spica-engine / spica Goto Github PK

Spica is a development engine to build fast & efficient applications.

License: GNU Affero General Public License v3.0

TypeScript 83.83% JavaScript 0.29% HTML 8.28% Shell 0.42% Dockerfile 0.07% Starlark 3.40% Smarty 0.04% SCSS 3.51% PEG.js 0.16%

engine content-management-system single-page-applications nodejs mongodb angular cloud-functions database development-engine cms

spica's People

Contributors

Stargazers

Watchers

Forkers

johan-- tthiscafer nyeroglu garmoon caglarkarakoc emre2345 0xcafer fairlanders pppwebapp praneybehl vanrobermore macbaren parvineyvazov sonenozgun idriska 5l1v3r1 teknodev kenangsmv

spica's Issues

dead link, dead cert

Cross Site Scripting on Bucket

Description

Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type-I XSS.

Steps to Reproduce

Create a new Bucket on your Spica Engine
Click "Add New" and enter the Title to your XSS Payload.

Proof

https://imgur.com/CWhfBJm

Impact

Can steal Cookie, Can run javascript code, etc

Translated properties are not working with history

No description

Incorrect devkit bucket return type

Bucket data getAll method shows the wrong return type. It says the return type is IndexResult which is only possible if paginate param is given. Also setting paginate as false shows an error that says false is not a type of true.

spica bucket orm error

Hi everyone

I have installed spica, according to here, and started a project instance.

I have created a bucket and an API-key.

It's running:

qqqqqqqq@spicadev:~/spicaclient01$ netstat -tuanp|grep 4500
(Es konnten nicht alle Prozesse identifiziert werden; Informationen über
nicht-eigene Processe werden nicht angezeigt; Root kann sie anzeigen.)
tcp 0 0 0.0.0.0:4500 0.0.0.0:* LISTEN -
tcp6 0 0 :::4500 :::* LISTEN -

Spica client version:

qqqqqqqq@spicadev:~/spicaclient01$ cat package.json
{
"dependencies": {
"@spica/cli": "^0.9.15"
}
}

Now I'm trying to generate the ORM file, but it fails. I have tried different systems (local and remote) and different ways of assigning parameters (with / without "=" sign).

qqqqqqqq@spicadev:~/spicaclient01$ spica bucket orm --url=http://localhost:4500 --apikey=405gzo18kz5q4ykk
✖ Building interface and method definitions..
Cannot create property 'title' on string '!'
TypeError: Cannot create property 'title' on string '!'
at makeTitlesUnique (/usr/local/lib/node_modules/@spica/cli/src/commands/bucket/orm.js:249:26)
at Object.createFileContent (/usr/local/lib/node_modules/@spica/cli/src/commands/bucket/orm.js:65:19)
at Object.op (/usr/local/lib/node_modules/@spica/cli/src/commands/bucket/orm.js:25:36)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async Se.orm [as _action] (/usr/local/lib/node_modules/@spica/cli/src/commands/bucket/orm.js:13:5)
at async Se.run (/usr/local/lib/node_modules/@spica/cli/node_modules/@caporal/core/dist/index.js:1:27579)
at async Te._run (/usr/local/lib/node_modules/@spica/cli/node_modules/@caporal/core/dist/index.js:1:32257)

What can I do?

I have also tried other spical client commands, and they seem to work fine.

Like this one:

qqqqqqqq@spicadev:~/spicaclient01$ spica project ls
NAMESPACE AGE STATUS VERSION PORT DESCRIPTION
testspica01 52y 45d 14h 54m 17s Up 22 hours latest 0.0.0.0:4500

Cannot use images on pure docker environment.

Currently, the spica images are built for kubernetes environment;

So current spica images have quirks like;

Static baseUrl that set to "/spica/" in order to work in kubernetes.
Static apiUrl that set to "/api" in order to work in kubernetes.

These configurations should be configurable through env variables to be able to work in other environments.

The current workaround is replacing those lines with appropriate ones.

# Like we do in getting started docs
docker exec -it spica sed -i "s/\/spica\//\//g" /usr/share/nginx/html/index.html
docker exec -w /usr/share/nginx/html -it spica find . -type f -iname 'main-es*.js' -exec sed -i 's/\"\/api\"/\"http:\/\/localhost:4300\"/g' {} \;

Feature: Function should support multipart/form-data and application/x-www-form-urlencoded content type

Currently, functions support "application/bson" and "application/json" payloads however it must handle other most commonly used content types like

application/x-www-form-urlencoded
multipart/form-data

So function developers won’t have to handle them for each function.

The user can not see the function logs within a time range

No Description

Bug: request.body is undefined

In the documentation it says, function parses application/json by default although it does not.

Example;

export default function(request: triggers.http.Request, response: triggers.http.Response) {
  // A entry will appear in function logs.
  console.dir(request.body);
  // Send body as response right away
  response.send(request.body);
}

Demo not working

I just checked the demo link but doesn't work.

There is a problem with the links.

https://spicaengine.com/
Your connection is not private.
readme.md file:
Getting Started guide link does not work
https://next.spicaengine.com/docs/guide/getting-started