isil-este / student-workflow-organizer Goto Github PK

We propose an enhanced approach to seeding the database, ensuring the creation of essential seed data within our REST API's database. This would encompass tasks such as populating default user accounts, sample content, and configuration settings that are pivotal for a seamless application setup.

In this issue I want to discuss how should we create the calendar model
I have create some sort of diagram just to brain storm some ideas about the calendar and its functionalities .

__

this is just a basic example to be modified later,
please leave your opinions on this.

When implementing soft deletion in our application's database design, we need to carefully consider the approach we take.

there are two approach :

• Soft Deletion within a Single Collection
• Separate Collections for Active and Inactive Documents

here are some key points

Soft Deletion within a Single Collection:

Simplifies the data model and avoids managing multiple collections.
Ensures consistent queries regardless of document status.
Allows for easier restoration of previously inactive documents.

Separate Collections:

Provides clear data separation for active and inactive documents.
Potential performance improvements by avoiding the need for filtering inactive documents.
Simplifies queries by eliminating the need to filter out inactive documents.

@Khalid1G @muttaqin1

In our previous behavior, we used to do something like this:

routes
app.use(
    `/api`,
    routesVersioning()({
        '1.0.0': indexRouter,
    })
);

but now that we have switched to TSOA, we do not have the option to control what routes get triggered based on api version in the header

RegisterRoutes(app);

so we will need a new approach for API versioning

As you may know for the moment the docs are being generated each time the app starts

Simple task

• make a custome npm command npm run generate-docs to generate swagger docs

instead of making the dev branch for contributing we can make it the main,
and make master for production, this will make it more handy for new contributors.
@Khalid1G

Hi everyone,

I noticed on one of my latest projects that the rate limiter is affecting WebSocket and SSE connections. In order to improve the user experience and ensure smooth real-time communication, I suggest configuring the rate limiter to ignore WebSocket and SSE requests. This will allow uninterrupted data streaming and reduce unnecessary restrictions.

Hey Team,

I'd like to suggest a small but helpful improvement to our project's code organization. As our codebase continues to grow, it's important to maintain a clean and structured directory structure. One way to enhance clarity and organization is by creating an "interfaces" folder.
to store all related interfaces to models and vendors....

Imagine you're working on a new feature, and you need to define an interface for API response data. Currently, we don't have a standardized location for interfaces, so you might find yourself wondering where to put it. This can lead to inconsistencies and make it harder for team members to understand where to find relevant definitions.

By creating an "interfaces" folder, we can address this issue and make our codebase more organized and developer-friendly.

This issue aims to implement the initial steps for GitHub integration and retrieve repositories
this will unlock many possibilities in our application.
here are tasks to be done :

• Implement authentication mechanisms to securely connect to the GitHub API.
• Store the required access token securely for future API requests
• Implement a mechanism to retrieve the user's recent repository from their GitHub account, and extract essential information such as repository name, description
• #163

as the project grows it will be little bit hard to setup all the env variables at once,
and the new contributors might struggle to get the app to work
so for that i suggest to make and error handling for the env variables,

• the errors should state the problem and help the developer with instruction on how to fix it

because we have two projects inside one backend and frontend i found an issue running the nodejs workflow on the back end,

does any one have an idea about how to fix it ?

One config is in .js format and one .json format.
The .js config extends prettier. So we can directly copy all the rules from the .json config and remove that file.

What do you think? @bellaabdelouahab @Khalid1G

Boosting frontend development with TypeScript's statically-typed superpowers, bid farewell to runtime surprises, embrace strictness, and level up your codebase

Tracking issue for:

• https://github.com/ISIL-ESTE/Student-Workflow-Organizer/security/code-scanning/150

We're migrating our project to TSOA for better API generation and maintainability. This issue serves as an umbrella for all tasks related to the migration. TSOA is a powerful tool that can help us generate robust APIs, and we want your help in making this transition.

