-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: use convict for env vars #646
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor comments; on a separate note, do we need to define the required-string/number
format cos convict
uses the prototype to validate, which rejects null/undefined
also seems like got failing test; could i trouble you to look at it? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Chore: I think there are some parts of the code where there were some parsing logic for the env variables, which is now done by convict, and thus are no longer needed. (I got lazy to search through them towards the end HAHA)
Style: I think its cleaner to do a rebase rather than a merge to keep the commit changes clean, making the code easier to review! Let me know if you dont prefer this workflow!
fixed now |
60ea8c0
to
4798b4b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor comments, not approving first for safety
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
mostly lgtm but a few comments.
I do have a concern due to the strictness setting that we have set for this. Currently, this will break if any one of our variables are set wrongly, causing prod to be down. Let me know your thoughts about this suggestion:
we can tackle this in 2 prs:
- this PR, but mode is set to
WARN
rather thanSTRICT
we look at the logs, make sure its not throwing any unexpected errors. The following week when we run release - we change the mode from
WARN
toSTRICT
that way we ensure that things dont break, allowing for a smoother deployment.
Some clarifications:
Basically when deploying, we should be 100% certain what we are deploying is correct, especially with things like config/envs Did i get your concern correctly? But if the team feels we should not have a "hard" failure, we can discuss the deploy strategy as well |
if if (!SOME_ENV_VAR) throw Error() but because this fails when the file is used, it's still not as ideal. failing fast here has 2 benefits:
|
Woah am confused about this since my understanding is that it will fail at runtime rather than build time, but ill clarify with you offline instead haha
Oh yes, agreed that this should be the end state. My concern primarily stemmed from the fact we are merging into develop, and develop and identity branch has diverged to some extent, I was worried that the merge itself will have breaking changes. But, I agree with @seaerchin about failing fast since we do have rolling deployments anyways, so prod wont be down even if the app fails at runtime. TLDR: lgtm |
@kishore03109 Yea, you're right, it is technically runtime, but at service startup. @kishore03109 @seaerchin @alexanderleegs |
Okay confirmed destination branch should be |
51cb886
to
44eff97
Compare
* feat: add convict as dependency * feat: config wip * feat: add convict schema with defaults and validation * feat: add config alias and update dependencies * feat: replace process.env with config.get (wip) * fix: use import over require * feat: wip to use config * feat: add cloudmersive key as env * feat: wip to use config * feat: update config properties * feat: update imports and use config * chore: update env.test and imports * chore: standardise env * chore: remove dotenv * chore: format eslintrc * fix: rename convict format and env enums * chore: remove DOMAIN_WHITELIST from env * chore: revert trust proxy change * fix: cookie domain to be enums * feat: update to use config * fix: remove checks for env in logic * fix: make gitGuardian optional env * feat: add staging as option for node env * chore(app): chagne to import syntax * fix: remove string coercing for env key * chore: remove check for undefine site create form key env * chore: update package-lock --------- Co-authored-by: seaerchin <jiachin@open.gov.sg>
* Feat/login flow (#477) * Feat: add SessionData class * Refactor: swap out auth middleware to use sessionData * Refactor: modify sessionData in rollbackRouteHandler * Feat: update middleware and auth services * Chore: swap out v1 routes Using a 1-1 swap here for v1 routes, since these are mostly outdated or due for refactor * Refactor: swap id used in logger * Feat: add handler to attach site name to sessionData * Chore: modify v2 routes and services to use sessionData * Chore: swap whoamiAuth to verifyJwt and useSiteAccessTokenIfAvailable with checkHasAccess * Test: add fixtures for new middleware * Fix: tests * Fix: allow e2e test user * Chore: update v1 endpoint * Fix: migrate auth middle to ts * Chore: rename to usersessiondata * Refactor: split sessionData into separate classes * Chore: replace sessionData * Chore: replace githubsessiondata * Chore: add jsdoc for classes * Chore: update routes and services to pass appropriate sessionData objects * Fix: tests * Fix: specify request types * Chore: remove unnecessary comment * Fix: simplify getGithubParamsWithSite * Feat/site member verification for email (#479) * Feat: add IsomerAdmins database table and migrations * Feat: add access token via interceptor if missing * Feat: add isomerAdminsService * Feat: add hasAccessToSite to usersService * Feat: shift site membership check to authorizationMiddlewareService * Chore: replace authMiddleware.checkHasAccess with authorizationMiddleware.checkIsSiteMember * Chore: migrate authmiddlewareservice to typescript * Fix: rename auth middleware to authentication middleware * Fix: move e2e_isomer_id into constants * Chore: add cookie types * Fix: more concise check for isSiteMember * FIx: rebase errors * Fix: remove unused identityAuthService dependency * Fix: rename AuthService import as identityAuthService * Nit: separate type definition * Feat/email login flow (#480) * build(deps): bump file-type from 16.5.3 to 16.5.4 (#475) Bumps [file-type](https://github.com/sindresorhus/file-type) from 16.5.3 to 16.5.4. - [Release notes](https://github.com/sindresorhus/file-type/releases) - [Commits](sindresorhus/file-type@v16.5.3...v16.5.4) --- updated-dependencies: - dependency-name: file-type dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: package.json & package-lock.json to reduce vulnerabilities (#476) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEQUELIZE-2959225 * build(deps): bump vm2 from 3.9.5 to 3.9.7 (#350) Bumps [vm2](https://github.com/patriksimek/vm2) from 3.9.5 to 3.9.7. - [Release notes](https://github.com/patriksimek/vm2/releases) - [Changelog](https://github.com/patriksimek/vm2/blob/master/CHANGELOG.md) - [Commits](patriksimek/vm2@3.9.5...3.9.7) --- updated-dependencies: - dependency-name: vm2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Chore: remove site links from description (#482) * Fix: update resource room (#481) * 0.10.0 * fix: remove unnecessary update step (#487) * 0.10.1 * Chore: update commit message to include user id * Feat: add login and verify endpoints * Fix: model relations and alias * Feat: add findSitesByUserId * Feat: add site retrieval for email and admin users * Fix: hasAccessToSite * Fix: update email/mobile by isomer id * Chore: update error message * Fix: await check for whitelist * Chore: add mockSessionData for email login * Fix: SiteService behaviour for email users with no whitelisted sites * Test: update sitesservice tests * Test: add new authservice tests and fix existing tests * Fix: update user model to allow null in github field * Fix: update test fixture * Fix: update user test suite * Chore: remove unused endpoint * Fix: rebase errors * Chore: remove unnecessary message in test * Chore: remove unnecessary userId field * Nit: rename variable * Refactor: shift site retrieval for email users into helper method * Chore: spacing and remove unused var * Fix: tests * Tests: add new authorizationMiddlewareService test * fix: remove resources_name and add