More work on tests. Updated deps. Removed md5 / sha1 / uuid packages in favor of node built-ins. Added precision to timestamps of logs.

Author: neonexus

.dockerignore

@@ -7,8 +7,11 @@ config/local.js
 .editorconfig
 .eslintignore
 .eslintrc
+.mocharc.yaml
+.nycrc
 .tmp
 .travis.yml
+test
 
 README.md
 CHANGELOG.md

.github/FUNDING.yml

@@ -0,0 +1 @@
+github: neonexus

.idea/codeStyles/Project.xml

@@ -1,8 +1,10 @@
 bail: false #stop on first error
 async-only: true # require use of "done" cb or an async function (a Promise)
 require:
-    - 'test/hooks.js' # starting point for tests
-spec:  'test/**/*.test.js'
+    - 'test/startTests.js' # starting point for tests
+spec:
+    - 'test/unit/**/*.test.js'
+    - 'test/integration/**/*.test.js'
 timeout: 10000 # Give Sails some breathing room... We are building schemas / data fixtures.
 checkLeaks: true
 global:
@@ -15,3 +17,4 @@ global:
     - 'RequestLog'
     - 'Log'
     - '__coverage__' # NYC coverage global
+    - 'match'

.idea/dictionaries/neonexusdemortis.xml

@@ -1,11 +1,13 @@
 # Changelog
 
-## [v3.2.2](https://github.com/neonexus/sails-react-bootstrap-webpack/compare/v3.2.1...v3.2.2) (2022-11-16)
+## [v4.0.0](https://github.com/neonexus/sails-react-bootstrap-webpack/compare/v3.2.1...v4.0.0) (2023-02-11)
 
 ### Features
 
-* Built out more automated tests for better coverage.
+* More work on automated tests and utilities.
+* Renamed tests entry point (hooks.js -> startTests.js).
 * Updated dependencies.
+* Removed `md5` / `sha1` / `uuid` packages, in favor of Node built-ins.
 
 ## [v3.2.1](https://github.com/neonexus/sails-react-bootstrap-webpack/compare/v3.2.0...v3.2.1) (2022-11-16)
 

.idea/runConfigurations/Run_Tests.xml

@@ -11,6 +11,7 @@ Need help? Want to hire me to build your next app or prototype? You can contact
 * Automatic (incoming) request logging (manual outgoing), via Sails models / hooks.
 * Setup for Webpack auto-reload dev server.
 * Setup so Sails will serve Webpack-built bundles as separate apps (so, a marketing site, and an admin site can live side-by-side).
+* Custom functions to make pagination simple.
 * Includes [react-bootstrap](https://www.npmjs.com/package/react-bootstrap) to make using Bootstrap styles / features with React easier.
 * Schema validation and enforcement for `PRODUCTION`. This repo is set up for `MySQL`. If you plan to use a different datastore, you will likely want to disable the schema validation and enforcement feature inside [`config/bootstrap.js`](config/bootstrap.js). See [schema validation and enforcement](#schema-validation-and-enforcement) for more info.
 * New passwords can be checked against the [PwnedPasswords API](https://haveibeenpwned.com/API/v3#PwnedPasswords). If there is a single hit for the password, an error will be given, and the user will be forced to choose another. See [PwnedPasswords integration](#pwnedpasswordscom-integration) for more info.
@@ -58,8 +59,8 @@ Sails, by default, has middleware (akin to [Express.js Middleware](https://expre
 | npm run build                 | Will run `npm run clean`, then will build production-ready files with Webpack in the `.tmp/public` folder.                                                                               |
 | npm run build:dev             | Same thing as `npm run build`, except that it will not optimize the files, retaining newlines and empty spaces.                                                                          |
 | npm run clean                 | Will delete everything in the `.tmp` folder.                                                                                                                                             |
-| npm run lines                 | Will count the lines of code in the project, minus `.gitignore`'d files, for funzies. There are currently about 7k custom lines in this repo (views, controllers, helpers, hooks, etc).  |
-| npm run test                  | Run [Mocha](https://mochajs.org/) tests. Everything starts in the [`test/hooks.js`](test/hooks.js) file.                                                                                 |
+| npm run lines                 | Will count the lines of code in the project, minus `.gitignore`'d files, for funzies. There are currently about 8k custom lines in this repo (views, controllers, helpers, hooks, etc).  |
+| npm run test                  | Run [Mocha](https://mochajs.org/) tests. Everything starts in the [`test/startTests.js`](test/startTests.js) file.                                                                       |
 | npm run coverage              | Runs [NYC](https://www.npmjs.com/package/nyc) coverage reporting of the Mocha tests, which generates HTML in `test/coverage`.                                                            |
 
 ### Environment Variables
@@ -97,7 +98,7 @@ If you want to build assets, but retain spaces / tabs for debugging, you can use
 The webpack configuration can be found in the [`webpack`](webpack) folder. The majority of the configuration can be found in [`common.config.js`](webpack/common.config.js). Then, the other 3 files, such as [`dev.config.js`](webpack/dev.config.js) extend the `common.config.js` file.
 
