Giter Club home page Giter Club logo

gms's Introduction

GMS

License: MIT   Build Status   Coverage Status   JavaScript Style Guide   Java Style Checker

Table of Contents

Overview

The project consists of two main (independent) modules:

Ready for production

  • Packing as a WAR file with the API server only

    1. You need Java 8 in order to generate the WAR and a servlet container (such as Apache Tomcat) in order to deploy it.
    2. From the location server/ run gradle bootWar.

  • API + Angular Client

    1. You need to have Node.js 10.9.0 or later, together with an npm package manager.
    2. Consider modifying the configuration file with the proper values according to your environment:
      • client/src/assets/config/config.dev.json (when you're in development mode)
      • client/src/assets/config/config.prod.json (when you're in production mode)
    3. From the location server/ run gradle bootWar -Pclient=true.
    4. Optionally you can modify other behaviors for the client app while generating the WAR using the following commands:
    • client, use -Pclient=true for generating the client Angular app.
    • clientDoc, use -PclientDoc=true for generating the client app documentation.
    • clientDependencies, use -PclientDependencies=true for (re)installing all node dependencies before creating the WAR. Use this options if it is the first time you create the WAR file. Once the dependencies have been installed this can be safely skipped next time.
    • An example of build with the first two parameters enabled to true would be gradle bootWar -Pclient=true -PclientDoc=true.

  • This will create a WAR file inside server/build/libs ready to be deployed.

  • Database configuration

    1. Create a PostgreSQL database.
    2. Open the WAR file and set the proper connection parameters inside the file WEB-INF/classes/config/application-production.properties
    3. Save the file and update it inside the WAR file.
    4. Deploy the WAR file.

Note: If you don't have Gradle installed, you can use the command ./gradlew instead of gradle for the previous mentioned steps.

How to start developing

  1. Refer to How to start developing using IntelliJ IDEA
  2. Refer to How to start developing using Visual Studio Code
  3. Refer to How to start developing using IntelliJ IDEA Community and Visual Studio Code
  4. Refer to How to start developing using Eclipse

gms's People

Contributors

dependabot[bot] avatar lealceldeiro avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

aekiz geethamchn smesworld stefanofiorenza phok7

gms's Issues

Use orm metamodel when querying DB.

Is your feature request related to a problem? Please describe.

In classes such as PostgreSQLBAuthorizationDAO, when querying the DB, the arguments for the entity field names are being hardcoded, i.e.: eUsername.

Describe the solution you'd like

This should be handled, for example, using an entity metamodel.

Additional context

Some quick info can be found around there, see https://stackoverflow.com/questions/3037593/how-to-generate-the-jpa-entity-metamodel and https://www.baeldung.com/hibernate-criteria-queries-metamodel

Replace with proper status logic for calling userService.signUp in RestUserController > register

Is your feature request related to a problem? Please describe.

For example, in the current logic, something like

EUser u = userService.signUp(
                user.getContent(),
                UserService.EmailStatus.VERIFIED,
                UserService.RegistrationPrivilege.SUPER_USER
        );

the third and fourth arguments are always VERIFIED for the email status and SUPER_USER for registration privilege.

Describe the solution you'd like
This should be reworked when the security system is fully functional, and proper permissions have been placed properly for each system role.

Generate keys in SessionService using some random generator mechanism

Is your feature request related to a problem? Please describe.
As an open source project anyone can get access to the keys hardcoded in client/src/app/core/session/session.service.ts (SessionService#keys.*). This may represent a serious security risk.

Describe the solution you'd like
These values should be generated randomly.

Describe alternatives you've considered
Math.random seems to be a good starting point.

Additional context
If there is any utility class that could do the job, that'd be great.

The '.git/hooks/pre-push' hook was ignored because it's not set as executable

Describe the bug
On a Unix environment, when some changes are pushed the git hooks are not executed unless they are granted the execution permission manually through the console.

To Reproduce
Steps to reproduce the behavior:

  1. Make some changes in the source code
  2. Commit those changes
  3. Push those changes
  4. See how the changes are pushed but the git hooks are not executed. Additionally, you get a message in the console: The '.git/hooks/pre-push' hook was ignored because it's not set as executable.