support for url (#490) * fix: remove resources_name and add support for url * fix: display url parameter as domain but store with https scheme * fix: resolve failing tests * Chore: flip conditional * Refactor: shift order of getSites to make it easier to understand * Test: add new auth router tests * Feat: add integration tests for getSites * Fix: failing requests for getLastUpdated and getStagingUrl * Nit: add comment * Nit: test name and var name * chore(mocks/axios): remove extra stuff * test(sites.spec): refactor specs for clarity * Fix: update settings * Nit: update comment * Fix: tests Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> Co-authored-by: seaerchin <jiachin@open.gov.sg> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> Co-authored-by: seaerchin <jiachin@open.gov.sg> * Fix: e2e bypass of authorization middleware Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> Co-authored-by: seaerchin <jiachin@open.gov.sg> * feat: collaborators (#510) * build(devdeps): add lodash types * fix(model): rectify db model definitions * refactor: add message param to ForbiddenError * feat: add CollaboratorsService * test: add tests for CollaboratorsService * feat: use CollaboratorService in authorization middleware * test: add tests for authorization middleware * feat: add CollaboratorsRouter * test: add tests for CollaboratorsRouter * feat(db-migration): change site_members role enum in the database * feat: modify authzMiddlewareService tests * fix: error in mock collaborators fixture * ref(services): migrate SitesService to TypeScript (#512) * ref(fixtures): convert repoInfo to typescript * ref(services): migrate SitesService to typescript * tests: update unit and integration tests for SitesService * ref(sites): migrate sites router to typescript * fix: revert back to using SessionData * fix: remove use of Bluebird and unused getSiteToken function * fix: use more accurate type * chore: remove unused variable * refactor(tests): migrate generic axios instance to __mocks__ * tests: use mockAxios directly instead of preparing an instance * feat(rr): db migrations (#515) * chore(infraservice): remove unused prop * chore(routes/auth): remove unused var * build(package): add useful command to undo migration * feat(migrations): add migrations for review requests fix(db migratino): update property names * chore(db migration): add migration to add status col to rr * chore(db migrations): add required columns for seq creation * feat: introduce a new site info API endpoint (#513) * ref(fixtures): convert repoInfo to typescript * ref(services): migrate SitesService to typescript * tests: update unit and integration tests for SitesService * ref(sites): migrate sites router to typescript * fix: revert back to using SessionData * fix: remove use of Bluebird and unused getSiteToken function * fix: use more accurate type * chore: remove unused variable * refactor(tests): migrate generic axios instance to __mocks__ * feat: introduce function to obtain latest commit details * feat: add function for obtaining a User by ID * feat: introduce a new site info API endpoint * tests: add partial tests for SitesService * tests: use mockAxios directly instead of preparing an instance * tests: fix SitesService unit tests to pass * chore: adjust constants to use SCREAMING_SNAKE_CASE * fix: add authorizationMiddleware to ensure user is member of site * chore: combine sessionData unpacking * fix: insert try-catch to handle errors from JSON.parse * chore: remove unnecessary check for undefined site * chore: return instead of throwing NotFoundError * fix: add assertion to ensure integrity of GitHubCommitData * fix: remove need for adding site name to sessionData * refactor: convert routes Sites.spec.js to TypeScript * refactor: redesign getUrlsOfSite to increase readability * fix: use correct endpoint to get latest commit data * test: add unit tests for GitHubService getLatestCommitOfBranch * fix: add stub for obtaining merge author details * fix: return a well-formatted response for known exceptions * test: enhance GitHubService test for all other error statuses * chore: rename isType function and return boolean directly * fix: create new siteUrls object instead of changing in-place * fix: handle case of null or undefined user email * chore: improve code style * tests: fix output of getStagingUrl * feat: add collaborators statistics API endpoint (#520) * ref(fixtures): convert repoInfo to typescript * ref(services): migrate SitesService to typescript * tests: update unit and integration tests for SitesService * ref(sites): migrate sites router to typescript * fix: revert back to using SessionData * fix: remove use of Bluebird and unused getSiteToken function * fix: use more accurate type * chore: remove unused variable * refactor(tests): migrate generic axios instance to __mocks__ * feat: introduce function to obtain latest commit details * feat: add function for obtaining a User by ID * feat: introduce a new site info API endpoint * tests: add partial tests for SitesService * tests: use mockAxios directly instead of preparing an instance * tests: fix SitesService unit tests to pass * chore: adjust constants to use SCREAMING_SNAKE_CASE * fix: add authorizationMiddleware to ensure user is member of site * chore: combine sessionData unpacking * fix: insert try-catch to handle errors from JSON.parse * chore: remove unnecessary check for undefined site * chore: return instead of throwing NotFoundError * fix: add assertion to ensure integrity of GitHubCommitData * fix: remove need for adding site name to sessionData * refactor: convert routes Sites.spec.js to TypeScript * refactor: redesign getUrlsOfSite to increase readability * feat: add collaborators statistics API endpoint * test: add unit tests for collaborators statistics * fix: return 404 instead of throwing an exception * tests: add test to check for 404 status * refactor: remove all usages of TokenStore and tests (#533) * feat(rr): add database models (#518) * chore(infraservice): remove unused prop * chore(routes/auth): remove unused var * build(package): add useful command to undo migration * feat(migrations): add migrations for review requests fix(db migratino): update property names * chore(db migration): add migration to add status col to rr * chore(db migrations): add required columns for seq creation * feat(db/models): add new db models for rr fix(db models): update db models fix(reviewmeat): update db model * chore(reviewrequest): update db model for seq * fix(reviewmeta): add annotation on db model * chore(reviewrequest.ts): add col to db model * fix(teardown): add enum dropping for tests teardown * feat: add new siteUrl API endpoint to get the production URL of site (#535) * Feat/notifications (#508) * Feat: add notification database model and update related models * Chore: add migrations Also adds id to site_members table for easier reference * Feat: add notificationService * Feat: add notificationUtils * Feat: add notifications router * Chore: initialise Notifications table and services * Fix: remove unused imports * Fix: change behaviour of quick retrieval Always returns only new notifications now, unless there are none, in which case it returns most recent 6 * Chore: remove unused imports * Refactor: findAll method * Chore: add notificationResponse type * Feat: add created_at sorting criteria * Fix: notification sorting order * Chore: add documentation for sort criteria * Fix: rebase errors * Fix: rebase errors for tests * feat(rr): services + routes (#519) * feat(services): add initial services for rr * feat(types): add github types * feat(reviewrequestservice): add features * chore(review): wip for review routes * feat(types): add new types * feat(reviewrequestservice): add impl for