Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(vapt): merge back into tracking branch #590

Closed
wants to merge 41 commits into from
Closed

feat(vapt): merge back into tracking branch #590

wants to merge 41 commits into from

Conversation

seaerchin
Copy link
Contributor

@seaerchin seaerchin commented Dec 12, 2022

TODOs

  • pending VAPT fixes
    • mostly approved, pending merge
  • remove extra ut commit (feat(ut): generic notifs #565)
  • teardown extra .yml file for deploy
  • run migrations

alexanderleegs and others added 30 commits September 29, 2022 11:14
* Feat: add SessionData class

* Refactor: swap out auth middleware to use sessionData

* Refactor: modify sessionData in rollbackRouteHandler

* Feat: update middleware and auth services

* Chore: swap out v1 routes

Using a 1-1 swap here for v1 routes, since these are mostly outdated or due for refactor

* Refactor: swap id used in logger

* Feat: add handler to attach site name to sessionData

* Chore: modify v2 routes and services to use sessionData

* Chore: swap whoamiAuth to verifyJwt and useSiteAccessTokenIfAvailable with checkHasAccess

* Test: add fixtures for new middleware

* Fix: tests

* Fix: allow e2e test user

* Chore: update v1 endpoint

* Fix: migrate auth middle to ts

* Chore: rename to usersessiondata

* Refactor: split sessionData into separate classes

* Chore: replace sessionData

* Chore: replace githubsessiondata

* Chore: add jsdoc for classes

* Chore: update routes and services to pass appropriate sessionData objects

* Fix: tests

* Fix: specify request types

* Chore: remove unnecessary comment

* Fix: simplify getGithubParamsWithSite

* Feat/site member verification for email (#479)

* Feat: add IsomerAdmins database table and migrations

* Feat: add access token via interceptor if missing

* Feat: add isomerAdminsService

* Feat: add hasAccessToSite to usersService

* Feat: shift site membership check to authorizationMiddlewareService

* Chore: replace authMiddleware.checkHasAccess with authorizationMiddleware.checkIsSiteMember

* Chore: migrate authmiddlewareservice to typescript

* Fix: rename auth middleware to authentication middleware

* Fix: move e2e_isomer_id into constants

* Chore: add cookie types

* Fix: more concise check for isSiteMember

* FIx: rebase errors

* Fix: remove unused identityAuthService dependency

* Fix: rename AuthService import as identityAuthService

* Nit: separate type definition

* Feat/email login flow (#480)

* build(deps): bump file-type from 16.5.3 to 16.5.4 (#475)

Bumps [file-type](https://github.com/sindresorhus/file-type) from 16.5.3 to 16.5.4.
- [Release notes](https://github.com/sindresorhus/file-type/releases)
- [Commits](sindresorhus/file-type@v16.5.3...v16.5.4)

---
updated-dependencies:
- dependency-name: file-type
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: package.json & package-lock.json to reduce vulnerabilities (#476)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SEQUELIZE-2959225

* build(deps): bump vm2 from 3.9.5 to 3.9.7 (#350)

Bumps [vm2](https://github.com/patriksimek/vm2) from 3.9.5 to 3.9.7.
- [Release notes](https://github.com/patriksimek/vm2/releases)
- [Changelog](https://github.com/patriksimek/vm2/blob/master/CHANGELOG.md)
- [Commits](patriksimek/vm2@3.9.5...3.9.7)

---
updated-dependencies:
- dependency-name: vm2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Chore: remove site links from description (#482)

* Fix: update resource room (#481)

* 0.10.0

* fix: remove unnecessary update step (#487)

