mozilla-services / ip-reputation-js-client Goto Github PK

Related to mozilla-services/iprepd#35

Should just require changing the IP validation code and adding new tests for it.

Hey @g-k,

You might not access the first two of these, but we ran into a bug with using newrelic + bluebird.

• https://github.com/mozilla/fxa-customs-server-private/issues/43
• https://support.newrelic.com/tickets/297628
• https://github.com/jrgm/newrelic-bluebird-request-node8-bug

... but it would useful if you changed the reference to request.defaults like this:

• change https://github.com/mozilla-services/ip-reputation-js-client/blob/master/lib/client.js#L8 to do:

const _request = require('request'));
const request = Promise.promisify(_request);

and later call .defaults on the _request object at https://github.com/mozilla-services/ip-reputation-js-client/blob/master/lib/client.js#L43.

Ping me on irc or here if you have questions.

We're opening this issue because your project has used Travis CI within the last 6 months. If you have already migrated off it, you can close and ignore this issue.

Travis CI is ending free builds on public repositories. travis-ci.com stopped providingthem in early November, and travis-ci.org will stop after December 31, 2020. To avoid disruptions to your workflows, you must migrate to another CI service.

For production use cases, we recommend switching to CircleCI. This service is already widely used within Mozilla. There is a guide to migrating from Travis CI to CircleCI available here.

For non production use cases, we recommend either CircleCI or Github Actions. There is a guide to migrating from Travis CI to Github Actions available here. Github Actions usage within Mozilla is new, and you will have to work with our github administrators to enable specific actions following this process.

If you have any questions, reach out in #github-admin:mozilla.org on matrix.

Add ability to test against mocked service without running tigerblood (but still be able to integration test against a running instance too).

nice to have

For consideration, but shouldn't this service not be plaintext?

on the npm registry page https://www.npmjs.com/package/request

request has been deprecated, see request/request#3142

This module currently makes use of the legacy untyped reputation endpoints.

It should be updated in a fashion that does not break downstream consumers to support the current endpoints. This will allow us to deprecate the legacy endpoint support in iprepd.

Steps to reproduce:

1. Clone this repo using git clone [email protected]:mozilla-services/ip-reputation-js-client.git.
2. Run $ npm install to install dependencies.
3. Run $ grunt to run the default Grunt task:
   

   ip-reputation-js-client/Gruntfile.js

   Line 12 in 6e94fbd

   grunt.registerTask('default', ['lint', 'copyright', 'validate-shrinkwrap'])

Actual results:

$ grunt
Warning: Task "validate-shrinkwrap" not found. Use --force to continue.

Aborted due to warnings.

$ echo $? # 3

As of January 1 2019, Mozilla requires that all GitHub projects include this CODE_OF_CONDUCT.md file in the project root. The file has two parts:

1. Required Text - All text under the headings Community Participation Guidelines and How to Report, are required, and should not be altered.
2. Optional Text - The Project Specific Etiquette heading provides a space to speak more specifically about ways people can work effectively and inclusively together. Some examples of those can be found on the Firefox Debugger project, and Common Voice. (The optional part is commented out in the raw template file, and will not be visible until you modify and uncomment that part.)

If you have any questions about this file, or Code of Conduct policies and procedures, please reach out to [email protected].

(Message COC001)

The current timeout param only applies to waiting between reads and writes on the socket.

New connections that do not reuse an existing TCP connection, will fire lookup and connect events, but potentially hit the OS connection (and probably DNS lookup) timeouts.

per irc chat w/ @ameihm0912:

one of the tests we did was to totally firewall off the iprepd elb
if we do that, the request ends up taking 30s or so (reverts to default OS timeout per requests documentation)

The docs say:

Note that if the underlying TCP connection cannot be established, the OS-wide TCP connection timeout will overrule the timeout option (the default in Linux can be anywhere from 20-120 seconds).

Setting this at the OS-level with net.ipv4.tcp_syn_retries is not desirable since we want other FxA connections to use the default timeout.

The easiest solution might be to:

• add a setTimeout(abort.bind(null, request), timeout_param) to each request where abort:
  • cancels the bluebird request promise and calls cancel on the underlying http.request (i.e. https://github.com/request/request-promise#cancel switching to this might make sense too)

Additional info in: https://github.com/request/request/tree/master#timeouts
The commit adding connection timeout tracking is: request/request@ee4cfbb

Looks like we are publishing oodles of files to npm, and I don't think a lot of them are necessary (ie: grunt tasks, etc).

$ npm init -y && npm i ip-reputation-js-client -D
Wrote to /Users/pdehaan/dev/tmp/del/ip-rep-test/package.json:

{
  "name": "ip-rep-test",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "Peter deHaan <[email protected]> (https://about.me/peterdehaan)",
  "license": "WTFPL"
}

npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN [email protected] No description
npm WARN [email protected] No repository field.