computing sha mappings * feat(usersservice): add nwe method to user service to retrieve site admins * feat(review): add route for creating review request * refactor(collaboratorsservice): refactor method api for clarity * feat(types): add more types * refactor(collaborators): fix typings and add more steuff to return * chore(routes): update authenticated routes * chore(review): refactor to use collaborators service * refactor(reviewrequestservice): update methods * chore(server): add init code * refactor(reviewmeta): updat eto use belongs to * feat(types): add more types * feat(requestnotfounderror): add new error type * feat(review): add methods for listing review requests and retrieval of rr * refactor(types/dto): update review types * refactor(rrservice): update enum type * feat(rrservice): add new method to merge rr * feat(review): add new route to merge rr * fix(collaborators): remove erroneous destructuring * fix(routes/review): add siteId prop * chore(review dto): add status * chore(requestrequestservice): remove old comment * fix(reviewrequestservice): changed some stuff to be optional * refactor(rr service): split retrieving db/github view into 2 methods * feat(rr service): add methods to close/approve rr * refactor(rr service): refactor merge rr method * chore(collaboratorsservice): remove extra typecasts * feat(rr): add new endpoint to update rr * chore(types): minor cleanup * feat(rr routes): add new routes for close and approve pr * chore(review): update to userwithsitesesiontoken * refactor(reviewrequestservice): migrate api calls into own file * refactor(authenticated): shift review router dpes to init function * fix(index): fixed faulty init * refactor(reviewrequestservice): add site to reviewreq object * fix(review.ts): add explicit bearer token to api call * refactor(rrservice): refactor to retrieve user from db * chore(settingsservice): remove extra console log * chore(github): remove extra `patch` property * chore(review): add logging * fix(server): update imports from rebase * Chore: Update src/routes/v2/authenticated/review.ts Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> * Chore: Update src/routes/v2/authenticated/review.ts Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> * feat(rr status): add rr status enum * chore(rr): update db model * refactor(rrservice): updat to use enum * chore(rrservice): fix commennt * chore(review): update error codes * chore(usersservice): rename hasAccess to getSiteMember * chore(usersservice): update method name * feat(rr): allow updating of admins (#539) * chore(server): add init code * chore(dto): removed trailing space on folder name * refactor(reviewrequestservice): update to remove title/desc from update api * chore(collaborators): update import * chore(routes/review): updaterr api Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> * feat: add model and migration for review_request_views table (#521) * feat: add model and migration for review_request_views table * chore: rename migration * fix: add missing association with ReviewRequest model * fix: revert adding association in ReviewRequest model * fix: missing @column for primary and foreign key * fix: add new database table to sequelize * feat: add review request views API endpoint and functions (#532) * feat: add review request views API endpoint and functions * fix: adjust to use Promise.all to allow concurrent creations * chore: adjust naming of variable to be more reflective of state * Expose new API endpoint to update lastViewedAt timestamp * fix(server): removed extra db assoc * fix(formsgsitecreation): removed extra prop * Fix: reviewRequestId instead of reviewId * fix(server.js): add reviewrequestview init * feat: add endpoint to mark a review request as viewed (#550) * feat: add endpoint to mark a review request as viewed * fix: use upsert for updateReviewRequestLastViewedAt * Feat/comments (#534) * Feat: add methods for retrieving comments from github * Chore: add types * Feat: add comments methods to reviewRequestService * Feat: add comments routes * fix: check for properly formatted comments * Chore: remove incorrect comments * Fix: remove error return type * Fix: add logging if site not found * Feat: swap use of email in github commit to userid * Fix: response type * Fix: rename method and add github comment type * fix: compute the number of new comments to show (#549) * fix: compute the number of new comments to show * chore: adjust naming of variable and structure of code * chore: split getting number of new comments into 2 lines Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> * feat(rr): adds be for unapproval of rr (#540) * feat(rr): delete rr approval * chore(review): update numbering and logging * chore(review): update to send rather than empty json * fix(rrservice): update to use enum * fix: use review request requestor email for production commit email (#552) * fix: include full model in order by due to presence of alias (#554) * fix(server): swap order for auth to avoid nemspace conflicts * fix(review): allow rr creation by users of the site (#556) * tests: add remaining tests for identity features in SitesService (#566) * chore: define more specific constants for source of URLs * chore: move siteUrls type to repoInfo * tests: add remaining tests for identity features * tests: add spy method to check if extractAuthorEmail was called * chore(collaborators): update typings (#568) * chore(collaborators): update typings to be accurate * chore(collaborators): update typings * tests: add unit tests for ReviewRequestService (#569) * chore: remove TODO comment as it is already done * fix: should get the count of unread comments instead * tests: add ReviewRequestService unit tests * chore: move tests back to identity services * chore: remove unused variable * chore: adjust naming of test to be clearer on the situation * ref(fixtures): allow generating router for different user types (#574) * ref(fixtures): allow generating router for different user types * fix: switch to specifying the siteName directly * feat: allow adding a default user session * Fix/reference sitename from repo (#577) * Fix: use name from Repo instead of Site * Fix: tests * Fix: run tests sequentially * Fix: remove required from includes * Feat/add middleware for verifying email user (#573) * Feat: add middleware for email user * feat: add email verification middleware to collaborators * tests: add integration tests for review requests and comments (#576) * fix: force tests to run sequentially * fix: reset the state of the tables before running the tests * feat: add fixtures used for review requests * fix: await results from IdentityService * tests: add partial integration tests for review requests * chore: switch site name to use repo name instead * chore: switch to using variable for file name * chore: standardise the response codes for non-happy paths * fix: add additional sanity checks for comments-related features * tests: add remaining integration tests for review requests * fix: add methods to generate router for default values * chore: rename test to be more reflective of its purpose * fix: add missing return and await when updating database * chore: add comment on the need for Table.sync * fix(collaborators): add required middleware (#586) * fix(collaborators): add required middleware * chore(review): add missing await * tests: add unit tests for review requests routes (#582) * feat(rr): blob diffs (#575) * feat(review): add service methods to get raw blob from gh * feat(review): add route to retrieve blob diff * chore(review): add comment for head refs at present * fix(review): update types, fix header and remove extra await * Feat/notifications tests (#514) * Feat: add notificationService tests * Test: add Notification router tests * Test: add integration test for notifications * Fix: notification tests to work with new behaviour * Chore: swap constants to SCREAMING_SNAKE_CASE * Chore: fix test description * Chore: add comments * Chore: modify test names * Fix: cleanup tables between tests * Feat/generic notification creation (#523) * Feat: move notifications router to authenticated subrouter * Feat: modify create notification arguments * Feat: add notification middleware to handle edit notifications * Fix: allow next on routeHandler * Feat: add creatnotification middleware to authenticatesSitesRouter * Chore: add notification types * Feat: add notification changes when reviews are modified * Fix: swap order of subrouters * Fix: review request router dependencies * Fix: time period for updating notification * Fix: updating createdAt * Fix: tests * Chore: swap to promise.all * fix: rebase errors * Fix: add jsdoc * Feat: add link to notificationHandler * Fix: swap to promise.all and add links * fix(review): fixed triggering event for request approved notif * chore(notifications.spec): added correct ports * Fix: update message on update notification * Fix: notification integration tests * Feat: add generic notification handler tests (#572) * Feat: add generic notification handler tests * Fix: router initialisation and cleanup * fix: update github actions to use runInBand * Fix: update tests * Fix: reset database tables before integration tests * Chore: modify imports * Nit: test comment spelling Co-authored-by: Kishore <42832651+kishore03109@users.noreply.github.com> * Nit: comments and change var names Co-authored-by: Kishore <42832651+kishore03109@users.noreply.github.com> Co-authored-by: seaerchin <jiachin@open.gov.sg> Co-authored-by: Kishore <42832651+kishore03109@users.noreply.github.com> * Vapt: merge back to tracking (#647) * fix(notificationonedithandler): add check for email user * fix(review.ts): update routes access control (#589) * fix: prevent caching of backend API resp (#616) * fix: sanitize file content (#591) * feat: sanitize content via markdown utils * deps: use isomorphic-dompurify instead removes the need to declare a virtual DOM in node * feat: add sanitizedYaml helpers * feat: use sanitizedYaml helpers in codebase * test: add tests for sanitizedYaml helpers * chore: fix silly line break issues * test: add tests for markdown sanitization utils * fix: add express import that was removed by accident * chore: specify return types in yaml helpers * fix: make sanitizeYamlParse return type more specific * fix: hide contactNumber (#584) * Fix: query for site through repo (#630) * Fix/make login response indistinguishable (#624) * feat: add extra logging for mail failure * fix: always return 200 when attempting to retrieve otp * chore: update logging for sms * Fix: use logger.error * feat: Added virus scan functionality for file upload (VAPT finding) (#631) * feat: Added virus scan functionality for file/image upload using Cloudmersive API * Fixed lint and naming convention issue * uncomment the medianameChecks lines * Addressed PR comments: added more info/error logging and consistent message * Addressed PR comments: added check for Cloudmersive API key, corrected variable naming convention * Removed unused declaration of schema * auto-formatted by prettier and fixed formatting issue * chore: fix formatting on package-lock --------- Co-authored-by: Alexander Lee <alexander@open.gov.sg> * Feat/swap jwt to session (#619) * Chore: install new dependencies * Chore: add migration * Feat: add session middleware * feat: replace jwt with session * feat: update middleware * feat: update auth routes * chore: update method names * Fix: tests * chore: update .env-example * chore: rename session middleware * fix: use lodash isempty * fix: .env-example * chore: add logging to login and logout endpoints * Fix: remove log on logout Cookie may no longer exist * fix: tests * chore: fix rebase errors * Feat/otp mechanism (#636) * feat: adding bcrypt as dependency * feat!: adding otp table and migration * feat: logic complete for otp service * test: fix auth service tests * fix: user service tests * feat: fix tests and improve checks * fix: package-lock version formatting * feat: adding env vars to example * fix: remove console log * fix: adding env vars to .env.test * fix: parsed env vars with check * fix: simplify find logic * fix: remove unnecessary null check * fix: throw instead of return * test: adding more tests for otp mechanism * test: add more cases, improve existing cases * feat: simplify methods without enums * fix: auth service otp tests * Feat/throttling (#641) * build(package): install rate limiting package * feat(auth): add new rate limiter service and use it in auth router * test(auth.spec): add skeleton for test cases for auth * test(auth.spec): add tests for rate limiting * refactor(ratelimiter.spec): shift to own test file * chore(server): add trust proxy to our rate limiter * refactor(ratelimiter): read from env var * chore(auth.spec): remove unused import * test(sitesservice.spec): update where condition * fix(mediafileservice): revert api; fixed tests * Chore: remove temp ip endpoint * Fix: remove set number of max hops * Fix: remove unused import * chore: remove comment * chore: change 1 to true --------- Co-authored-by: seaerchin <jiachin@open.gov.sg> * feat: add gitguardian hook and update readme (#642) * chore: use trust proxy * feat: add gitguardian hook and readme * fix: remove pre-commit config * fix: fix nits * fix: add ggshield cache files to gitignore * feat: use env for gitguardian * chore: update readme and env example --------- Co-authored-by: Alexander Lee <alexander@open.gov.sg> * fix: wrong constant name used in test (#645) --------- Co-authored-by: seaerchin <jiachin@open.gov.sg> Co-authored-by: seaerchin <44049504+seaerchin@users.noreply.github.com> Co-authored-by: Preston Lim <prestonlimlianjie@gmail.com> Co-authored-by: Qilu Xie <qilu@open.gov.sg> Co-authored-by: Harish <harishv207@gmail.com> Co-authored-by: Harish <harish@open.gov.sg> * Fix: rebase errors * Fix: error message for review request * Fix: tests * feat: use convict for env vars (#646) * feat: add convict as dependency * feat: config wip * feat: add convict schema with defaults and validation * feat: add config alias and update dependencies * feat: replace process.env with config.get (wip) * fix: use import over require * feat: wip to use config * feat: add cloudmersive key as env * feat: wip to use config * feat: update config properties * feat: update imports and use config * chore: update env.test and imports * chore: standardise env * chore: remove dotenv * chore: format eslintrc * fix: rename convict format and env enums * chore: remove DOMAIN_WHITELIST from env * chore: revert trust proxy change * fix: cookie domain to be enums * feat: update to use config * fix: remove checks for env in logic * fix: make gitGuardian optional env * feat: add staging as option for node env * chore(app): chagne to import syntax * fix: remove string coercing for env key * chore: remove check for undefine site create form key env * chore: update package-lock --------- Co-authored-by: seaerchin <jiachin@open.gov.sg> * fix: make default empty strings (#658) * Fix/convict fixes (#660) * fix: make site launch vars optional, remove redundant ones * fix: remove duplicate express-session in package json * Chore/change node env of local dev to expect dev (#659) * chore: update references to node_env * Fix: remove .toLowerCase when retrieving config * Chore: add vapt to accepted application environments * Refactor: use isSecure * chore: replace IS_LOCAL_DEV with IS_DEV * Fix: change isSecure to variable instead of func (#664) * Fix/convict fixes (#663) * fix: update database config to use process.env * feat: strengthen validation for number check * fix: add try-catch to convict validate to prevent hard failure on deployment * fix: rename to use whole number * fix: console log convict err * fix: update check for whole to natural number * fix: rename back to positive number * fix: add radix param * chore(package-lock): installed using old npm --------- Co-authored-by: Alexander Lee <alexander@open.gov.sg> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> Co-authored-by: Preston Lim <prestonlimlianjie@gmail.com> Co-authored-by: Kishore <42832651+kishore03109@users.noreply.github.com> Co-authored-by: Qilu Xie <qilu@open.gov.sg> Co-authored-by: Harish <harishv207@gmail.com> Co-authored-by: Harish <harish@open.gov.sg>
