Update from upstream (#6)

* Fix gauth error * Allow headers on rejection / error response * Add Access-Control-Allow-Credential headers * Return "OK" for OPTION methods * Correct OPTION method to OPTIONS plural * Add Access-Control-Allow-Headers ... to Access-Control-Allow-Headers * Allow cross-origin script access * Add frontend script + webpack build * Allow gauth to retrieve token * Update apiClient * Create discussion area if not found * Add Referrer-Policy to CORS allowed headers * Create discussion div if not found * Add CSS distributable Note this is not acceptable for production, since it adds styles directly to elements like 'body' * Include credentials for all requests * Improve message for modify admin error * Remove unused * Set SameSite to None * Limit recursion on error * Immediate login after signup * Allow Authorization header * Show user id in logged-in status * Set SameSite to None at auth delete (log out) * Add #user-display to DOM * Remove js based Referrer Policy header * Add nice-to-haves * Add source-map to x-origin script * Improve user endpoint error messages * Troubleshoot missing auth * Do not ignore jwt expiration * Equalize expiration date between cookie and token * Login request on expire From a UXD perspective, this is less than optimal, but let's punt handling this until the frontend update * Expire auth in 1 year * Hide log-in form * Handle expired token server-side Just return 'null' * Hide user auth * Update jwt expiration * Add login before comment submit * Fix jwt expiration error * Hide user display * Hide user-display * Update x-origin css * Add JSDocs * Set API URL via setSimpleCommentApiUrl() * Guests can update / change name * Clear type errors * Add helpful error message * Use proper endpoint for userPUT * Update badge * Update badge * Update done and todo * Remove extraneous html elements * Add Twitter card logo * Cleanup * API URL as .env variable * Remove StyleCI Default open-source license is for PHP only, unnecessary as this project does not use PHP * Update README.md * Update README.md * Remove extraneous obsolete .env variables * Update basic description * Rewrite demo intro * Write more positive intro * Clean layout with detail-summary accordion * Remove help cursor from anchors with [title] Not having the cursor:pointer is potentially confusing * Add 'alternative solution' pros-cons lists * Add build dependencies to "dependencies" * Install Cypress * Close issue #35 `Frontend testing with Cypress` Merging this branch will include Cypress and essential tests for Simple Comment frontend * Initial documentaion and tests * Update '#simple-comment-area' to '...-display' * Update frontend element nomenclature Element ids with '-input' or '-textarea' changed to generic '-field' "#simple-comment-area" changed to more specific "...-display" * Change .env SIMPLE_COMMENT_MODE to IS_CROSS_SITE This change clarifies its purpose * Minimal functionality frontend test * Complete CYPRESS doc * Test client input validation * Create LICENSE Punt the question to readers * Add more alternatives! * AGPL 3 * Update abstract Service tests Upgraded TypeScript no longer compiles abstract classes, so Service must be implemented as TestService * Upgrade dependencies * Remove bson It's a dependency's dependency * Upgrade TypeScript to 4.4.3 * Fix module reference * Update landing page styling * Format Service.ts * Update dependencies (#44) * Fix type error * Upgrade dependencies * Update dependencies (#46) * Change `IS_CROSS_SITE` instructions to boolean fixes #47 * Update example.env List env variables in order they appear in Netlfify (alphabetical) * Remove David badge * Update secrets test * Set Node version * Upgrade mongodb client to latest minor version * Address Dependabot alerts * Implement SECURITY policy * Create codeql.yml * Upgrade/dependencies (#50) * Upgrade dependencies to latest where possible * `mongodb@3.7.3` => `mongodb@^4.5.0` * `typescript@4.3.5` => `typescript@^4.6.3` * Update failing Cypress tests * Lighthouse update * Remove netlify-lambda build tool * mitigate glob-parent vulnerability. * Update SECURITY.md * Add action to test netlify functions (#51) * Downgrade to Jest@27 ts-jest does not yet support Jest@28. Follow the issue here: <kulshekhar/ts-jest#3453> * Move cypress and netlify to optionalDep Begin general dep cleanup * Enforce unix-style endings * Add netlify-api-test GitHub action * Move aws-lambda to devDeps * Create test .env in CI * Remove swagger-generated API docs (#52) * Update/cleanup (#53) * Fix async security alert * Change interfaces to types * Update slug * Move mock data to its own file * Reset mocks after each test * Update/cleanup (#54) * Update mock data function names * Add eslint * Format * Add eslint-watch * Implement linter advice * Configure linter
rendall-dev-Oy · May 4, 2022 · 2f03b3f · 2f03b3f
1 parent a335e21
commit 2f03b3f
Show file tree

Hide file tree

Showing 51 changed files with 13,944 additions and 19,218 deletions.
diff --git a/.eslintignore b/.eslintignore
@@ -0,0 +1,3 @@
+*.js
+/dist/**/*.js
+/src/policy.ts
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,70 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [master]
+  schedule:
+    - cron: "39 17 * * 6"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["javascript"]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
+
+      #- run: |
+      #   make bootstrap
+      #   make release
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/netlify-api-test.yml b/.github/workflows/netlify-api-test.yml
@@ -0,0 +1,28 @@
+name: Simple Comment
+
+on:
+  pull_request:
+    branches: [master]
+
+jobs:
+  test-netlify-functions:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Use Node.js 16.x
+        uses: actions/setup-node@v3
+        with:
+          node-version: "16"
+
+      - name: Build Netlify functions
+        run: |
+          npm install yarn@^1 --no-package-lock -g
+          yarn --frozen-lockfile --production=false --ignore-optional
+          yarn run build:netlify
+
+      - name: Test Netlify functions
+        run: |
+          node ./scripts/createTestEnv.mjs 
+          yarn test
diff --git a/.gitignore b/.gitignore
@@ -1,18 +1,23 @@
 *.js
 .env
 /.git
+/.netlify
 /RAW
 /cypress/fixtures
 /cypress/integration/examples
 /cypress/screenshots
 /cypress/support
+/cypress/videos/
 /functions
 /lib
-/netlify-functions
 /node_modules
 debug.log
 globalConfig.json
 yarn-error.log
 !/cypress/**/*.js
 !/docs/**/*.js
 !webpack.config.js
+!webpack.netlify.functions.js
+
+# Local Netlify folder
+.netlify
diff --git a/.nvmrc b/.nvmrc
@@ -0,0 +1 @@
+14.19.1
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -4,5 +4,6 @@
       "fileMatch": ["simple-comment-api.json"],
       "url": "./src/schema/openapi.schema.json"
     }
-  ]
+  ],
+  "files.eol": "\n"
 }