You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* Built a script for [`Ngrok`](https://www.npmjs.com/package/ngrok), which will build assets, start Sails, and create an Ngrok tunnel (to the configured PORT).
6
7
* Built 2FA (2-Factor Authentication) capabilities.
8
+
* Added `appName` as a config option.
7
9
* Added `createdBy` to the [`User`](api/models/User.js) model.
10
+
* Added [`sails-hook-autoreload`](https://www.npmjs.com/package/sails-hook-autoreload) support (must manually install).
8
11
* Built session expiration handling.
9
12
* Built password changing modal / API.
10
13
* Made session data saving automatic, and work with both sessions / API tokens.
11
14
* Fixed some README quirks.
15
+
* Removed unneeded React imports (because of the Babel transform). For more info, [read this announcement (from 2020...)](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html).
12
16
* Updated React links to use their new domain.
17
+
* Removed `serve-static` in favor of `express.static`.
13
18
* Updated dependencies.
14
19
15
20
### Breaking Changes
16
21
17
22
* Moved CSRF secret storage from the `data` column, to its own column, so it can easily be encrypted/decrypted in the [`Session`](api/models/Session.js) model.
18
-
* Changed how API tokens are handled. So now, when using an API token, the ID must be given first, then the token, seperated by a colon.<br />Example: `Authorization` header is: `tokenID:apiToken` (or `Bearer tokenID:apiToken`).
23
+
* Changed how API tokens are handled. So now, when using an API token, the ID must be given first, then the token, seperated by a colon.<br />Example: `Authorization` header is: `tokenID:apiToken` (or `Bearer tokenID:apiToken`). This is because `token` is now an encrypted column.
19
24
* Renamed `sails.helpers.updateCsrf` -> `sails.helpers.updateCsrfAndExpiry` to reflect the session expiry update.
25
+
* Renamed `req.requestId`/`env.req.requestId` -> `req.id`/`env.req.id` to better match general convention.
26
+
* Renamed `process.env` -> `appConfig` in the Webpack config (a variable used to pass data down to the frontend). What was I doing?!...
* Setup so Sails will serve Webpack-built bundles as separate apps (so, a marketing site, and an admin site can live side-by-side).
@@ -46,7 +52,7 @@ Gitter: [. See [schema validation and enforcement](#schema-validation-and-enforcement) for more info.
47
53
* New passwords will be checked against the [PwnedPasswords API](https://haveibeenpwned.com/API/v3#PwnedPasswords). If there is a single hit for the password, an error will be given, and the user will
48
54
be forced to choose another. See [PwnedPasswords integration](#pwnedpasswordscom-integration) for more info.
49
-
* Google Authenticator-style OTP (One-Time Password) functionality.
55
+
* Google Authenticator-style OTP (One-Time Password) functionality; also known as 2FA (2-Factor Authentication).
50
56
51
57
## Branch Warning
52
58
@@ -66,13 +72,21 @@ the [`releases section`](https://github.com/neonexus/sails-react-bootstrap-webpa
Optional dependencies are not automatically installed in this repo. You must either manually install them with `npm i`, or you can install all optional dependencies: `npm i --include=optional`.
78
+
79
+
There are currently 2 optional dependencies in this repo: [`ngrok`](#working-with-ngrok) and [`sails-hook-autoreload`](#support-for-sails-hook-autoreload).
80
+
69
81
See the [`package.json` for more details](package.json).
70
82
71
83
## How to Use
72
84
73
85
This repo is not installable via `npm`. Instead, GitHub provides a handy "Use this template" (green) button at the top of this page. That will create a special clone of this repo (so there is a single,
74
86
init commit, instead of the commit history from this repo).
75
87
88
+
Or, you can download a copy of the [latest release](https://github.com/neonexus/sails-react-bootstrap-webpack/releases/latest).
89
+
76
90
## Configuration
77
91
78
92
In the `config` folder, there is the [`local.js.sample`](config/local.js.sample) file, which is meant to be copied to `local.js`. This file (`local.js`, not the sample) is ignored by Git, and intended
@@ -93,37 +107,53 @@ option. If the option path is `sails.config.security.checkPwnedPasswords`, then
93
107
}
94
108
```
95
109
96
-
... to your `config/local.js` to overwrite the option on your local machine only.
110
+
... to your `config/local.js` to overwrite any option on your local machine only.
