dbuchwald / hacsec Goto Github PK

Dependency on Jade causes npm audit to complain about vulnerabilities

Move README file from docker directory to root, update with references to build.sh and teardown.sh scripts; add information on how to start frontend and how to log in to the application.

Currently login page form is not very sexy, it must be improved

Follow the implementation of login.js - move DB specific code to ../common/db

Currently database does not support transaction dates, it should be added (date field in DB and in API)

Variables should be set in docker-compose.yml

Currently, when trying to load application with Redux DevTools extension enabled page fails and the following output is printed to console:
Uncaught Error: You may not call store.getState() while the reducer is executing. The reducer has already received the state as an argument. Pass it down from the top reducer instead of reading it from the store.
at Object.h [as getState] (redux.js:106)
at B (:1:28201)
at :1:37657
at Object.g [as dispatch] (redux.js:205)
at dispatch (:1:40300)
at index.js:11
at dispatch (redux.js:613)
at operations.js:29
at Object.dispatch (index.js:8)
at Object.dispatch (:1:30679)

Implementation of this feature would enable us to skip sample XML delivery to participants

Scenario - go to Contacts, click on the Select file... button, open XML, click Import button. Works.
Repeat operation without reloading the page - fails. XML content sent to server is empty.
Reload page and try again - works again.

Move query from validateCustomerAccessToAccount operation to dedicated DB common module

New operation must be exposed to create new transaction in database

Disable code exposing api/v1/transactions to GET operation

Possibly bundle it with API

Currently all customers have empty contacts lists, this should be improved

Currently there is no handling of user session - token is generated, but not used for anything

This should reduce traffic needed at the beginning of hackathon

Usage of Docker for Windows requires Hyper-V, preventing users from working with Oracle VirtualBox. To address this issue, usage of docker-toolbox must be documented and recommended for participants

See login.js implementation

Also: make the transactions more meaningful

To ensure that react production build works correctly, correct configuration of Apache in frontend container

Add funds transfer page to register new transaction

Follow login.js example

see login.js

This should also solve the HTML " " issue

Currently parsing errors are crashing Node.js API instance. To be corrected.

Currently failures are not handled by frontend

Scenario:
Log in, click on the "Go to balance" button and on the transactions list screen click the "Go to balance" button again, it will result in incorrect XHR calls:

http://localhost:8081/api/v1/accounts/transactions
http://localhost:8081/api/v1/accounts

Currently there is no session validation in Contacts XML file upload operation

More details (currency, balance, IBAN number) must be added to account overview page

Please note: it would be nice if the session wasn't correctly invalidated to enable broken authentication attack

Comment out code for GET on api/v1/transactions/:id

User API must support authentication

Transaction details (amount, description) should be listed