@@ -13,9 +13,9 @@ The following parameters can be set in config files or in env variables:
1313
1414- LOG_LEVEL: the log level
1515- PORT: the server port
16- - AUTH_SECRET: TC auth secret
17- - VALID_ISSUERS: TC auth valid issuers
18- - ROLES: the roles allowed to access the app
16+ - AUTH_SECRET: TC auth secret
17+ - VALID_ISSUERS: TC auth valid issuers
18+ - ROLES: the roles allowed to access the app
1919- KAFKA_OPTIONS: Kafka consumer options, see https://www.npmjs.com/package/no-kafka for available options
2020- MAX_MESSAGE_COUNT: max message count to cache per topic
2121
@@ -59,7 +59,7 @@ For front end config, see ui/README.md.
5959## Front end UI setup
6060
6161- the front end UI's build folder content are exposed as public content by the app, so you may directly access it
62- via http://localhost:3000
62+ via http://localhost:3000
6363- or if you want to use it for development, then you may go to ui folder:
6464 run ` npm install ` , ` npm start ` , then access ` http://localhost:3000 `
6565- note that if the front end UI's config is changed, it must be re-built using ` npm run build ` in the ui folder
@@ -70,7 +70,7 @@ For front end config, see ui/README.md.
7070- install dependencies ` npm i `
7171- run code lint check ` npm run lint `
7272- run test ` npm run test `
73- - start app ` npm start ` , the app is running at ` http://localhost:3000 `
73+ - start app ` npm start ` , the app is running at ` http://localhost:3000 `
7474
7575## Heroku Deployment
7676
@@ -87,12 +87,12 @@ For front end config, see ui/README.md.
8787## Verification
8888
8989- setup stuff following above deployment
90- - login ` https://accounts.topcoder-dev.com/member?retUrl=http:%2F%2Flocalhost:3000 ` with normal user credential ` 12321 / topcoder123 `
91- - then browse ` http://localhost:3000 ` , you will see ` You do not have access to use this application. `
92- - login in above page again with copilot and admin user credential ` mess / appirio123 `
93- - then browse ` http://localhost:3000 ` , you need to manually browse it, the auto redirect doesn't work for this localhost URL,
94- then you can access the app now
95- - in the UI, select a topic to view topic data stream, note that you must click the 'View' button
90+ - login ` https://accounts.topcoder-dev.com/member?retUrl=http:%2F%2Flocalhost:3000 ` with normal user credential ` 12321 / topcoder123 `
91+ - then browse ` http://localhost:3000 ` , you will see ` You do not have access to use this application. `
92+ - login in above page again with copilot and admin user credential ` mess / appirio123 `
93+ - then browse ` http://localhost:3000 ` , you need to manually browse it, the auto redirect doesn't work for this localhost URL,
94+ then you can access the app now
95+ - in the UI, select a topic to view topic data stream, note that you must click the 'View' button
9696- use the kafka-console-producer to generate some messages as above,
9797 then watch the UI, it should get some messages
9898- filter the messages and see results
@@ -102,20 +102,20 @@ For front end config, see ui/README.md.
102102
103103## Notes
104104
105- - after installing libraries, update ` node_modules/tc-core-library-js/lib/auth/verifier.js ` , at line #23 , add code:
106- ` return decodedToken && decodedToken.payload ? callback(null, decodedToken.payload) : callback(new Error('invalid token')); ` ,
107- so that we will ignore the JWT verification, and directly use the decoded payload;
108- this is because we don't know the JWT auth secret to verify the TC auth token.
109- In production, if we properly configure AUTH_SECRET and VALID_ISSUERS, then we don't need this code change.
110-
111- - I tried to fix some vulnerabilities issues, but not all are fixed, because many are due to ui's old libraries,
112- and upgrading them will incur much code changes, so I don't fix them to avoid code change risks
113-
114- - API security is handled at ` src/app.js `
115-
116- - web socket security is handled at ` src/dataStreamWS.js ` , see ` authorized ` related handling
117-
118- - tests are improved at ` test/datastream.test.js `
119-
120- - front end is updated to send token to back end API and web socket
105+ - after installing libraries, update ` node_modules/tc-core-library-js/lib/auth/verifier.js ` , at line #23 , add code:
106+ ` return decodedToken && decodedToken.payload ? callback(null, decodedToken.payload) : callback(new Error('invalid token')); ` ,
107+ so that we will ignore the JWT verification, and directly use the decoded payload;
108+ this is because we don't know the JWT auth secret to verify the TC auth token.
109+ In production, if we properly configure AUTH_SECRET and VALID_ISSUERS, then we don't need this code change.
110+
111+ - I tried to fix some vulnerabilities issues, but not all are fixed, because many are due to ui's old libraries,
112+ and upgrading them will incur much code changes, so I don't fix them to avoid code change risks
113+
114+ - API security is handled at ` src/app.js `
115+
116+ - web socket security is handled at ` src/dataStreamWS.js ` , see ` authorized ` related handling
117+
118+ - tests are improved at ` test/datastream.test.js `
119+
120+ - front end is updated to send token to back end API and web socket
121121
0 commit comments