Commit graph

247 commits

Author SHA1 Message Date
Andrew Nicolaou
6cbc376d6e CSRF/XSS protection (#374)
* /api endpoints only allows requests with application/json Content-Type

Otherwise sends 406 Unacceptable

* Uses CSRF token

The CSRF token is sent as the cookie 'XSRF-TOKEN' on all HTML page
requests. This token is  picked up automatically by axios
and sent to the API with all requests as an 'X-XSRF-TOKEN' header.
The middleware runs on all routes and verifies that the token matches
what's stored in the session.
2017-06-26 13:58:58 -04:00
Cassie Tarakajian
4476405021 change all email links to update protocol based on node env 2017-06-26 13:48:24 -04:00
Andrew Nicolaou
1dc0c22cb7 Email verification (#369)
* Re-introduce Email Verification code

Revert "Revert "Email verification""
This reverts commit d154d8bff259350523a0f139e844db96c43d2ee1.

* Uses MJML to generate Reset Password email

* Sends Password Reset and Email Confirmation emails using MJML template

* Sends verified status along with user data

* API endpoint for resending email verification confirmation

* Displays verification status on Account page and allows resending

* Send back error string

* Passes email address through to sign/verify helper

* Uses enum-style object to set verified state

* Sends minimal info when user verifies since it can be done without login

* Provides /verify UI and sends confirmation token to API

* Better name for JWT secret token env var

* Adds mail config variables to Readme

* Encrypts email address in JWT

The JWT sent as the token in the Confirm Password URL
can be unencoded by anyone, although it's signature can only
be verified by us. To ensure that no passwords are leaked,
we encrypt the email address before creating the token.

* Removes unused mail templates

* Resets verified flag when email is changed and sends another email

* Moves email confirmation functions next to each other

* Extracts random token generator to helper

* Moves email confirmation actions into Redux

- updates the AccountForm label with a message to check inbox
- show status when verifying email token

* Uses generated token stored in DB for email confirmation

* Sets email confirmation status to verified if logging in from Github

* Sends email using new method on account creation

* Fixes linting errors

* Removes replyTo config
2017-06-26 12:48:28 -04:00
Cassie Tarakajian
1ae37ebaaa fix lingering linting errors 2017-06-13 16:47:36 -04:00
Zach Rispoli
396fc701c7 Fix issue with serving assets inside folders 2017-06-12 13:49:45 -04:00
Zach Rispoli
61afce46ed Server can serve individual assets from projects (fixes #212, fixes #219) 2017-06-01 00:08:11 -04:00
Mathura MG
82207a50d3 Accessibility (#361)
* add p5 interceptor submodule

* update package

* remoce interceptor

* update interceptor;

* merge scripts

* change postinstall script

* refactor interceptor files

* remove merge conflicts

* change source files

* add registry class

* provide seperate outputs for text and grid

* switch textOutput to boolean

* make both modules usable together

* update interceptor for safari

* fix grid label

* add sound output as well

* change file strucure

* change constants

* change input lables

* switch submodule branch

* change variable name

* change grid to table

* remove role from table elements

* switch submodule branch
2017-05-31 15:23:30 -04:00
Cassie Tarakajian
8e1a65daed fixes #344, update sketches to by default use p5 version 0.5.10 2017-05-24 12:20:38 -04:00
Cassie Tarakajian
7deb3745bf fix #354 2017-05-13 22:23:07 -04:00
Cassie Tarakajian
15346c9a00 more to test object copying 2017-05-13 21:46:58 -04:00
Cassie Tarakajian
dc9ad0eea9 log errors in s3 object copy 2017-05-13 21:38:48 -04:00
Cassie Tarakajian
3c6049ceef duplicate is probably less broken than it was 2017-05-13 21:17:58 -04:00
Cassie Tarakajian
66833d22b6 fix #351, increase limit for body-parser 2017-05-10 15:07:40 -04:00
Andrew Nicolaou
ae668f681e HTTPS UI switch (#335)
* Checkbox to toggle project's serveSecure flag

This doesn't yet persist or reload the page.

* Help button that shows modal to explain feature

* Extracts protocol redirection to helper

* Returns promise from saveProject() action to allow chaining

* Setting serveSecure flag on project redirects after saving project

* Set serveSecure on Project model in API and client

* Redirect to correct protocol when project is loaded
2017-05-03 11:46:12 -04:00
Cassie Tarakajian
a4a1a36f02 #330 add google analytics 2017-04-13 14:49:45 -04:00
Cassie Tarakajian
2a9ea85ed8 #339 add region to .env 2017-04-13 14:39:03 -04:00
Cassie Tarakajian
40b3e26f24 #339 make duplication backwards compatible with old s3 links 2017-04-13 14:17:30 -04:00
Andrew Nicolaou
7be45ce875 Search for existing user account using Github emails (#337)
* Tries to match user account from list of emails in Github API

Requests the 'user:email' scope from Github which returns the private
emails associated with the user's account.

* Centres GitHub button in layout
2017-04-13 12:04:10 -04:00
Cassie Tarakajian
aaa5e868e2 make inital changes for #169--need to migrate the locations of a user's s3 files to be namespaced under their userid 2017-04-06 14:34:14 -04:00
Cassie Tarakajian
23560c7879 delete file from s3 if data environment variable is undefined 2017-04-05 23:23:38 -04:00
Cassie Tarakajian
8392acdf3f delete files based on S3, with a date to be backwards compatible 2017-04-05 23:23:38 -04:00
Cassie Tarakajian
75b49d10a9 add function to delete file from s3 2017-04-05 23:23:38 -04:00
Cassie Tarakajian
fa04054d28 duplicating files works 2017-04-05 23:23:38 -04:00
Cassie Tarakajian
f01a58353b initial commit to cloning files on S3, untested 2017-04-05 23:23:37 -04:00
Andrew Nicolaou
dc801ccf7f Force HTTPS redirection for log in and sign up (#319)
* Higher-order component to force some routes to HTTPS

* Force all user-management routes to HTTPS

* Redirect to sourceProtocol as route unmounts.

By default, no redirection occurs if sourceProtocol is not explicitly
defined.

* Sets serveSecure flag on new projects and usea after forcing protocol

The flag is set to `false` on all projects and as the UI has no way to
change this, it always redirects to HTTP after a signup/login action.

* Move HoC to be with other top-level components

* Server should respond to account page request

* Serves AccountView over HTTPS

* Turns HTTPS redirection off in development by default

Will log to the browser console any redirection that would
have happened. Added a line in the README about how to
enable this for testing in development.
2017-03-30 12:36:26 -04:00
Andrew Nicolaou
a1121e2e6b Enable CORS for all origins and requests on API (#324)
* Enable CORS for all origins and requests on API

* Whitelist CORS origins: *.p5js.org in production and also localhost in development
2017-03-23 14:53:16 -04:00
Yining Shi
fe6acc90e4 Adding User Settings View (#325)
* added account page showing username and email

* change username and email

* validate current password and add new  password

* reject promise with error for reduxForm submit-validation for current password

* updated user reducer to handle setting sucess and server side async

* warning if there is current password but no new password

* fixes logout button

* import validate function, fixes logout style
2017-03-16 18:25:12 -04:00
Cassie Tarakajian
1e49b678c4 temporarily remove stale project thing 2017-03-15 11:59:07 -04:00
Cassie Tarakajian
abbeb7fc60 fi linting to include .jsx files 2017-03-02 15:18:58 -05:00
Cassie Tarakajian
fe4c2641e3 fix #254, stale project warning works correctly, removed unused actions and state for ide 2017-03-02 14:38:29 -05:00
Cassie Tarakajian
e87390adb9 update eslint to latest version, fix lots of linting errors (#308)
* update eslint and dependencies, fix linting errors that can be fixed with --fix

* fix lots of linting errors

* update eslintrc, fix some linting errors

* fix all server side linting errors, untested

* fix errors that fixing linting errors had caused

* fix client side eslint errors

* fix client side linting errors

* fix refs lint errors

* fix more linting errors

* update eslint and dependencies, fix linting errors that can be fixed with --fix

