Code Monkey home page Code Monkey logo

shoeshop's Introduction

Build Status Coverage Status Security GuardRails badge Dependabot

ShoeShop

A simple yet fully functional web-shop application built with Ruby on Rails

This app is a store with features close to the real ones.

The user can add products to the cart and buy, navigate by categories and brands, search, filter and sort products. The administrator is able to manage products, add and change them, and also has access to the API and the administrator page.

You can go to the website or view the images in the docs/images folder

Functionality included

  • Sign up / sign in / forgot password
  • Sign in with Facebook
  • Filter products by categories and brands
  • Add products to the shopping cart
  • Search for products using auto-completion
  • View related and recent products
  • Product's pagination
  • Use app's API if the administrator has given you UID and secret
  • Admin Page
  • OAuth 2 provider

About the code

  • Built with Ruby on Rails 5
  • Using Boostrap 3 and own stylesheets for styles
  • Devise as authentication solution
  • Pundit for authorization
  • Pagy for pagination
  • rails_admin for admin page
  • HAML as templating engine for HTML
  • CoffeeScript instead of JS in scripts
  • Using jQuery and plugins: easydropdown, responsiveslides, simpleCart, typeahead, etc.
  • meta-tags for SEO optimization
  • OmniAuth provides authentication using third-party credentials
  • Doorkeeper as OAuth 2 provider and API authenticator
  • API built with jbuilder and active_model_serializers
  • acts-as-taggable-on for filtering products by tags
  • rack-attack as middleware for throttling and blocking abusive requests
  • TDD with RSpec + ShouldaMatchers + FactoryBot + etc. (over 110 tests)
  • Profiling and optimization tools:
    • Bullet as N+1 problem profiler
    • active_record_doctor helps to keep the database in a good shape
  • Code quality scanners: rails_best_practices, rubocop, rubycritic, brakeman
  • CI/CD
    • Travis CI
    • Coveralls.io for test coverage history & statistics
    • Hakiri.io & GuardRails.io as security vulnerabilities scanner
  • Docker & docker-compose

Setup

Clone this repository:

git clone [email protected]:maxbarsukov/shoeshop.git

Install gems:

bundle install

Setup database and seeds:

bundle exec rails db:create db:migrate db:seed

Setup your test database:

bundle exec rails db:test:prepare

Run

With Foreman:

  • Dev: foreman start
  • Production: foreman start -f Procfile

Using Docker: docker-compose up

Testing

Run tests with rspec

Check security vulnerability with bundle exec brakeman --exit-on-warn -f plain -5

Check the quality of code with bundle exec rails_best_practices . --spec -c config/rails_best_practices.yml

Run bundle exec rubycritic for code quality reporter

License

MIT License. Copyright 2021 nyapsilon

shoeshop's People

Contributors

maxbarsukov avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar

Forkers

nguyenloi-dev yurivikt

shoeshop's Issues

[DepShield] (CVSS 7.5) Vulnerability due to usage of q:1.5.1

Vulnerabilities

DepShield reports that this application's usage of q:1.5.1 results in the following vulnerability(s):

Occurrences

q:1.5.1 is a transitive dependency introduced by the following direct dependency(s):

@rails/webpacker:5.4.0
        └─ optimize-css-assets-webpack-plugin:5.0.8
              └─ cssnano:4.1.11
                    └─ cssnano-preset-default:4.0.8
                          └─ postcss-svgo:4.0.3
                                └─ svgo:1.3.2
                                      └─ coa:2.0.2
                                            └─ q:1.5.1

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

[DepShield] (CVSS 7.4) Vulnerability due to usage of ini:1.3.8

Vulnerabilities

DepShield reports that this application's usage of ini:1.3.8 results in the following vulnerability(s):

Occurrences

ini:1.3.8 is a transitive dependency introduced by the following direct dependency(s):

webpack-cli:3.3.12
        └─ findup-sync:3.0.0
              └─ resolve-dir:1.0.1
                    └─ global-modules:1.0.0
                          └─ global-prefix:1.0.2
                                └─ ini:1.3.8
        └─ global-modules:2.0.0
              └─ global-prefix:3.0.0
                    └─ ini:1.3.8

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

[DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:3.2.2

Vulnerabilities

DepShield reports that this application's usage of kind-of:3.2.2 results in the following vulnerability(s):

