Getting started

⚙️ Prerequisite

Your favourite IDE
.NET 6
IIS enabled
Git
SQL server management studio 19
Cisco AnyConnect (Fontys students connecting their MSSQL database)
Node v14.17.6
NPM v6.14.15
Java 11+ (for OWASP ZAP security testing program)

optional:

NVM (Node Version Manager)

⚒️ Development

Frontend

Clone the repository:

git clone --recursive https://github.com/FontysIPost/Frontend.git

Install dependencies:

# Check which node you're using: node -v
# Install nvm(node version manager) to quickly change node versions
# To install node version: nvm install 14.17.6
# To switch node version: nvm use 14.17.6
npm i

Copy .env.example and paste it as .env and populate these ports (make sure it's in the root directory of the Frontend):

VUE_APP_API_GATEWAY=https://Localhost:44311
VUE_APP_URL=Localhost:8080

Run the frontend UI and open http://localhost:8080/ when ready:

npm run serve

Backend

Clone the repository:

git clone --recursive https://github.com/FontysIPost/FIPost.git

Setting up MSSQL Database:

Create a MSSQL Database in Fontys Portal website > Selfservice portal > MSSQL database and navigate to four appsettings.Development.json in ./locatie-service, ./pakketservice, ./authenthication-service and ./EmployeeService and put your credentials:

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*",
  "ConnectionString": "Server=;Database=;User Id=;Password=;"
}

OPTIONAL:

Or you can also create a local mssql db in Docker (For outside developers or setting up faster), first pull it:

docker pull mcr.microsoft.com/mssql/server:2019-latest

Run the container:

docker run -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=Ipost11%" -p 1433:1433 -d --name MSSQLIPost mcr.microsoft.com/mssql/server:2019-latest

Use this connectionString:

Server=localhost,1433;Database=master;User Id=sa;Password=Ipost11%;

Run the migrations:

in EmployeeService, Locatie-service, and pakketservice with the following command in the terminal:

dotnet ef database update

In order to use the functionality in the application, you have to populate 5 out of 6 tables (buildings, cities, Package, Person, and rooms but not Ticket), in the table Person, 0 = Admin and 1 = Employee for different access. The app will crash without these data.

See DATABASE wiki how you can populate the exact data into the 5 tables.

Run all the following services, EmployeeService: IIS Express, PakketService: IIS Express, LocatieService: IIS Express, authentication-service: IIS Express and api-gateway: IIS Express with the frontend running.

Everything should work and ready to develop!

🪲Security Testing

In order to use OWASP ZAP, follow the install steps from OWASP. Make sure to have JRE 11+!
Open de app and change the port to 8081 in Tools > Options > Network > Local Servers/Proxies (default 8080 but vue is already using that)
Click the Quick Start tab of the Workspace Window.
Click the large Automated Scan button.
In the URL to attack text box, enter the full URL of the web application you want to attack.

http://localhost:8080/

Click the Attack

ZAP will proceed to crawl the web application with its spider and passively scan each page it finds. Then ZAP will use the active scanner to attack all of the discovered pages, functionality, and parameters.

Interpret Your Test Results

As ZAP spiders your web application, it constructs a map of your web applications’ pages and the resources used to render those pages. Then it records the requests and responses sent to each page and creates alerts if there is something potentially wrong with a request or response.

Wiki made 💖 by Giang - Extiriority