* 0.10.1

* Chore: update commit message to include user id

* Feat: add login and verify endpoints

* Fix: model relations and alias

* Feat: add findSitesByUserId

* Feat: add site retrieval for email and admin users

* Fix: hasAccessToSite

* Fix: update email/mobile by isomer id

* Chore: update error message

* Fix: await check for whitelist

* Chore: add mockSessionData for email login

* Fix: SiteService behaviour for email users with no whitelisted sites

* Test: update sitesservice tests

* Test: add new authservice tests and fix existing tests

* Fix: update user model to allow null in github field

* Fix: update test fixture

* Fix: update user test suite

* Chore: remove unused endpoint

* Fix: rebase errors

* Chore: remove unnecessary message in test

* Chore: remove unnecessary userId field

* Nit: rename variable

* Refactor: shift site retrieval for email users into helper method

* Chore: spacing and remove unused var

* Fix: tests

* Tests: add new authorizationMiddlewareService test

* fix: remove resources_name and add support for url (#490)

* fix: remove resources_name and add support for url

* fix: display url parameter as domain but store with https scheme

* fix: resolve failing tests

* Chore: flip conditional

* Refactor: shift order of getSites to make it easier to understand

* Test: add new auth router tests

* Feat: add integration tests for getSites

* Fix: failing requests for getLastUpdated and getStagingUrl

* Nit: add comment

* Nit: test name and var name

* chore(mocks/axios): remove extra stuff

* test(sites.spec): refactor specs for clarity

* Fix: update settings

* Nit: update comment

* Fix: tests

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Snyk bot <[email protected]>
Co-authored-by: Hsu Zhong Jun <[email protected]>
Co-authored-by: seaerchin <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Snyk bot <[email protected]>
Co-authored-by: Hsu Zhong Jun <[email protected]>
Co-authored-by: seaerchin <[email protected]>

* Fix: e2e bypass of authorization middleware

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Snyk bot <[email protected]>
Co-authored-by: Hsu Zhong Jun <[email protected]>
Co-authored-by: seaerchin <[email protected]>
* build(devdeps): add lodash types

* fix(model): rectify db model definitions

* refactor: add message param to ForbiddenError

* feat: add CollaboratorsService

* test: add tests for CollaboratorsService

* feat: use CollaboratorService in authorization middleware

* test: add tests for authorization middleware

* feat: add CollaboratorsRouter

* test: add tests for CollaboratorsRouter

* feat(db-migration): change site_members role enum in the database

* feat: modify authzMiddlewareService tests

* fix: error in mock collaborators fixture
* ref(fixtures): convert repoInfo to typescript

* ref(services): migrate SitesService to typescript

* tests: update unit and integration tests for SitesService

* ref(sites): migrate sites router to typescript

* fix: revert back to using SessionData

* fix: remove use of Bluebird and unused getSiteToken function

* fix: use more accurate type

* chore: remove unused variable

* refactor(tests): migrate generic axios instance to __mocks__

* tests: use mockAxios directly instead of preparing an instance
* chore(infraservice): remove unused prop

* chore(routes/auth): remove unused var

* build(package): add useful command to undo migration

* feat(migrations): add migrations for review requests

fix(db migratino): update property names

* chore(db migration): add migration to add status col to rr

* chore(db migrations): add required columns for seq creation
* ref(fixtures): convert repoInfo to typescript

* ref(services): migrate SitesService to typescript

* tests: update unit and integration tests for SitesService

* ref(sites): migrate sites router to typescript

* fix: revert back to using SessionData

* fix: remove use of Bluebird and unused getSiteToken function

* fix: use more accurate type

* chore: remove unused variable

* refactor(tests): migrate generic axios instance to __mocks__

* feat: introduce function to obtain latest commit details

* feat: add function for obtaining a User by ID

* feat: introduce a new site info API endpoint

* tests: add partial tests for SitesService

* tests: use mockAxios directly instead of preparing an instance

* tests: fix SitesService unit tests to pass

* chore: adjust constants to use SCREAMING_SNAKE_CASE

* fix: add authorizationMiddleware to ensure user is member of site

* chore: combine sessionData unpacking

* fix: insert try-catch to handle errors from JSON.parse

* chore: remove unnecessary check for undefined site

* chore: return instead of throwing NotFoundError

* fix: add assertion to ensure integrity of GitHubCommitData

* fix: remove need for adding site name to sessionData

* refactor: convert routes Sites.spec.js to TypeScript

* refactor: redesign getUrlsOfSite to increase readability

* fix: use correct endpoint to get latest commit data

* test: add unit tests for GitHubService getLatestCommitOfBranch

* fix: add stub for obtaining merge author details

* fix: return a well-formatted response for known exceptions

* test: enhance GitHubService test for all other error statuses

* chore: rename isType function and return boolean directly

* fix: create new siteUrls object instead of changing in-place

* fix: handle case of null or undefined user email

* chore: improve code style

* tests: fix output of getStagingUrl
* ref(fixtures): convert repoInfo to typescript

