guardians-dsc / iarl-nodejs Goto Github PK
View Code? Open in Web Editor NEWInterface de Acesso Remoto a Laboratórios
Home Page: https://guardians-dsc.github.io/iarl-nodejs/
License: MIT License
Interface de Acesso Remoto a Laboratórios
Home Page: https://guardians-dsc.github.io/iarl-nodejs/
License: MIT License
I think we could start opening issues and resolving them with our PRs. What do you guys think?
winston is a great module for doing this.
There are still files in the project related to the front, I deleted and adapted the project to get leaner.
Convert content-type 'text/plan' provided by the request header to json.
This issue aims to remember us to add the IARL description to documentation.
We need to block user navigation to your home directory.
That issue aims at remember us that we must use documentation in our project sooner or later.
``
To avoid any kind of brute force attack when logging into the application, we should put a delay of 200ms for each attempt of login. This value may change in future, but it's a good start.
it is also a good time to think and review the code searching for some vulnerability.
it would be nice if we track the code quality of this repository.
there are some GitHub apps that review the code automatically after every PR or commit, I recommend CodeBeat. it searches the code for bad smells and report them.
if this suggestion is well accepted, i can easily configure it for this repository.
node update allows populate req.body using the json() function.
We must ensure security and increase performance to put the application into production.
Good pratices for production: http://expressjs.com/pt-br/advanced/best-practice-performance.html
How will we list the directories of an user? The real client of our back-end application is our front-end. How will be the json of directory listing returned to the front?
Endpoint to get the LCCs servers.
GET method documentation from /api/download endpoint.
We must ensure security so we need to review the temporary fix of regex verification at this commit
An efficient way to test the code is with automatic testing. mocha and chai are simple and efficient modules for testing. This site explains about them https://medium.com/@hbarcelos/bdd-para-iniciantes-com-node-js-mocha-and-chai-649d13f9564
iarl-nodejs/controllers/download.js
Line 42 in 3a75646
The file can be very large and take up a lot of memory space. Using Streams, the file can be processed and sent in small chuncks, saving resources and increasing performance.
We need to think a better way to solve the problems with vulnerable dependencies. We should not do it manually.
As discussed, ldap validation seems to be better than ssh, since it is faster and more stable.
Add a path variable in the response to indicate the current path.
"path": "/home/Documents/",
"items": [
{
"name": "dir1",
"isFile": false
}
]
The following keywords, followed by an issue number, will close the issue:
see https://help.github.com/en/articles/closing-issues-using-keywords for more details.
This issue aim at remember us to review the session feature and hide the secret key using environment variables, if after the review that key still exist.
Since that application already has a dockerfile configuration, I think we should ensure that we are using it.
We should update our Dockefile to use Guardians' DockerHub, just like iarl-vue does.
How will we handle the downloads? Is it easy to download from the server that is running the application, but the other two?
To reduce some lines of code and turn it more legible we could implement the cors module.
Update module
Because the application will run on three servers, the session can not be used. Because the data is saved in server memory, when he changes server, session data will not be available and the client will need to sign in again. The token solves this problem, since it contains the required data and will be on the client side
What should we do when our application receives an invalid json?
To be more maintainable, the application needs a configuration directory to store the "development" and "production" variables (as well as environment variables). This can be make using the config module.
I thought about using standardjs + semicolons.
After a successful authentication via ldap, what will we do with the login and password of the client? Should we save it in some place to use later?
Sometimes the browser makes an OPTIONS request before making the expected request. The server does not support this type of request.
https://github.com/Guardians-DSC/iarl/blob/c7f5c6d9d0f78e13468acbab8200cd2fed15a775/controllers/login.js#L7
In javascript, empty strings have a false boolean type, as well as undefined and null data.
In this case, an expression that would cover the undefined and null cases would be:
if (req.body.username || req.body.password) {
GET method documentation from /api/servers endpoint.
Analyzing the IARL repositories, we can see the absence of a standardized language in the README.md files.
While the iarl-who and iarl-nodejs repositories have a description in Brazilian Portuguese, iarl-vue, iarl-angular, and iarl-react have a description in English.
To standardize the descriptions, which language will be used?
Refact this line:
Pass the directory path to be listed in the format: 127.0.0.1:3000/api/directory-list/path/directory
instead of passing the parameters in the GET request (ex. 127.0.0.1:3000/api/directory-list?path=paht/directory
).
As the project is open-source, it would be interesting to adopt a style guide. Well known is StandardJS, it automatically corrects the code.
It's time to think how can we test this application. This issue aims at remeber that and also propose to do it using some application to calculate code coverage.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.