enciv / civil-server Goto Github PK

When a user creates an account, send them an email where they click on a link to validate their email address.

Only valid for a programmable number of minutes. Then they have to issue a new link to validate.

UX -
When the user uses the AuthForm to join, after they hit join the are given a "Welcome" message.
Instead that message should say "Check you email for a confirmation message".
There should also be a button saying "Resend"
The user will receive a message that has a link to click on.
The user clicks on that link and a new page/tab opens up. (Consider that the user could be opening the email on their phone, while they are joining from the browser on their laptop).
The user taps on a button that says "Confirm"
That tab/window closes.
In the original tab window, the status message changes to "Welcome" and then goes to the next page.

Right now, all documents passed in by Iota.load(iotas.json) will be loaded to the production database - if it is empty. We need to distinguish between qa and production so lets ignore the paths that math //qa/.+$

use https://www.npmjs.com/package/chokidar to give tools/react-directory-indexer a --watch option so that it runs in the background and generates a new index every time there is a change in that directory

passport.js?

Currently the civil-server is creating one all encompassing main.js file. It's about 2Megs right now, which is larger than what is recommended.

We are using webpack to build this file, but webpack has many features for creating multiple script files, and for lazy loading.

Find a way to break up the main.js file so that the initial load is smaller but all that is needed eventually gets loaded.

Note that civil-server first renders the code on the server side (through app/server/routes/server-react-render) and after the user views it, the code on the browser is rehydrated from main.js. It's the code that pertains to the first page rendered that the user wants loaded as quickly as possible so it can be rehydrated quickly and the user can then interact with it. But also consider that since the initial page has content, the user spends time looking at it before needing to interact with it and so our single large main.js file hasn't been too much of a problem.

If a repo like undebate-ssp is including the undebate and the civil-server, pages that get rendered by the complete build import one main.js file that has all the logic for everything. But if a user visits a page that's just part of undebate then the main.js contains more than is necessary.

For example if one goes to cc.enciv.org/undebates they get the top level page for undebate-ssp. But if one visits https://cc.enciv.org/san-francisco-district-attorney they get a page from the undebate repo - but it's rendered by App from undebate-ssp and both have a common main.js

When a projects server starts - in app/start.js there is the code

import App from './components/app'
   ...
   server.App=App

This is where the App from the repo of the top level project is being set.

In addition, all pages of the different repos/projects are rendered with on common app/components/app.js wrapper and use the same
app/server/routes/server-react-render - though maybe this is okay and we need to just factor our what needs to be project/repo specific, it's possible that this should be per project rather than the same for all cases.

In the undebate repo, ending.jsx this line:

    logger.trace('ending.onUserUpload', props)

will cause the socket.io websocket to disconnect after several seconds.
The disconnect will cause the node-socketio-stream in create-participant.js to close, and close the socket.io stream. Note: if the socket.io-stream didn't force a close of the socket.io socket - it will reconnect.
But the end result was that uploads of recorded video would get aborted a few seconds after they are started and it was really hard to trace down.

The problem was that in ending.jsx, the props includes ccState which includes the recorded video blobs. If you console.info props, its' fine and it shows the blob size. But (I presume) that socket.io is trying to encode and transfer the video blobs (they are megabytes).

The proposed solution here is that socketlogger on the client side, should traverse through the arguments being logged, and convert Blobs and other large things into strings that just indicate the length. (similar to how it looks with console.info). For example Blob {size:1743098, type: 'video/webm;codecs=vp9,opus'}

OR there might be an option to tell socket.io to do this. But it needs to be investigated, and must only apply to the socketlogger api calls and not other api calls.

The work around is to not log props in this case, but it's hard to prevent this type of error from coming up again.

Please build a jest test for this. It's easy to create tests of the socket-apis that have both the client and server side code and it makes it a lot easier to write and test the code for a deep feature like this - see undebate-ssp /app/socket-apis/tests/send-moderator-invite.js for an example.

If I cut and paste the key from my email, it has a space at the end. If I don't notice and try to reset my password, it fails and I can't see why.