Tasks:

• Study the TSOA documentation.
• Identify endpoints and controllers that need migration.
• request permissions in the chat below to keep things organized.
• Convert existing controllers to TSOA controllers.
• Update routing and validation as needed.
• Generate and review API documentation.
• Test the updated API.
• Ensure existing tests are passing.

currently contributing :

@muttaqin1

• user_controller

@bellaabdelouahab

• auth_controller

Add the functionality to generate swagger docs automatically.
This blog will be helpful : https://medium.com/swlh/automatic-api-documentation-in-node-js-using-swagger-dd1ab3c78284

Discussed in #31

someone must handle mongodb errors related to timeout when preforming a query or when establishing the connection

message: 'failed to connect to server [timed out exception]'
@amja-do

This issue is created to track the progress of migrating the project from JavaScript to TypeScript. Below is a list of files and directories in the project, along with their migration status.

• config/app_config.ts
• config/logger_config.ts
• constants/actions.js
• constants/default_roles.js
• constants/meta_data.js
• controllers/base_controller.ts
• controllers/auth_controllers/auth_controller.ts
• controllers/auth_controllers/github_controller.js
• controllers/calendar_controllers/calendar_base_controller.js
• controllers/calendar_controllers/calendar_validators.js
• controllers/calendar_controllers/participants_controller.js
• controllers/users_controllers/admin_controller.js
• controllers/users_controllers/user_controller.js
• middlewares/api_version_control.js
• middlewares/authorization.js
• middlewares/global_error_handler.js
• middlewares/morgan.js
• middlewares/rate_limit.js
• models/calendar/calendar_model.js
• models/calendar/event_model.js
• models/user/role_model.ts
• models/user/user_model.ts
• routes/auth_routes.js
• routes/calendar_routes.js
• routes/github_routes.js
• routes/index.js
• routes/users/admin_route.js
• routes/users/super_admin_route.js
• routes/users/user_route.js
• seed/setup_seed.js
• seed/users.json
• utils/api_features.js
• utils/app_error.js
• utils/create_default_user.ts
• utils/logger.js
• utils/register_paths.js
• utils/sanitize_request_body.js
• utils/searchCookie.js
• utils/authorization/auth_utils.js
• utils/authorization/generate_tokens.js
• utils/authorization/github.js
• utils/authorization/validate_actions.js
• utils/authorization/role/create_roles.ts
• utils/authorization/role/role.ts
• utils/swagger/index.js
• utils/swagger/merge_yaml_files.js
• utils/swagger/swaggergenerator.js

Please mark each task with [ ] if it's not done and [x] if it's done. If you encounter any issues or have questions about the TypeScript migration, feel free to comment on this issue for discussion.

Make a feature that allows the user to change the password

Using CamelCase in file names can indeed create problems when working with both Windows and Linux operating systems. While Linux is case-sensitive, meaning it treats "file.txt" and "File.txt" as two different files, Windows is case-insensitive by default, considering them the same file. This can lead to confusion and potential issues when transferring files between the two systems or working on projects collaboratively.

For example, if you have a file named "UserModel.js" in a project and refer to it as "userModel.js" in your code or scripts, it may work fine on Linux but fail to locate the file on Windows. This discrepancy in naming conventions can cause errors and make code less portable.

To ensure cross-platform compatibility and avoid such problems, it is generally recommended to use lowercase filenames with words separated by underscores ("user.js"), ("user_model.js") or hyphens ("my-file.txt") instead of CamelCase when developing projects that need to work on both Windows and Linux. This helps maintain consistency and reduces the chances of issues arising due to case sensitivity differences between the two operating systems.

Add some advanced configuration to docker and docker compose files

when I was running test I faced issue with Logger not being defined, and also in the past I faced same issue with different files
is storing Logger in global really the best approach because as I see it now it only reduces one line for each file 😂

@Khalid1G
@muttaqin1

• implement basic refresh token
• store generated tokens on the database

Develop a secure token refresh feature and establish token storage in the database for reliable access and management.

Create unit tests for user auth, registration, and route access.

I see that each time the changed code in commits includes "..." => '...' this is just an example but we need to use the same config.

things i tried :

• i tried looking throw the docs, i found that it is possible according to open api specifications but i field to find it on the docs of tsoa
• doing it in multiple string line, it is good but they don't align
  Achieved behavior :

    @Response(
        400,
        `- This route is not for role updates. Please use /updateRole\n\- This route is not for password updates. Please use auth/updateMyPassword`
    )

"400": {
         "description": "- This route is not for role updates. Please use /updateRole\n- This route is not for password updates. Please use auth/updateMyPassword"
}, 

and as you can see this looks ugly.