* ref(services): migrate SitesService to typescript

* tests: update unit and integration tests for SitesService

* ref(sites): migrate sites router to typescript

* fix: revert back to using SessionData

* fix: remove use of Bluebird and unused getSiteToken function

* fix: use more accurate type

* chore: remove unused variable

* refactor(tests): migrate generic axios instance to __mocks__

* feat: introduce function to obtain latest commit details

* feat: add function for obtaining a User by ID

* feat: introduce a new site info API endpoint

* tests: add partial tests for SitesService

* tests: use mockAxios directly instead of preparing an instance

* tests: fix SitesService unit tests to pass

* chore: adjust constants to use SCREAMING_SNAKE_CASE

* fix: add authorizationMiddleware to ensure user is member of site

* chore: combine sessionData unpacking

* fix: insert try-catch to handle errors from JSON.parse

* chore: remove unnecessary check for undefined site

* chore: return instead of throwing NotFoundError

* fix: add assertion to ensure integrity of GitHubCommitData

* fix: remove need for adding site name to sessionData

* refactor: convert routes Sites.spec.js to TypeScript

* refactor: redesign getUrlsOfSite to increase readability

* feat: add collaborators statistics API endpoint

* test: add unit tests for collaborators statistics

* fix: return 404 instead of throwing an exception

* tests: add test to check for 404 status
* chore(infraservice): remove unused prop

* chore(routes/auth): remove unused var

* build(package): add useful command to undo migration

* feat(migrations): add migrations for review requests

fix(db migratino): update property names

* chore(db migration): add migration to add status col to rr

* chore(db migrations): add required columns for seq creation

* feat(db/models): add new db models for rr

fix(db models): update db models

fix(reviewmeat): update db model

* chore(reviewrequest): update db model for seq

* fix(reviewmeta): add annotation on db model

* chore(reviewrequest.ts): add col to db model

* fix(teardown): add enum dropping for tests teardown
* Feat: add notification database model and update related models

* Chore: add migrations

Also adds id to site_members table for easier reference

* Feat: add notificationService

* Feat: add notificationUtils

* Feat: add notifications router

* Chore: initialise Notifications table and services

* Fix: remove unused imports

* Fix: change behaviour of quick retrieval

Always returns only new notifications now, unless there are none, in which case it returns most recent 6

