Describe the bug

Move the SPA assets such as SVG, PNG etc files to amazon s3 and provide the urls. to the assets.

Integrate sentry with react code for error handling.

Using yarn

yarn add @sentry/react @sentry/tracing

Using npm

npm install --save @sentry/react @sentry/tracing

import React from "react";
import ReactDOM from "react-dom";
import * as Sentry from "@sentry/react";
import { Integrations } from "@sentry/tracing";
import App from "./App";

Sentry.init({
  dsn: "https://[email protected]/5623221",
  integrations: [new Integrations.BrowserTracing()],

  // We recommend adjusting this value in production, or using tracesSampler
  // for finer control
  tracesSampleRate: 1.0,
});

ReactDOM.render(<App />, document.getElementById("root"));

// Can also use with React Concurrent Mode
// ReactDOM.createRoot(document.getElementById('root')).render(<App />);```


example on how to integrate  @naseemshah 

Please remove this cliche readme and add a good readme file.

Describe the bug

Last item in the following carousel and all other carousels should have a right margin/padding as required:

It should be same as the following first item's left margin/padding:

Add a link to point to github issues page for people to report bugs
Add a link to discord ( https://chat.kitesfoundation.org) for people to join

This issue is kept to use as a cdn for the assets

Overview

• Image of Place
• Destination Name
• Tabs: [Details, Reviews, Hotels, Activities]

Details Tab

• Tags
• Description

Activity

• Activity available at current destination

Reviews

• Review List
  • Star Rating
  • Review Text
  • User Name
  • Time
• Add Review Button
• Add Review Form

Nearby

• List
• Distance
• Type [Destination, Activity, Product]

Flora Fauna

• List the flora and fauna
  • Picture
  • Name
  • Extinction status

Is your feature request related to a problem? Please describe

No. It is to make a UI page as in the wireframe.

Describe the solution you'd like

Create a UI page for the detailed experiences in Munnar. The Experiences pages show a short card view of all the available activities. When clicked on a card it should show the detailed list of the places with the adventures.

Is your feature request related to a problem? Please describe

No

Describe the solution you'd like

Creating the bookguide card of the nearme page

Describe alternatives you've considered

Additional context

hellomunnar logo non-clickable also its has no priority (include

)

Ref : #13

Review API is ready. You can find the review API here: https://api.hellomunnar.in/api-doc/

https://app.hellomunnar.in/route/red

There's a logo of sort on the top left corner of the picture for the red route.

Not sure if this is fine or not. So putting it as a question.

Describe the solution you'd like

Two approaches:

• Add a carousal for each of those in the route page itself. I think there is already one for 'Things to do'.
• Take them to individual pages. For this, the design for experiences can be reused. (Search bar on top and a virtical stack of cards listing the items.)

Describe alternatives you've considered

Alternatively we could remove those buttons altogether if we are not able to implement the above.

From Bell Icon in Explore

• Buttons for alerts and news. [Both initially inactive]

• All notifications displayed initially

• Activating alerts displays only alerts

• Activating news displays only news

• Alert notifications should have prominance

Refer Wireframe
Backend Reference : Kites-Foundation/hello-munnar-backend#31

Is your feature request related to a problem? Please describe

Nearme page

Describe the solution you'd like

nearme page

Describe alternatives you've considered

Additional context

Is your feature request related to a problem? Please describe

No

Describe the solution you'd like

final nearme page

Describe alternatives you've considered

Additional context

Describe the bug

Titles of NearmeCard was not mobile responsive

Also the data is made to be mapped from json .

• Navbar Items
  • Explore
  • Near Me
  • Experience
  • My Plans
  • Profile

take a look at https://api.hellomunnar.in/redoc or https://api.hellomunnar.in/api-doc
to build user profile
it has to be conditionalized . since social login and manual registration has diffrent fields.

• Design X - @vyydesigns @avronr

Implement User Profile on Frontend

Refer #9

Relates to this #7
Should show the details of the User

To be updates soon

/favourites
please fix ui issues
use grid or flex

CVE-2021-23337 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.20.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz

Path to dependency file: hello-munnar-frontend/package.json

Path to vulnerable library: hello-munnar-frontend/node_modules/lodash/package.json

Dependency Hierarchy:

• craco-6.1.0.tgz (Root Library)
  • ❌ lodash-4.17.20.tgz (Vulnerable Library)

Found in HEAD commit: 3d17078fae04f6590db575b3a5fe4b017e887253

Found in base branch: develop

Vulnerability Details

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Publish Date: 2021-02-15

URL: CVE-2021-23337

CVSS 3 Score Details (7.2)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: lodash/lodash@3469357

Release Date: 2021-02-15

Fix Resolution: lodash - 4.17.21

Step up your Open Source Security Game with WhiteSource here

Implement Explore View

Should Include

• Destinations
• Activities
• Routes

Refer below screenshot

KSRTC activity doesn't have a routeId since this activity isn't associated with any route. @naseemshah

Describe the bug

Back button in destination and activity page not working properly when those pages are accessed directly.