I appreciate it someone took a look at this

Storing the authorities and restrictions in a database is more flexible and dynamic.
@muttaqin1

restrict access for all routes except for contact [until the contact logic implemented]

I think it's good to have this feature so that when we publicize the API, it can be easily accessed by front-end developers and other third-party apps.

will anyone fix this:

• check if roles already exist

The website features a comprehensive notification system to keep users informed about essential updates, such as registration confirmation, application status, and new event listings. Users can choose to receive notifications both within the platform and through email.

• use nodemailer as an smtp service

Hey everyone,
We're working on an exciting project and would love to hear your ideas and suggestions for its design.

Scope:

We're looking for design ideas related to the following aspects of the application:

• User Interface (UI) design for the app, including color schemes, and icons.

• Data management and storage ideas to handle user activity data and workout plans efficiently and securely.

Guidelines:

Feel free to be creative and think outside the box. We're open to innovative ideas! or any examples of designs to start.
@bellaabdelouahab @Khalid1G @muttaqin1

Consider using Typegoose for a better support between TypeScript and Mongoose

I'm having issue with running the docker compose file the build passes smoothly but there is no mongo image to connect to ( in case i try to use a local one ) i have added this line :

    depends_on:
      - mongo
  mongo:
    image: mongo:7.0.0-rc3
    ports:
      - "27017:27017"

but still when I run it shows this error on backend terminal

2023-08-28 17:20:29 [nodemon] starting `node server.js`
2023-08-28 17:20:30 [Aug-28-2023 16:20:30 - info ] Swagger available at /docs  /docs-json
2023-08-28 17:20:30 [Aug-28-2023 16:20:30 - info ] App running on  http://localhost:8000
2023-08-28 17:20:41 [Aug-28-2023 16:20:41 - error ] MongooseError: Operation `users.findOne()` buffering timed out after 10000ms
2023-08-28 17:20:41     at Timeout.<anonymous> (/app/node_modules/mongoose/lib/drivers/node-mongodb-native/collection.js:175:23)
2023-08-28 17:20:41     at listOnTimeout (node:internal/timers:569:17)
2023-08-28 17:20:41     at process.processTimers (node:internal/timers:512:7)
2023-08-28 17:21:00 [Aug-28-2023 16:21:00 - error ] DB Connection Disconnected!
2023-08-28 17:21:00 [Aug-28-2023 16:21:00 - error ] DB Connection Failed! 
2023-08-28 17:21:00     Exception : MongooseServerSelectionError: connect ECONNREFUSED 127.0.0.1:27017
2023-08-28 17:21:00 MongooseServerSelectionError: connect ECONNREFUSED 127.0.0.1:27017
2023-08-28 17:21:00     at Connection.openUri (/app/node_modules/mongoose/lib/connection.js:825:32)
2023-08-28 17:21:00     at /app/node_modules/mongoose/lib/index.js:414:10
2023-08-28 17:21:00     at /app/node_modules/mongoose/lib/helpers/promiseOrCallback.js:41:5
2023-08-28 17:21:00     at new Promise (<anonymous>)
2023-08-28 17:21:00     at promiseOrCallback (/app/node_modules/mongoose/lib/helpers/promiseOrCallback.js:40:10)
2023-08-28 17:21:00     at Mongoose._promiseOrCallback (/app/node_modules/mongoose/lib/index.js:1288:10)
2023-08-28 17:21:00     at Mongoose.connect (/app/node_modules/mongoose/lib/index.js:413:20)
2023-08-28 17:21:00     at Object.<anonymous> (/app/server.js:19:6)
2023-08-28 17:21:00     at Module._compile (node:internal/modules/cjs/loader:1256:14)
2023-08-28 17:21:00     at Module._extensions..js (node:internal/modules/cjs/loader:1310:10)

dose anyone have an idea about this ?

Forging a Seamless Path: Password Restoration Logic that Balances Security and User Convenience.

