joshsoftware / peerly Goto Github PK
View Code? Open in Web Editor NEWPeerLy is a peer-reward and recognition system with high-5's. (hi5)
License: MIT License
PeerLy is a peer-reward and recognition system with high-5's. (hi5)
License: MIT License
APIs needed:
Create role - POST /organisations/:organisation_id/roles
Update role - PUT /organisations/:organisation_id/roles/:id
List roles - GET /organisations/:organisation_id/roles
Show role - GET /organisations/:organisation_id/roles/:id
Delete role - DELETE /organisations/:organisation_id/roles/:id
Authentication and Authorization:
Only OrganisationAdmin is allowed with a valid JWT token
Write a cron job which will run on every day at 12:00 AM. Job will do following things
Create a utility function, that takes "entityName (string)" as an argument and returns action object.
The action object would be as under:
{
init: `INITIATE_FETCH_${entityName}`,
success: `FETCHING_${entityName}_SUCCESSFUL`,
failure: `FETCHING_${entityName}_FAILED`,
toggleLoader: `TOGGLE_LOADING_${entityName}`,
timedOut: `FETCHING_${entityName}_TIMED_OUT`
}
APIs needed:
Create recognition - POST /organisations/:id/recognitions
List recognitions - POST /organisations/:organisation_id/recognitions/search
Show recognition - GET /organisations/:organisation_id/recognition/:id
List should support filters like user, core value, badges, time etc
Authentication and Authorization:
Only Employee, OrganisationAdmin is allowed with a valid JWT token
Write a common function under utility.js.
Function name should be getFormattedErrorObj(errorCode, errorMessage, errorObject)
Function will accept errorCode, errorMessage, errorObject parameters.
errorCode : code which you need to send to http status
errorMessage : Error mesaage you need to send back
errorObject : Error object generated by yup validation
Function will process this data and return formatted error object as per standard format as below
{
error: {
code: ""
message: ""
fields: {
"field_name": "Error message",
"field_name": "Error message"
}
}
}
Implement POST API /recognitions/:recognition_id/hi5.
API should allow user to give hi5 if hi5 quota of user is > 0
Once hi5 given update hi5 quota in users as current quota - 1
hi5 comment is optional parameter
Add a common middleware to check whether JWT is valid. (Token would be said valid if it is valid JWT and not in blacklisted tokens table as well).
Add common function to retrieve user id, role, org from token
Setup react router.
Implement CORS for APIs
Reference : https://www.npmjs.com/package/cors
We will allow dev.peerly.com and http://ec2-18-216-79-5.us-east-2.compute.amazonaws.com:3000
in origin.
We will need APIs for the following
Create badge - POST /organisations/:organisation_id/badges
Update badge - PUT /organisations/:organisation_id/badges/:id
List badges - GET /organisations/:organisation_id/badges
Show badge - GET /organisations/:organisation_id/badges/:id
Delete badge - DELETE /organisations/:organisation_id/badges/:id
Thoughts:
Authentication and Authorization:
OrganisationAdmin is allowed with a valid JWT token
APIs needed:
Create recognition - POST /organisations/:id/recognitions
List recognitions - POST /organisations/:organisation_id/recognitions/search
Show recognition - GET /organisations/:organisation_id/recognition/:id
List should support filters like user, core value, badges, time etc
Authentication and Authorization:
Only Employee, OrganisationAdmin is allowed with a valid JWT token
add core-component
single element shared component
List of filter element shared component
add autocomplete component for filter.
add FilterRecognitionCard
presentational components for filter panel
logic to query various types of filters
API integration
Add pagination to listing
Possible filters:
top_hi5_recognitions (default 5)
from_date: (default null) format epoch
to_date: (default null) format epoch/ date obj UTC
given_to array_of[<user_id>]
given_by array_of[<user_id>]
core_value_ids array_of[<core_value_ids>]
As per the design in filter it says recieved hi5
and sent hi5
instead use Given To
and Given By
as filters on UI it will be a multi-select list of users, which has autocomplete dropdown
Use debounce here (i.e API call should’t be made after each type) and also add character limit that search should happen after least 3 characters entered
APIs needed:
Create organisation - POST /organisations
Update organisation - PUT /organisations/:id
List organisations - GET /organisations
Show organisation - GET /organisations/:id
Authentication and Authorization:
Only SuperAdmin is allowed with a valid JWT token
APIs needed:
Create organisation - POST /organisations
Update organisation - PUT /organisations/:id
List organisations - GET /organisations
Show organisation - GET /organisations/:id
Authentication and Authorization:
Only SuperAdmin is allowed with a valid JWT token
APIs needed:
Create core value - POST /organisations/:organisation_id/core_values
Update core value - PUT /organisations/:organisation_id/core_values/:id
List core value - GET /organisations/:organisation_id/core_values
Show core value - GET /organisations/:organisation_id/core_values/:id
Authentication and Authorization:
OrganisationAdmin is allowed with a valid JWT token
Thoughts:
For core value deletion we will have to think for the flow.
Since we will be doing soft delete and not hard delete
APIs needed:
Create recognition - POST /organisations/:id/recognitions
List recognitions - POST /organisations/:organisation_id/recognitions/search
Show recognition - GET /organisations/:organisation_id/recognition/:id
Validation for valid organisation
Take Recognition_by from session
List should support filters like user, core value, badges, time etc
Authentication and Authorization:
Only Employee, OrganisationAdmin is allowed with a valid JWT token
Use mina to setup deployment script
makeHTTPCall function should get a different router path and request URL.