Steps to reproduce

Open below urls directly and click back button. It seems it is using history.back();
https://hellomunnar.in/activity/ACT001
https://hellomunnar.in/destination/D-035

Expected behavior

Should go to their parent page

Is your feature request related to a problem? Please describe

Implement UI for Experiences

Describe the solution you'd like

Describe alternatives you've considered

Additional context

CVE-2020-28500 - Medium Severity Vulnerability

Vulnerable Library - lodash-4.17.20.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz

Path to dependency file: hello-munnar-frontend/package.json

Path to vulnerable library: hello-munnar-frontend/node_modules/lodash/package.json

Dependency Hierarchy:

• craco-6.1.0.tgz (Root Library)
  • ❌ lodash-4.17.20.tgz (Vulnerable Library)

Found in HEAD commit: 3d17078fae04f6590db575b3a5fe4b017e887253

Found in base branch: develop

Vulnerability Details

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

Publish Date: 2021-02-15

URL: CVE-2020-28500

CVSS 3 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500

Release Date: 2021-02-15

Fix Resolution: lodash-4.17.21

Step up your Open Source Security Game with WhiteSource here

Is your feature request related to a problem? Please describe

No

Describe the solution you'd like

Create wrappers for the NearBy module UI

Describe alternatives you've considered

Additional context

• Remove Maps

Implement Social Login
api endpoint: https://api.hellomunnar.in/google
type: get
https://api.hellomunnar.in/api-doc or https://api.hellomunnar.in/redoc

Only display booking button if bookingLink or bookingContactNumber

Someone install this library

npm install jimp lru-cache

• Only from Munnar
• List
  • To and From Location as shortcodes
  • bus type
  • Timings
  • Availability

Refer Wireframe

Wild Gaur image is missing under Meesapulimala

https://hellomunnar.in/destination/D-035

CVE-2020-28498 - Medium Severity Vulnerability

Vulnerable Library - elliptic-6.5.3.tgz

EC cryptography

Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.3.tgz

Path to dependency file: hello-munnar-frontend/package.json

Path to vulnerable library: hello-munnar-frontend/node_modules/elliptic/package.json

Dependency Hierarchy:

• react-scripts-4.0.1.tgz (Root Library)
  • webpack-4.44.2.tgz
    • node-libs-browser-2.2.1.tgz
      • crypto-browserify-3.12.0.tgz
        • browserify-sign-4.2.1.tgz
          • ❌ elliptic-6.5.3.tgz (Vulnerable Library)

Found in HEAD commit: ed7e0c87e1c408da96e701c35dd5b3dafbc15d33

Found in base branch: develop

Vulnerability Details

The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.

Publish Date: 2021-02-02

URL: CVE-2020-28498

CVSS 3 Score Details (6.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28498

Release Date: 2021-02-02

Fix Resolution: v6.5.4

Step up your Open Source Security Game with WhiteSource here

CVE-2020-28477 - High Severity Vulnerability

Vulnerable Library - immer-7.0.9.tgz

Create your next immutable state by mutating the current one

Library home page: https://registry.npmjs.org/immer/-/immer-7.0.9.tgz

Path to dependency file: hello-munnar-frontend/package.json

Path to vulnerable library: hello-munnar-frontend/node_modules/immer/package.json

Dependency Hierarchy:

• react-scripts-4.0.1.tgz (Root Library)
  • react-dev-utils-11.0.1.tgz
    • ❌ immer-7.0.9.tgz (Vulnerable Library)

Found in HEAD commit: f1e094fa2099ac627dc60f34d147273974605db2

Found in base branch: develop

Vulnerability Details

This affects all versions of package immer.

Publish Date: 2021-01-19

URL: CVE-2020-28477

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/immerjs/immer/releases/tag/v8.0.1

Release Date: 2021-01-19

Fix Resolution: v8.0.1

Step up your Open Source Security Game with WhiteSource here

The need for localization is very relevant for our usecase. Munnar is a diverse community.

The languages we need to translate to are

• Malayalam
• Tamil

@navikalingoth

Right now Explore page looks good, but experience can be improved my adding animations to the page. My plan is to add staggered slide in animation for cards.

I am planning to use Framer Motion Library to implement animations.

@Kites-Foundation/c4munnar-frontend-devs what do you guys think?