Hi,

in backend-app/routes/calendar_routes there is an import for base_controller in the same folder, but actually, this file does not exist, I found another file called base_controller but is under the folder controllers.

does the import at row 2 actually refer to the base_controller in controllers?

const express = require('express');
const base = require('./base_controller');
const calendarModel = require('../models/calendar/calendar_model');
const authController = require('../controllers/auth_controllers/auth_controller');
const router = express.Router();


router.post('/', base.createOne(calendarModel));
router.get('/:id', base.getOne(calendarModel));

router.patch('/:id', base.updateOne(calendarModel));
router.delete('/:id', base.deleteOne(calendarModel));

router.use(authController.restrictTo('ADMIN', 'SUPER_ADMIN'));

router.get('/', base.getAll(calendarModel));

module.exports = router;

Hey everyone,

I've been exploring the benefits of using ES6 import syntax over require in our project:

• 🌱 Smoother static analysis for cleaner code.
• 🚀 Selective named imports for efficiency.
• ⚡️ Top-level await for async simplicity.
• ♻️ Consistency with modern JavaScript trends.

Let's discuss if this switch could enhance our project's maintainability and performance.

as you guys may have seen our project is getting bigger we also the importation of modules starts to be a headache, so I suppose it's time to fix this

tasks:

• create a jsconfig.json to define baseurl we don't have to use relative paths
• update importation throw the project

update :
i found this package app-module-path which does the same thing as jsconfig so for now we wont need jsconfig

• Use ts-node-dev for faster code reloading.
• #126
• Enable decorators.
• Integrate typegoose for more pleasant Mongoose model definitions.

exports.updateOne = Model => async (req, res, next) => {
    try {
        const doc = await Model.findByIdAndUpdate(req.params.id, req.body, {
//...

This query depends on user input
If a database query (such as a SQL or NoSQL query) is built from user-provided data without sufficient sanitization, a malicious user may be able to run malicious database queries.

throw the project you might find many approaches :

new AppError(404, 'fail', 'No document found with that id')

new AppError('You are not allowed to update this calendar', 403)

i think that the second one is better since you might find many other status other than fail and success and also the status code is descriptive

tasks

• change the class definition to include only statusCode and message and path(optional)
• remove or update the accruing of the previous approach from the api

I wanted to suggest a change in our documentation practices that I believe will greatly benefit our workflow and make our documentation more user-friendly. I propose transitioning from YML docs to Postman Docs.

Postman Docs offer a simplified and easy-to-read format, making it effortless to create and understand documentation. They provide clear and concise examples of request and response structures, which can greatly enhance the readability of our documentation.

One of the standout features of Postman Docs is the ability to execute API requests directly within the documentation. This feature allows us to test and verify our APIs without leaving the documentation environment. It's a fantastic way to streamline our development process and ensure accuracy.

Additionally, Postman Docs are widely used and well-supported in the developer community: https://docs.spacexdata.com/

Enhance project configuration by implementing ts-config-paths to enable cleaner non-relative imports. This improvement will make code more organized and maintainable by allowing developers to use custom module paths for better readability and maintainability.

creation of a CONTRIBUTING.md
it works as a guide line for new contributors
here is an example of CONTRIBUTING.md from jhipster project : Jhipster Registry

on my testing, i need these things to be fixed

• add route /me for user crud that are protected
• a user shouldn't be able to updated roles
• if user tries to updated password we replay with ( 400, This route is not for password updates. Please use /updateMyPassword )
• admin can update roles of users and admins but not supper admin.

note : we can add a restriction called updated admin, to prevent the fight between admins 😂

• supper admin can updated any role of any user except his.
• return a valid message on jwt expired, as for now it returns 500
• separate the routes login and sign up from the rest as they are the only unprotected routes ( suggestion : put them in app.js)

this dependency is used in utils/swagger/swaggergenerator

const swaggerAutogen = require("swagger-autogen")

 "dependencies": {
    "bcryptjs": "^2.4.3",
    "compression": "^1.7.4",
    "cors": "^2.8.5",
    "dotenv": "^16.0.3",
    "express": "^4.18.2",
    "express-mongo-sanitize": "^2.2.0",
    "express-rate-limit": "^6.7.0",
    "helmet": "^6.0.1",
    "hpp": "^0.2.3",
    "http-status-codes": "^2.2.0",
    "jest": "^29.5.0",
    "jsonwebtoken": "^9.0.0",
    "mongoose": "^6.8.4",
    "morgan": "^1.10.0",
    "supertest": "^6.3.3",
    "swagger-ui-express": "^4.6.3",
    "validator": "^13.7.0",
    "winston": "^3.8.2",
    "winston-daily-rotate-file": "^4.7.1",
    "xss-clean": "^0.1.1",
    "yamljs": "^0.3.0"
  },