dbuchwald / hacsec Goto Github PK
View Code? Open in Web Editor NEWSecurity hackathon base application
Security hackathon base application
Dependency on Jade causes npm audit to complain about vulnerabilities
Move README file from docker directory to root, update with references to build.sh and teardown.sh scripts; add information on how to start frontend and how to log in to the application.
Currently login page form is not very sexy, it must be improved
Follow the implementation of login.js - move DB specific code to ../common/db
Currently database does not support transaction dates, it should be added (date field in DB and in API)
Variables should be set in docker-compose.yml
Currently, when trying to load application with Redux DevTools extension enabled page fails and the following output is printed to console:
Uncaught Error: You may not call store.getState() while the reducer is executing. The reducer has already received the state as an argument. Pass it down from the top reducer instead of reading it from the store.
at Object.h [as getState] (redux.js:106)
at B (:1:28201)
at :1:37657
at Object.g [as dispatch] (redux.js:205)
at dispatch (:1:40300)
at index.js:11
at dispatch (redux.js:613)
at operations.js:29
at Object.dispatch (index.js:8)
at Object.dispatch (:1:30679)
Implementation of this feature would enable us to skip sample XML delivery to participants
Scenario - go to Contacts, click on the Select file... button, open XML, click Import button. Works.
Repeat operation without reloading the page - fails. XML content sent to server is empty.
Reload page and try again - works again.
Move query from validateCustomerAccessToAccount operation to dedicated DB common module
New operation must be exposed to create new transaction in database
Disable code exposing api/v1/transactions to GET operation
Possibly bundle it with API
Currently all customers have empty contacts lists, this should be improved
Currently there is no handling of user session - token is generated, but not used for anything
This should reduce traffic needed at the beginning of hackathon
Usage of Docker for Windows requires Hyper-V, preventing users from working with Oracle VirtualBox. To address this issue, usage of docker-toolbox must be documented and recommended for participants
See login.js implementation
Also: make the transactions more meaningful
To ensure that react production build works correctly, correct configuration of Apache in frontend container
Add funds transfer page to register new transaction
Follow login.js example
see login.js
This should also solve the HTML " " issue
Currently parsing errors are crashing Node.js API instance. To be corrected.
Currently failures are not handled by frontend
Scenario:
Log in, click on the "Go to balance" button and on the transactions list screen click the "Go to balance" button again, it will result in incorrect XHR calls:
http://localhost:8081/api/v1/accounts/transactions
http://localhost:8081/api/v1/accounts
Currently there is no session validation in Contacts XML file upload operation
More details (currency, balance, IBAN number) must be added to account overview page
Please note: it would be nice if the session wasn't correctly invalidated to enable broken authentication attack
Comment out code for GET on api/v1/transactions/:id
User API must support authentication
Transaction details (amount, description) should be listed
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.