 ## Building with React
-React source files live in the `assets/src` folder. It is structured in such a way, where the `index.jsx` is really only used for local development (to help Webpack serve up the correct "app"). Then, there are the individual "apps", [main](assets/src/main.jsx) and [admin](assets/src/admin.jsx). These files are used as Webpack "[entry points](https://webpack.js.org/concepts/entry-points/)", to create 2 separate application bundles.
+React source files live in the [`assets/src`](assets/src) folder. It is structured in such a way, where the `index.jsx` is really only used for local development (to help Webpack serve up the correct "app"). Then, there are the individual "apps", [main](assets/src/main.jsx) and [admin](assets/src/admin.jsx). These files are used as Webpack "[entry points](https://webpack.js.org/concepts/entry-points/)", to create 2 separate application bundles.
 
 In a remote environment, Sails will look at the first subdirectory requested, and use that to determine which `index.html` file it needs to actually return. So, in this case, the "main" application will get built in `.tmp/public/main`, where the CSS is `.tmp/public/main/bundle.css`, the JavaScript is `.tmp/public/main/bundle.js`, and the HTML is `.tmp/public/main/index.html`. To view the main application, one would just go to `http://mydomain/` which gets redirected to `/main` (because we need to know what application we are using, we need a subdirectory), and now Sails will serve the `main` application. Whereas, if one were to go to `http://mydomain/admin`, Sails would now serve the `admin` application bundle (aka `.tmp/public/admin/index.html`, `.tmp/public/admin/bundle.css`, etc...).
 

.idea/runConfigurations/test_startTests_js.xml

@@ -6,14 +6,8 @@ module.exports = {
     inputs: {},
 
     exits: {
-        ok: {
-            responseType: 'ok'
-        },
-        badRequest: {
-            responseType: 'badRequest'
-        },
-        serverError: {
-            responseType: 'serverError'
+        created: {
+            responseType: 'created'
         }
     },
 
@@ -23,7 +17,7 @@ module.exports = {
             user: env.req.session.user.id
         }).fetch();
 
-        return exits.ok({
+        return exits.created({
             token: newToken.token,
             __skipCSRF: true // this tells our "ok" response to ignore the CSRF token update
         });

.mocharc.yaml

@@ -37,9 +37,10 @@ module.exports = {
             ]
         },
 
-        setPassword: {
+        generatePassword: {
             type: 'boolean',
-            defaultsTo: true
+            defaultsTo: false,
+            description: 'Used to auto-generate a password for the user'
         }
     },
 
@@ -59,14 +60,16 @@ module.exports = {
         let password = inputs.password;
         let isPasswordValid;
 
-        if (inputs.setPassword) {
+        if (!inputs.generatePassword) {
             isPasswordValid = await sails.helpers.isPasswordValid.with({
                 password: inputs.password,
                 user: {firstName: inputs.firstName, lastName: inputs.lastName, email: inputs.email}
             });
         } else {
             isPasswordValid = true;
             password = sails.helpers.generateToken();
+
+            // should probably send password somehow; it will be scrubbed in the custom response
         }
 
         if (isPasswordValid !== true) {
@@ -87,6 +90,7 @@ module.exports = {
             role: inputs.role,
             email: inputs.email
         }).meta({fetch: true}).exec((err, newUser) => {
+            /* istanbul ignore if */
             if (err) {
                 console.error(err);
 

CHANGELOG.md

@@ -19,9 +19,6 @@ module.exports = {
         },
         badRequest: {
             responseType: 'badRequest'
-        },
-        serverError: {
-            responseType: 'serverError'
         }
     },
 
@@ -32,6 +29,7 @@ module.exports = {
 
         const foundUser = await sails.models.user.findOne({id: inputs.id, deletedAt: null});
 
+        /* istanbul ignore if */
         if (!foundUser) {
             return exits.badRequest('User does not exist');
         }

README.md

@@ -20,6 +20,7 @@ module.exports = {
     fn: async (inputs, exits, env) => {
         const foundUser = await sails.models.user.findOne({id: env.req.session.user.id}); // req.session.user is filled in by the isLoggedIn policy
 