For example:-
Router path string:- "/organisations/{organisation_id:[0-9]+}/core_values"
Request url string:- "/organisations/1/core_values"
$ panic: strconv.Atoi: parsing "": invalid syntax
goroutine 1 [running]:
main.main()
/Users/jah/Projects/peerly/go-backend/main.go:62 +0x30d
Contents of DB migrations dir:
$ ls migrations/
Permissions Size User Date Modified Git Name
.rw-r--r-- 0 jah 21 Apr 4:46 -- .keep
.rw-r--r-- 18 jah 21 Apr 5:07 -- 1587381324_create_users.down.sql
.rw-r--r-- 792 jah 21 Apr 5:06 -M 1587381324_create_users.up.sql
Contents of 1587381324_create_users.down.sql
:
DROP TABLE users;
Use create-react-app boilerplate to setup a new React project.
Tasks:
APIs needed:
Create a function that takes following arguments:
and returns the following hash:
{
"Content-Type": "application/json",
Accept: `version=${apiVersion}`,
Authorization: `Bearer ${apiToken}`
}
Fetch list of recognition for an organisation to which user belongs to
Add filter parameters as per UI requirement
Add base project structure
Setup Graphql end point
Create a function that takes no arguments and returns:
REACT_APP_API_BASE_URL
if REACT_APP_API_BASE_URL
environment variable is available.
Else, /
We will need APIs for the following
Create core value - POST /organisations/:organisation_id/core_values
List core values - GET /organisations/:organisation_id/core_values
Update core value - PUT /organisations/:organisation_id/core_values/:id
Show core value - GET /organisations/:organisation_id/core_values/:id
Delete core value - DELETE /organisations/:organisation_id/core_values/:id
Authentication and Authorization:
OrganisationAdmin is allowed with a valid JWT token
Use mina to setup deployment script
Implement API versioning so that API will accept version from header and will execute api of specified version
Reference link : https://www.npmjs.com/package/express-routes-versioning
While watching a presentation from GitHub Satellite today, the presenter made a very strong case for adding a security.md
file at the base of a repo so that security researchers have a known, set and maintained procedure they can follow to report security vulnerabilities. She quoted some statistics that say it's over 50% more likely a researcher will privately report a vulnerability to a maintainer if there's a maintained security reporting policy for a repo than if there isn't.
Functionally, this is probably rarely if ever going to get used for this project, but doing this anyway could serve to be a good start in "getting in the habit" of doing this for every project for the company. This should probably be a consistent policy that we should follow for all projects (especially open source ones), and we might as well use this project to start that trend and refine how we handle security reporting policy.
Before we can do this though, we need some decisions made. Who should get emails for security vulnerabilities? A group per project, an overall "security@" email list, or a specific person? Who should lead those efforts to research and fix the problem(s) when they eventually get reported?
I'm just creating this issue to get the conversation started here, and see what everyone thinks. Having a security.md
file isn't really necessary for this project (probably), but establishing a pattern of doing this now will likely save our asses, and somebody else's, at some point in the future.
Create a function that takes following arguments:
and returns stringified version of options hash (using qs package):
Use the following options with qs
package:
{
encode: true,
arrayFormat: "brackets",
addQueryPrefix: true
}
Create a function called getAPI
that takes:
following positional arguments:
and following named arguements:
NOTE: getBaseUrl()
is defined here: #52
and returns promise object given by fetch
fetch(`${baseUrl}/reqPath${queryString}`, {
method: "GET",
referrerPolicy: "no-referrer",
redirect: "manual",
signal,
headers: new Headers({
...getDefaultHeaders(apiToken),
...additionalHeaders
})
});
NOTE: getDefaultHeaders()
is defined here: #51
API should return list of users (except Super Admin) of an organisation to which calling user belongs to. (Access org id from token and return users of that organisation).
Tasks:
Deploy node APIs on cloud server
Test those APIs are accessible
Provide end point to UI team to consume those APIs
Write GET API with signature as /profile.
Should return current user profile.
Tasks:
Implement v1/login endpoint as per the flow
Add logout API (this should create an entry of user token in user_blacklisted_tokens)
Task to clean up user_black_listed token when the token in table expires expires
Acceptance criteria:
New / Existing users should be able to login
All users signed up from this flow should have Employee role
Implement POST API /recognitions/:recognition_id/hi5
Acceptance criteria:
Recognition card will look something like this:
Tasks:
Add users table migration
Implement /login endpoint as per the flow
Add user_blacklisted_tokens table
Add logout API (this should create an entry of user token in user_blacklisted_tokens)
Task to clean up user_black_listed token when the token in table expires expires
Implement a way to check for valid login/JWT on each request (something we can call in http handler functions)
Acceptance criteria:
Employee
roleAPIs needed:
Create badge - POST /organisations/:organisation_id/badges
Update badge - PUT /organisations/:organisation_id/badges/:id
List badges - GET /organisations/:organisation_id/badges
Show badge - GET /organisations/:organisation_id/badges/:id
Authentication and Authorization:
OrganisationAdmin is allowed with a valid JWT token
Thoughts:
Need to think flow for soft deletion of badge
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.