae72 Fixes bug where requestsOfType() would fail if no body
- Passes if request has no body
- Returns a JSON object with an error message when request
  doesn't match type, the response body was "[object Object]"
2019-07-22 16:09:11 -04:00
Andrew Nicolaou
7fdd970a43 Fixes bug where requestsOfType() would fail if no body
- Passes if request has no body
- Returns a JSON object with an error message when request
  doesn't match type, the response body was "[object Object]"
2019-07-22 15:03:31 -04:00
Andrew Nicolaou
27ea1c1e1b Adds a temporary route for checking Personal Access Tokens work 2019-05-29 12:51:50 -04:00
siddhant
456697ec75 Fixed Mongoose Warning (#856) 2019-03-01 15:47:17 -05:00
cdncat
e83654f6ad Fixes #717 (#720)
* remove npm run lint warnings, fixes #717

* Update link for Code of Conduct in CONTRIBUTING.md
2018-10-05 15:35:31 -04:00
Cassie Tarakajian
8495a59e36
Development documentation (#705)
* delete unused files, move webpack configs to their own directory

* start of improved developer documentation, moving everything to developer_docs/ directory

* documentation updates
2018-09-26 16:14:06 -04:00
Cassie Tarakajian
7ac6dd0b39 Merge branch 'master' into production-docker 2018-09-19 16:09:26 -04:00
Cassie Tarakajian
032169e7bc add authorization to file routes 2018-09-19 16:09:12 -04:00
Cassie Tarakajian
02c7c2f26d fix mongo connection so that deprecation warning doesn't appear 2018-09-05 15:34:53 -04:00
Cassie Tarakajian
6705e4c3f8 load client-side environment variables at runtime 2018-08-24 17:41:23 -04:00
Cassie Tarakajian
4dc0ee1d25 fix linting errors 2018-08-21 17:52:42 -04:00
Cassie Tarakajian
02456eaa60 try creating health check 2018-08-21 17:39:34 -04:00
Cassie Tarakajian
bd476d3d38 add basic auth to server for beta editor setup 2018-08-21 16:09:41 -04:00
Cassie Tarakajian
aa543fad4a merge in master 2018-08-20 12:20:41 -04:00
Cassie Tarakajian
549d622c6f more config for kubernetes, fix example fetching tasks to include node env 2018-08-09 13:58:48 -04:00
Liang Tang
617f00653c Improve current console (#656)
* init v2

* make replay work

* fix a failing scenary of react-frame

* fix some bugs

* delete/comment some files

* remove

* fix some bugs && remove more comments

* remove unnecessary lines

* minor tweak

* fix some bugs

* try to hook iframe using webpack

* update

* changes according to cassie

* minor tweak

* fix lint

* extract sass

* add icons

* update webpack config

* update webpack configuration

* update

* tweak

* fix a small bug
2018-07-30 12:20:57 -04:00
Jared Donovan
903713e705 WIP - Mixed content error for Issue #543 (#661)
* Set trust proxy option on Express app.

* Fix replacement of filePath for full screen and embed sketches.

* Use const rather than let because  is never reassigned.
2018-07-03 13:02:46 -07:00
Cassie Tarakajian
fa5a9e39b2 fix linting errors and do stuff to make build work 2018-06-26 19:13:13 -07:00
Cassie Tarakajian
f06198a4e1 start to add mongo configuration 2018-06-25 16:13:31 -07:00
Cassie Tarakajian
5613a285f6 move github files to .github folder, delete useless server config, get development Docker build working 2018-06-18 14:30:10 -07:00
Cassie Tarakajian
f9d1c601b3 move around static and dist folders to work with server bundle, and make preview generation work with this 2018-05-08 19:16:03 -07:00
Madhurjya Pegu
307091ad3c Solving #553 Addition of google oauth 2.0 for easy login (#608)
* google oauth added