+        /* istanbul ignore if */
         if (!foundUser) {
             // this should not happen
             return exits.serverError();

api/controllers/admin/create-api-token.js

@@ -32,21 +32,28 @@ module.exports = {
 
     fn: async (inputs, exits, env) => {
         if (env.req.signedCookies[sails.config.session.name]) {
-            return exits.badRequest('Already logged in.');
+            const foundSession = await sails.models.session.findOne({id: env.req.signedCookies[sails.config.session.name]});
+
+            if (foundSession) {
+                return exits.badRequest('Already logged in.');
+            }
         }
 
         const badEmailPass = 'Bad email / password combination.';
 
+        /* istanbul ignore if */
         if (await sails.helpers.isPasswordValid.with({password: inputs.password, skipPwned: true}) !== true) {
             return exits.badRequest(badEmailPass);
         }
 
         const foundUser = await sails.models.user.findOne({email: inputs.email, deletedAt: null});
 
+        /* istanbul ignore if */
         if (!foundUser) {
             return exits.badRequest(badEmailPass);
         }
 
+        /* istanbul ignore if */
         if (!await sails.models.user.doPasswordsMatch(inputs.password, foundUser.password)) {
             return exits.badRequest(badEmailPass);
         }

api/controllers/admin/create-user.js

@@ -20,7 +20,9 @@ module.exports = {
     fn: async (inputs, exits, env) => {
         const foundSession = await sails.models.session.findOne({id: env.req.session.id});
 
+        /* istanbul ignore if */
         if (!foundSession) {
+            // should not happen
             return exits.ok();
         }
 

api/controllers/admin/delete-user.js

@@ -70,16 +70,17 @@ module.exports = {
                 responseTime: totalTime
             };
 
-            sails.models.requestlog.update(inputs.req.requestId, log, (err) => {
+            sails.models.requestlog.update({id: inputs.req.requestId}).set(log).exec((err) => {
                 /* istanbul ignore if */
                 if (err) {
-                    console.log(err);
+                    console.error(err);
                 }
+
+                return exits.success();
             });
+        } else {
+            return exits.success();
         }
-
-        // All done.
-        return exits.success();
     }
 };
 

api/controllers/common/get-me.js

@@ -1,5 +1,5 @@
-const sha1 = require('sha1');
 const superagent = require('superagent');
+const crypto = require('crypto');
 
 module.exports = {
     friendlyName: 'Is password valid',
@@ -78,11 +78,11 @@ module.exports = {
 
         if (!errors.length) {
             if (sails.config.security.checkPwnedPasswords && !inputs.skipPwned) {
-                const sha1pass = sha1(inputs.password).toUpperCase();
+                const sha1pass = crypto.createHash('sha1').update(inputs.password).digest('hex').toUpperCase();
                 const passChunk1 = sha1pass.substring(0, 5);
                 const passChunk2 = sha1pass.substring(5);
 
-                superagent.get('https://api.pwnedpasswords.com/range/' + passChunk1).end((err, res) => {
+                superagent.get('https://api.pwnedpasswords.com/range/' + passChunk1).retry(3).end((err, res) => {
                     /* istanbul ignore if */
                     if (err) {
                         console.error(err);

api/controllers/common/login.js

@@ -32,7 +32,7 @@ module.exports = {
     fn: (inputs, exits) => {
         let baseObj = {
             limit: inputs.limit,
-            page: inputs.page,
+            page: inputs.page, // this is used to pass to other pagination options; is ignored by Waterline / Sails
             skip: (inputs.page - 1) * inputs.limit,
             sort: inputs.sort,
             where: inputs.where

api/controllers/common/logout.js

@@ -27,7 +27,7 @@ module.exports = {
 
         createdAt: {
             type: 'ref',
-            columnType: 'datetime',
+            columnType: 'datetime(3)',
             autoCreatedAt: true
         },
 

api/helpers/finalize-request-log.js

@@ -83,7 +83,7 @@ module.exports = {
 
         createdAt: {
             type: 'ref',
-            columnType: 'datetime',
+            columnType: 'datetime(3)',
             autoCreatedAt: true
         },
 

api/helpers/is-password-valid.js

@@ -1,5 +1,5 @@
 const scrypt = require('scrypt-kdf');
-const md5 = require('md5'); // NEVER USE FOR PASSWORDS!
+const crypto = require('crypto');
 
 async function hashPassword(pass) {
     const hash = await scrypt.kdf(pass, {logN: 15});
@@ -18,7 +18,7 @@ async function updatePassword(password) {
 }
 
 function getGravatarUrl(email) {
-    return 'https://www.gravatar.com/avatar/' + md5(email);
+    return 'https://www.gravatar.com/avatar/' + crypto.createHash('md5').update(email).digest('hex');
 }
 
 function forceUppercaseOnFirst(name) {