Expected behavior
To get the git hooks executed before pushing unless some git options such as --no-verify is used.

Screenshots
console

Desktop (please complete the following information):

  • OS: Linux Mint

Message resolver not resolving messages properly

Describe the bug
The messages associated to their keys are not being resolved properly.

To Reproduce

  1. Make a POST request to the login endpoint with an incorrect credentialas
  2. In the response body see some similar to:
{
    "path": "<login path>",
    "message": "security.bad.credentials",
    "error": "security.unauthorized",
    ....
}

Expected behaviour
To see something like:

{
    "path": "<login path>",
    "message": "Bad credentials",
    "error": "Unauthorized",
    ....
}

Notice here the values for message and error are Bad credentials and Unauthorized, not their i18n keys security.bad.credentials and security.unauthorized

Additional context
Possible classes related in this issue:

  • com.gms.util.i18n.MessageResolver
  • com.gms.config.locale.LocaleConfig

Enhance server console banner

Is your feature request related to a problem? Please describe.
No

Describe the solution you'd like
Enhance banner with a piece of more descriptive information (nothing specific to add here, it's worth considering it having in mind the current state of the project) and an enhanced format using maybe https://devops.datenkollektiv.de/banner.txt/index.html

Describe alternatives you've considered
Another generator to consider is http://patorjk.com/software/taag. Also, some more related info is available in https://memorynotfound.com/spring-boot-create-custom-banner-example/ and https://stackoverflow.com/q/33797009/5640649

Additional context
Right now there is only a very basic text showing that the application is running and the version of spring boot over which it is running.

Return hateoas resource from all endpoints that currently do not support them.

Is your feature request related to a problem? Please describe.
By default, all resources automatically managed by Spring when org.springframework.boot:spring-boot-starter-hateoas is present in the application are returned (on creation, for example) has hateoas resources. Some custom endpoints which are not handled by Spring repositories, but are custom endpoints, do no follow this approach.

All endpoints should be standardized to return the resources the same way, for example on Brole creation as a response body we get something like:

{
  "label": "Role label",
  "description": "Some descriptionr",
  "enabled": true,
  "id": 37,
  "_links": {
    "self": {
      "href": "<url>"
    },
    "bRole": {
      "href": "<url>/role/37"
    },
    "permissions": {
      "href": "url/role/37/permissions"
    }
  }
}

But, for other endpoints such as the one for user creation (custom ones) the response body is empty.

Describe the solution you'd like
Return the newly created|deleted|updated resource information as it is returned by the default spring hateoas project.

No binary for ChromeHeadless browser on your platform

Describe the bug
While doing push, when the git hooks run, one of them is running some integration tests for the frontend and is failing on the Unix environment because it requires the chrome variable to be set.

To Reproduce
Steps to reproduce the behavior:

  1. Try to do push
  2. You'll se the error No binary for ChromeHeadless browser on your platform

Expected behavior
To run smoothly all the test (git hooks) and push properly.

Desktop (please complete the following information):

  • OS Linux Mint

Additional context
Adding export CHROME_BIN=/usr/bin/chromium-browser before running the actual tests in the git hooks should solve the problem.

Consider not storing sensitive information on LocalStorage if the tradeoff pays off

Describe the bug
Sensitive information stored in the local-storage can be stolen by using an XSS attack

To Reproduce

  • Follow attack demos in the linked source

Expected behavior
Do not store sensitive information such as username, security tokens, etc, in local storage.

Instead it can be used:

  • Cookies and use the HTTPOnly and Secure flags
  • Session storage

Additional context
Consider modifying some of the classes involved in the front-end in storing this kind of sensitive information. i.e.:

  • SessionService

Application is being shut down automatically

Describe the bug
When the API server is being started it is automatically shutdown

To Reproduce
Steps to reproduce the behavior:

  1. start the API application (server)

Expected behavior
The application to be kept running

Desktop (please complete the following information):

  • OS: any

Additional context
the running application was put inside a try with resources which is causing an automatic close of the resources (the appl context), which shuts it down. See https://github.com/lealceldeiro/gms/blob/master/server/src/main/java/com/gms/Application.java#L39

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.