coronasafe / journal Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
journal's Issues
Integrate apis for QR code scanning
Boilerplate
Verify working of:
-
Rails
-
Active Admin
-
React
-
Tailwind UI
Ongoing vists page
- Show merchant name and address next to ongoing visits list
[DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:3.2.2
Vulnerabilities
DepShield reports that this application's usage of kind-of:3.2.2 results in the following vulnerability(s):
Occurrences
kind-of:3.2.2 is a transitive dependency introduced by the following direct dependency(s):
• @rails/webpacker:4.3.0
└─ webpack:4.44.2
└─ micromatch:3.1.10
└─ snapdragon:0.8.2
└─ base:0.11.2
└─ cache-base:1.0.1
└─ to-object-path:0.3.0
└─ kind-of:3.2.2
└─ class-utils:0.3.6
└─ static-extend:0.1.2
└─ object-copy:0.1.0
└─ kind-of:3.2.2
└─ define-property:0.2.5
└─ is-descriptor:0.1.6
└─ is-accessor-descriptor:0.1.6
└─ kind-of:3.2.2
└─ is-data-descriptor:0.1.4
└─ kind-of:3.2.2
• webpack-dev-server:3.11.0
└─ chokidar:2.1.8
└─ braces:2.3.2
└─ fill-range:4.0.0
└─ is-number:3.0.0
└─ kind-of:3.2.2
└─ snapdragon-node:2.1.1
└─ snapdragon-util:3.0.1
└─ kind-of:3.2.2
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Signup image thumb to SVG
Change the signup image to open source SVG
[DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:5.1.0
Vulnerabilities
DepShield reports that this application's usage of kind-of:5.1.0 results in the following vulnerability(s):
Occurrences
kind-of:5.1.0 is a transitive dependency introduced by the following direct dependency(s):
• @rails/webpacker:4.3.0
└─ webpack:4.44.2
└─ micromatch:3.1.10
└─ snapdragon:0.8.2
└─ define-property:0.2.5
└─ is-descriptor:0.1.6
└─ kind-of:5.1.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Merchant phone number should be verified by OTP
Ref: #4
User journal data should be stored only for a period of 30 days
Add a background service to delete all user journal data which is older than 30 days.
User phone number should be verified by OTP
On user sign up page, the phone number entered by user has to be verified first.
@bodhish for docs on existing service to do that.
User should be able to sign up to use the web app
Sign up collects following details from the user:
- Name
- Phone number
- Date of Birth of the user
Authentication enforces uniqueness of phone number + date of birth on the backend.
Ref: #1
Returns a token (cookie or otherwise) stored locally on the device.
[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.memoize:4.1.2
Vulnerabilities
DepShield reports that this application's usage of lodash.memoize:4.1.2 results in the following vulnerability(s):
- (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
- (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...
Occurrences
lodash.memoize:4.1.2 is a transitive dependency introduced by the following direct dependency(s):
• @rails/webpacker:4.3.0
└─ optimize-css-assets-webpack-plugin:5.0.4
└─ cssnano:4.1.10
└─ cssnano-preset-default:4.0.7
└─ postcss-merge-rules:4.0.3
└─ caniuse-api:3.0.0
└─ lodash.memoize:4.1.2
• postcss-cssnext:3.1.0
└─ caniuse-api:2.0.0
└─ lodash.memoize:4.1.2
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
User should be able to scan a QR code
From the main page, user should be able to scan a QR code.
Checkout libraries like Instascan
Scanning a QR code successfully, shows a small microinteraction indicating success and returns the user to the main page.
Visits list api not working - after second visit
Seems like
Apis /api/v1/visits/ongoing and /api/v1/visits not working for some scenarios.
user has no visit - api is working
user has 1 visit - api is working
user has 2 visit - api is not working
user has more than 2 visits - api is not working
Originally posted by @amaljosea in #45 (comment)
[DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:4.0.0
Vulnerabilities
DepShield reports that this application's usage of kind-of:4.0.0 results in the following vulnerability(s):
Occurrences
kind-of:4.0.0 is a transitive dependency introduced by the following direct dependency(s):
• @rails/webpacker:4.3.0
└─ webpack:4.44.2
└─ micromatch:3.1.10
└─ snapdragon:0.8.2
└─ base:0.11.2
└─ cache-base:1.0.1
└─ has-value:1.0.0
└─ has-values:1.0.0
└─ kind-of:4.0.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Questions related to the background job that deletes user data after a month
-
Why do we have to delete the QR Code after a month?
-
Logging a visit as of now doesn't change the user's
updated_atfield. User'supdated_atremains the same as hiscreated_at. So deleting a user based on hisupdated_atwill just remove the user and ALL HIS VISITS from the system after 30 days of his first login. -
Shouldn't we be deleting all visits which are older than 30 days? And also delete the user if his last visit was logged more than 30 days ago?
