Built out more automated tests. Updated deps.

Author: neonexus

.eslintignore

@@ -1,3 +1,2 @@
-assets/dependencies/**/*.js
 views/**/*.ejs
 test/coverage/**/*

.idea/dictionaries/neonexusdemortis.xml

@@ -1,10 +1,17 @@
 # Changelog
 
+## [v3.2.2](https://github.com/neonexus/sails-react-bootstrap-webpack/compare/v3.2.1...v3.2.2) (2022-11-16)
+
+### Features
+
+* Built out more automated tests for better coverage.
+* Updated dependencies.
+
 ## [v3.2.1](https://github.com/neonexus/sails-react-bootstrap-webpack/compare/v3.2.0...v3.2.1) (2022-11-16)
 
 ### Features
 
-Downgraded SASS to prevent issues with deprecations.
+* Downgraded SASS to prevent issues with deprecations.
 
 ## [v3.2.0](https://github.com/neonexus/sails-react-bootstrap-webpack/compare/v3.1.1...v3.2.0) (2022-11-16)
 

.idea/runConfigurations/Run_Tests.xml

@@ -119,7 +119,7 @@ module.exports.bootstrap = function(next) {
 ## PwnedPasswords.com Integration
 When a new password is being created, it is checked with the [PwnedPasswords.com API](https://haveibeenpwned.com/API/v3#PwnedPasswords). This API uses a k-anonymity model, so the password that is searched for is never exposed to the API. Basically, the password is hashed, then the first 5 characters are sent to the API, and the API returns any hashes that start with those 5 characters, including the amount of times that hash (aka password) has been found in known security breaches.
 
-This functionality is turned on by default, and can be shutoff per-use, or globally throughout the app. [`sails.helpers.isPasswordValid`](api/helpers/is-password-valid.js) can be used with `skipPwned` option set to `true`, to disable the check per use (see [`api/controllers/common/login.js`](api/controllers/common/login.js#L40) for example). Inside of [`config/security.js`](config/security.js), the variable `checkPwned` can be set to `false` to disable it globally.
+This functionality is turned on by default, and can be shutoff per-use, or globally throughout the app. [`sails.helpers.isPasswordValid`](api/helpers/is-password-valid.js) can be used with `skipPwned` option set to `true`, to disable the check per use (see [`api/controllers/common/login.js`](api/controllers/common/login.js#L40) for example). Inside of [`config/security.js`](config/security.js), the variable `checkPwnedPasswords` can be set to `false` to disable it globally.
 
 ## What about SEO?
 I recommend looking at [prerender.io](https://prerender.io). They offer a service (free up to 250 pages) that caches the end result of a JavaScript-rendered view (React, Vue, Angular), allowing search engines to crawl otherwise un-crawlable web views. You can use the service in a number of ways. One way, is to use the [prerender-node](https://www.npmjs.com/package/prerender-node) package. To use it with Sails, you'll have to add it to the [HTTP Middleware](https://sailsjs.com/documentation/concepts/middleware#?http-middleware). Here's a quick example:

CHANGELOG.md

@@ -28,20 +28,22 @@ module.exports = {
             request = (inputs.req.requestId) ? inputs.req.requestId : null;
 
         const newLog = {
+            id: 'c', // required, but auto-generated
             data: inputs.data,
             user,
             request,
             description: inputs.description
         };
 
         sails.models.log.create(newLog).meta({fetch: true}).exec((err, newLog) => {
+            /* istanbul ignore if */
             if (err) {
                 console.error(err);
 
                 return exits.error(err);
             }
 
-            return exits.success({log: newLog});
+            return exits.success(newLog);
         });
     }
 };

README.md

@@ -32,9 +32,9 @@ module.exports = {
 
     fn: async function(inputs, exits) {
         if (inputs.req.requestId) {
+            const bleep = '*******';
             let out = _.merge({}, inputs.body),
-                headers = _.merge({}, inputs.res.getHeaders()), // copy the object
-                bleep = '*******';
+                headers = _.merge({}, inputs.res.getHeaders()); // copy the object
 
             if (!sails.config.logSensitiveData) { // a custom configuration option, for the request logger hook
                 if (out._csrf) {
@@ -60,8 +60,8 @@ module.exports = {
                 out = stringify(out);
             }
 
