joshsoftware / peerly Goto Github PK

APIs needed:

• Create role - POST /organisations/:organisation_id/roles

• Update role - PUT /organisations/:organisation_id/roles/:id

• List roles - GET /organisations/:organisation_id/roles

• Show role - GET /organisations/:organisation_id/roles/:id

• Delete role - DELETE /organisations/:organisation_id/roles/:id

Authentication and Authorization:
Only OrganisationAdmin is allowed with a valid JWT token

Write a cron job which will run on every day at 12:00 AM. Job will do following things

1. Iterate through organization table rows one at a time
2. Check the hi5_quota_renewal_frequency
3. If frequency is WEEKLY --> check if the current day is start of week --> if it is start of week, update hi5 quota of all users of that organization to the hi5_limit value present in organizations table.
4. If frequency is MONTHLY --> check if current day is start of month --> if it is start of month, update hi5 quota of all users of that organization to the hi5_limit value present in organizations table.

Create a utility function, that takes "entityName (string)" as an argument and returns action object.

The action object would be as under:

{
  init: `INITIATE_FETCH_${entityName}`,
  success: `FETCHING_${entityName}_SUCCESSFUL`,
  failure: `FETCHING_${entityName}_FAILED`,
  toggleLoader: `TOGGLE_LOADING_${entityName}`,
  timedOut: `FETCHING_${entityName}_TIMED_OUT`
}

APIs needed:

• Create recognition - POST /organisations/:id/recognitions

• List recognitions - POST /organisations/:organisation_id/recognitions/search

• Show recognition - GET /organisations/:organisation_id/recognition/:id

List should support filters like user, core value, badges, time etc

Authentication and Authorization:
Only Employee, OrganisationAdmin is allowed with a valid JWT token

Write a common function under utility.js.

• Function name should be getFormattedErrorObj(errorCode, errorMessage, errorObject)

• Function will accept errorCode, errorMessage, errorObject parameters.
  errorCode : code which you need to send to http status
  errorMessage : Error mesaage you need to send back
  errorObject : Error object generated by yup validation

• Function will process this data and return formatted error object as per standard format as below
  {
  error: {
  code: ""
  message: ""

  fields: {
  "field_name": "Error message",
  "field_name": "Error message"
  }
  }
  }

Implement POST API /recognitions/:recognition_id/hi5.

• API should allow user to give hi5 if hi5 quota of user is > 0

• Once hi5 given update hi5 quota in users as current quota - 1

• hi5 comment is optional parameter

• Design presentational (pure functional) components for Login page
  (Reference design for login form: https://getbootstrap.com/docs/4.4/examples/sign-in/)
  NOTE: Our Google SignIn button will appear below "login" button)
• Install & configure "react-router" npm package (use History API)
  (https://reacttraining.com/react-router/web/guides/quick-start/installation)
• Define routes for: "/login", "/logout", "/gauth-success", "/gauth-failure"
• Install and configure toaster notifications
  (https://github.com/teodosii/react-notifications-component#getting-started)
• Install and configure Apollo GraphQL
  (https://www.apollographql.com/docs/react/get-started/)
• Logic to exchange OTP + encrypted cookies for JWT token

• Add a common middleware to check whether JWT is valid. (Token would be said valid if it is valid JWT and not in blacklisted tokens table as well).

• Add common function to retrieve user id, role, org from token

Setup react router.

• each parent will define routes for it's direct children
• each route maps to a container component
• each container will be connected to store

Implement CORS for APIs
Reference : https://www.npmjs.com/package/cors
We will allow dev.peerly.com and http://ec2-18-216-79-5.us-east-2.compute.amazonaws.com:3000
in origin.

We will need APIs for the following

• Create badge - POST /organisations/:organisation_id/badges

• Update badge - PUT /organisations/:organisation_id/badges/:id

• List badges - GET /organisations/:organisation_id/badges

• Show badge - GET /organisations/:organisation_id/badges/:id

• Delete badge - DELETE /organisations/:organisation_id/badges/:id

Thoughts:

1. Badge delete / update API should check the usage of the badge ?

Authentication and Authorization:
OrganisationAdmin is allowed with a valid JWT token

APIs needed:

• Create recognition - POST /organisations/:id/recognitions

• List recognitions - POST /organisations/:organisation_id/recognitions/search

• Show recognition - GET /organisations/:organisation_id/recognition/:id

List should support filters like user, core value, badges, time etc

Authentication and Authorization:
Only Employee, OrganisationAdmin is allowed with a valid JWT token

• add core-component

• single element shared component

• List of filter element shared component

• add autocomplete component for filter.

• add FilterRecognitionCard

• presentational components for filter panel

• logic to query various types of filters

• API integration

• Add pagination to listing

Possible filters:

• top_hi5_recognitions (default 5)

• from_date: (default null) format epoch

• to_date: (default null) format epoch/ date obj UTC

• given_to array_of[<user_id>]

• given_by array_of[<user_id>]

• core_value_ids array_of[<core_value_ids>]

• As per the design in filter it says recieved hi5 and sent hi5 instead use Given To and Given By as filters on UI it will be a multi-select list of users, which has autocomplete dropdown

• Use debounce here (i.e API call should’t be made after each type) and also add character limit that search should happen after least 3 characters entered

• Use Context API to make session token available across all components
• Helper to include token in Authorization header for each request

APIs needed:

• Create organisation - POST /organisations

• Update organisation - PUT /organisations/:id

• List organisations - GET /organisations

• Show organisation - GET /organisations/:id

Authentication and Authorization:

Only SuperAdmin is allowed with a valid JWT token

APIs needed:

• Create organisation - POST /organisations

• Update organisation - PUT /organisations/:id

• List organisations - GET /organisations

• Show organisation - GET /organisations/:id

Authentication and Authorization:

Only SuperAdmin is allowed with a valid JWT token

APIs needed:

• Create core value - POST /organisations/:organisation_id/core_values

• Update core value - PUT /organisations/:organisation_id/core_values/:id

• List core value - GET /organisations/:organisation_id/core_values

• Show core value - GET /organisations/:organisation_id/core_values/:id

Authentication and Authorization:
OrganisationAdmin is allowed with a valid JWT token

Thoughts:
For core value deletion we will have to think for the flow.
Since we will be doing soft delete and not hard delete

APIs needed:

• Create recognition - POST /organisations/:id/recognitions

• List recognitions - POST /organisations/:organisation_id/recognitions/search

• Show recognition - GET /organisations/:organisation_id/recognition/:id

• Validation for valid organisation

• Take Recognition_by from session

List should support filters like user, core value, badges, time etc

Authentication and Authorization:
Only Employee, OrganisationAdmin is allowed with a valid JWT token

Use mina to setup deployment script

• Add "redux-saga" npm package (using Yarn)
• Setup "redux-saga" middleware
• Create root saga
• Start root saga

makeHTTPCall function should get a different router path and request URL.

For example:-
Router path string:- "/organisations/{organisation_id:[0-9]+}/core_values"
Request url string:- "/organisations/1/core_values"

$ panic: strconv.Atoi: parsing "": invalid syntax

goroutine 1 [running]:
main.main()
	/Users/jah/Projects/peerly/go-backend/main.go:62 +0x30d

Contents of DB migrations dir:

$ ls migrations/
Permissions Size User Date Modified Git Name
.rw-r--r--     0 jah  21 Apr  4:46   -- .keep
.rw-r--r--    18 jah  21 Apr  5:07   -- 1587381324_create_users.down.sql
.rw-r--r--   792 jah  21 Apr  5:06   -M 1587381324_create_users.up.sql

Contents of 1587381324_create_users.down.sql:

DROP TABLE users;

Use create-react-app boilerplate to setup a new React project.

Tasks:

• JS config setup for supporting absolute imports
• Configure ESLint to ensure standardization
• Configure Prettier to ensure consistent spacing, styling rules
• Add Bootstrap 4 CSS, JS (react-bootstrap) via npm modules
• Execute eslint, prettier in pre-commit hooks using "husky"
• Add styled-components npm module

APIs needed:

• Show user - POST /users/:id
• Update user - PUT /users/:id

Create a function that takes following arguments:

• "apiToken" (mandatory)
• "apiVersion" (default to 1)

and returns the following hash:

{
  "Content-Type": "application/json",
  Accept: `version=${apiVersion}`,
  Authorization: `Bearer ${apiToken}`
}

• Fetch list of recognition for an organisation to which user belongs to

• Add filter parameters as per UI requirement

• Add base project structure

• Setup Graphql end point

Create a function that takes no arguments and returns:

REACT_APP_API_BASE_URL

if REACT_APP_API_BASE_URL environment variable is available.

Else, /

We will need APIs for the following

• Create core value - POST /organisations/:organisation_id/core_values

• List core values - GET /organisations/:organisation_id/core_values

• Update core value - PUT /organisations/:organisation_id/core_values/:id

• Show core value - GET /organisations/:organisation_id/core_values/:id

• Delete core value - DELETE /organisations/:organisation_id/core_values/:id

Authentication and Authorization:
OrganisationAdmin is allowed with a valid JWT token

Use mina to setup deployment script

• create shared component for core value.
• create component for core values list.
• create recognition card body file for adding core values.
• add toggle comment box on clicking add comment button.
• create a popup to show comments to user.
• add styling to popup window to show employee image.
• add styling to create recognition presentational component.
• add test cases for the component.
• create a component to show list of user on clicking create recognition button.

Implement API versioning so that API will accept version from header and will execute api of specified version

Reference link : https://www.npmjs.com/package/express-routes-versioning

• presentational components for Login Page
• PeerlyButtonCoreComponent
• PeerlyImageCoreComponent
• PeerlyLabelCoreComponent
• PeerlyLogoSubComponent
• PeerlyWorkingInfoSubComponent
• PeerlyLoginSliderSubComponent

While watching a presentation from GitHub Satellite today, the presenter made a very strong case for adding a security.md file at the base of a repo so that security researchers have a known, set and maintained procedure they can follow to report security vulnerabilities. She quoted some statistics that say it's over 50% more likely a researcher will privately report a vulnerability to a maintainer if there's a maintained security reporting policy for a repo than if there isn't.

Functionally, this is probably rarely if ever going to get used for this project, but doing this anyway could serve to be a good start in "getting in the habit" of doing this for every project for the company. This should probably be a consistent policy that we should follow for all projects (especially open source ones), and we might as well use this project to start that trend and refine how we handle security reporting policy.

Before we can do this though, we need some decisions made. Who should get emails for security vulnerabilities? A group per project, an overall "security@" email list, or a specific person? Who should lead those efforts to research and fix the problem(s) when they eventually get reported?

I'm just creating this issue to get the conversation started here, and see what everyone thinks. Having a security.md file isn't really necessary for this project (probably), but establishing a pattern of doing this now will likely save our asses, and somebody else's, at some point in the future.

Create a function that takes following arguments:

• "options" (type: "hash", optional, defaultValue: {} )

and returns stringified version of options hash (using qs package):

Use the following options with qs package:

{
    encode: true,
    arrayFormat: "brackets",
    addQueryPrefix: true
}

• Implement db migration for database schema design

• Add "redux", "react-redux" npm packages (using Yarn)
• Add "redux-devtools" npm package - dev dependency (using Yarn)
• Create root reducer (using combineReducers)
• Create "redux" store (store in "src/redux-store.js")
• Configure redux-devtools middleware

Create a function called getAPI that takes:

following positional arguments:

• "path" (type: "string", mandatory)
  (e.g. "/users)

and following named arguements:

• "apiToken" (type: "string", mandatory)
• "signal" (type: AbortController, mandatory)
• "queryParams" (type: "hash", optional)
• "baseUrl" (type: sring, default: getBaseURL(), optional)
• "additionalHeaders" (type: "hash", optional, defaultValue: {} )

NOTE: getBaseUrl() is defined here: #52

and returns promise object given by fetch

fetch(`${baseUrl}/reqPath${queryString}`, {
    method: "GET",
    referrerPolicy: "no-referrer",
    redirect: "manual",
    signal,
    headers: new Headers({
      ...getDefaultHeaders(apiToken),
      ...additionalHeaders
    })
  });

NOTE: getDefaultHeaders() is defined here: #51

• Implement GET API /users

API should return list of users (except Super Admin) of an organisation to which calling user belongs to. (Access org id from token and return users of that organisation).

Tasks:

• Deploy node APIs on cloud server

• Test those APIs are accessible

• Provide end point to UI team to consume those APIs

• Base http server configuration

• Write GET API with signature as /profile.

• Should return current user profile.

Tasks:

• Implement v1/login endpoint as per the flow

• Add logout API (this should create an entry of user token in user_blacklisted_tokens)

• Task to clean up user_black_listed token when the token in table expires expires

Acceptance criteria:

New / Existing users should be able to login
All users signed up from this flow should have Employee role

Implement POST API /recognitions/:recognition_id/hi5

Acceptance criteria:

• allow user to give hi5 if hi5 quota of user is > 0
• once hi5 given update hi5 quota in users as current quota - 1
• hi5 comment is optional parameter

• Implement mutation method to add new recognition

Recognition card will look something like this:

• label core component
• image component
• recognition for component
• recognition text component
• high five button component
• recognition for component
• menu button component
• recognition by component
• recognition on component
• recognition card header component
• recognition card body component
• recognition card component
• recognition list component

Tasks:

• Add users table migration

• Implement /login endpoint as per the flow

• Add user_blacklisted_tokens table

• Add logout API (this should create an entry of user token in user_blacklisted_tokens)

• Task to clean up user_black_listed token when the token in table expires expires

• Implement a way to check for valid login/JWT on each request (something we can call in http handler functions)

Acceptance criteria:

1. New / Existing users should be able to login
2. All users signed up from this flow should have Employee role

APIs needed:

• Create badge - POST /organisations/:organisation_id/badges

• Update badge - PUT /organisations/:organisation_id/badges/:id

• List badges - GET /organisations/:organisation_id/badges

• Show badge - GET /organisations/:organisation_id/badges/:id

Authentication and Authorization:
OrganisationAdmin is allowed with a valid JWT token

Thoughts:
Need to think flow for soft deletion of badge