* Chore: remove unused imports

* Refactor: findAll method

* Chore: add notificationResponse type

* Feat: add created_at sorting criteria

* Fix: notification sorting order

* Chore: add documentation for sort criteria

* Fix: rebase errors

* Fix: rebase errors for tests
* feat(services): add initial services for rr

* feat(types): add github types

* feat(reviewrequestservice): add features

* chore(review): wip for review routes

* feat(types): add new types

* feat(reviewrequestservice): add impl for computing sha mappings

* feat(usersservice): add nwe method to user service to retrieve site admins

* feat(review): add route for creating review request

* refactor(collaboratorsservice): refactor method api for clarity

* feat(types): add more types

* refactor(collaborators): fix typings and add more steuff to return

* chore(routes): update authenticated routes

* chore(review): refactor to use collaborators service

* refactor(reviewrequestservice): update methods

* chore(server): add init code

* refactor(reviewmeta): updat eto use belongs to

* feat(types): add more types

* feat(requestnotfounderror): add new error type

* feat(review): add methods for listing review requests and retrieval of rr

* refactor(types/dto): update review types

* refactor(rrservice): update enum type

* feat(rrservice): add new method to merge rr

* feat(review): add new route to merge rr

* fix(collaborators): remove erroneous destructuring

* fix(routes/review): add siteId prop

* chore(review dto): add status

* chore(requestrequestservice): remove old comment

* fix(reviewrequestservice): changed some stuff to be optional

* refactor(rr service): split retrieving db/github view into 2 methods

* feat(rr service): add methods to close/approve rr

* refactor(rr service): refactor merge rr method

* chore(collaboratorsservice): remove extra typecasts

* feat(rr): add new endpoint to update rr

* chore(types): minor cleanup

* feat(rr routes): add new routes for close and approve pr

* chore(review): update to userwithsitesesiontoken

* refactor(reviewrequestservice): migrate api calls into own file

* refactor(authenticated): shift review router dpes to init function

* fix(index): fixed faulty init

* refactor(reviewrequestservice): add site to reviewreq object

* fix(review.ts): add explicit bearer token to api call

* refactor(rrservice): refactor to retrieve user from db

* chore(settingsservice): remove extra console log

* chore(github): remove extra `patch` property

* chore(review): add logging

* fix(server): update imports from rebase

* Chore: Update src/routes/v2/authenticated/review.ts

Co-authored-by: Hsu Zhong Jun <[email protected]>

* Chore: Update src/routes/v2/authenticated/review.ts

Co-authored-by: Hsu Zhong Jun <[email protected]>

* feat(rr status): add rr status enum

* chore(rr): update db model

* refactor(rrservice): updat to use enum

* chore(rrservice): fix commennt

* chore(review): update error codes

* chore(usersservice): rename hasAccess to getSiteMember

* chore(usersservice): update method name

* feat(rr): allow updating of admins (#539)

* chore(server): add init code

* chore(dto): removed trailing space on folder name

* refactor(reviewrequestservice): update to remove title/desc from update api

* chore(collaborators): update import

* chore(routes/review): updaterr api

Co-authored-by: Hsu Zhong Jun <[email protected]>
* feat: add model and migration for review_request_views table

* chore: rename migration

* fix: add missing association with ReviewRequest model

* fix: revert adding association in ReviewRequest model

* fix: missing @column for primary and foreign key

* fix: add new database table to sequelize
* feat: add review request views API endpoint and functions

* fix: adjust to use Promise.all to allow concurrent creations

* chore: adjust naming of variable to be more reflective of state

* Expose new API endpoint to update lastViewedAt timestamp
* feat: add endpoint to mark a review request as viewed

* fix: use upsert for updateReviewRequestLastViewedAt
* Feat: add methods for retrieving comments from github

* Chore: add types

* Feat: add comments methods to reviewRequestService

* Feat: add comments routes

* fix: check for properly formatted comments

* Chore: remove incorrect comments

* Fix: remove error return type

* Fix: add logging if site not found

* Feat: swap use of email in github commit to userid

* Fix: response type

* Fix: rename method and add github comment type

* fix: compute the number of new comments to show (#549)

* fix: compute the number of new comments to show

* chore: adjust naming of variable and structure of code

* chore: split getting number of new comments into 2 lines

Co-authored-by: Hsu Zhong Jun <[email protected]>
* feat(rr): delete rr approval

* chore(review): update numbering and logging

* chore(review): update to send rather than empty json

* fix(rrservice): update to use enum
chore(vapt): update eb_env_vapt to new vapt env on eb

fix(vapt): update eb_app
* Feat: add notificationService tests

* Test: add Notification router tests

* Test: add integration test for notifications

* Fix: notification tests to work with new behaviour

* Feat: move notifications router to authenticated subrouter

* Feat: modify create notification arguments

* Feat: add notification middleware to handle edit notifications

* Fix: allow next on routeHandler

* Feat: add creatnotification middleware to authenticatesSitesRouter

* Chore: add notification types

* Feat: add notification changes when reviews are modified

* Fix: swap order of subrouters

* Fix: review request router dependencies

* Fix: time period for updating notification

* Fix: updating createdAt

* Fix: tests

* Chore: swap to promise.all

* fix: rebase errors

* Fix: add jsdoc

* Feat: add link to notificationHandler

* Fix: swap to promise.all and add links

* fix(review): fixed triggering event for request approved notif

* chore(notifications.spec): added correct ports

Co-authored-by: Alexander Lee <[email protected]>
prestonlimlianjie and others added 8 commits January 30, 2023 13:14
* feat: sanitize content via markdown utils