Occurrences

kind-of:3.2.2 is a transitive dependency introduced by the following direct dependency(s):

webpack:4.46.0
        └─ micromatch:3.1.10
              └─ braces:2.3.2
                    └─ fill-range:4.0.0
                          └─ is-number:3.0.0
                                └─ kind-of:3.2.2
                    └─ snapdragon-node:2.1.1
                          └─ snapdragon-util:3.0.1
                                └─ kind-of:3.2.2
              └─ snapdragon:0.8.2
                    └─ base:0.11.2
                          └─ cache-base:1.0.1
                                └─ has-value:1.0.0
                                      └─ has-values:1.0.0
                                            └─ is-number:3.0.0
                                                  └─ kind-of:3.2.2
                                └─ to-object-path:0.3.0
                                      └─ kind-of:3.2.2
                          └─ class-utils:0.3.6
                                └─ static-extend:0.1.2
                                      └─ object-copy:0.1.0
                                            └─ kind-of:3.2.2
                    └─ define-property:0.2.5
                          └─ is-descriptor:0.1.6
                                └─ is-accessor-descriptor:0.1.6
                                      └─ kind-of:3.2.2
                                └─ is-data-descriptor:0.1.4
                                      └─ kind-of:3.2.2
        └─ watchpack:1.7.5
              └─ watchpack-chokidar2:2.0.1
                    └─ chokidar:2.1.8
                          └─ braces:2.3.2
                                └─ fill-range:4.0.0
                                      └─ is-number:3.0.0
                                            └─ kind-of:3.2.2

webpack-dev-server:3.11.2
        └─ chokidar:2.1.8
              └─ braces:2.3.2
                    └─ fill-range:4.0.0
                          └─ is-number:3.0.0
                                └─ kind-of:3.2.2

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

[DepShield] (CVSS 7.5) Vulnerability due to usage of postcss:7.0.36

Vulnerabilities

DepShield reports that this application's usage of postcss:7.0.36 results in the following vulnerability(s):

Occurrences

postcss:7.0.36 is a transitive dependency introduced by the following direct dependency(s):