* fix lots of linting errors

* update eslintrc, fix some linting errors

* fix all server side linting errors, untested

* fix errors that fixing linting errors had caused

* fix client side eslint errors

* fix client side linting errors

* fix refs lint errors

* fix more linting errors

* fix some accessibility linting errors

* fix a lot of linting errors

* fix a billion more linting errors

* hopefully fix all linting errors, still need to test

* fix bugs that fixing linting had caused
2017-02-22 14:29:35 -05:00
Cassie Tarakajian
52a28328e4 fix #302 2017-02-14 15:54:29 -05:00
Cassie Tarakajian
a59efb2583 #254 remove warning for stale project, needs to be tested more 2017-01-25 13:39:20 -05:00
Cassie Tarakajian
ab19b8d598 fix example code to generate unique file ids for example projects 2017-01-24 17:47:20 -05:00
Cassie Tarakajian
0c6246fe45 fix linting errors 2017-01-24 17:20:40 -05:00
Cassie Tarakajian
a9ee70e033 #254 show error when user attempts to save stale version of project, refactor error modals to one component 2017-01-24 15:29:25 -05:00
Cassie Tarakajian
1a22998ff8 warn user of session change when deleting a project or saving a new project 2017-01-17 15:37:19 -05:00
Cassie Tarakajian
65592cbf9e add authentcation error component, return 403 error from server when trying to save a project where the user doesn't match the owner 2017-01-17 15:37:19 -05:00
Cassie Tarakajian
311e8442a1 Revert "Email verification" (#265) 2017-01-13 10:35:39 -05:00
Akarshit Wal
2d781e22fb Email verification (#230)
* Making the email separate for future enhancements

* email-verification added

* Github users are verified

* update package

* Bug fixes and improvements

* jade to pug

* Bug fix

* changed route
2017-01-13 10:24:09 -05:00
Cassie Tarakajian
fc8318c297 fix some linting errors 2017-01-11 15:50:36 -05:00
Cassie Tarakajian
1d6e59ada3 add lint-fix task, fix linting errors in fetching examples code 2017-01-11 15:17:10 -05:00
Akarshit Wal
dee9688ece Use username also to log in (#250)
* Use username also to log in

* Minor changes
2017-01-06 18:14:42 -05:00
Cassie Tarakajian
b02b8f99fe fix 404 page typo 2017-01-06 15:05:02 -05:00
Enrique Piqueras
5e4b076b93 Fixed #158 and #100 (#198)
* Changed unsaved changes asterisk to an svg circle. #158

* Fixed #100
Unmatched routes are handled by react-router on the client side
and a single wildcard route on server.routes.js renders the index
html.
When the /:username/sketches route is matched and the username is not
valid, the user will be redirected to the index route and a toast
will explain what happened. When the username is 'p5' (default when
logged out) it will show all sketches. Maybe this should be changed
to just public or 'local' sketches?

* Moved unsaved changes SVG to a separate file.

* User not found is now a 404 error.

* Added server rendered 404 page.

* Removed console.log

* 404 Page now renders a random p5 sketch. TODO: make 404 sketches.

* Added 404 header
404 page now fetches a random example sketch

* Moved circle closer to file name

* Render 404 page in SketchList route if !user
2017-01-06 13:08:03 -05:00
Cassie Tarakajian
9886e53a7c fix #245 2017-01-05 16:54:33 -05:00
Cassie Tarakajian
3b93a5ff19 remove deletion step 2016-12-13 20:47:19 -05:00
Cassie Tarakajian
1e90ea1437 add s3 deletion script 2016-12-13 20:45:30 -05:00
Cassie Tarakajian
14d1c33951 more s3 script testing 2016-12-13 20:36:48 -05:00
Cassie Tarakajian
c9df78a667 add to s3 script 2016-12-13 20:32:57 -05:00
Cassie Tarakajian
ebb7729fd0 log total files to delete 2016-12-13 20:12:17 -05:00
Cassie Tarakajian
5f106cd378 remove console.log 2016-12-13 20:09:41 -05:00
Cassie Tarakajian
5711c3b4da start to add file to delete unused files from S3 2016-12-13 20:07:02 -05:00
Cassie Tarakajian
cb6256d3e3 #20 switch p5.js back to minified 2016-12-13 16:19:39 -05:00
Cassie Tarakajian
d0770739b1 update p5.js version and switch to non-minified versions 2016-12-13 16:08:23 -05:00
Cassie Tarakajian
9e61382e87 #182 possible fix to password reset 2016-12-13 13:28:01 -05:00
Cassie Tarakajian
fcbb12ba13 change selected file for instance container examples 2016-12-09 12:28:20 -05:00
Yining Shi
412d330f74 Fixed example instance container (#221)
* fixed example inance container