* Chore(Site launch microservices):managing cloud environments (#657) * chore(serverless): remove offline packages + more meaningful naming for clarity * chore(deps): add deps + add in commands for cloud development * chore(readme): update readme * chore(docker compose): remove local emulation of lambdas (#666) we no longer use local stack * feat(identity): phase 2 (#509) * Feat/login flow (#477) * Feat: add SessionData class * Refactor: swap out auth middleware to use sessionData * Refactor: modify sessionData in rollbackRouteHandler * Feat: update middleware and auth services * Chore: swap out v1 routes Using a 1-1 swap here for v1 routes, since these are mostly outdated or due for refactor * Refactor: swap id used in logger * Feat: add handler to attach site name to sessionData * Chore: modify v2 routes and services to use sessionData * Chore: swap whoamiAuth to verifyJwt and useSiteAccessTokenIfAvailable with checkHasAccess * Test: add fixtures for new middleware * Fix: tests * Fix: allow e2e test user * Chore: update v1 endpoint * Fix: migrate auth middle to ts * Chore: rename to usersessiondata * Refactor: split sessionData into separate classes * Chore: replace sessionData * Chore: replace githubsessiondata * Chore: add jsdoc for classes * Chore: update routes and services to pass appropriate sessionData objects * Fix: tests * Fix: specify request types * Chore: remove unnecessary comment * Fix: simplify getGithubParamsWithSite * Feat/site member verification for email (#479) * Feat: add IsomerAdmins database table and migrations * Feat: add access token via interceptor if missing * Feat: add isomerAdminsService * Feat: add hasAccessToSite to usersService * Feat: shift site membership check to authorizationMiddlewareService * Chore: replace authMiddleware.checkHasAccess with authorizationMiddleware.checkIsSiteMember * Chore: migrate authmiddlewareservice to typescript * Fix: rename auth middleware to authentication middleware * Fix: move e2e_isomer_id into constants * Chore: add cookie types * Fix: more concise check for isSiteMember * FIx: rebase errors * Fix: remove unused identityAuthService dependency * Fix: rename AuthService import as identityAuthService * Nit: separate type definition * Feat/email login flow (#480) * build(deps): bump file-type from 16.5.3 to 16.5.4 (#475) Bumps [file-type](https://github.com/sindresorhus/file-type) from 16.5.3 to 16.5.4. - [Release notes](https://github.com/sindresorhus/file-type/releases) - [Commits](sindresorhus/file-type@v16.5.3...v16.5.4) --- updated-dependencies: - dependency-name: file-type dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: package.json & package-lock.json to reduce vulnerabilities (#476) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEQUELIZE-2959225 * build(deps): bump vm2 from 3.9.5 to 3.9.7 (#350) Bumps [vm2](https://github.com/patriksimek/vm2) from 3.9.5 to 3.9.7. - [Release notes](https://github.com/patriksimek/vm2/releases) - [Changelog](https://github.com/patriksimek/vm2/blob/master/CHANGELOG.md) - [Commits](patriksimek/vm2@3.9.5...3.9.7) --- updated-dependencies: - dependency-name: vm2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Chore: remove site links from description (#482) * Fix: update resource room (#481) * 0.10.0 * fix: remove unnecessary update step (#487) * 0.10.1 * Chore: update commit message to include user id * Feat: add login and verify endpoints * Fix: model relations and alias * Feat: add findSitesByUserId * Feat: add site retrieval for email and admin users * Fix: hasAccessToSite * Fix: update email/mobile by isomer id * Chore: update error message * Fix: await check for whitelist * Chore: add mockSessionData for email login * Fix: SiteService behaviour for email users with no whitelisted sites * Test: update sitesservice tests * Test: add new authservice tests and fix existing tests * Fix: update user model to allow null in github field * Fix: update test fixture * Fix: update user test suite * Chore: remove unused endpoint * Fix: rebase errors * Chore: remove unnecessary message in test * Chore: remove unnecessary userId field * Nit: rename variable * Refactor: shift site retrieval for email users into helper method * Chore: spacing and remove unused var * Fix: tests * Tests: add new authorizationMiddlewareService test * fix: remove resources_name and add support for url (#490) * fix: remove resources_name and add support for url * fix: display url parameter as domain but store with https scheme * fix: resolve failing tests * Chore: flip conditional * Refactor: shift order of getSites to make it easier to understand * Test: add new auth router tests * Feat: add integration tests for getSites * Fix: failing requests for getLastUpdated and getStagingUrl * Nit: add comment * Nit: test name and var name * chore(mocks/axios): remove extra stuff * test(sites.spec): refactor specs for clarity * Fix: update settings * Nit: update comment * Fix: tests Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> Co-authored-by: seaerchin <jiachin@open.gov.sg> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> Co-authored-by: seaerchin <jiachin@open.gov.sg> * Fix: e2e bypass of authorization middleware Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> Co-authored-by: seaerchin <jiachin@open.gov.sg> * feat: collaborators (#510) * build(devdeps): add lodash types * fix(model): rectify db model definitions * refactor: add message param to ForbiddenError * feat: add CollaboratorsService * test: add tests for CollaboratorsService * feat: use CollaboratorService in authorization middleware * test: add tests for authorization middleware * feat: add CollaboratorsRouter * test: add tests for CollaboratorsRouter * feat(db-migration): change site_members role enum in the database * feat: modify authzMiddlewareService tests * fix: error in mock collaborators fixture * ref(services): migrate SitesService to TypeScript (#512) * ref(fixtures): convert repoInfo to typescript * ref(services): migrate SitesService to typescript * tests: update unit and integration tests for SitesService * ref(sites): migrate sites router to typescript * fix: revert back to using SessionData * fix: remove use of Bluebird and unused getSiteToken function * fix: use more accurate type * chore: remove unused variable * refactor(tests): migrate generic axios instance to __mocks__ * tests: use mockAxios directly instead of preparing an instance * feat(rr): db migrations (#515) * chore(infraservice): remove unused prop * chore(routes/auth): remove unused var * build(package): add useful command to undo migration * feat(migrations): add migrations for review requests fix(db migratino): update property names * chore(db migration): add migration to add status col to rr * chore(db migrations): add required columns for seq creation * feat: introduce a new site info API endpoint (#513) * ref(fixtures): convert repoInfo to typescript * ref(services): migrate SitesService to typescript * tests: update unit and integration tests for SitesService * ref(sites): migrate sites router to typescript * fix: revert back to using SessionData * fix: remove use of Bluebird and unused getSiteToken function * fix: use more accurate type * chore: remove unused variable * refactor(tests): migrate generic axios instance to __mocks__ * feat: introduce function to obtain latest commit details * feat: add function for obtaining a User by ID * feat: introduce a new site info API endpoint * tests: add partial tests for SitesService * tests: use mockAxios directly instead of preparing an instance * tests: fix SitesService unit tests to pass * chore: adjust constants to use SCREAMING_SNAKE_CASE * fix: add authorizationMiddleware to ensure user is member of site * chore: combine sessionData unpacking * fix: insert try-catch to handle errors from JSON.parse * chore: remove unnecessary check for undefined site * chore: return instead of throwing NotFoundError * fix: add assertion to ensure integrity of GitHubCommitData * fix: remove need for adding site name to sessionData * refactor: convert routes Sites.spec.js to TypeScript * refactor: redesign getUrlsOfSite to increase readability * fix: use correct endpoint to get latest commit data * test: add unit tests for GitHubService getLatestCommitOfBranch * fix: add stub for obtaining merge author details * fix: return a well-formatted response for known exceptions * test: enhance GitHubService test for all other error statuses * chore: rename isType function and return boolean directly * fix: create new siteUrls object instead of changing in-place * fix: handle case of null or undefined user email * chore: improve code style * tests: fix output of getStagingUrl * feat: add collaborators statistics API endpoint (#520) * ref(fixtures): convert repoInfo to typescript * ref(services): migrate SitesService to typescript * tests: update unit and integration tests for SitesService * ref(sites): migrate sites router to typescript * fix: revert back to using SessionData * fix: remove use of Bluebird and unused getSiteToken function * fix: use more accurate type * chore: remove unused variable * refactor(tests): migrate generic axios instance to __mocks__ * feat: introduce function to obtain latest commit details * feat: add function for obtaining a User by ID * feat: introduce a new site info API endpoint * tests: add partial tests for SitesService * tests: use mockAxios directly instead of preparing an instance * tests: fix SitesService unit tests to pass * chore: adjust constants to use SCREAMING_SNAKE_CASE * fix: add authorizationMiddleware to ensure user is member of site * chore: combine sessionData unpacking * fix: insert try-catch to handle errors from JSON.parse * chore: remove unnecessary check for undefined site * chore: return instead of throwing NotFoundError * fix: add assertion to ensure integrity of GitHubCommitData * fix: remove need for adding site name to sessionData * refactor: convert routes Sites.spec.js to TypeScript * refactor: redesign getUrlsOfSite to increase readability * feat: add collaborators statistics API endpoint * test: add unit tests for collaborators statistics * fix: return 404 instead of throwing an exception * tests: add test to check for 404 status * refactor: remove all usages of TokenStore and tests (#533) * feat(rr): add database models (#518) * chore(infraservice): remove unused prop * chore(routes/auth): remove unused var * build(package): add useful command to undo migration * feat(migrations): add migrations for review requests fix(db migratino): update property names * chore(db migration): add migration to add status col to rr * chore(db migrations): add required columns for seq creation * feat(db/models): add new db models for rr fix(db models): update db models fix(reviewmeat): update db model * chore(reviewrequest): update db model for seq * fix(reviewmeta): add annotation on db model * chore(reviewrequest.ts): add col to db model * fix(teardown): add enum dropping for tests teardown * feat: add new siteUrl API endpoint to get the production URL of site (#535) * Feat/notifications (#508) * Feat: add notification database model and update related models * Chore: add migrations Also adds id to site_members table for easier reference * Feat: add notificationService * Feat: add notificationUtils * Feat: add notifications router * Chore: initialise Notifications table and services * Fix: remove unused imports * Fix: change behaviour of quick retrieval Always returns only new notifications now, unless there are none, in which case it returns most recent 6 * Chore: remove unused imports * Refactor: findAll method * Chore: add notificationResponse type * Feat: add created_at sorting criteria * Fix: notification sorting order * Chore: add documentation for sort criteria * Fix: rebase errors * Fix: rebase errors for tests * feat(rr): services + routes (#519) * feat(services): add initial services for rr * feat(types): add github types * feat(reviewrequestservice): add features * chore(review): wip for review routes * feat(types): add new types * feat(reviewrequestservice): add impl for computing sha mappings * feat(usersservice): add nwe method to user service to retrieve site admins * feat(review): add route for creating review request * refactor(collaboratorsservice): refactor method api for clarity * feat(types): add more types * refactor(collaborators): fix typings and add more steuff to return * chore(routes): update authenticated routes * chore(review): refactor to use collaborators service * refactor(reviewrequestservice): update methods * chore(server): add init code * refactor(reviewmeta): updat eto use belongs to * feat(types): add more types * feat(requestnotfounderror): add new error type * feat(review): add methods for listing review requests and retrieval of rr * refactor(types/dto): update review types * refactor(rrservice): update enum type * feat(rrservice): add new method to merge rr * feat(review): add new route to merge rr * fix(collaborators): remove erroneous destructuring * fix(routes/review): add siteId prop * chore(review dto): add status * chore(requestrequestservice): remove old comment * fix(reviewrequestservice): changed some stuff to be optional * refactor(rr service): split retrieving db/github view into 2 methods * feat(rr service): add methods to close/approve rr * refactor(rr service): refactor merge rr method * chore(collaboratorsservice): remove extra typecasts * feat(rr): add new endpoint to update rr * chore(types): minor cleanup * feat(rr routes): add new routes for close and approve pr * chore(review): update to userwithsitesesiontoken * refactor(reviewrequestservice): migrate api calls into own file * refactor(authenticated): shift review router dpes to init function * fix(index): fixed faulty init * refactor(reviewrequestservice): add site to reviewreq object * fix(review.ts): add explicit bearer token to api call * refactor(rrservice): refactor to retrieve user from db * chore(settingsservice): remove extra console log * chore(github): remove extra `patch` property * chore(review): add logging * fix(server): update imports from rebase * Chore: Update src/routes/v2/authenticated/review.ts Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> * Chore: Update src/routes/v2/authenticated/review.ts Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> * feat(rr status): add rr status enum * chore(rr): update db model * refactor(rrservice): updat to use enum * chore(rrservice): fix commennt * chore(review): update error codes * chore(usersservice): rename hasAccess to getSiteMember * chore(usersservice): update method name * feat(rr): allow updating of admins (#539) * chore(server): add init code * chore(dto): removed trailing space