-            const time = Number(process.hrtime.bigint() - inputs.req._requestStartTime) / 1000000, // convert the bigint nanoseconds into milliseconds
-                totalTime = time.toFixed(4) + 'ms';
+            const time = Number(process.hrtime.bigint() - inputs.req._requestStartTime) / 1000000; // convert the bigint nanoseconds into milliseconds
+            const totalTime = time.toFixed(4) + 'ms';
 
             let log = {
                 responseCode: inputs.res.statusCode,
@@ -71,6 +71,7 @@ module.exports = {
             };
 
             sails.models.requestlog.update(inputs.req.requestId, log, (err) => {
+                /* istanbul ignore if */
                 if (err) {
                     console.log(err);
                 }

api/helpers/create-log.js

@@ -16,16 +16,13 @@ module.exports = {
         }
     },
 
-    exits: {},
-
     fn: function(inputs, exits) {
         return exits.success(
             crypto.createHmac('sha256', sails.config.session.secret).update(
-                crypto.randomBytes(21) // cryptographically-secure random characters
-                + moment(new Date()).format() // throw in the current time stamp
-                + 'I\'m a tea pot' // the best HTTP status code
-                + inputs.extra // an optional way to add a bit more randomness to the mix
-                + crypto.randomBytes(21)
+                crypto.randomBytes(21)          // cryptographically-secure random characters
+                + moment(new Date()).format()   // throw in the current time stamp
+                + inputs.extra                  // an optional way to add a bit more randomness to the mix
+                + crypto.randomBytes(21)        // cryptographically-secure random characters
             ).digest('hex')
         );
     }

api/helpers/finalize-request-log.js

@@ -1,4 +1,4 @@
-const {v4: uuidv4} = require('uuid');
+const crypto = require('crypto');
 
 module.exports = {
     friendlyName: 'Generate UUID',
@@ -7,7 +7,17 @@ module.exports = {
 
     sync: true, // not async
 
+    inputs: {
+        disableEntropyCache: {
+            description: 'This will force the RNG to ignore the pre-generated values, in-turn will mean a performance hit.',
+            type: 'bool',
+            defaultsTo: false
+        }
+    },
+
     fn: (inputs, exits) => {
-        return exits.success(uuidv4());
+        return exits.success(crypto.randomUUID({
+            disableEntropyCache: inputs.disableEntropyCache
+        }));
     }
 };

api/helpers/generate-token.js

@@ -77,12 +77,13 @@ module.exports = {
         }
 
         if (!errors.length) {
-            if (sails.config.security.checkPwned && !inputs.skipPwned) {
+            if (sails.config.security.checkPwnedPasswords && !inputs.skipPwned) {
                 const sha1pass = sha1(inputs.password).toUpperCase();
                 const passChunk1 = sha1pass.substring(0, 5);
                 const passChunk2 = sha1pass.substring(5);
 
                 superagent.get('https://api.pwnedpasswords.com/range/' + passChunk1).end((err, res) => {
+                    /* istanbul ignore if */
                     if (err) {
                         console.error(err);
 
@@ -104,6 +105,7 @@ module.exports = {
                         return exits.success(true);
                     }
 
+                    /* istanbul ignore next */
                     return exits.success(['Unknown internal error']);
                 });
             } else {

api/helpers/generate-uuid.js

@@ -3,8 +3,9 @@ module.exports = {
 
     attributes: {
         id: {
-            type: 'number',
-            autoIncrement: true
+            type: 'string',
+            columnType: 'varchar(36)',
+            required: true
         },
 
         user: {
@@ -31,5 +32,11 @@ module.exports = {
         },
 
         updatedAt: false
+    },
+
+    beforeCreate: async function(log, next) {
+        log.id = sails.helpers.generateUuid();
+
+        return next();
     }
 };

api/helpers/is-password-valid.js

@@ -15,7 +15,7 @@
  * > it to your .gitignore file.  If your repository will be publicly viewable,
  * > don't add private/sensitive data (like API secrets / db passwords) to this file!
  *
- * For more best practices and tips, see:
+ * For more best-practices and tips, see:
  * https://sailsjs.com/docs/concepts/deployment
  */
 

api/models/Log.js

@@ -68,5 +68,5 @@ module.exports.security = {
      *
      * See this for more details: https://haveibeenpwned.com/API/v3#PwnedPasswords
      */
-    checkPwned: true
+    checkPwnedPasswords: true
 };