kbuffardi / codewitus Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
On the tutorial page, we want to listen for:
exercisefeedback
to changefeedback
then write a new Exercise_AttemptAs part of this issue, we need a Exercise_Attempt table with:
688
from this exercise)On Linux, running the command docker-compose build
fails and produces the following error (segment):
[2/4] Fetching packages...
error @npmcli/[email protected]: The engine "node" is incompatible with this module. Expected version "^12.13.0 || ^14.15.0 || >=16". Got "10.24.0"
error Found incompatible module.
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
ERROR: Service 'web' failed to build : The command '/bin/sh -c yarn install --check-files && yarn upgrade --ignore-engines' returned a non-zero code: 1
Let's use this video for testing purposes: https://youtu.be/DFXdvQ62NlI
Data we want:
learner
[email protected]
or [email protected]
should automatically be given admin
role/manage
email addresses
that contains the entire search term should match. All matches should be shown in the results table...email address
as text label, created at
as data label, role
as dropdown with the options (and current value displayed) {learner
,creator
,admin
}. Changing the dropdown selection should (using AJAX) update the record of the user with their new role. If nothing matches the search result, display "No matches found" instead of the table.By default, we still want docker compose to run both the server and db images. However, for debugging and experimental purposes, we would benefit from having a second way to spin up the containers in interactive mode so that we can interact with the server from the rails command-line.
Minimally, include instructions on how to do so in README.md
with commands but may also need changes to configuration files.
CVE-2021-22881
moderate severity
Vulnerable versions: >= 6.0.0, <= 6.0.3.4
Patched version: 6.0.3.5
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted Host header can be used to redirect to a malicious website.
These rules will only apply to accounts made on codewit.us and not those authenticated through external OAuth.
Within the site, passwords should:
Add a Notification
model that contains the required fields:
Add to the admin Management page, a form that shows all current Notifications (any whose expiration dates have not passed), with editable fields the admin can update and submit. There should also be an option to add a new Notification with the same editable fields.
Update the header partial view so that when there are notifications (any whose expiration dates have not passed), a box will appear immediately below the navbar with the text of the notification's message.
Load the featured tutorial on the landing page dynamically to embed its thumbnail, author (with name and photo), title, concepts, and interests; as described in the UX wiki
As described in the wiki and demonstrated in the wireframe prototype, add a list of "Related tutorials" under the featured tutorial on the landing page.
The featured tutorial should update according to the description in the UX Wiki using the dropdowns.
Add the tutor profile page (as described in the wiki) and update their names/photos to link to their profile page wherever it appears.
SEE CORRECTIONS BELOW
div#sidebar
> article.workout
> div.summary
> div.radial-progress
> div.pct
Session_Performance
table with:Seed the db to have the following initial concepts:
creator
or admin
for tutorial creation/editForm fields:
Affiliated information (saved but not user-entered):
Model associations are just represented by strings (then extracted for SQL statements) rather than having actual associations and appropriate lookup tables. This causes problems, for example, in Videos and Concepts many-to-many relationship that is just stored as a string of an array of id's ([5, 11]
) and Concept.find_by(id: @videoData[0].concepts)
doesn't find the associated concepts because it is searching for a singular id "[5, 11]"
404 Page Not Found errors should redirect to the landing page.
When redirected to the landing page, the notification box should show a message -- that isn't an instance of a notification, but adopts the same presentation and interaction -- that says:
Oops! You were heading in the wrong direction, so we brought you home safely.
Upon docker-compose up
I get the following error (after Puma has launched the web server and I have opened the homepage):
web_1 | Cannot render console from 172.18.0.1! Allowed networks: 127.0.0.0/127.255.255.255, ::1
Add these to as unique rows for Interests:
Upon running the container and browsing localhost:3000
I get an Application error and the console server error reads:
Started GET "/" for 172.18.0.1 at 2021-12-07 22:11:42 +0000
web_1 | Cannot render console from 172.18.0.1! Allowed networks: 127.0.0.0/127.255.255.255, ::1
web_1 | (0.4ms) SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
web_1 | Processing by ApplicationController#home as HTML
web_1 | Video Load (0.6ms) SELECT "videos".* FROM "videos" ORDER BY RANDOM() LIMIT $1 [["LIMIT", 1]]
web_1 | ↳ app/controllers/application_controller.rb:63:in `home'
web_1 | Completed 500 Internal Server Error in 9ms (ActiveRecord: 1.6ms | Allocations: 2895)
web_1 |
web_1 |
web_1 |
web_1 | NoMethodError (undefined method `interests' for nil:NilClass):
web_1 |
web_1 | app/controllers/application_controller.rb:63:in `home'
Cannot render console is related (see #60 ) but independent of the other errors
When the server runs, it updates/creates some files that reflect changes in the Rails configuration. However, those changes do not persist permanently because once the container shuts down, the files will remain as they originally were.
Files we want to persist include:
yarn.lock
Gemfile.lock
CVE-2021-22880
high severity
Vulnerable versions: >= 6.0.0, <= 6.0.3.4
Patched version: 6.0.3.5
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.
We need a relational MySQL database with the following objects:
For now, each user will have one (and only one) role, but we want a dedicated object for future extensibility. Initial values will be:
interests will be topics like personal interests or hobbies. They will be associated (many-to-many) with other objects, including User, but also other objects
We need to configure the app to default to MySQL (instead of SQLite) and build the initial tables. The development environment should also support it.
Upon reviewing the codebase, I noticed some code that is replicated and/or components that need better names. We need to refactor code so that it is DRY ("don't repeat yourself") and clean:
header
and header 2
which are near duplicates. If they are both necessary, give them more descriptive names. Same with interest and interest2.backup.html.erb
and indexOld.html.erb
that should be deleted if unnecessary. Do another pass through the project to see if there are other examples besides these two files.Values for interests should be restricted by the following rules:
A partial view for selecting interests (wireframe is in progress) should:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.