+ [email protected]
added 62 packages in 3.567s

$ ls -lashR node_modules/ip-reputation-js-client
8 -rw-r--r--   1 pdehaan  staff   450B Oct 26  1985 Gruntfile.js
8 -rw-r--r--   1 pdehaan  staff   2.0K Oct 26  1985 README.md
0 drwxr-xr-x   7 pdehaan  staff   224B May 14 15:53 grunttasks
0 drwxr-xr-x   3 pdehaan  staff    96B May 14 15:53 lib
8 -rw-r--r--   1 pdehaan  staff   2.0K May 14 15:53 package.json
0 drwxr-xr-x   5 pdehaan  staff   160B May 14 15:53 scripts
0 drwxr-xr-x   3 pdehaan  staff    96B May 14 15:53 test

node_modules/ip-reputation-js-client/grunttasks:
8 -rw-r--r--  1 pdehaan  staff   789B Oct 26  1985 bump.js
8 -rw-r--r--  1 pdehaan  staff   700B Oct 26  1985 copyright.js
8 -rw-r--r--  1 pdehaan  staff   421B Oct 26  1985 eslint.js
8 -rw-r--r--  1 pdehaan  staff   364B Oct 26  1985 nsp.js
8 -rw-r--r--  1 pdehaan  staff   857B Oct 26  1985 version.js

node_modules/ip-reputation-js-client/lib:
16 -rw-r--r--  1 pdehaan  staff   4.6K Oct 26  1985 client.js

node_modules/ip-reputation-js-client/scripts:
8 -rwxr-xr-x  1 pdehaan  staff   783B Oct 26  1985 cleanup-test-db.sh
8 -rwxr-xr-x  1 pdehaan  staff   1.2K Oct 26  1985 setup-test-db.sh
8 -rwxr-xr-x  1 pdehaan  staff   412B Oct 26  1985 test-local.sh

node_modules/ip-reputation-js-client/test/local:
16 -rw-r--r--  1 pdehaan  staff   5.5K Oct 26  1985 reputation_service_client_tests.js

I don't know what file(s) are required for any of this to work, if it's only "lib/client.js" (per package.json's main attribute), or if we'd need others.
Not like any of these files are huge, but keeping it as slim as possible is probably a good idea.

#43 should be completed prior.

The README needs to be updated based on the changes in #40

Currently it looks like ESLint passes with zero errors.

$ grunt lint
Running "eslint:files" (eslint) task

Done.

... Sadly, it looks like the files all lint because there is no .eslintrc.js (or .json, or .yml) file, and the default config has no rules.

This is probably a bare minimum config:

module.exports = {
  env: {
    es6: true,
    node: true
  },
  extends: [
    'eslint:recommended',
    'fxa' // per "eslint-config-fxa", this would probably need to switch to "plugin:fxa/client" if you wanted to switch to "eslint-plugin-fxa".
  ],
  root: true,
  rules: {
    'strict': 'off'
  }
};

Current output:

$ grunt lint
Running "eslint:files" (eslint) task

/Users/pdehaan/dev/github/mozilla-services/ip-reputation-js-client/lib/client.js
   72:37  error  Strings must use singlequote  quotes
   93:37  error  Strings must use singlequote  quotes
  113:37  error  Strings must use singlequote  quotes
  132:37  error  Strings must use singlequote  quotes
  152:37  error  Strings must use singlequote  quotes

/Users/pdehaan/dev/github/mozilla-services/ip-reputation-js-client/test/local/reputation_service_client_tests.js
  14:32  error  Strings must use singlequote  quotes

✖ 6 problems (6 errors, 0 warnings)

Warning: Task "eslint:files" failed. Use --force to continue.

Aborted due to warnings.

$ echo $? # 3

The output is slightly different if you run ESLint directly, so you may also need to tweak the glob pattern in grunttasks/eslint.js to scan the *.js files in the root directory:

% $(npm bin)/eslint .

/Users/pdehaan/dev/github/mozilla-services/ip-reputation-js-client/Gruntfile.js
   6:15  error  Missing semicolon  semi
   8:37  error  Missing semicolon  semi
  10:32  error  Missing semicolon  semi
  12:78  error  Missing semicolon  semi
  13:41  error  Missing semicolon  semi
  14:2   error  Missing semicolon  semi

/Users/pdehaan/dev/github/mozilla-services/ip-reputation-js-client/lib/client.js
   72:37  error  Strings must use singlequote  quotes
   93:37  error  Strings must use singlequote  quotes
  113:37  error  Strings must use singlequote  quotes
  132:37  error  Strings must use singlequote  quotes
  152:37  error  Strings must use singlequote  quotes

/Users/pdehaan/dev/github/mozilla-services/ip-reputation-js-client/test/local/reputation_service_client_tests.js
  14:32  error  Strings must use singlequote  quotes

✖ 12 problems (12 errors, 0 warnings)

Errors not ok client.get(...).then is not a function from #8

Staying on node 8 is probably going to limit how up to date we can keep our deps and how much FxA can de-dup.

FxA is the only consumer of this library AFAIK. They're on 12 for dev https://github.com/mozilla/fxa#installing-nodejs , but I'm not sure about prod.