@rails/webpacker:5.4.0
        └─ css-loader:3.6.0
              └─ icss-utils:4.1.1
                    └─ postcss:7.0.36
              └─ postcss:7.0.36
              └─ postcss-modules-extract-imports:2.0.0
                    └─ postcss:7.0.36
              └─ postcss-modules-local-by-default:3.0.3
                    └─ postcss:7.0.36
              └─ postcss-modules-scope:2.2.0
                    └─ postcss:7.0.36
              └─ postcss-modules-values:3.0.0
                    └─ postcss:7.0.36
        └─ optimize-css-assets-webpack-plugin:5.0.8
              └─ cssnano:4.1.11
                    └─ cssnano-preset-default:4.0.8
                          └─ css-declaration-sorter:4.0.1
                                └─ postcss:7.0.36
                          └─ cssnano-util-raw-cache:4.0.1
                                └─ postcss:7.0.36
                          └─ postcss:7.0.36
                          └─ postcss-calc:7.0.5
                                └─ postcss:7.0.36
                          └─ postcss-colormin:4.0.3
                                └─ postcss:7.0.36
                          └─ postcss-convert-values:4.0.1
                                └─ postcss:7.0.36
                          └─ postcss-discard-comments:4.0.2
                                └─ postcss:7.0.36
                          └─ postcss-discard-duplicates:4.0.2
                                └─ postcss:7.0.36
                          └─ postcss-discard-empty:4.0.1
                                └─ postcss:7.0.36
                          └─ postcss-discard-overridden:4.0.1
                                └─ postcss:7.0.36
                          └─ postcss-merge-longhand:4.0.11
                                └─ postcss:7.0.36
                                └─ stylehacks:4.0.3
                                      └─ postcss:7.0.36
                          └─ postcss-merge-rules:4.0.3
                                └─ postcss:7.0.36
                          └─ postcss-minify-font-values:4.0.2
                                └─ postcss:7.0.36
                          └─ postcss-minify-gradients:4.0.2
                                └─ postcss:7.0.36
                          └─ postcss-minify-params:4.0.2
                                └─ postcss:7.0.36
                          └─ postcss-minify-selectors:4.0.2
                                └─ postcss:7.0.36
                          └─ postcss-normalize-charset:4.0.1
                                └─ postcss:7.0.36
                          └─ postcss-normalize-display-values:4.0.2
                                └─ postcss:7.0.36
                          └─ postcss-normalize-positions:4.0.2
                                └─ postcss:7.0.36
                          └─ postcss-normalize-repeat-style:4.0.2
                                └─ postcss:7.0.36
                          └─ postcss-normalize-string:4.0.2
                                └─ postcss:7.0.36
                          └─ postcss-normalize-timing-functions:4.0.2
                                └─ postcss:7.0.36
                          └─ postcss-normalize-unicode:4.0.1
                                └─ postcss:7.0.36
                          └─ postcss-normalize-url:4.0.1
                                └─ postcss:7.0.36
                          └─ postcss-normalize-whitespace:4.0.2
                                └─ postcss:7.0.36
                          └─ postcss-ordered-values:4.1.2
                                └─ postcss:7.0.36
                          └─ postcss-reduce-initial:4.0.3
                                └─ postcss:7.0.36
                          └─ postcss-reduce-transforms:4.0.2
                                └─ postcss:7.0.36
                          └─ postcss-svgo:4.0.3
                                └─ postcss:7.0.36
                          └─ postcss-unique-selectors:4.0.1
                                └─ postcss:7.0.36
                    └─ postcss:7.0.36
        └─ postcss-flexbugs-fixes:4.2.1
              └─ postcss:7.0.36
        └─ postcss-import:12.0.1
              └─ postcss:7.0.36
        └─ postcss-loader:3.0.0
              └─ postcss:7.0.36
        └─ postcss-preset-env:6.7.0
              └─ autoprefixer:9.8.6
                    └─ postcss:7.0.36
              └─ css-blank-pseudo:0.1.4
                    └─ postcss:7.0.36
              └─ css-has-pseudo:0.10.0
                    └─ postcss:7.0.36
              └─ css-prefers-color-scheme:3.1.1
                    └─ postcss:7.0.36
              └─ postcss:7.0.36
              └─ postcss-attribute-case-insensitive:4.0.2
                    └─ postcss:7.0.36
              └─ postcss-color-functional-notation:2.0.1
                    └─ postcss:7.0.36
              └─ postcss-color-gray:5.0.0
                    └─ postcss:7.0.36
              └─ postcss-color-hex-alpha:5.0.3
                    └─ postcss:7.0.36
              └─ postcss-color-mod-function:3.0.3
                    └─ postcss:7.0.36
              └─ postcss-color-rebeccapurple:4.0.1
                    └─ postcss:7.0.36
              └─ postcss-custom-media:7.0.8
                    └─ postcss:7.0.36
              └─ postcss-custom-properties:8.0.11
                    └─ postcss:7.0.36
              └─ postcss-custom-selectors:5.1.2
                    └─ postcss:7.0.36
              └─ postcss-dir-pseudo-class:5.0.0
                    └─ postcss:7.0.36
              └─ postcss-double-position-gradients:1.0.0
                    └─ postcss:7.0.36
              └─ postcss-env-function:2.0.2
                    └─ postcss:7.0.36
              └─ postcss-focus-visible:4.0.0
                    └─ postcss:7.0.36
              └─ postcss-focus-within:3.0.0
                    └─ postcss:7.0.36
              └─ postcss-font-variant:4.0.1
                    └─ postcss:7.0.36
              └─ postcss-gap-properties:2.0.0
                    └─ postcss:7.0.36
              └─ postcss-image-set-function:3.0.1
                    └─ postcss:7.0.36
              └─ postcss-initial:3.0.4
                    └─ postcss:7.0.36
              └─ postcss-lab-function:2.0.1
                    └─ postcss:7.0.36
              └─ postcss-logical:3.0.0
                    └─ postcss:7.0.36
              └─ postcss-media-minmax:4.0.0
                    └─ postcss:7.0.36
              └─ postcss-nesting:7.0.1
                    └─ postcss:7.0.36
              └─ postcss-overflow-shorthand:2.0.0
                    └─ postcss:7.0.36
              └─ postcss-page-break:2.0.0
                    └─ postcss:7.0.36
              └─ postcss-place:4.0.1
                    └─ postcss:7.0.36
              └─ postcss-pseudo-class-any-link:6.0.0
                    └─ postcss:7.0.36
              └─ postcss-replace-overflow-wrap:3.0.0
                    └─ postcss:7.0.36
              └─ postcss-selector-matches:4.0.0
                    └─ postcss:7.0.36
              └─ postcss-selector-not:4.0.1
                    └─ postcss:7.0.36
        └─ postcss-safe-parser:4.0.2
              └─ postcss:7.0.36

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.memoize:4.1.2

Vulnerabilities

DepShield reports that this application's usage of lodash.memoize:4.1.2 results in the following vulnerability(s):

Occurrences

lodash.memoize:4.1.2 is a transitive dependency introduced by the following direct dependency(s):

@rails/webpacker:5.4.0
        └─ optimize-css-assets-webpack-plugin:5.0.8
              └─ cssnano:4.1.11
                    └─ cssnano-preset-default:4.0.8
                          └─ postcss-merge-rules:4.0.3
                                └─ caniuse-api:3.0.0
                                      └─ lodash.memoize:4.1.2

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

[DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:4.0.0

Vulnerabilities

DepShield reports that this application's usage of kind-of:4.0.0 results in the following vulnerability(s):

Occurrences

kind-of:4.0.0 is a transitive dependency introduced by the following direct dependency(s):

webpack:4.46.0
        └─ micromatch:3.1.10
              └─ snapdragon:0.8.2
                    └─ base:0.11.2
                          └─ cache-base:1.0.1
                                └─ has-value:1.0.0
                                      └─ has-values:1.0.0
                                            └─ kind-of:4.0.0

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

[DepShield] (CVSS 7.5) Vulnerability due to usage of http-proxy:1.18.1

Vulnerabilities

DepShield reports that this application's usage of http-proxy:1.18.1 results in the following vulnerability(s):

Occurrences

http-proxy:1.18.1 is a transitive dependency introduced by the following direct dependency(s):

webpack-dev-server:3.11.2
        └─ http-proxy-middleware:0.19.1
              └─ http-proxy:1.18.1

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

[DepShield] (CVSS 7.5) Vulnerability due to usage of debug:2.6.9

Vulnerabilities

DepShield reports that this application's usage of debug:2.6.9 results in the following vulnerability(s):

Occurrences

debug:2.6.9 is a transitive dependency introduced by the following direct dependency(s):

webpack:4.46.0
        └─ micromatch:3.1.10
              └─ extglob:2.0.4
                    └─ expand-brackets:2.1.4
                          └─ debug:2.6.9
              └─ snapdragon:0.8.2
                    └─ debug:2.6.9

webpack-dev-server:3.11.2
        └─ compression:1.7.4
              └─ debug:2.6.9
        └─ express:4.17.1
              └─ body-parser:1.19.0
                    └─ debug:2.6.9
              └─ debug:2.6.9
              └─ finalhandler:1.1.2
                    └─ debug:2.6.9
              └─ send:0.17.1
                    └─ debug:2.6.9
        └─ serve-index:1.9.1
              └─ debug:2.6.9

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.get:4.4.2

Vulnerabilities

DepShield reports that this application's usage of lodash.get:4.4.2 results in the following vulnerability(s):

Occurrences

lodash.get:4.4.2 is a transitive dependency introduced by the following direct dependency(s):

@rails/webpacker:5.4.0
        └─ webpack-assets-manifest:3.1.1
              └─ lodash.get:4.4.2

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

DepShield encountered errors while building your project

The project could not be analyzed because of build errors. Please review the error messages here. Another build will be scheduled when a change to a manifest file* occurs. If the build is successful this issue will be closed, otherwise the error message will be updated.

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

* Supported manifest files are: pom.xml, package.json, package-lock.json, npm-shrinkwrap.json, Cargo.lock, Cargo.toml, main.rs, lib.rs, build.gradle, build.gradle.kts, settings.gradle, settings.gradle.kts, gradle.properties, gradle-wrapper.properties, go.mod, go.sum

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.debounce:4.0.8

Vulnerabilities

DepShield reports that this application's usage of lodash.debounce:4.0.8 results in the following vulnerability(s):

Occurrences

lodash.debounce:4.0.8 is a transitive dependency introduced by the following direct dependency(s):

@rails/webpacker:5.4.0
        └─ @babel/plugin-transform-runtime:7.14.5
              └─ babel-plugin-polyfill-corejs2:0.2.2
                    └─ @babel/helper-define-polyfill-provider:0.2.3
                          └─ lodash.debounce:4.0.8

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

[DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:5.1.0

Vulnerabilities

DepShield reports that this application's usage of kind-of:5.1.0 results in the following vulnerability(s):

Occurrences

kind-of:5.1.0 is a transitive dependency introduced by the following direct dependency(s):

webpack:4.46.0
        └─ micromatch:3.1.10
              └─ snapdragon:0.8.2
                    └─ define-property:0.2.5
                          └─ is-descriptor:0.1.6
                                └─ kind-of:5.1.0

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.uniq:4.5.0

Vulnerabilities

DepShield reports that this application's usage of lodash.uniq:4.5.0 results in the following vulnerability(s):

Occurrences

lodash.uniq:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

@rails/webpacker:5.4.0
        └─ optimize-css-assets-webpack-plugin:5.0.8
              └─ cssnano:4.1.11
                    └─ cssnano-preset-default:4.0.8
                          └─ postcss-merge-rules:4.0.3
                                └─ caniuse-api:3.0.0
                                      └─ lodash.uniq:4.5.0

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

[DepShield] (CVSS 7.5) Vulnerability due to usage of express:4.17.1

Vulnerabilities

DepShield reports that this application's usage of express:4.17.1 results in the following vulnerability(s):

Occurrences

express:4.17.1 is a transitive dependency introduced by the following direct dependency(s):

webpack-dev-server:3.11.2
        └─ express:4.17.1

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.