From 7c4208fa163c17086ddcff0dc411109f38f0ac7a Mon Sep 17 00:00:00 2001 From: Kim Gardner Date: Thu, 8 Dec 2016 10:04:10 -1000 Subject: [PATCH 1/8] Update config notes --- README.md | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 0f217d89c..848dd989a 100644 --- a/README.md +++ b/README.md @@ -19,13 +19,19 @@ Runs Talk. The Talk application requires specific configuration options to be available inside the environment in order to run, those variables are listed here: -- `TALK_SESSION_SECRET` (*required*) - a random string which will be used to - secure cookies -- `TALK_FACEBOOK_APP_ID` (*required*) - the Facebook app id for your Facebook - Login enabled app. -- `TALK_FACEBOOK_APP_SECRET` (*required*) - the Facebook app secret for your - Facebook Login enabled app. -- `TALK_ROOT_URL` (*required*) - Root url of the installed application externally available in the format: `://` without the path. +- `TALK_SESSION_SECRET` (*required*) - a random string which will be used to +secure cookies. +`TALK_FACEBOOK_APP_ID` (*required*) - the Facebook app id for your Facebook +Login enabled app. +`TALK_FACEBOOK_APP_SECRET` (*required*) - the Facebook app secret for your +Facebook Login enabled app. +`TALK_ROOT_URL` (*required*) - root url of the installed application externally +available in the format: `://` without the path. +`TALK_SMTP_PROVIDER` (*required*) - SMTP provider name. +`TALK_SMTP_USERNAME` (*required*) - username of the SMTP provider you are using. +`TALK_SMTP_PASSWORD` (*required*) - password for the SMTP provider you are using. +`TALK_SMTP_HOST` (*required*) - SMTP host url with format `smtp.domain.com`. +`TALK_SMTP_PORT` (*required*) - SMTP port. ### Running with Docker Make sure you have Docker running first and then run `docker-compose up -d` From 1c5dffc94cd975d4b082db9b8ac71c44b0cf22ae Mon Sep 17 00:00:00 2001 From: Kim Gardner Date: Thu, 8 Dec 2016 10:05:38 -1000 Subject: [PATCH 2/8] Add product links --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 848dd989a..6589cddb9 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,11 @@ A commenting platform from The Coral Project. [https://coralproject.net](https:/ ## Contributing to Talk +### Product Roadmap +You can view what the Coral Team is working on next here: https://www.pivotaltracker.com/n/projects/1863625 + +You can view product ideas and our longer term roadmap here: https://trello.com/b/ILND751a/talk + ### Local Dependencies Node Mongo From 3d35183e6781b15cc081b5dcc1b13258e43f087f Mon Sep 17 00:00:00 2001 From: Wyatt Johnson Date: Thu, 8 Dec 2016 15:56:52 -0500 Subject: [PATCH 3/8] Add payload filtering and status_history updates --- app.js | 4 +- middleware/payload-filter.js | 73 ++++++++++++++++++++++++++++++ models/asset.js | 8 +--- models/comment.js | 61 +++++++++++++------------ models/setting.js | 48 ++++++++++++++++---- models/user.js | 22 ++++----- routes/api/comments/index.js | 2 +- routes/api/index.js | 4 ++ routes/api/stream/index.js | 17 +++++-- routes/api/user/index.js | 47 ++++++++----------- services/scraper.js | 4 +- tests/models/comment.js | 44 ++++++++---------- tests/models/setting.js | 14 ++++++ tests/routes/api/comments/index.js | 27 ++++++----- tests/routes/api/queue/index.js | 6 +-- tests/routes/api/stream/index.js | 19 ++++++-- 16 files changed, 265 insertions(+), 135 deletions(-) create mode 100644 middleware/payload-filter.js diff --git a/app.js b/app.js index dd58e9883..fe392932b 100644 --- a/app.js +++ b/app.js @@ -94,7 +94,9 @@ app.use((req, res, next) => { // returning a status code that makes sense. app.use('/api', (err, req, res, next) => { if (err !== ErrNotFound) { - console.error(err); + if (app.get('env') !