[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.toarray:4.4.0
Vulnerabilities
DepShield reports that this application's usage of lodash.toarray:4.4.0 results in the following vulnerability(s):
Occurrences
lodash.toarray:4.4.0 is a transitive dependency introduced by the following direct dependency(s):
• tailwindcss:1.8.10
└─ node-emoji:1.10.0
└─ lodash.toarray:4.4.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Admin should be able to logout
[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash._reinterpolate:3.0.0
Vulnerabilities
DepShield reports that this application's usage of lodash._reinterpolate:3.0.0 results in the following vulnerability(s):
Occurrences
lodash._reinterpolate:3.0.0 is a transitive dependency introduced by the following direct dependency(s):
• postcss-cssnext:3.1.0
└─ postcss-initial:2.0.0
└─ lodash.template:4.5.0
└─ lodash._reinterpolate:3.0.0
└─ lodash.templatesettings:4.2.0
└─ lodash._reinterpolate:3.0.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Add field visit_id to the visit list apis
To mark exit on an ongoing visit as specified in the doc, field visit_id is needed.
Seems like the field visit_id is now not present in the response of these apis.
Log a new visit
Get all visits of a user
Get ongoing visits of a user
[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.uniq:4.5.0
Vulnerabilities
DepShield reports that this application's usage of lodash.uniq:4.5.0 results in the following vulnerability(s):
- (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
- (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...
Occurrences
lodash.uniq:4.5.0 is a transitive dependency introduced by the following direct dependency(s):
• @rails/webpacker:4.3.0
└─ optimize-css-assets-webpack-plugin:5.0.4
└─ cssnano:4.1.10
└─ cssnano-preset-default:4.0.7
└─ postcss-merge-rules:4.0.3
└─ caniuse-api:3.0.0
└─ lodash.uniq:4.5.0
• postcss-cssnext:3.1.0
└─ caniuse-api:2.0.0
└─ lodash.uniq:4.5.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Admin should be able to generate a user's route map
Admin should be able to generate a list of establishments visited by the user in case they test positive for the virus.
Admin should be able to sign in the application
Generated admin credentials can be used to sign up to the application.
Possibility with Active admin generated page
How to debug Ruby foreman project?
If you can help
As per images
https://drive.google.com/file/d/1GvQfJhf8WSbvIKecCLCpKcN3hglqs0pQ/view?usp=sharing
I created in the workspace some releases
The IDE starts the application, until I show the return in chrome
The problem is that the variable pointed at the breakpoint is not being returned
Can anyone help?
As per images
https://drive.google.com/file/d/1M6mhdvItbj2cu0Zqool6D5VZzhJHpM72/view?usp=sharing
The IDE starts the application, until I show the return in chrome
The problem is that the error is being returned when trying to debug the application
Can anyone help?
[DepShield] (CVSS 7.5) Vulnerability due to usage of debug:2.6.9
Vulnerabilities
DepShield reports that this application's usage of debug:2.6.9 results in the following vulnerability(s):
Occurrences
debug:2.6.9 is a transitive dependency introduced by the following direct dependency(s):
• @rails/webpacker:4.3.0
└─ webpack:4.44.2
└─ micromatch:3.1.10
└─ extglob:2.0.4
└─ expand-brackets:2.1.4
└─ debug:2.6.9
└─ snapdragon:0.8.2
└─ debug:2.6.9
• webpack-dev-server:3.11.0
└─ compression:1.7.4
└─ debug:2.6.9
└─ express:4.17.1
└─ body-parser:1.19.0
└─ debug:2.6.9
└─ debug:2.6.9
└─ finalhandler:1.1.2
└─ debug:2.6.9
└─ send:0.17.1
└─ debug:2.6.9
└─ serve-index:1.9.1
└─ debug:2.6.9
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Add page titles
Label each page by their application.
Currently all pages are named Journal - Coronasafe. Keeping the same template, add the page name in front.
Use react-helmet
User should be able to view ongoing visits
The homepage should have a listing of ongoing visits of the user.
Ongoing visits are those that do not have an exit time (#30)
User should be able to mark as Exit from a visit from the same list.
User should be able to mark a visit to establishment
When user scans a QR code (#3), the details from QR code (#5) needs to be send to the backend.
Here a "Visit" is created with details of:
- current user
- current time as entry time
- establishment identifier (from scanned QR code)
- empty exit time
For expansion purposes, would like to have Visit to have polymorphic link to Establishment as other types could be added in the future.
Design Choices
User
On the user end, the application is to be used by the most common of people. This design has to be kept as simple and bare bones as possible.
