Skip to content
This repository was archived by the owner on Mar 12, 2025. It is now read-only.

Commit 192233a

Browse files
author
sachin-maheshwari
authored
Update README.md
triggering build after adding new valid issuer
1 parent e1013ce commit 192233a

File tree

1 file changed

+27
-27
lines changed

1 file changed

+27
-27
lines changed

README.md

Lines changed: 27 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,9 @@ The following parameters can be set in config files or in env variables:
1212

1313
- LOG_LEVEL: the log level
1414
- PORT: the server port
15-
- AUTH_SECRET: TC auth secret
16-
- VALID_ISSUERS: TC auth valid issuers
17-
- ROLES: the roles allowed to access the app
15+
- AUTH_SECRET: TC auth secret
16+
- VALID_ISSUERS: TC auth valid issuers
17+
- ROLES: the roles allowed to access the app
1818
- KAFKA_OPTIONS: Kafka consumer options, see https://www.npmjs.com/package/no-kafka for available options
1919
- MAX_MESSAGE_COUNT: max message count to cache per topic
2020

@@ -58,7 +58,7 @@ For front end config, see ui/README.md.
5858
## Front end UI setup
5959

6060
- the front end UI's build folder content are exposed as public content by the app, so you may directly access it
61-
via http://localhost:3000
61+
via http://localhost:3000
6262
- or if you want to use it for development, then you may go to ui folder:
6363
run `npm install`, `npm start`, then access `http://localhost:3000`
6464
- note that if the front end UI's config is changed, it must be re-built using `npm run build` in the ui folder
@@ -69,7 +69,7 @@ For front end config, see ui/README.md.
6969
- install dependencies `npm i`
7070
- run code lint check `npm run lint`
7171
- run test `npm run test`
72-
- start app `npm start`, the app is running at `http://localhost:3000`
72+
- start app `npm start`, the app is running at `http://localhost:3000`
7373

7474
## Heroku Deployment
7575

@@ -86,12 +86,12 @@ For front end config, see ui/README.md.
8686
## Verification
8787

8888
- setup stuff following above deployment
89-
- login `https://accounts.topcoder-dev.com/member?retUrl=http:%2F%2Flocalhost:3000` with normal user credential `12321 / topcoder123`
90-
- then browse `http://localhost:3000`, you will see `You do not have access to use this application.`
91-
- login in above page again with copilot and admin user credential `mess / appirio123`
92-
- then browse `http://localhost:3000`, you need to manually browse it, the auto redirect doesn't work for this localhost URL,
93-
then you can access the app now
94-
- in the UI, select a topic to view topic data stream, note that you must click the 'View' button
89+
- login `https://accounts.topcoder-dev.com/member?retUrl=http:%2F%2Flocalhost:3000` with normal user credential `12321 / topcoder123`
90+
- then browse `http://localhost:3000`, you will see `You do not have access to use this application.`
91+
- login in above page again with copilot and admin user credential `mess / appirio123`
92+
- then browse `http://localhost:3000`, you need to manually browse it, the auto redirect doesn't work for this localhost URL,
93+
then you can access the app now
94+
- in the UI, select a topic to view topic data stream, note that you must click the 'View' button
9595
- use the kafka-console-producer to generate some messages as above,
9696
then watch the UI, it should get some messages
9797
- filter the messages and see results
@@ -101,20 +101,20 @@ For front end config, see ui/README.md.
101101

102102
## Notes
103103

104-
- after installing libraries, update `node_modules/tc-core-library-js/lib/auth/verifier.js`, at line #23, add code:
105-
`return decodedToken && decodedToken.payload ? callback(null, decodedToken.payload) : callback(new Error('invalid token'));`,
106-
so that we will ignore the JWT verification, and directly use the decoded payload;
107-
this is because we don't know the JWT auth secret to verify the TC auth token.
108-
In production, if we properly configure AUTH_SECRET and VALID_ISSUERS, then we don't need this code change.
109-
110-
- I tried to fix some vulnerabilities issues, but not all are fixed, because many are due to ui's old libraries,
111-
and upgrading them will incur much code changes, so I don't fix them to avoid code change risks
112-
113-
- API security is handled at `src/app.js`
114-
115-
- web socket security is handled at `src/dataStreamWS.js`, see `authorized` related handling
116-
117-
- tests are improved at `test/datastream.test.js`
118-
119-
- front end is updated to send token to back end API and web socket
104+
- after installing libraries, update `node_modules/tc-core-library-js/lib/auth/verifier.js`, at line #23, add code:
105+
`return decodedToken && decodedToken.payload ? callback(null, decodedToken.payload) : callback(new Error('invalid token'));`,
106+
so that we will ignore the JWT verification, and directly use the decoded payload;
107+
this is because we don't know the JWT auth secret to verify the TC auth token.
108+
In production, if we properly configure AUTH_SECRET and VALID_ISSUERS, then we don't need this code change.
109+
110+
- I tried to fix some vulnerabilities issues, but not all are fixed, because many are due to ui's old libraries,
111+
and upgrading them will incur much code changes, so I don't fix them to avoid code change risks
112+
113+
- API security is handled at `src/app.js`
114+
115+
- web socket security is handled at `src/dataStreamWS.js`, see `authorized` related handling
116+
117+
- tests are improved at `test/datastream.test.js`
118+
119+
- front end is updated to send token to back end API and web socket
120120

0 commit comments

Comments
 (0)