Skip to content

Commit

Permalink
Vapt: merge back to tracking (#647)
Browse files Browse the repository at this point in the history
* fix(notificationonedithandler): add check for email user

* fix(review.ts): update routes access control (#589)

* fix: prevent caching of backend API resp (#616)

* fix: sanitize file content (#591)

* feat: sanitize content via markdown utils

* deps: use isomorphic-dompurify instead

removes the need to declare a virtual DOM in node

* feat: add sanitizedYaml helpers

* feat: use sanitizedYaml helpers in codebase

* test: add tests for sanitizedYaml helpers

* chore: fix silly line break issues

* test: add tests for markdown sanitization utils

* fix: add express import that was removed

by accident

* chore: specify return types in yaml helpers

* fix: make sanitizeYamlParse return type more specific

* fix: hide contactNumber (#584)

* Fix: query for site through repo (#630)

* Fix/make login response indistinguishable (#624)

* feat: add extra logging for mail failure

* fix: always return 200 when attempting to retrieve otp

* chore: update logging for sms

* Fix: use logger.error

* feat: Added virus scan functionality for file upload (VAPT finding) (#631)

* feat: Added virus scan functionality for file/image upload using Cloudmersive API

* Fixed lint and naming convention issue

* uncomment the medianameChecks lines

* Addressed PR comments: added more info/error logging and consistent message

* Addressed PR comments: added check for Cloudmersive API key, corrected variable naming convention

* Removed unused declaration of schema

* auto-formatted by prettier and fixed formatting issue

* chore: fix formatting on package-lock

---------

Co-authored-by: Alexander Lee <[email protected]>

* Feat/swap jwt to session (#619)

* Chore: install new dependencies

* Chore: add migration

* Feat: add session middleware

* feat: replace jwt with session

* feat: update middleware

* feat: update auth routes

* chore: update method names

* Fix: tests

* chore: update .env-example

* chore: rename session middleware

* fix: use lodash isempty

* fix: .env-example

* chore: add logging to login and logout endpoints

* Fix: remove log on logout

Cookie may no longer exist

* fix: tests

* chore: fix rebase errors

* Feat/otp mechanism (#636)

* feat: adding bcrypt as dependency

* feat!: adding otp table and migration

* feat: logic complete for otp service

* test: fix auth service tests

* fix: user service tests

* feat: fix tests and improve checks

* fix: package-lock version formatting

* feat: adding env vars to example

* fix: remove console log

* fix: adding env vars to .env.test

* fix: parsed env vars with check

* fix: simplify find logic

* fix: remove unnecessary null check

* fix: throw instead of return

* test: adding more tests for otp mechanism

* test: add more cases, improve existing cases

* feat: simplify methods without enums

* fix: auth service otp tests

* Feat/throttling (#641)

* build(package): install rate limiting package

* feat(auth): add new rate limiter service and use it in auth router

* test(auth.spec): add skeleton for test cases for auth

* test(auth.spec): add tests for rate limiting

* refactor(ratelimiter.spec): shift to own test file

* chore(server): add trust proxy to our rate limiter

* refactor(ratelimiter): read from env var

* chore(auth.spec): remove unused import

* test(sitesservice.spec): update where condition

* fix(mediafileservice): revert api; fixed tests

* Chore: remove temp ip endpoint

* Fix: remove set number of max hops

* Fix: remove unused import

* chore: remove comment

* chore: change 1 to true

---------

Co-authored-by: seaerchin <[email protected]>

* feat: add gitguardian hook and update readme (#642)

* chore: use trust proxy

* feat: add gitguardian hook and readme

* fix: remove pre-commit config

* fix: fix nits

* fix: add ggshield cache files to gitignore

* feat: use env for gitguardian

* chore: update readme and env example

---------

Co-authored-by: Alexander Lee <[email protected]>

* fix: wrong constant name used in test (#645)