* added a space
2016-12-09 12:19:02 -05:00
Yining Shi
29de5fce55 Fetch examples from p5 website repo (#203)
* changed open to examples, created basic fetch-examples.js

* use dotenv babel-register polyfill

* save examples in order

* added assets

* use rawgit.com

* async process.exit

* sound:Convolution Reverb
2016-12-01 18:57:50 -05:00
Jen Kagan
55b54f09bd Change routes to /:username/sketches/:projectid (#216) 2016-12-01 17:12:34 -05:00
Cassie Tarakajian
5dd0220610 fix baseURL for preview frame 2016-11-30 12:38:53 -05:00
Cassie Tarakajian
fd26b3f77c add otf and ttf to media file list for preview generation 2016-11-30 11:51:54 -05:00
Yining Shi
62409a3bf8 Added favicon (#213)
* added favicon

* deleted local favicon
2016-11-26 18:10:03 -05:00
Cassie Tarakajian
af3cb60ce1 fix linting errors that are fixable with --fix in server side code 2016-11-17 11:15:35 -05:00
Cassie Tarakajian
04922522cc cool to share some of this code between client and server
Squashed commit of the following:

commit fb5e82cea930b011792983c7d1cc9f6ecacc7dd4
Author: Cassie Tarakajian <ctarakajian@gmail.com>
Date:   Wed Nov 16 12:28:10 2016 -0500

    add server side rendering, untested

commit 5c60fb30c46ea49a8d9a0ecb56f39ec778464a8b
Author: Cassie Tarakajian <ctarakajian@gmail.com>
Date:   Tue Nov 15 18:26:06 2016 -0500

    add redux-form bandage post react update, should probably update to redux-form 6 at some point

commit 057b5871e7137179abc93f7821a9690f0ea52c92
Author: Cassie Tarakajian <ctarakajian@gmail.com>
Date:   Tue Nov 15 16:30:09 2016 -0500

    remove passing jsFiles and cssFiles to PreviewFrame, fix rendering bug

commit 88c56fd36d3a8d88902c79642171988ce37825f2
Author: Cassie Tarakajian <ctarakajian@gmail.com>
Date:   Tue Nov 15 16:21:59 2016 -0500

    code cleanup, untested

commit 82e5dcf8bca461892f1daf06d38f1eaebe72983f
Author: Cassie Tarakajian <ctarakajian@gmail.com>
Date:   Tue Nov 15 15:53:50 2016 -0500

    update react and react router, fix a few bugs in rendering code, add ability to parse inline js and css

commit e02f4b67803ea45328eff4e53659222f3149964c
Author: Cassie Tarakajian <ctarakajian@gmail.com>
Date:   Tue Nov 15 14:43:38 2016 -0500

    add almost full code to create preview html correctly, untested

commit 12f61b2a1aed4607fab24d01572b647ca6210262
Author: Cassie Tarakajian <ctarakajian@gmail.com>
Date:   Wed Nov 2 17:09:26 2016 -0400

    refactor some of the preview html generation code

commit 111825846703d5c8959cb18795a3aadb7ebe505c
Author: Cassie Tarakajian <ctarakajian@gmail.com>
Date:   Wed Nov 2 11:06:36 2016 -0400

    add comments as plan of action

commit 1cc2cf5203674732b4057382f1937de38b687078
Author: Cassie Tarakajian <ctarakajian@gmail.com>
Date:   Thu Oct 27 19:34:55 2016 -0400

    add href parsing

commit e67189298cda9b70645f454ecd541a363980f0e4
Author: Cassie Tarakajian <ctarakajian@gmail.com>
Date:   Thu Oct 27 10:48:36 2016 -0400

    continue parsing html

commit 1458fb940a15a3dc5d74890211a3073e920b84b8
Author: Cassie Tarakajian <ctarakajian@gmail.com>
Date:   Wed Oct 26 17:40:31 2016 -0400

    start to add html parsing
2016-11-16 13:12:36 -05:00
Mathura MG
ced885d03f Add multiple canvas text outputs (#197)
* added grid