• can we fix the email so that I don't get a space at the end when I double click on the reset key
• trim spaces off the beginning and end of the reset key the user enters on the reset password page

For example, if the tempId route throws an error because the schema validation fails, the error percolates up and the server crashes.

Server should ignore errors from routes and throw up a page or something.

[2021-12-20T14:18:14.361] [INFO] node - { tempId: { email: '' } }
[1] C:\Users\David Fridley\git\EnCiv\unpoll\node_modules\@hapi\joi\lib\errors.js:202
[1]     const error = new Error(message);
[1]                   ^
[1]
[1] Error [ValidationError]: child "email" fails because ["email" is not allowed to be empty]
[1]     at Object.exports.process (C:\Users\David Fridley\git\EnCiv\unpoll\node_modules\@hapi\joi\lib\errors.js:202:19)
[1]     at internals.Object._validateWithOptions (C:\Users\David Fridley\git\EnCiv\unpoll\node_modules\@hapi\joi\lib\types\any\index.js:763:31)
[1]     at internals.Object.validate (C:\Users\David Fridley\git\EnCiv\unpoll\node_modules\@hapi\joi\lib\types\any\index.js:797:21)
[1]     at Function.validate (C:\Users\David Fridley\git\EnCiv\unpoll\node_modules\mongo-models\index.js:462:28)
[1]     at new MongoModels (C:\Users\David Fridley\git\EnCiv\unpoll\node_modules\mongo-models\index.js:22:41)
[1]     at new User (C:\Users\David Fridley\git\EnCiv\unpoll\node_modules\civil-server\dist\models\user.js:18:1)
[1]     at C:\Users\David Fridley\git\EnCiv\unpoll\node_modules\civil-server\dist\models\user.js:37:25 {
[1]   isJoi: true,
[1]   details: [
[1]     {
[1]       message: '"email" is not allowed to be empty',
[1]       path: [ 'email' ],
[1]       type: 'any.empty',
[1]       context: { value: '', invalids: [ '' ], key: 'email', label: 'email' }
[1]     }
[1]   ],
[1]   _object: {
[1]     email: '',
[1]     password: '$2b$10$kVXYR7vgSSj4zUJRICITiuWDRjCpEn2iG/keS2Zq5kFh1uR4WbUd2'
[1]   },
[1]   annotate: [Function (anonymous)]
[1] }
[2] <e> [webpack-dev-server] [HPM] Error occurred while proxying request localhost:3011/tempid to http://localhost:3012/ [ECONNRESET] (https://nodejs.org/api/errors.html#errors_common_system_errors)
[1] [nodemon] app crashed - waiting for file changes before starting...
[2] <e> [webpack-dev-server] [HPM] Error occurred while proxying request localhost:3011/socket.io/?EIO=4&transport=polling&t=NtPx7t6&sid=Cb9uz3j6B8W6_aDgAAAA to http://localhost:3012/ [ECONNREFUSED] (https://nodejs.org/api/errors.html#errors_common_system_errors)
[2] <e> [webpack-dev-server] [HPM] Error occurred while proxying request localhost:3011/socket.io/?EIO=4&transport=polling&t=NtPx7t7&sid=Cb9uz3j6B8W6_aDgAAAA to http://localhost:3012/ [ECONNREFUSED] (https://nodejs.org/api/errors.html#errors_common_system_errors)

Cypress has not been used since splitting the civil-server out of undebate. And, cypress has been updated to 29 due to security alerts.
Jest has also been updated.

• Get Cypress and Jest working of this repo
• Create a Cypress test for the join page that checks if a new user can create an account
• Create a Cypress test for the login page that checks if an existing user can login
• Create other cypress tests for the Join component and authform

in app/routes there is app-mddoc.js which should render a martkdown file when someone goes to /doc/markdownfile.md but it is not working. This has never been working in the civil-server so don't assume anything.

• create assets/doc/example.md uses some simple markdown commands
• navigate to localhost:3011/doc/example.md - this should render it. but now you get
• as far as I can tell, the line 8 of app-mddoc.js is never getting executed
• create a cypress test for this