an opinionated, production-ready, isomorphic express/knex/objection starter with centralized configuration
Home Page: https://objection.netlify.com
License: MIT License
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot]")
This would involve mapping the production logs index somehow.
https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping.html
Update tests! Should I have an "owner" role?
I'm only using ajv-errors for is the username verification. However, that should be done in the frontend... does that mean I can take off this dependency?
Either through config or documentation, protect API from being exposed directly. Something like Cloudflare's free tier would do great, because if it's laid bare to the internet, it's going to get DDOS'd to hell and back
Related to #22
Assuming #23 is set up, we can use rate limiting on the API side as a means of limiting actions (not DDOS, because if we hit Redis for every request during DDOS... yikes)
The question remains how we would protect per IP vs. per account, and how to protect endpoints differently
Some possible libraries:
DATABASE_URL needs to be mapped to database:connection (IF it exists), and the same can go for BONSAI_URL and whatever config elasticsearch takes in... can we have a central place to manage this?
Either make them compatible, or drop support for one of them.
Should be able to:
https://www.algolia.com/doc/
https://www.elastic.co/guide/en/elasticsearch/client/javascript-api
eg. any demotions by admins
https://learnxinyminutes.com/docs/yaml/
especially the numbers (1e+x) and anchors
createValidator as a one-time hook and setting this.foo = bar might not work/persist. Check that the jsonSchema, relationMappings, and whatever else is injected in #21 actually works (better yet, write a test!)
Really stretching it, but having the counter would serve as an example for online systems using Redis
If we want FTS via external document stores, then we need to pipe changes from the "truth store" to the search index.
While there are native ways to stream changes (such as zombodb for Postgres), 1. you often can't install plugins in DBaaS providers, 2. it doesn't work for different db's, 3. how would you even filter objects (e.g. private) and properties?
Using the bulk update option in #34, it might be possible to do this by running a repeating job that checks for last "updated_at" (inclusive, since we don’t care if we have to do it more than once; plus, this way we don’t lock the table), drags all objects and push them to the search index.
And we can avoid locking by keeping a "bookmark" thru job data (eliminating the need for transactions) instead.
https://gocardless.com/blog/syncing-postgres-to-elasticsearch-lessons-learned/
Should come after #49
While we want the whole "setup" thing to run automatically (especially after pulling, since people always forget to do that), it's annoying that it runs after yarn add!
I only want it to run on these cases:
git pull (except in CI)yarn testI've tried experimenting with this but I have NO idea how to make it work!
Ideally, the workflow would be like:
production.example.yml) to make changesproduction.ymlproduction.yml that can be committedHow the fsck do I do step 2?
Either make them compatible, or drop support for one of them.
Should be able to:
Default to gravatar
Should come after #2
See: https://github.com/JaneJeon/bazaar-web-API/blob/master/config/error.js
Specifically, we'd need something like https://github.com/epoberezkin/ajv-errors to make pretty error messages?
Also we'd need flash messages for validation errors!
Copy and paste the default CLI output from vue/angular/react/etc
Might be related to #35, but to avoid storage buildup, we either need all images to "expire" at some point, or have some kind of mechanism to delete images when their parent resources are deleted and/or changed (e.g. avatar change)
Should come before #4.
In addition, on every error, we should redirect to the page it was at and display the flash
If doing SSR, then you might care about this stuff. For APIs, this doesn't matter.
Use RBAC to control access to resources.
Possibly add GitHub/Twitter/Google sign-in?
See here: https://github.com/sahat/hackathon-starter/blob/master/config/passport.js
But I can't figure out how to render the non-callback part since we're using a pure REST API
Or OAuth2 integrations: https://github.com/simov/grant
Things like pageSize and hidden you have to add manually to model classes every time.
Or do I leave it alone?
Cloudflare IP geolocation using CF-IPCountry HTTP header (format: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
Intercept reCAPTCHA tokens at the base of the router and verify them?
Hell, maybe even integrate Akismet?
Should this even be handled server-side?
Write an example CircleCI config to push directly to Heroku, perhaps using the Orb?
Goes hand-in-hand with #23.
Ideally, redirecting HTTP => HTTPS should be handled by the reverse proxy. But if you're directly exposing Heroku API, then you kinda need it.
This would also be a good time to look at the whole "reverse proxy" section of config
We have to make a call to Redis for active session support, and another call to Redis for rate limiting, on every request. Can we cut this down into 1?
A lot of things need to happen automatically:
The goal is to make them run automatically, but not unnecessarily:
Ideally, these should be handled by hooks.
Look at https://github.com/chrisvfritz/vue-enterprise-boilerplate for "inspiration"
The way it's implemented in #10, SCAN takes O(n) time in relation to the total number of keys on Redis, which is obviously not performant.
I could also write it the way GitLab does, but managing the extra set and somehow expiring them (sets don't expire, so over time there will be a buildup of sessions from people who don't use the service anymore) seems like a huge PITA.
Finally, this would be a good opportunity to rethink the way to store and query sessions entirely, as per #13.
Objection.js and db-errors both support sqlite3, mysql, postgres, and mssql. That means this repo needs to be tested against all of those.
https://circleci.com/docs/2.0/workflows/
.returning('*) tricks)Should be optional.
https://docs.newrelic.com/docs/accounts/install-new-relic/partner-based-installation/heroku-install-new-relic-add
https://devcenter.heroku.com/articles/newrelic
https://docs.newrelic.com/docs/agents/nodejs-agent/hosting-services/nodejs-agent-heroku
https://beachape.com/blog/2013/02/04/nodejs-on-heroku-with-newrelic/
https://github.com/newrelic/node-newrelic
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.