* add table to textoutput

* add all three outputs

* add shortcuts

* fix sound bug for triangle

* fix triangle bug - again
2016-11-12 11:53:02 -05:00
Cassie Tarakajian
f40ecebfba #142 add webpack configuration to decrease loading speed 2016-11-08 18:11:12 -05:00
Cassie Tarakajian
2750b1f0ef #189 i have literally been putting this off for months but i finally figured out now to resolve file paths \ 😄 / 2016-11-08 16:50:21 -05:00
Cassie Tarakajian
081c7d521e #189 load text files from server via filename, does not work for file paths 2016-11-08 14:42:23 -05:00
Cassie Tarakajian
b06fb4cb80 change p5.js password reset email 2016-11-02 18:08:28 -04:00
Cassie Tarakajian
588668886d update default version of p5 to 5.4 2016-11-02 15:06:28 -04:00
Cassie Tarakajian
85b8f5b589 fixes #96, downloads now work on safari and firefox 2016-11-02 14:08:53 -04:00
Cassie Tarakajian
2645e13786 change full screen view to embed view 2016-11-02 11:12:07 -04:00
Cassie Tarakajian
e66b916349 change password reset email address 2016-10-19 12:36:58 -04:00
Cassie Tarakajian
70f1c1c8f1 update email copy 2016-10-19 12:36:58 -04:00
Cassie Tarakajian
e5ff11f65a add basic password reset functionality, no error checking or styling 2016-10-19 12:36:58 -04:00
Cassie Tarakajian
d055aa5af8 more password reset things 2016-10-19 12:36:58 -04:00
Cassie Tarakajian
5aa5032961 create password reset token from FE, start to add flash text 2016-10-19 12:36:58 -04:00
Cassie Tarakajian
ea6d30c430 more password reset stuff 2016-10-19 12:36:57 -04:00
Cassie Tarakajian
1610b0168d start to add mailgun and nodemailer 2016-10-19 12:36:57 -04:00
kaganjd
76bd1b1630 Add ability to delete projects from sketch list (#125)
* Add ability to delete projects from sketch list

- Fixes #76
- Also gets rid of outdated Sketch module

* Styling for Sketch List trash can

* Merge all the stuff

* Fix trash can line height
2016-10-12 14:24:53 -04:00
Cassie Tarakajian
dfc55aaa5b temporarily remote autorefresh and loop protect 2016-10-04 15:35:23 -04:00
Cassie Tarakajian
1232e4c5ca add db reformat script 2016-10-01 14:01:32 -04:00
Cassie Tarakajian
7fb85c251b auto autorefresh to preferences, save autorefresh server side 2016-09-28 18:09:37 -04:00
catarak
103ebd2014 add theme to preferences, add backbone of themes to scss 2016-09-20 23:57:27 -04:00
catarak
e24e2805b6 db reformat 2016-09-14 17:34:10 -04:00
catarak
7436f4960f this time, db reformat, for real 2016-09-14 16:41:36 -04:00
catarak
03e2fd32c5 more db testing stuff 2016-09-14 16:33:47 -04:00
catarak
fcf09c6779 even more db reformat 2016-09-14 16:30:50 -04:00
catarak
f1ec50d914 more db reformatting 2016-09-14 16:27:05 -04:00
catarak
90c55e9e0b db reformat again 2016-09-14 16:24:51 -04:00
catarak
8bf252ed87 fix dbreformat 2016-09-14 16:23:22 -04:00
catarak
912cddf776 db reformat testing 2016-09-14 16:20:25 -04:00
catarak
9e6d4b56bd change isSelected to isSelectedFile, add db reformat 2016-09-14 15:57:52 -04:00
catarak
b004fd077f change http urls to https 2016-09-08 22:02:42 -04:00
catarak
207bab20eb add embed route, fix path parsing in PreviewFrame 2016-09-06 16:54:16 -04:00
catarak
52fa553d8f add script to reformat database 2016-09-04 16:39:12 -04:00
catarak
69bb0d0077 adding and deleting files works server side 2016-09-02 19:02:38 -04:00
catarak
1ae27f0d66 add file icons and file types default to file 2016-09-02 17:41:01 -04:00
catarak
3dfed2a11e delete files works, server side 2016-09-02 17:41:01 -04:00