<td>When enabled, and <code>models.migrate === 'safe'</code> (aka PRODUCTION), then the SQL schemas of the default datastore will be validated against the model definitions. <br><br>See <a href="#schema-validation-and-enforcement">schema validation and enforcement</a> for more info.</td>
<td>When enabled, <a href="/neonexus/sails-react-bootstrap-webpack/blob/release/api/helpers/is-password-valid.js"><code>sails.helpers.isPasswordValid()</code></a> will run it's normal checks, before checking with the PwnedPasswords.com API to verify the password has not been found in a known security breach. If it has, it will consider the password invalid.</td>
148
+
<td>When enabled, <a href="/neonexus/sails-react-bootstrap-webpack/blob/release/api/helpers/is-password-valid.js"><code>sails.helpers.isPasswordValid()</code></a> will run its normal checks, before checking with the PwnedPasswords.com API to verify the password has not been found in a known security breach. If it has, it will consider the password invalid.</td>
<td>If enabled, and NOT a PRODUCTION environment, the <a href="#request-logging">request logger</a> will log sensitive info, such as passwords. <br><br> This will ALWAYS be false on PRODUCTION. It is in the PRODUCTION configuration file only as a reminder.</td>
129
159
</tr>
@@ -206,7 +236,7 @@ This does require you either have Sails installed globally, or you have `node_mo
206
236
</tr>
207
237
<tr>
208
238
<td><pre><code>sails run lines</code></pre></td>
209
-
<td>Will count the lines of code in the project, minus <code>.gitignore</code>'d files, for funzies. There are currently about 9k custom lines in this repo (views, controllers, helpers, hooks, etc); a small drop in the bucket, compared to what it's built on.
239
+
<td>Will count the lines of code in the project, minus <code>.gitignore</code>'d files, for funzies. There are currently about 7k custom lines in this repo (views, controllers, helpers, hooks, etc); a small drop in the bucket, compared to what it's built on.
210
240
</td>
211
241
</tr>
212
242
<tr>
@@ -252,6 +282,7 @@ and [`config/env/production.js`](config/env/production.js)
252
282
|`DB_PORT`| 3306 | The port number for the datastore. |
253
283
|`DB_SSL`| true | If the datastore requires SSL, set this to "true". |
254
284
|`SESSION_SECRET`| "" (empty string) | Used to sign cookies, and SHOULD be set, especially on PRODUCTION environments. |
285
+
|`NGROK_AUTH`| "" (empty string) | Ngrok auth token used in the [`ngrok.js`](#working-with-ngrok) script. |
@@ -329,6 +360,35 @@ This functionality is turned on by default, and can be shutoff per-use, or globa
329
360
option set to `true`, to disable the check per use (see [`api/controllers/common/login.js`](api/controllers/common/login.js#L40) for example). Inside of [`config/security.js`](config/security.js), the
330
361
variable `checkPwnedPasswords` can be set to `false` to disable it globally.
331
362
363
+
## Working With Ngrok
364
+
365
+
This repo has a custom script ([`ngrok.js`](ngrok.js)), which will start an Ngrok tunnel (using the NPM package [`ngrok`](https://npmjs.com/package/ngrok)), build assets, and start Sails.
366
+
367
+
### First thing's first
368
+
369
+
You will want to get an auth token (and create an account if you haven't already): https://dashboard.ngrok.com/tunnels/authtokens
370
+
371
+
You will need to `npm i ngrok --save-dev` (or install optional dependencies) before you can do anything. I've opted to not have it pre-installed, as it does add a bit of bloat, and not everyone is going to use it.
372
+
373
+
After you have it installed, you can run `ngrok.js`, like this: `node ngrok`.
374
+
375
+
### Script Options
376
+
377
+
These are the current configuration flags. Order does not matter. There will likely be more in the future.
|`nobuild`| Adding this flag will disable asset building. |
382
+
|`auth=TOKEN`| Adding this flag (replacing TOKEN with your actual token) will set your Ngrok auth token. In most cases, ngrok will automatically save this token in your home folder, and re-use it later. You can test this out by omitting your token on next run, and go to your [Ngrok dashboard](https://dashboard.ngrok.com/tunnels/agents). |
383
+
384
+
You can also use the environment variable `NGROK_AUTH` to pass your auth token.
385
+
386
+
Full example: `node ngrok nobuild auth=S1T2A3Y4I5N6G7A8L9I0V1E`
387
+
388
+
## Support for `sails-hook-autoreload`
389
+
390
+
If you would like to use [`sails-hook-autoreload`](https://npmjs.com/package/sails-hook-autoreload), just install it: `npm i sails-hook-autoreload --save-dev` (or install optional dependencies). The config file [`config/autoreload.js`](config/autoreload.js) is already pre-configured for this repo.
391
+
332
392
## What about SEO?
333
393
334
394
I recommend looking at [prerender.io](https://prerender.io). They offer a service (free up to 250 pages) that caches the end result of a JavaScript-rendered view (React, Vue, Angular), allowing search
0 commit comments