---------

Co-authored-by: seaerchin <[email protected]>
Co-authored-by: seaerchin <[email protected]>
Co-authored-by: Preston Lim <[email protected]>
Co-authored-by: Qilu Xie <[email protected]>
Co-authored-by: Harish <[email protected]>
Co-authored-by: Harish <[email protected]>
  • Loading branch information
7 people committed Mar 8, 2023
1 parent ec449f7 commit 6f56a17
Show file tree
Hide file tree
Showing 67 changed files with 1,826 additions and 303 deletions.
11 changes: 10 additions & 1 deletion .env-example
Original file line number Diff line number Diff line change
@@ -1,16 +1,19 @@
export CLIENT_ID=""
export CLIENT_SECRET=""
export REDIRECT_URI="http://localhost:8081/auth"
export REDIRECT_URI="http://localhost:8081/v1/auth"
export NODE_ENV="LOCAL_DEV"
export COOKIE_DOMAIN="localhost"
export AUTH_TOKEN_EXPIRY_DURATION_IN_MILLISECONDS=3600000
export SESSION_SECRET=mysessionsecretblah
export JWT_SECRET=mysecretblah
export ENCRYPTION_SECRET=anothersecretblah
export FRONTEND_URL='http://localhost:8081'
export GITHUB_ORG_NAME="isomerpages"
export GITHUB_BUILD_ORG_NAME="opengovsg"
export GITHUB_BUILD_REPO_NAME="isomer-build"
export MUTEX_TABLE_NAME=""
export MAX_NUM_OTP_ATTEMPTS=5
export OTP_EXPIRY=900000

# GitHub access token to create repo
export SYSTEM_GITHUB_TOKEN=""
Expand Down Expand Up @@ -48,3 +51,9 @@ export POSTMAN_SMS_CRED_NAME=""
export DD_ENV="local"
export DD_SERVICE="isomer"
export DD_TAGS="service:isomer"

# Cloudmersive
export CLOUDMERSIVE_API_KEY=""

# GitGuardian
export GITGUARDIAN_API_KEY=""
2 changes: 2 additions & 0 deletions .env.test
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ export GITHUB_ORG_NAME="isomerpages"
export GITHUB_BUILD_ORG_NAME="opengovsg"
export GITHUB_BUILD_REPO_NAME="isomer-build"
export ISOMERPAGES_REPO_PAGE_COUNT=3
export MAX_NUM_OTP_ATTEMPTS=5
export OTP_EXPIRY=900000

# Database
export DB_URI="postgres://isomer:password@localhost:54321/isomercms_test"
Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,4 @@ build/
.DS_Store
.step-functions-local/
.serverless/
.cache_ggshield
1 change: 1 addition & 0 deletions .husky/pre-commit
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@
. "$(dirname "$0")/_/husky.sh"

npx lint-staged
source .env && ggshield secret scan pre-commit
31 changes: 31 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,37 @@
3. next, run `npm i` to ensure that you have all the required packages
4. run `npm run dev`

## Setup

1. Ensure pre-commit hooks are setup for safe commits. See below section on "Setting up Git Guardian"
2. Ensure node 14 is installed. Install and use nvm to manage multiple node versions.
3. Run `npm i` to install required packages
4. Ensure [Docker](https://www.docker.com/products/docker-desktop/) is installed
5. Run `npm run dev:services` to bring up the docker containers
6. Run `npm run dev` to start the server

## Setting Up Git Guardian

1. Install GitGuardian

```
brew install gitguardian/tap/ggshield
```

2. Add the API Key to your `.env` file

```
# Service API key from GitGuardian account
export GITGUARDIAN_API_KEY=abc123
```

Notes:

Only if necessary,

- To skip all pre-commit hooks, use `$ git commit -m "commit message" -n`
- To skip only GitGuardian’s hook, use `$ SKIP=ggshield git commit -m "commit message"`

## E2E Tests

To run the E2E tests successfully, you will need to define the following environment variables:
Expand Down
Loading

0 comments on commit 6f56a17

Please sign in to comment.