on folder name * refactor(reviewrequestservice): update to remove title/desc from update api * chore(collaborators): update import * chore(routes/review): updaterr api Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> * feat: add model and migration for review_request_views table (#521) * feat: add model and migration for review_request_views table * chore: rename migration * fix: add missing association with ReviewRequest model * fix: revert adding association in ReviewRequest model * fix: missing @column for primary and foreign key * fix: add new database table to sequelize * feat: add review request views API endpoint and functions (#532) * feat: add review request views API endpoint and functions * fix: adjust to use Promise.all to allow concurrent creations * chore: adjust naming of variable to be more reflective of state * Expose new API endpoint to update lastViewedAt timestamp * fix(server): removed extra db assoc * fix(formsgsitecreation): removed extra prop * Fix: reviewRequestId instead of reviewId * fix(server.js): add reviewrequestview init * feat: add endpoint to mark a review request as viewed (#550) * feat: add endpoint to mark a review request as viewed * fix: use upsert for updateReviewRequestLastViewedAt * Feat/comments (#534) * Feat: add methods for retrieving comments from github * Chore: add types * Feat: add comments methods to reviewRequestService * Feat: add comments routes * fix: check for properly formatted comments * Chore: remove incorrect comments * Fix: remove error return type * Fix: add logging if site not found * Feat: swap use of email in github commit to userid * Fix: response type * Fix: rename method and add github comment type * fix: compute the number of new comments to show (#549) * fix: compute the number of new comments to show * chore: adjust naming of variable and structure of code * chore: split getting number of new comments into 2 lines Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> * feat(rr): adds be for unapproval of rr (#540) * feat(rr): delete rr approval * chore(review): update numbering and logging * chore(review): update to send rather than empty json * fix(rrservice): update to use enum * fix: use review request requestor email for production commit email (#552) * fix: include full model in order by due to presence of alias (#554) * fix(server): swap order for auth to avoid nemspace conflicts * fix(review): allow rr creation by users of the site (#556) * tests: add remaining tests for identity features in SitesService (#566) * chore: define more specific constants for source of URLs * chore: move siteUrls type to repoInfo * tests: add remaining tests for identity features * tests: add spy method to check if extractAuthorEmail was called * chore(collaborators): update typings (#568) * chore(collaborators): update typings to be accurate * chore(collaborators): update typings * tests: add unit tests for ReviewRequestService (#569) * chore: remove TODO comment as it is already done * fix: should get the count of unread comments instead * tests: add ReviewRequestService unit tests * chore: move tests back to identity services * chore: remove unused variable * chore: adjust naming of test to be clearer on the situation * ref(fixtures): allow generating router for different user types (#574) * ref(fixtures): allow generating router for different user types * fix: switch to specifying the siteName directly * feat: allow adding a default user session * Fix/reference sitename from repo (#577) * Fix: use name from Repo instead of Site * Fix: tests * Fix: run tests sequentially * Fix: remove required from includes * Feat/add middleware for verifying email user (#573) * Feat: add middleware for email user * feat: add email verification middleware to collaborators * tests: add integration tests for review requests and comments (#576) * fix: force tests to run sequentially * fix: reset the state of the tables before running the tests * feat: add fixtures used for review requests * fix: await results from IdentityService * tests: add partial integration tests for review requests * chore: switch site name to use repo name instead * chore: switch to using variable for file name * chore: standardise the response codes for non-happy paths * fix: add additional sanity checks for comments-related features * tests: add remaining integration tests for review requests * fix: add methods to generate router for default values * chore: rename test to be more reflective of its purpose * fix: add missing return and await when updating database * chore: add comment on the need for Table.sync * fix(collaborators): add required middleware (#586) * fix(collaborators): add required middleware * chore(review): add missing await * tests: add unit tests for review requests routes (#582) * feat(rr): blob diffs (#575) * feat(review): add service methods to get raw blob from gh * feat(review): add route to retrieve blob diff * chore(review): add comment for head refs at present * fix(review): update types, fix header and remove extra await * Feat/notifications tests (#514) * Feat: add notificationService tests * Test: add Notification router tests * Test: add integration test for notifications * Fix: notification tests to work with new behaviour * Chore: swap constants to SCREAMING_SNAKE_CASE * Chore: fix test description * Chore: add comments * Chore: modify test names * Fix: cleanup tables between tests * Feat/generic notification creation (#523) * Feat: move notifications router to authenticated subrouter * Feat: modify create notification arguments * Feat: add notification middleware to handle edit notifications * Fix: allow next on routeHandler * Feat: add creatnotification middleware to authenticatesSitesRouter * Chore: add notification types * Feat: add notification changes when reviews are modified * Fix: swap order of subrouters * Fix: review request router dependencies * Fix: time period for updating notification * Fix: updating createdAt * Fix: tests * Chore: swap to promise.all * fix: rebase errors * Fix: add jsdoc * Feat: add link to notificationHandler * Fix: swap to promise.all and add links * fix(review): fixed triggering event for request approved notif * chore(notifications.spec): added correct ports * Fix: update message on update notification * Fix: notification integration tests * Feat: add generic notification handler tests (#572) * Feat: add generic notification handler tests * Fix: router initialisation and cleanup * fix: update github actions to use runInBand * Fix: update tests * Fix: reset database tables before integration tests * Chore: modify imports * Nit: test comment spelling Co-authored-by: Kishore <42832651+kishore03109@users.noreply.github.com> * Nit: comments and change var names Co-authored-by: Kishore <42832651+kishore03109@users.noreply.github.com> Co-authored-by: seaerchin <jiachin@open.gov.sg> Co-authored-by: Kishore <42832651+kishore03109@users.noreply.github.com> * Vapt: merge back to tracking (#647) * fix(notificationonedithandler): add check for email user * fix(review.ts): update routes access control (#589) * fix: prevent caching of backend API resp (#616) * fix: sanitize file content (#591) * feat: sanitize content via markdown utils * deps: use isomorphic-dompurify instead removes the need to declare a virtual DOM in node * feat: add sanitizedYaml helpers * feat: use sanitizedYaml helpers in codebase * test: add tests for sanitizedYaml helpers * chore: fix silly line break issues * test: add tests for markdown sanitization utils * fix: add express import that was removed by accident * chore: specify return types in yaml helpers * fix: make sanitizeYamlParse return type more specific * fix: hide contactNumber (#584) * Fix: query for site through repo (#630) * Fix/make login response indistinguishable (#624) * feat: add extra logging for mail failure * fix: always return 200 when attempting to retrieve otp * chore: update logging for sms * Fix: use logger.error * feat: Added virus scan functionality for file upload (VAPT finding) (#631) * feat: Added virus scan functionality for file/image upload using Cloudmersive API * Fixed lint and naming convention issue * uncomment the medianameChecks lines * Addressed PR comments: added more info/error logging and consistent message * Addressed PR comments: added check for Cloudmersive API key, corrected variable naming convention * Removed unused declaration of schema * auto-formatted by prettier and fixed formatting issue * chore: fix formatting on package-lock --------- Co-authored-by: Alexander Lee <alexander@open.gov.sg> * Feat/swap jwt to session (#619) * Chore: install new dependencies * Chore: add migration * Feat: add session middleware * feat: replace jwt with session * feat: update middleware * feat: update auth routes * chore: update method names * Fix: tests * chore: update .env-example * chore: rename session middleware * fix: use lodash isempty * fix: .env-example * chore: add logging to login and logout endpoints * Fix: remove log on logout Cookie may no longer exist * fix: tests * chore: fix rebase errors * Feat/otp mechanism (#636) * feat: adding bcrypt as dependency * feat!: adding otp table and migration * feat: logic complete for otp service * test: fix auth service tests * fix: user service tests * feat: fix tests and improve checks * fix: package-lock version formatting * feat: adding env vars to example * fix: remove console log * fix: adding env vars to .env.test * fix: parsed env vars with check * fix: simplify find logic * fix: remove unnecessary null check * fix: throw instead of return * test: adding more tests for otp mechanism * test: add more cases, improve existing cases * feat: simplify methods without enums * fix: auth service otp tests * Feat/throttling (#641) * build(package): install rate limiting package * feat(auth): add new rate limiter service and use it in auth router * test(auth.spec): add skeleton for test cases for auth * test(auth.spec): add tests for rate limiting * refactor(ratelimiter.spec): shift to own test file * chore(server): add trust proxy to our rate limiter * refactor(ratelimiter): read from env var * chore(auth.spec): remove unused import * test(sitesservice.spec): update where condition * fix(mediafileservice): revert api; fixed tests * Chore: remove temp ip endpoint * Fix: remove set number of max hops * Fix: remove unused import * chore: remove comment * chore: change 1 to true --------- Co-authored-by: seaerchin <jiachin@open.gov.sg> * feat: add gitguardian hook and update readme (#642) * chore: use trust proxy * feat: add gitguardian hook and readme * fix: remove pre-commit config * fix: fix nits * fix: add ggshield cache files to gitignore * feat: use env for gitguardian * chore: update readme and env example --------- Co-authored-by: Alexander Lee <alexander@open.gov.sg> * fix: wrong constant name used in test (#645) --------- Co-authored-by: seaerchin <jiachin@open.gov.sg> Co-authored-by: seaerchin <44049504+seaerchin@users.noreply.github.com> Co-authored-by: Preston Lim <prestonlimlianjie@gmail.com> Co-authored-by: Qilu Xie <qilu@open.gov.sg> Co-authored-by: Harish <harishv207@gmail.com> Co-authored-by: Harish <harish@open.gov.sg> * Fix: rebase errors * Fix: error message for review request * Fix: tests * feat: use convict for env vars (#646) * feat: add convict as dependency * feat: config wip * feat: add convict schema with defaults and validation * feat: add config alias and update dependencies * feat: replace process.env with config.get (wip) * fix: use import over require * feat: wip to use config * feat: add cloudmersive key as env * feat: wip to use config * feat: update config properties * feat: update imports and use config * chore: update env.test and imports * chore: standardise env * chore: remove dotenv * chore: format eslintrc * fix: rename convict format and env enums * chore: remove DOMAIN_WHITELIST from env * chore: revert trust proxy change * fix: cookie domain to be enums * feat: update to use config * fix: remove checks for env in logic * fix: make gitGuardian optional env * feat: add staging as option for node env * chore(app): chagne to import syntax * fix: remove string coercing for env key * chore: remove check for undefine site create form key env * chore: update package-lock --------- Co-authored-by: seaerchin <jiachin@open.gov.sg> * fix: make default empty strings (#658) * Fix/convict fixes (#660) * fix: make site launch vars optional, remove redundant ones * fix: remove duplicate express-session in package json * Chore/change node env of local dev to expect dev (#659) * chore: update references to node_env * Fix: remove .toLowerCase when retrieving config * Chore: add vapt to accepted application environments * Refactor: use isSecure * chore: replace IS_LOCAL_DEV with IS_DEV * Fix: change isSecure to variable instead of func (#664) * Fix/convict fixes (#663) * fix: update database config to use process.env * feat: strengthen validation for number check * fix: add try-catch to convict validate to prevent hard failure on deployment * fix: rename to use whole number * fix: console log convict err * fix: update check for whole to natural number * fix: rename back to positive number * fix: add radix param * chore(package-lock): installed using old npm --------- Co-authored-by: Alexander Lee <alexander@open.gov.sg> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> Co-authored-by: Preston Lim <prestonlimlianjie@gmail.com> Co-authored-by: Kishore <42832651+kishore03109@users.noreply.github.com> Co-authored-by: Qilu Xie <qilu@open.gov.sg> Co-authored-by: Harish <harishv207@gmail.com> Co-authored-by: Harish <harish@open.gov.sg> * 0.18.0 --------- Co-authored-by: Alexander Lee <alexander@open.gov.sg> Co-authored-by: Kishore <42832651+kishore03109@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com> Co-authored-by: Preston Lim <prestonlimlianjie@gmail.com> Co-authored-by: Qilu Xie <qilu@open.gov.sg> Co-authored-by: Harish <harishv207@gmail.com> Co-authored-by: Harish <harish@open.gov.sg>
Problem
We should have an exhaustive env variables check at service startup. This ensures that we can confidently use environment variables across our codebase without worrying about situations where the expected env var is missing or empty.
Solution
We can use the popular convict npm package which helps us create a schema of expected env vars and assert that these are present at system startup.
This introduces a configuration schema that ensure the environment is predictable and maintainable.
Do help to verify if all the env vars are captured well in the config file. There is one variable which me and @alexanderleegs were not able to identify the usage:
AWS_BACKEND_EB_ENV_NAME
used inlogger.js
. This variable was not existing on prod EB env. When added to staging, it didn't make a change to the staging log-groups produced as well.This has been excluded in the config. But we should decided if this variable is required or not.
Breaking Changes
Tests
Do run
npm run test --runInBand
to ensure all the tests are passingDeploy Notes
Ensure that all required variables are present in the environment files.
In the absence of the variables in
.env
the defaults will be used.New environment variables:
Please check
config.ts
undersrc/config
to ensure all the env variables matchNew dependencies:
"convict": "^6.2.4",
: introduces a configuration schema that ensure the environment is predictable and maintainableNew dev dependencies:
@types/convict
: types for convict package