* google credentials 

updated .env description for google oauth

* changes done wrt review
2018-04-18 13:38:02 -07:00
Francis Li
2f29d6add1 Fixes #500 removes CSRF token setting in cookie and validation on request (#501) 2018-01-08 16:12:55 -05:00
Francis Li
aadd533061 Fixes #491 adds support for a configurable cache-control max-age setting for serving static assets, with a default of 1d on production and 0 elsewhere (#492) 2017-12-08 15:01:39 -05:00
Cassie Tarakajian
03eae2f1ef fixes #479 and fixes #449 2017-11-28 14:48:50 -05:00
Cassie Tarakajian
e38474ce40 fix linting errors 2017-11-27 17:32:03 -05:00
Cassie Tarakajian
44f02d1159 add csrf token debugging 2017-11-27 17:26:32 -05:00
Cassie Tarakajian
d03b433cfe add additional logging for CSRF errors, redirect to 404 for invalid embed path 2017-11-27 16:58:53 -05:00
Andrew Nicolaou
6cbc376d6e CSRF/XSS protection (#374)
* /api endpoints only allows requests with application/json Content-Type

Otherwise sends 406 Unacceptable

* Uses CSRF token

The CSRF token is sent as the cookie 'XSRF-TOKEN' on all HTML page
requests. This token is  picked up automatically by axios
and sent to the API with all requests as an 'X-XSRF-TOKEN' header.
The middleware runs on all routes and verifies that the token matches
what's stored in the session.
2017-06-26 13:58:58 -04:00
Cassie Tarakajian
66833d22b6 fix #351, increase limit for body-parser 2017-05-10 15:07:40 -04:00
Andrew Nicolaou
a1121e2e6b Enable CORS for all origins and requests on API (#324)
* Enable CORS for all origins and requests on API

* Whitelist CORS origins: *.p5js.org in production and also localhost in development
2017-03-23 14:53:16 -04:00
Cassie Tarakajian
e87390adb9 update eslint to latest version, fix lots of linting errors (#308)
* update eslint and dependencies, fix linting errors that can be fixed with --fix

* fix lots of linting errors

* update eslintrc, fix some linting errors

* fix all server side linting errors, untested

* fix errors that fixing linting errors had caused

* fix client side eslint errors

* fix client side linting errors

* fix refs lint errors

* fix more linting errors

* update eslint and dependencies, fix linting errors that can be fixed with --fix

* fix lots of linting errors

* update eslintrc, fix some linting errors

* fix all server side linting errors, untested

* fix errors that fixing linting errors had caused

* fix client side eslint errors

* fix client side linting errors

* fix refs lint errors

* fix more linting errors

* fix some accessibility linting errors

* fix a lot of linting errors

* fix a billion more linting errors

* hopefully fix all linting errors, still need to test

* fix bugs that fixing linting had caused
2017-02-22 14:29:35 -05:00
Enrique Piqueras
5e4b076b93 Fixed #158 and #100 (#198)
* Changed unsaved changes asterisk to an svg circle. #158

* Fixed #100
Unmatched routes are handled by react-router on the client side
and a single wildcard route on server.routes.js renders the index
html.
When the /:username/sketches route is matched and the username is not
valid, the user will be redirected to the index route and a toast
will explain what happened. When the username is 'p5' (default when
logged out) it will show all sketches. Maybe this should be changed
to just public or 'local' sketches?

* Moved unsaved changes SVG to a separate file.

* User not found is now a 404 error.

* Added server rendered 404 page.

* Removed console.log

* 404 Page now renders a random p5 sketch. TODO: make 404 sketches.

* Added 404 header
404 page now fetches a random example sketch

* Moved circle closer to file name

* Render 404 page in SketchList route if !user
2017-01-06 13:08:03 -05:00
Cassie Tarakajian
f40ecebfba #142 add webpack configuration to decrease loading speed 2016-11-08 18:11:12 -05:00
catarak
207bab20eb add embed route, fix path parsing in PreviewFrame 2016-09-06 16:54:16 -04:00
catarak
29571e4764 login with github works if not already registered 2016-08-31 12:57:47 -04:00
catarak
c677c37597 get dropzone to render 2016-07-19 18:27:27 -04:00
catarak
4d6e4857ba add files, server side, only css and js files 2016-07-13 18:53:56 -04:00
mathuramg
0942378812 remove dev changes 2016-07-11 09:06:43 -04:00