Commit graph

91 commits

Author SHA1 Message Date
Ruben van de Ven
f820a8a85f log indexes and comment for docker export 2021-01-29 11:37:47 +01:00
Ruben van de Ven
6f2095eede Add dp image, consisten punctuation in default files, and overview of all users under '/users' 2020-10-27 21:45:41 +01:00
Ruben van de Ven
bd8391bcf4 WIP to run without mailgun and social logins 2020-09-07 13:59:15 +02:00
ghalestrilo
e88ee4e595 ♻️ remove /mobile endpoints from server 2020-08-21 18:22:40 -03:00
ghalestrilo
862fe1a3ba 👌 update server.routes.js 2020-07-31 14:50:38 -03:00
oruburos
4d81154151 Server.js
Change in Cache Policy
2020-07-17 22:02:05 +01:00
oruburos
348056ecf9 Webpack config in dev and prod include copywebpack for static translations.json
Change in i18n to serve the translations from a different path
2020-07-10 17:08:47 +01:00
oruburos
78f87b6ec1 Webpack config in dev and prod include copywebpack for static translations.json
Change in i18n to serve the translations from a different path
2020-07-10 13:45:35 +01:00
ov
b05d1b1a02
Prototype with proposed i18n architecture (#1478)
* Branch with i18n functionality
* Translation files with new entries
* includes Loader in index.jsx
* Uses WithTranslation In Nav
* New Namespace
* Shortcuts Modal Complete
* Preferences complete
* About overlay title translated
2020-07-06 11:36:45 +02:00
Andrew Nicolaou
0b5180d26c Configure CORS localhost origin via CORS_ALLOW_LOCALHOST env var 2020-05-03 13:20:14 +02:00
Andrew Nicolaou
edc0e6ffb3 Always allow localhost CORS requests 2020-04-19 13:39:00 +02:00
Andrew Nicolaou
13c45490a2 Merge branch 'feature/public-api' into feature/sketch-collections 2019-11-10 22:12:14 +01:00
Cassie Tarakajian
0d061a9dea merge in master 2019-11-07 15:03:01 -05:00
Cassie Tarakajian
a4a01cef4c update server code to work with updated mongoose version 2019-11-07 13:38:02 -05:00
Andrew Nicolaou
95f6105a8b Assets routes should be parsed after server routes so /add-to-collection URL will work 2019-09-25 12:07:17 -04:00
Andrew Nicolaou
c9551a3142 Adds Collections model and Editor API to manage collections
- List any user's collections
- Create new collection
- Modify collection metadata
- Delete collection
- Add/remove any project to/from a collection
2019-09-25 12:01:39 -04:00
Cassie Tarakajian
7f2529a973 merge master 2019-09-11 19:05:15 -04:00
Andrew Nicolaou
1f4bd581a8 Public API: Namespace private and public APIs (#1148)
* Converts import script to use public API endpoints

The endpoints don't exist yet, but this is a good way to see how
the implementation of the data structures differ.

* Exposes public API endpoint to fetch user's sketches

* Implements public API delete endpoint

* Adds helper to create custom ApplicationError classes

* Adds create project endpoint that understand API's data structure

This transforms the nested tree of file data into a mongoose
Project model

* Returns '201 Created' to match API spec

* Removes 'CustomError' variable assignment as it shows up in test output

* transformFiles will return file validation errors

* Tests API project controller

* Tests toModel()

* Creates default files if no root-level .html file is provided

* Do not auto-generate a slug if it is provided

Fixes a bug where the slug was auto-generated using the sketch name,
even if a slug property had been provided.

* Validates uniqueness of slugs for projects created by the public API

* Adds tests for slug uniqueness

* Configures node's Promise implementation for mongoose (fixes warnings)

* Moves createProject tests to match controller location

* Adds support for code to ApplicationErrors

* deleteProject controller tests

* getProjectsForUser controller tests

- implements tests
- update apiKey tests to use new User mocks

* Ensure error objects have consistent property names

`message` is used as a high-level description of the errors
`detail` is optional and has an plain language explanation of the
individual errors
`errors` is an array of each individual problem from `detail` in a
machine-readable format

* Assert environment variables are provided at script start

* Version public API

* Expect "files" property to always be provided

* Fixes linting error

* Converts import script to use public API endpoints

The endpoints don't exist yet, but this is a good way to see how
the implementation of the data structures differ.

* Exposes public API endpoint to fetch user's sketches

* Implements public API delete endpoint

* Adds helper to create custom ApplicationError classes

* Adds create project endpoint that understand API's data structure

This transforms the nested tree of file data into a mongoose
Project model

* Returns '201 Created' to match API spec

* Removes 'CustomError' variable assignment as it shows up in test output

* transformFiles will return file validation errors

* Tests API project controller

* Tests toModel()

* Creates default files if no root-level .html file is provided

* Do not auto-generate a slug if it is provided

Fixes a bug where the slug was auto-generated using the sketch name,
even if a slug property had been provided.