* deps: use isomorphic-dompurify instead

removes the need to declare a virtual DOM in node

* feat: add sanitizedYaml helpers

* feat: use sanitizedYaml helpers in codebase

* test: add tests for sanitizedYaml helpers

* chore: fix silly line break issues

* test: add tests for markdown sanitization utils

* fix: add express import that was removed

by accident

* chore: specify return types in yaml helpers

* fix: make sanitizeYamlParse return type more specific
* feat: add extra logging for mail failure

* fix: always return 200 when attempting to retrieve otp

* chore: update logging for sms

* Fix: use logger.error
…631)

* feat: Added virus scan functionality for file/image upload using Cloudmersive API

* Fixed lint and naming convention issue

* uncomment the medianameChecks lines

* Addressed PR comments: added more info/error logging and consistent message

* Addressed PR comments: added check for Cloudmersive API key, corrected variable naming convention

* Removed unused declaration of schema

* auto-formatted by prettier and fixed formatting issue

* chore: fix formatting on package-lock

---------

Co-authored-by: Alexander Lee <[email protected]>
* Chore: install new dependencies

* Chore: add migration

* Feat: add session middleware

* feat: replace jwt with session

* feat: update middleware

* feat: update auth routes

* chore: update method names

* Fix: tests

* chore: update .env-example

* chore: rename session middleware

* fix: use lodash isempty

* fix: .env-example

* chore: add logging to login and logout endpoints

* Fix: remove log on logout

Cookie may no longer exist

* fix: tests

* chore: fix rebase errors
* feat: adding bcrypt as dependency

* feat!: adding otp table and migration

* feat: logic complete for otp service

* test: fix auth service tests

* fix: user service tests

* feat: fix tests and improve checks

* fix: package-lock version formatting

* feat: adding env vars to example

* fix: remove console log

* fix: adding env vars to .env.test

* fix: parsed env vars with check

* fix: simplify find logic

* fix: remove unnecessary null check

* fix: throw instead of return

* test: adding more tests for otp mechanism

* test: add more cases, improve existing cases

* feat: simplify methods without enums

* fix: auth service otp tests
alexanderleegs and others added 3 commits March 1, 2023 18:09
* build(package): install rate limiting package

* feat(auth): add new rate limiter service and use it in auth router

* test(auth.spec): add skeleton for test cases for auth

* test(auth.spec): add tests for rate limiting

* refactor(ratelimiter.spec): shift to own test file

* chore(server): add trust proxy to our rate limiter

* refactor(ratelimiter): read from env var

* chore(auth.spec): remove unused import

* test(sitesservice.spec): update where condition

* fix(mediafileservice): revert api; fixed tests

* Chore: remove temp ip endpoint

* Fix: remove set number of max hops

* Fix: remove unused import

* chore: remove comment

* chore: change 1 to true

---------

Co-authored-by: seaerchin <[email protected]>
* chore: use trust proxy

* feat: add gitguardian hook and readme

* fix: remove pre-commit config

* fix: fix nits

* fix: add ggshield cache files to gitignore

* feat: use env for gitguardian

* chore: update readme and env example

---------

Co-authored-by: Alexander Lee <[email protected]>
@alexanderleegs alexanderleegs force-pushed the feat/identity-phase-2 branch from 03610da to 1b0ae89 Compare March 8, 2023 06:30
@alexanderleegs alexanderleegs force-pushed the feat/identity-phase-2 branch from 1b0ae89 to 3db9533 Compare March 16, 2023 09:35
Base automatically changed from feat/identity-phase-2 to develop March 30, 2023 04:36
@seaerchin seaerchin closed this Apr 6, 2023
@seaerchin seaerchin deleted the vapt branch April 6, 2023 08:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants