GithubHelp home page GithubHelp logo

fairdatateam / fairdatapoint-client Goto Github PK

View Code? Open in Web Editor NEW
4.0 4.0 6.0 1.92 MB

FAIR Data Point Client application for browsing the metadata and administration.

License: MIT License

JavaScript 0.50% HTML 0.21% Vue 71.64% Dockerfile 0.15% Shell 0.45% TypeScript 17.67% SCSS 9.39%

fairdatapoint-client's People

Contributors

dependabot[bot] avatar janslifka avatar luizbonino avatar mareksuchanek avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

jimfhahn markwilkinson inuites cmbi patrickdekkerhealthri

fairdatapoint-client's Issues

Unable to use `xsd:date`/`xsd:dateTime` field in forms

Using server v1.17.2 and client v1.17.0. When using a shape that deals with dates or time, the client seems to break down. I've tested in FireFox and Safari, using this example shape:

[ sh:path dcterms:issued ;
  sh:datatype xsd:dateTime ; # or xsd:date
  sh:minCount 1 ;
  dash:viewer dash:LiteralViewer ;
  dash:editor dash:DateTimePickerEditor ; # or dash:DatePickerEditor
]

When creating new metadata with this shape, the form fails with the following error hint on the input field:
http://www.w3.org/ns/shacl#DatatypeConstraintComponent

We see the value in the form widget as expected, e.g. 2024-06-04 for a xsd:date/dash:DatePickerEditor or 2024-06-04 12:00 for a xsd:dateTime/dash:DateTimePickerEditor. In the RDF preview however, the value being used is always in the format of "Tue Jun 04 2024 00:00:00 GMT+0200 (Central European Summer Time)".

This formatted value will fail on SHACL validation, which expects an ISO8601 formatted date for xsd:date or timestamp for xsd:dateTime.

We believe this is a more generic description of the issue raised in #147.

Cannot install

Node js version to be used is no specified so I used node v16.3.0.

npm install

Results in the following error:

npm WARN old lockfile
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile
npm WARN deprecated [email protected]: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated [email protected]: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated [email protected]: Deprecated due to CVE-2021-21366 resolved in 0.5.0
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated @hapi/[email protected]: Moved to 'npm install @sideway/address'
npm WARN deprecated [email protected]: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated [email protected]: no longer maintained
npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated [email protected]: This loader has been deprecated. Please use eslint-webpack-plugin
npm WARN deprecated [email protected]: 3.x is no longer supported
npm WARN deprecated [email protected]: This version of 'buffer' is out-of-date. You must update to v4.9.2 or newer
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated [email protected]: Deprecated due to CVE-2021-21366 resolved in 0.5.0
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/[email protected]: Switch to 'npm install joi'
npm WARN deprecated [email protected]: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated [email protected]: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
npm WARN deprecated [email protected]: You can find the new Popper v2 at @popperjs/core, this package is dedicated to the legacy v1
npm WARN deprecated [email protected]: Support has ended for 9.x series. Upgrade to @latest
npm WARN deprecated [email protected]: core-js@<3.4 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.
npm ERR! code 1
npm ERR! path /home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/node-sass
npm ERR! command failed
npm ERR! command sh -c node scripts/build.js
npm ERR! Building: /home/user/.config/nvm/versions/node/v16.3.0/bin/node /home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/node-gyp/bin/node-gyp.js rebuild --verbose --libsass_ext= --libsass_cflags= --libsass_ldflags= --libsass_library=
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp verb cli [
npm ERR! gyp verb cli   '/home/user/.config/nvm/versions/node/v16.3.0/bin/node',
npm ERR! gyp verb cli   '/home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/node-gyp/bin/node-gyp.js',
npm ERR! gyp verb cli   'rebuild',
npm ERR! gyp verb cli   '--verbose',
npm ERR! gyp verb cli   '--libsass_ext=',
npm ERR! gyp verb cli   '--libsass_cflags=',
npm ERR! gyp verb cli   '--libsass_ldflags=',
npm ERR! gyp verb cli   '--libsass_library='
npm ERR! gyp verb cli ]
npm ERR! gyp info using [email protected]
npm ERR! gyp info using [email protected] | linux | x64
npm ERR! gyp verb command rebuild []
npm ERR! gyp verb command clean []
npm ERR! gyp verb clean removing "build" directory
npm ERR! gyp verb command configure []
npm ERR! gyp verb check python checking for Python executable "python2" in the PATH
npm ERR! gyp verb `which` failed Error: not found: python2
npm ERR! gyp verb `which` failed     at getNotFoundError (/home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/which/which.js:13:12)
npm ERR! gyp verb `which` failed     at F (/home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/which/which.js:68:19)
npm ERR! gyp verb `which` failed     at E (/home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/which/which.js:80:29)
npm ERR! gyp verb `which` failed     at /home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/which/which.js:89:16
npm ERR! gyp verb `which` failed     at /home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/isexe/index.js:42:5
npm ERR! gyp verb `which` failed     at /home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/isexe/mode.js:8:5
npm ERR! gyp verb `which` failed     at FSReqCallback.oncomplete (node:fs:195:21)
npm ERR! gyp verb `which` failed  python2 Error: not found: python2
npm ERR! gyp verb `which` failed     at getNotFoundError (/home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/which/which.js:13:12)
npm ERR! gyp verb `which` failed     at F (/home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/which/which.js:68:19)
npm ERR! gyp verb `which` failed     at E (/home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/which/which.js:80:29)
npm ERR! gyp verb `which` failed     at /home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/which/which.js:89:16
npm ERR! gyp verb `which` failed     at /home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/isexe/index.js:42:5
npm ERR! gyp verb `which` failed     at /home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/isexe/mode.js:8:5
npm ERR! gyp verb `which` failed     at FSReqCallback.oncomplete (node:fs:195:21) {
npm ERR! gyp verb `which` failed   code: 'ENOENT'
npm ERR! gyp verb `which` failed }
npm ERR! gyp verb check python checking for Python executable "python" in the PATH
npm ERR! gyp verb `which` succeeded python /sbin/python
npm ERR! gyp ERR! configure error
npm ERR! gyp ERR! stack Error: Command failed: /sbin/python -c import sys; print "%s.%s.%s" % sys.version_info[:3];
npm ERR! gyp ERR! stack   File "<string>", line 1
npm ERR! gyp ERR! stack     import sys; print "%s.%s.%s" % sys.version_info[:3];
npm ERR! gyp ERR! stack                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
npm ERR! gyp ERR! stack SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?
npm ERR! gyp ERR! stack
npm ERR! gyp ERR! stack     at ChildProcess.exithandler (node:child_process:326:12)
npm ERR! gyp ERR! stack     at ChildProcess.emit (node:events:394:28)
npm ERR! gyp ERR! stack     at maybeClose (node:internal/child_process:1067:16)
npm ERR! gyp ERR! stack     at Socket.<anonymous> (node:internal/child_process:453:11)
npm ERR! gyp ERR! stack     at Socket.emit (node:events:394:28)
npm ERR! gyp ERR! stack     at Pipe.<anonymous> (node:net:661:12)
npm ERR! gyp ERR! System Linux 5.16.14-arch1-1
npm ERR! gyp ERR! command "/home/user/.config/nvm/versions/node/v16.3.0/bin/node" "/home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/node-gyp/bin/node-gyp.js" "rebuild" "--verbose" "--libsass_ext=" "--libsass_cflags=" "--libsass_ldflags=" "--libsass_library="
npm ERR! gyp ERR! cwd /home/user/Documents/work/esdf/fair-data-point/fdp-client/node_modules/node-sass
npm ERR! gyp ERR! node -v v16.3.0
npm ERR! gyp ERR! node-gyp -v v3.8.0
npm ERR! gyp ERR! not ok
npm ERR! Build failed with error code: 1

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/user/.npm/_logs/2022-03-26T16_20_15_280Z-debug-0.log

Intalling node-gyp didn't help.

What dependency am I missing?

URLs to catalogs or other child resources result in 404 errors

When I create a new catalog for my FAIR Data point instance, and click on it from the home page, the application "navigates" to http://example-host.com/catalog/<uuid> where I can see the catalog details and its child resources.

However if I try to copy and paste this URL in an other tab it results in a 404 error:
404 | The requested path could not be found.

This is annoying because you can't direct people to a specific resource on the FDP Client, it forces them to use the search bar or manually navigate the resources tree.