* Validates uniqueness of slugs for projects created by the public API

* Adds tests for slug uniqueness

* Configures node's Promise implementation for mongoose (fixes warnings)

* Moves createProject tests to match controller location

* deleteProject controller tests

* Adds support for code to ApplicationErrors

* getProjectsForUser controller tests

- implements tests
- update apiKey tests to use new User mocks

* Ensure error objects have consistent property names

`message` is used as a high-level description of the errors
`detail` is optional and has an plain language explanation of the
individual errors
`errors` is an array of each individual problem from `detail` in a
machine-readable format

* Assert environment variables are provided at script start

* Version public API

* Expect "files" property to always be provided

* Fixes linting error

* Checks that authenticated user has permission to create under this namespace

Previously, the project was always created under the authenticated user's
namespace, but this not obvious behaviour.

* Splits private and public APIs

The private API is under /editor and the public API under /api
2019-08-30 14:39:45 -04:00
Andrew Nicolaou
d44a058fd8 Public API: Create new project (fixes #1095) (#1106)
* Converts import script to use public API endpoints

The endpoints don't exist yet, but this is a good way to see how
the implementation of the data structures differ.

* Exposes public API endpoint to fetch user's sketches

* Implements public API delete endpoint

* Adds helper to create custom ApplicationError classes

* Adds create project endpoint that understand API's data structure

This transforms the nested tree of file data into a mongoose
Project model

* Returns '201 Created' to match API spec

* Removes 'CustomError' variable assignment as it shows up in test output

* transformFiles will return file validation errors

* Tests API project controller

* Tests toModel()

* Creates default files if no root-level .html file is provided

* Do not auto-generate a slug if it is provided

Fixes a bug where the slug was auto-generated using the sketch name,
even if a slug property had been provided.

* Validates uniqueness of slugs for projects created by the public API

* Adds tests for slug uniqueness

* Configures node's Promise implementation for mongoose (fixes warnings)

* Moves createProject tests to match controller location

* Adds support for code to ApplicationErrors

* deleteProject controller tests

* getProjectsForUser controller tests

- implements tests
- update apiKey tests to use new User mocks

* Ensure error objects have consistent property names

`message` is used as a high-level description of the errors
`detail` is optional and has an plain language explanation of the
individual errors
`errors` is an array of each individual problem from `detail` in a
machine-readable format

* Assert environment variables are provided at script start

* Version public API

* Expect "files" property to always be provided

* Fixes linting error

* Converts import script to use public API endpoints

The endpoints don't exist yet, but this is a good way to see how
the implementation of the data structures differ.

* Exposes public API endpoint to fetch user's sketches

* Implements public API delete endpoint

* Adds helper to create custom ApplicationError classes

* Adds create project endpoint that understand API's data structure

This transforms the nested tree of file data into a mongoose
Project model

* Returns '201 Created' to match API spec

* Removes 'CustomError' variable assignment as it shows up in test output

* transformFiles will return file validation errors

* Tests API project controller

* Tests toModel()

* Creates default files if no root-level .html file is provided

* Do not auto-generate a slug if it is provided

Fixes a bug where the slug was auto-generated using the sketch name,
even if a slug property had been provided.

* Validates uniqueness of slugs for projects created by the public API

* Adds tests for slug uniqueness

* Configures node's Promise implementation for mongoose (fixes warnings)

* Moves createProject tests to match controller location

* deleteProject controller tests

* Adds support for code to ApplicationErrors

* getProjectsForUser controller tests

- implements tests
- update apiKey tests to use new User mocks

* Ensure error objects have consistent property names

`message` is used as a high-level description of the errors
`detail` is optional and has an plain language explanation of the
individual errors
`errors` is an array of each individual problem from `detail` in a
machine-readable format

* Assert environment variables are provided at script start

* Version public API

* Expect "files" property to always be provided

* Fixes linting error

* Checks that authenticated user has permission to create under this namespace

Previously, the project was always created under the authenticated user's
namespace, but this not obvious behaviour.
2019-08-30 14:26:57 -04:00
Cassie Tarakajian
8054a532d7
Update to webpack 4 (#1145)
* remove some of the react errors, start to fix webpack HMR errors

* start upgrade to webpack 4

* more stuff to update webpack

* update webpack configs to work with webpack 4

* remove linting from truncate script
2019-08-28 16:08:40 -04:00
Andrew Nicolaou
cd21e9ae72 Fixes bug where requestsOfType() would fail if no body
- Passes if request has no body
- Returns a JSON object with an error message when request
  doesn't match type, the response body was "[object Object]"
2019-07-22 16:09:11 -04:00
Andrew Nicolaou
7fdd970a43 Fixes bug where requestsOfType() would fail if no body
- Passes if request has no body
- Returns a JSON object with an error message when request
  doesn't match type, the response body was "[object Object]"
2019-07-22 15:03:31 -04:00
Andrew Nicolaou
27ea1c1e1b Adds a temporary route for checking Personal Access Tokens work 2019-05-29 12:51:50 -04:00
siddhant
456697ec75 Fixed Mongoose Warning (#856) 2019-03-01 15:47:17 -05:00
cdncat
e83654f6ad Fixes #717 (#720)
* remove npm run lint warnings, fixes #717