This is why we are skipping detailed password based authentication on user. User will have a sign up page where they can enter minimal details of themselves, this will be saved to the backend with a token generated ending the user on main page.
If this token ever gets cleared (assuming that the possibility of this happening is rare), user will be redirected back to the sign up page.
Uniqueness of date of birth + phone number is enforced, so as communicate with other Coronasafe projects easier in the future.
Merchant
Admin
This is to be used by district officials, the emphasis here is on the functionality rather than the UI.
Admin should be able to select from and to date for route map
Related to #8
API: https://github.com/coronasafe/journal/blob/develop/doc/api.md#routemap-for-a-user
Backend defaults to last 7 days, but date can be customized. Requires two date pickers for start and end date, end date needs to be validated to be less than start date.
Merchant page should be secured by captcha
Search user api improvement
Name of the user is not provided on searching the user from admin.
Hence cannot display the name of the user in the admin dashboard for routemap
Merchant should be able generate a QR code from the application
For MVP, merchant does not need to have a login to application.
The merchant page should enable to collect:
- Establishment name
- Phone number
- Address
This has to be saved on to the database and a QR code is generated.
QR code contains following details:
- typeof "establishment" (this is for extension purposes later on, other types can be added)
- backend identifier for merchant/establishment
Merchant should be able to select local body on registration
List of local bodies as available here: https://github.com/coronasafe/datastore/tree/master/JSON
Merchant can select one local body off the list that is saved to the database at the time of registration
[DepShield] (CVSS 7.5) Vulnerability due to usage of q:1.5.1
Vulnerabilities
DepShield reports that this application's usage of q:1.5.1 results in the following vulnerability(s):
Occurrences
q:1.5.1 is a transitive dependency introduced by the following direct dependency(s):
• @rails/webpacker:4.3.0
└─ optimize-css-assets-webpack-plugin:5.0.4
└─ cssnano:4.1.10
└─ cssnano-preset-default:4.0.7
└─ postcss-svgo:4.0.2
└─ svgo:1.3.2
└─ coa:2.0.2
└─ q:1.5.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Different use case
I have seen a use case for journal for a different way.
In our church due to covid, daily entry of all the people visited is being made. Info collected are Name, Phone number, Age, Address. Currently they are logging the register manually.
I thought of suggesting journal to the officials, but the issue is that the crowd come to the church in a rural village like ours doesn't have internet and smart phone.
So the idea is to print QR codes, register the user and assign and give a QR code per person and they bring it daily and we could scan and log their entry. I am sure that the individual elements (like scanner, QR generator, databases etc) for making this work is present inside journal project.
Do we have any scope of accompanying something like this in our current project or a new fork/fresh will be appropriate?
Thoughts?
[DepShield] (CVSS 7.5) Vulnerability due to usage of http-proxy:1.18.1
Vulnerabilities
DepShield reports that this application's usage of http-proxy:1.18.1 results in the following vulnerability(s):
Occurrences
http-proxy:1.18.1 is a transitive dependency introduced by the following direct dependency(s):
• webpack-dev-server:3.11.0
└─ http-proxy-middleware:0.19.1
└─ http-proxy:1.18.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
[DepShield] (CVSS 7.5) Vulnerability due to usage of acorn:6.4.1
Vulnerabilities
DepShield reports that this application's usage of acorn:6.4.1 results in the following vulnerability(s):
Occurrences
acorn:6.4.1 is a transitive dependency introduced by the following direct dependency(s):
• @rails/webpacker:4.3.0
└─ webpack:4.44.2
└─ acorn:6.4.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.get:4.4.2
Vulnerabilities
DepShield reports that this application's usage of lodash.get:4.4.2 results in the following vulnerability(s):
- (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
- (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...
Occurrences
lodash.get:4.4.2 is a transitive dependency introduced by the following direct dependency(s):
• @rails/webpacker:4.3.0
└─ webpack-assets-manifest:3.1.1
└─ lodash.get:4.4.2
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
List all establishments in admin dashboard
Api required to list all establishments in admin.
Related to #9
Admin should be able to filter visits by establishment, date and time
Admin should be able to enter an establishment name, a particular date and time and receive filtered details on users who have been in and out during the particular time period.
./bin/setup exits with an error
This happens because User schema has been changed. It has no email now, but has phone_number, date_of_birth etc instead. But this change is not reflected while loading sample data.
[DepShield] (CVSS 7.5) Vulnerability due to usage of express:4.17.1
Vulnerabilities
DepShield reports that this application's usage of express:4.17.1 results in the following vulnerability(s):
Occurrences
express:4.17.1 is a transitive dependency introduced by the following direct dependency(s):
• webpack-dev-server:3.11.0
└─ express:4.17.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
User should be a able to logout
- Clears the token
- takes user back to sign up page
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.