Datatype constraint violation on metadataIssued and metadataModified when editing the repository layer metadata on client `1.17.0`

Using a fresh deployment of server 1.17.1 and client 1.17.0, when editing the repository layer the following error prevents a user from saving:

[] a sh:ValidationReport;
  sh:conforms false;
  rdf4j:truncated false;
  sh:result [ a sh:ValidationResult;
      sh:focusNode <https://purl.org/fairdatapoint/staging>;
      rsx:shapesGraph rdf4j:SHACLShapeGraph;
      sh:value "Thu Mar 07 2024 09:58:24 GMT+0100 (Central European Standard Time)"^^xsd:dateTime;
      sh:resultPath <https://w3id.org/fdp/fdp-o#metadataIssued>;
      sh:sourceConstraintComponent sh:DatatypeConstraintComponent;
      sh:resultSeverity sh:Violation;
      sh:sourceShape [ a sh:PropertyShape;
          sh:path <https://w3id.org/fdp/fdp-o#metadataIssued>;
          sh:datatype xsd:dateTime
        ]
    ], [ a sh:ValidationResult;
      sh:focusNode <https://purl.org/fairdatapoint/staging>;
      rsx:shapesGraph rdf4j:SHACLShapeGraph;
      sh:value "Thu Mar 07 2024 09:58:24 GMT+0100 (Central European Standard Time)"^^xsd:dateTime;
      sh:resultPath <https://w3id.org/fdp/fdp-o#metadataModified>;
      sh:sourceConstraintComponent sh:DatatypeConstraintComponent;
      sh:resultSeverity sh:Violation;
      sh:sourceShape [ a sh:PropertyShape;
          sh:path <https://w3id.org/fdp/fdp-o#metadataModified>;
          sh:datatype xsd:dateTime
        ]
    ] .

There seems to be an issue with the values provided by the datepicker widget.

Field cardinality in generated form is incorrect when using DCAT-AP 3.0.0 shapes.

In DCAT-AP 3.0.0 the property shape constraints are split into separate instances, where each instance defines a constraint on the target sh:path. For example, the cardinality is separated from a datatype constraint. The resulting generated form in the client is not in sync with the underlying shapes.

As an example:

<https://semiceu.github.io//DCAT-AP/releases/3.0.0#CatalogueRecordShape> a shacl:NodeShape;
  shacl:closed false;
  shacl:property <https://semiceu.github.io//DCAT-AP/releases/3.0.0#CatalogueRecordShape/1c4ac0cf94e6a9152035ed86f73590b6b516dfef>,
    <https://semiceu.github.io//DCAT-AP/releases/3.0.0#CatalogueRecordShape/4b28ec6b7000fa7ccd38127f115952dd990d7d9c>,
    <https://semiceu.github.io//DCAT-AP/releases/3.0.0#CatalogueRecordShape/8c70e4513eeeeacaf9fdbc9e2cf3df16973e24c0>;
  shacl:targetClass dcat:CatalogRecord .

<https://semiceu.github.io//DCAT-AP/releases/3.0.0#CatalogueRecordShape/1c4ac0cf94e6a9152035ed86f73590b6b516dfef> rdfs:seeAlso "https://semiceu.github.io//DCAT-AP/releases/3.0.0#CatalogueRecord.changetype";
  shacl:description "The status of the catalogue record in the context of editorial flow of the dataset and data service descriptions."@en;
  shacl:maxCount 1;
  shacl:name "change type"@en;
  shacl:path <http://www.w3.org/ns/adms#status>;
  <https://purl.eu/ns/shacl#message> "Maximally 1 values allowed for change type"@en .

<https://semiceu.github.io//DCAT-AP/releases/3.0.0#CatalogueRecordShape/4b28ec6b7000fa7ccd38127f115952dd990d7d9c> rdfs:seeAlso "https://semiceu.github.io//DCAT-AP/releases/3.0.0#CatalogueRecord.changetype";
  shacl:class skos:Concept;
  shacl:description "The status of the catalogue record in the context of editorial flow of the dataset and data service descriptions."@en;
  shacl:name "change type"@en;
  shacl:path <http://www.w3.org/ns/adms#status>;
  <https://purl.eu/ns/shacl#message> "The range of change type must be of type <http://www.w3.org/2004/02/skos/core#Concept>."@en .

<https://semiceu.github.io//DCAT-AP/releases/3.0.0#CatalogueRecordShape/8c70e4513eeeeacaf9fdbc9e2cf3df16973e24c0> rdfs:seeAlso "https://semiceu.github.io//DCAT-AP/releases/3.0.0#CatalogueRecord.changetype";
  shacl:description "The status of the catalogue record in the context of editorial flow of the dataset and data service descriptions."@en;
  shacl:name "change type"@en;
  shacl:nodeKind shacl:BlankNodeOrIRI;
  shacl:path <http://www.w3.org/ns/adms#status>;
  <https://purl.eu/ns/shacl#message> "The expected value for change type is a rdfs:Resource (URI or blank node)"@en .

Maybe shape organised this way should be merged based on sh:targetClass and sh:path? But then messages are combined as well, resulting in information loss. To counter that, maybe they could be combined with sh:and dynamically at validation time?

Reports from RadboudUMC security officer

We had fairdatapoint running in the following setup:

docker-compose.yml

# docker-compose.yml

version: '3'
services:
    proxy:
        ports:
            - 80:80
            - 443:443
        image: nginx:1.25.2
        volumes:
            # Mount the nginx folder with the configuration
            - /fdp/nginx:/etc/nginx:ro
            # Mount the letsencrypt certificates
            - /etc/ssl:/etc/ssl:ro
        networks:
            - fdp
    fdp:
        image: fairdata/fairdatapoint:1.16
        volumes:
            - /fdp/application.yml:/fdp/application.yml:ro
        networks:
            - fdp

    fdp-client:
        image: fairdata/fairdatapoint-client:1.16
        environment:
            - FDP_HOST=fdp
        networks:
            - fdp
    mongo:
        image: mongo:4.2
        volumes:
            - /fdp/mongo/data:/data/db
        networks:
            - fdp

    blazegraph:
        image: metaphacts/blazegraph-basic:2.2.0-20160908.003514-6
        ports:
            - 8080:8080
        volumes:
            - /fdp/blazegraph:/blazegraph-data
        networks:
            - fdp

application.yml

# application.yml

instance:
    clientUrl: https://fdp.cmbi.umcn.nl
    persistentUrl: https://fdp.cmbi.umcn.nl

security:
    jwt:
        token:
            secret-key:  xxxx

# repository settings (can be changed to different repository)
repository:
    type: 5
    blazegraph:
        url: http://blazegraph:8080/blazegraph/

spring:
    data:
        mongodb:
            uri: mongodb://mongo:27017/fdp

nginx fdp conf

server {
    listen 443 ssl;

    # Enable TLS and forward secrecy
    ssl_protocols TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "ECDHE EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";

    # Generated certificates using certbot, we will mount these in docker-compose.yml
    ssl_certificate /etc/ssl/certs/intranetwiki-bundle_13032023.crt;
    ssl_certificate_key /etc/ssl/private/intranetwiki.cmbi.umcn.nl_13032023.key;

    ssl_dhparam /etc/ssl/certsdhparam.pem;
    ssl_ecdh_curve secp384r1;  # Requires nginx >= 1.1.0

    server_name fdp.cmbi.umcn.nl;

    # We pass all the request to the fdp-client container, we can use HTTP in the internal network
    # fdp-client_1 is the name of the client container in our configuration, we can use it as host
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_request_headers on;
        proxy_pass http://fdp-client;
        #proxy_pass http://fairdatapoint-client;
    }

    location /blazegraph/ {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_request_headers on;
        proxy_pass http://blazegraph:8080/blazegraph/;
    }
}

# We redirect all request from HTTP to HTTPS
server {
    listen 80;
    server_name fdp.cmbi.umcn.nl;
    return 301 https://$host$request_uri;
}

The radboudUMC security officer reports the following security vulnerabilities: (with solutions provided)

  • PivotX Multiple Cross-Site Scripting and Arbitrary File Upload Vulnerabilities
  • PivotX TimThumb Domain Name Security Bypass Vulnerability
    (Customers are advised to upgrade to PivotX 2.3.9 and later to remediate these vulnerabilities.)
  • WordPress NextScripts: Social Networks Auto-Poster Plugin "wp-admin/admin.php" Cross-Site Scripting Vulnerability
    (Customers are advised to install WP NextScripts 4.2.8or later versions to remediate this vulnerability.)
  • Adobe Commerce Improper Input Validation (APSB22-12)
  • Adobe Magento Arbitrary Code Execution Vulnerability (APSB22-38)
    (The issue has been patched: https://helpx.adobe.com/security/products/magento/apsb22-38.html)

Since we're just using the fairdatapoint software, we don't know where these software packages are used in the fairdatapoint code. We're hereby asking the maintainers to solve these issues. Thank you!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.