* Update link for Code of Conduct in CONTRIBUTING.md
2018-10-05 15:35:31 -04:00
Cassie Tarakajian
8495a59e36
Development documentation (#705)
* delete unused files, move webpack configs to their own directory

* start of improved developer documentation, moving everything to developer_docs/ directory

* documentation updates
2018-09-26 16:14:06 -04:00
Cassie Tarakajian
7ac6dd0b39 Merge branch 'master' into production-docker 2018-09-19 16:09:26 -04:00
Cassie Tarakajian
032169e7bc add authorization to file routes 2018-09-19 16:09:12 -04:00
Cassie Tarakajian
02c7c2f26d fix mongo connection so that deprecation warning doesn't appear 2018-09-05 15:34:53 -04:00
Cassie Tarakajian
6705e4c3f8 load client-side environment variables at runtime 2018-08-24 17:41:23 -04:00
Cassie Tarakajian
4dc0ee1d25 fix linting errors 2018-08-21 17:52:42 -04:00
Cassie Tarakajian
02456eaa60 try creating health check 2018-08-21 17:39:34 -04:00
Cassie Tarakajian
bd476d3d38 add basic auth to server for beta editor setup 2018-08-21 16:09:41 -04:00
Cassie Tarakajian
aa543fad4a merge in master 2018-08-20 12:20:41 -04:00
Cassie Tarakajian
549d622c6f more config for kubernetes, fix example fetching tasks to include node env 2018-08-09 13:58:48 -04:00
Liang Tang
617f00653c Improve current console (#656)
* init v2

* make replay work

* fix a failing scenary of react-frame

* fix some bugs

* delete/comment some files

* remove

* fix some bugs && remove more comments

* remove unnecessary lines

* minor tweak

* fix some bugs

* try to hook iframe using webpack

* update

* changes according to cassie

* minor tweak

* fix lint

* extract sass

* add icons

* update webpack config

* update webpack configuration

* update

* tweak

* fix a small bug
2018-07-30 12:20:57 -04:00
Jared Donovan
903713e705 WIP - Mixed content error for Issue #543 (#661)
* Set trust proxy option on Express app.

* Fix replacement of filePath for full screen and embed sketches.

* Use const rather than let because  is never reassigned.
2018-07-03 13:02:46 -07:00
Cassie Tarakajian
fa5a9e39b2 fix linting errors and do stuff to make build work 2018-06-26 19:13:13 -07:00
Cassie Tarakajian
f06198a4e1 start to add mongo configuration 2018-06-25 16:13:31 -07:00
Cassie Tarakajian
5613a285f6 move github files to .github folder, delete useless server config, get development Docker build working 2018-06-18 14:30:10 -07:00
Cassie Tarakajian
f9d1c601b3 move around static and dist folders to work with server bundle, and make preview generation work with this 2018-05-08 19:16:03 -07:00
Madhurjya Pegu
307091ad3c Solving #553 Addition of google oauth 2.0 for easy login (#608)
* google oauth added

* google credentials 

updated .env description for google oauth

* changes done wrt review
2018-04-18 13:38:02 -07:00
Francis Li
2f29d6add1 Fixes #500 removes CSRF token setting in cookie and validation on request (#501) 2018-01-08 16:12:55 -05:00
Francis Li
aadd533061 Fixes #491 adds support for a configurable cache-control max-age setting for serving static assets, with a default of 1d on production and 0 elsewhere (#492) 2017-12-08 15:01:39 -05:00
Cassie Tarakajian
03eae2f1ef fixes #479 and fixes #449 2017-11-28 14:48:50 -05:00
Cassie Tarakajian
e38474ce40 fix linting errors 2017-11-27 17:32:03 -05:00
Cassie Tarakajian
44f02d1159 add csrf token debugging 2017-11-27 17:26:32 -05:00
Cassie Tarakajian
d03b433cfe add additional logging for CSRF errors, redirect to 404 for invalid embed path 2017-11-27 16:58:53 -05:00
Andrew Nicolaou
6cbc376d6e CSRF/XSS protection (#374)
* /api endpoints only allows requests with application/json Content-Type

Otherwise sends 406 Unacceptable

* Uses CSRF token

The CSRF token is sent as the cookie 'XSRF-TOKEN' on all HTML page
requests. This token is  picked up automatically by axios
and sent to the API with all requests as an 'X-XSRF-TOKEN' header.
The middleware runs on all routes and verifies that the token matches
what's stored in the session.
2017-06-26 13:58:58 -04:00
Cassie Tarakajian
66833d22b6 fix #351, increase limit for body-parser 2017-05-10 15:07:40 -04:00