== 'test') { + console.error(err); + } } res.status(err.status || 500); diff --git a/middleware/payload-filter.js b/middleware/payload-filter.js new file mode 100644 index 000000000..8ce3d39d5 --- /dev/null +++ b/middleware/payload-filter.js @@ -0,0 +1,73 @@ +// The maximum depth to recurse into nested objects checking for mongoose +// objects. +const maxRecursion = 3; + +/** + * Middleware to wrap the `res.json` function to ensure that we can filter the + * payload response first based on user and role. + */ +module.exports = (req, res, next) => { + /** + * Updates the original document based on filtering out for roles. + * @param {Mixed} o original object to be modified + * @param {Integer} l current level of depth in the first object + * @return {Mixed} (possibly) modified object + */ + const wrap = (o, d = 0) => { + if (d > maxRecursion) { + return o; + } + + // If this is an array, we need to walk over all the object's elements. + if (Array.isArray(o)) { + + // Map each of the array elements. + return o.map((ob) => wrap(ob, d + 1)); + + } else if (o && o.constructor && o.constructor.name === 'model') { + + // The object here is definitly a mongoose model. + + // Check to see if it has a `filterForUser` method. + if (typeof o.filterForUser === 'function') { + + // The object here actually has the `filterForUser` function, so filter + // the object! + o = o.filterForUser(req.user); + } + + } else if (typeof o === 'object') { + + // Itterate over the props, find only properties owned by the object. + for (let prop in o) { + + // If and only if the object owns the property do we actually pull the + // property out. + if (typeof o.hasOwnProperty === 'function' && o.hasOwnProperty(prop)) { + + // Wrap the property with one more layer down. + o[prop] = wrap(o[prop], d + 1); + } + } + + } + + return o; + }; + + // Save a reference to the original json function. + const json = res.json; + + // Override the original json function. + res.json = (payload) => { + + // Restore the old pointer. + res.json = json; + + // Send it down the pipe after we've filtered it. + res.json(wrap(payload)); + }; + + // Now that we've overridden the `res.json`, let's hand it down. + next(); +}; diff --git a/models/asset.js b/models/asset.js index a0619576f..0cdc77d7b 100644 --- a/models/asset.js +++ b/models/asset.js @@ -36,11 +36,7 @@ const AssetSchema = new Schema({ subsection: String, author: String, publication_date: Date, - modified_date: Date, - status: { - type: String, - default: 'open' - } + modified_date: Date }, { versionKey: false, timestamps: { @@ -85,7 +81,7 @@ AssetSchema.statics.rectifySettings = (assetQuery) => Promise.all([ // If the asset exists and has settings then return the merged object. if (asset && asset.settings) { - return Object.assign({}, settings, asset.settings); + settings.merge(asset.settings); } return settings; diff --git a/models/comment.js b/models/comment.js index af9aa4cb1..53e8bbfb0 100644 --- a/models/comment.js +++ b/models/comment.js @@ -1,5 +1,6 @@ const mongoose = require('../mongoose'); const Schema = mongoose.Schema; +const _ = require('lodash'); const uuid = require('uuid'); const Action = require('./action'); @@ -45,7 +46,7 @@ const CommentSchema = new Schema({ }, asset_id: String, author_id: String, - status: [StatusSchema], + status_history: [StatusSchema], parent_id: String }, { timestamps: { @@ -59,22 +60,7 @@ const CommentSchema = new Schema({ * output. */ CommentSchema.options.toJSON = {}; -CommentSchema.options.toJSON.hide = '_id status'; -CommentSchema.options.toJSON.transform = (doc, ret, options) => { - if (options.hide) { - options.hide.split(' ').forEach((prop) => { - delete ret[prop]; - }); - } - - return ret; -}; - -/** - * toJSON overrides to remove fields from the json - * output. - */ -CommentSchema.options.toJSON = {}; +CommentSchema.options.toJSON.virtuals = true; CommentSchema.options.toJSON.hide = '_id'; CommentSchema.options.toJSON.transform = (doc, ret, options) => { if (options.hide) { @@ -86,14 +72,31 @@ CommentSchema.options.toJSON.transform = (doc, ret, options) => { return ret; }; +/** + * Filters the object for the given user only allowing those with the allowed + * roles/permissions to access particular parameters. + */ +CommentSchema.method('filterForUser', function(user = false) { + if (!user || !user.roles.includes('admin')) { + return _.pick(this.toJSON(), ['id', 'body', 'asset_id', 'author_id', 'parent_id', 'status']); + } + + return this.toJSON(); +}); + /** * Sets up a virtual getter function on a comment such that when you try and * access the `comment.last_status` it returns the last status in the array - * of status's on the comment, or `null` if there was no status. + * of status's on the comment, or `null` if there was no status_history. */ -CommentSchema.virtual('last_status').get(function() { - if (this.status && this.status.length > 0) { - return this.status[this.status.length - 1].type; +CommentSchema.virtual('status').get(function() { + + // Here we are taking advantage of the fact that when documents are inserted + // for the new status on a comment that they are always appended to the end + // of the list in the order that they are inserted, hence, the last status + // is always the most recent. + if (this.status_history && this.status_history.length > 0) { + return this.status_history[this.status_history.length - 1].type; } return null; @@ -123,7 +126,7 @@ CommentSchema.statics.publicCreate = (comment) => { body, asset_id, parent_id, - status: status ? [{ + status_history: status ? [{ type: status, created_at: new Date() }] : [], @@ -157,7 +160,7 @@ CommentSchema.statics.findByAssetId = (asset_id) => Comment.find({ */ CommentSchema.statics.findAcceptedByAssetId = (asset_id) => Comment.find({ asset_id, - 'status.type': 'accepted' + 'status_history.type': 'accepted' }); /** @@ -169,10 +172,10 @@ CommentSchema.statics.findAcceptedAndNewByAssetId = (asset_id) => Comment.find({ asset_id, $or: [ { - 'status.type': 'accepted' + 'status_history.type': 'accepted' }, { - status: { + status_history: { $size: 0 } } @@ -202,7 +205,7 @@ CommentSchema.statics.findIdsByActionType = (action_type) => Action .then((actions) => actions.map(a => a.item_id)); /** - * Find comments by their status. + * Find comments by their status_history. * @param {String} status the status of the comment to search for * @return {Promise} */ @@ -210,9 +213,9 @@ CommentSchema.statics.findByStatus = (status = false) => { let q = {}; if (status) { - q['status.type'] = status; + q['status_history.type'] = status; } else { - q.status = {$size: 0}; + q.status_history = {$size: 0}; } return Comment.find(q); @@ -269,7 +272,7 @@ CommentSchema.statics.moderationQueue = (moderation, asset_id = false) => { */ CommentSchema.statics.pushStatus = (id, status, assigned_by = null) => Comment.update({id}, { $push: { - status: { + status_history: { type: status, created_at: new Date(), assigned_by diff --git a/models/setting.js b/models/setting.js index 22b2b103f..86dc761f3 100644 --- a/models/setting.js +++ b/models/setting.js @@ -36,6 +36,42 @@ const SettingSchema = new Schema({ } }); +/** + * toJSON provides settings overrides to this object's serialization methods. + */ +SettingSchema.options.toJSON = {}; +SettingSchema.options.toJSON.virtuals = true; + +/** + * Merges two settings objects. + */ +SettingSchema.method('merge', function(src) { + SettingSchema.eachPath((path) => { + + // Exclude internal fields... + if (['id', '_id', '__v', 'created_at', 'updated_at'].includes(path)) { + return; + } + + // If the source object contains the path, shallow copy it. + if (path in src) { + this[path] = src[path]; + } + }); +}); + +/** + * Filters the object for the given user only allowing those with the allowed + * roles/permissions to access particular parameters. + */ +SettingSchema.method('filterForUser', function(user = false) { + if (!user || !user.roles.includes('admin')) { + return _.pick(this.toJSON(), ['moderation', 'infoBoxEnable', 'infoBoxContent']); + } + + return this.toJSON(); +}); + /** * The Mongo Mongoose object. */ @@ -62,7 +98,9 @@ const EXPIRY_TIME = 60 * 2; * Gets the entire settings record and sends it back * @return {Promise} settings the whole settings record */ -SettingService.retrieve = () => cache.wrap('settings', EXPIRY_TIME, () => Setting.findOne(selector)); +SettingService.retrieve = () => cache.wrap('settings', EXPIRY_TIME, () => { + return Setting.findOne(selector); +}).then((setting) => new Setting(setting)); /** * This will update the settings object with whatever you pass in @@ -83,14 +121,6 @@ SettingService.update = (settings) => Setting.findOneAndUpdate(selector, { .then(() => settings); }); -/** - * Filters the document to ensure that the resulting document is indeed ready - * for non authenticated users. - * @param {Object} settings the source settings object - * @return {Object} the filtered settings object - */ -SettingService.public = (settings) => _.pick(settings, ['moderation', 'infoBoxEnable', 'infoBoxContent']); - /** * This is run once when the app starts to ensure settings are populated. * @return {Promise} null initialize the global settings object diff --git a/models/user.js b/models/user.js index 336486a54..10a3a5e05 100644 --- a/models/user.js +++ b/models/user.js @@ -1,5 +1,6 @@ const mongoose = require('../mongoose'); const uuid = require('uuid'); +const _ = require('lodash'); const bcrypt = require('bcrypt'); const jwt = require('jsonwebtoken'); @@ -105,7 +106,8 @@ UserSchema.index({ * output. */ UserSchema.options.toJSON = {}; -UserSchema.options.toJSON.hide = '_id password profiles roles disabled'; +UserSchema.options.toJSON.hide = '_id password'; +UserSchema.options.toJSON.virtuals = true; UserSchema.options.toJSON.transform = (doc, ret, options) => { if (options.hide) { options.hide.split(' ').forEach((prop) => { @@ -117,20 +119,16 @@ UserSchema.options.toJSON.transform = (doc, ret, options) => { }; /** - * toObject overrides to remove the password field from the toObject - * output. + * Filters the object for the given user only allowing those with the allowed + * roles/permissions to access particular parameters. */ -UserSchema.options.toObject = {}; -UserSchema.options.toObject.hide = 'password'; -UserSchema.options.toObject.transform = (doc, ret, options) => { - if (options.hide) { - options.hide.split(' ').forEach((prop) => { - delete ret[prop]; - }); +UserSchema.method('filterForUser', function(user = false) { + if (!user || !user.roles.includes('admin')) { + return _.pick(this.toJSON(), ['id', 'displayName', 'settings', 'created_at', 'updated_at']); } - return ret; -}; + return this.toJSON(); +}); // Create the User model. const UserModel = mongoose.model('User', UserSchema); diff --git a/routes/api/comments/index.js b/routes/api/comments/index.js index b82c1faf3..00908e8e8 100644 --- a/routes/api/comments/index.js +++ b/routes/api/comments/index.js @@ -97,7 +97,7 @@ router.post('/', wordlist.filter('body'), (req, res, next) => { .then((comment) => { // The comment was created! Send back the created comment. - res.status(201).send(comment); + res.status(201).json(comment); }) .catch((err) => { next(err); diff --git a/routes/api/index.js b/routes/api/index.js index 9b4f0432b..2c36e86bb 100644 --- a/routes/api/index.js +++ b/routes/api/index.js @@ -1,8 +1,12 @@ const express = require('express'); const authorization = require('../../middleware/authorization'); +const payloadFilter = require('../../middleware/payload-filter'); const router = express.Router(); +// Filter all content going down the pipe based on user roles. +router.use(payloadFilter); + router.use('/asset', authorization.needed('admin'), require('./asset')); router.use('/settings', authorization.needed('admin'), require('./settings')); router.use('/queue', authorization.needed('admin'), require('./queue')); diff --git a/routes/api/stream/index.js b/routes/api/stream/index.js index 26947be09..8d70adbb4 100644 --- a/routes/api/stream/index.js +++ b/routes/api/stream/index.js @@ -1,21 +1,32 @@ const express = require('express'); const _ = require('lodash'); const scraper = require('../../../services/scraper'); +const url = require('url'); const Comment = require('../../../models/comment'); const User = require('../../../models/user'); const Action = require('../../../models/action'); const Asset = require('../../../models/asset'); const Setting = require('../../../models/setting'); +const ErrInvalidAssetURL = new Error('asset_url is invalid'); +ErrInvalidAssetURL.status = 400; const router = express.Router(); router.get('/', (req, res, next) => { + let asset_url = decodeURIComponent(req.query.asset_url); + + // Verify that the asset_url is parsable. + let parsed_asset_url = url.parse(asset_url); + if (!parsed_asset_url.protocol) { + return next(ErrInvalidAssetURL); + } + // Get the asset_id for this url (or create it if it doesn't exist) Promise.all([ // Find or create the asset by url. - Asset.findOrCreateByUrl(decodeURIComponent(req.query.asset_url)) + Asset.findOrCreateByUrl(asset_url) // Add the found asset to the scraper if it's not already scraped. .then((asset) => { @@ -34,7 +45,7 @@ router.get('/', (req, res, next) => { // Merge the asset specific settings with the returned settings object in // the event that the asset that was returned also had settings. if (asset && asset.settings) { - settings = Object.assign({}, settings, asset.settings); + settings.merge(asset.settings); } // Fetch the appropriate comments stream. @@ -98,7 +109,7 @@ router.get('/', (req, res, next) => { comments, users, actions, - settings: Setting.public(settings) + settings }); }) .catch(error => { diff --git a/routes/api/user/index.js b/routes/api/user/index.js index 1765809ad..bd83563dc 100644 --- a/routes/api/user/index.js +++ b/routes/api/user/index.js @@ -26,26 +26,15 @@ router.get('/', authorization.needed('admin'), (req, res, next) => { .limit(limit), User.count() ]) - .then(([data, count]) => { - const users = data.map((user) => { - const {id, displayName, created_at} = user; - return { - id, - displayName, - created_at, - profiles: user.toObject().profiles, - roles: user.toObject().roles - }; - }); + .then(([result, count]) => { res.json({ - result: users, + result, limit: Number(limit), count, page: Number(page), - totalPages: Math.ceil(count / limit) + totalPages: Math.ceil(count / (limit === 0 ? 1 : limit)) }); - }) .catch(next); }); @@ -53,8 +42,8 @@ router.get('/', authorization.needed('admin'), (req, res, next) => { router.post('/:user_id/role', authorization.needed('admin'), (req, res, next) => { User .addRoleToUser(req.params.user_id, req.body.role) - .then(role => { - res.send(role); + .then(() => { + res.status(204).end(); }) .catch(next); }); @@ -65,13 +54,17 @@ router.post('/', (req, res, next) => { User .createLocalUser(email, password, displayName) .then(user => { - res.status(201).send(user); + + res.status(201).json(user); }) .catch(err => { next(err); }); }); +const ErrPasswordTooShort = new Error('password must be at least 8 characters'); +ErrPasswordTooShort.status = 400; + /** * expects 2 fields in the body of the request * 1) the token that was in the url of the email link {String} @@ -81,7 +74,7 @@ router.post('/update-password', (req, res, next) => { const {token, password} = req.body; if (!password || password.length < 8) { - return res.status(400).send('Password must be at least 8 characters'); + return next(ErrPasswordTooShort); } User.verifyPasswordResetToken(token) @@ -93,7 +86,8 @@ router.post('/update-password', (req, res, next) => { }) .catch(error => { console.error(error); - res.status(401).send('Not Authorized'); + + next(authorization.ErrNotAuthorized); }); }); @@ -133,10 +127,8 @@ router.post('/request-password-reset', (req, res, next) => { // if we fail on missing emails, it would reveal if people are registered or not. res.status(204).end(); }) - .catch(error => { - const errorMsg = typeof error === 'string' ? error : error.message; - - res.status(500).json({error: errorMsg}); + .catch((err) => { + next(err); }); }); @@ -150,10 +142,11 @@ router.put('/:user_id/bio', (req, res, next) => { User .addBio(user_id, bio) - .then(user => res.status(200).send(user)) - .catch(error => { - const errorMsg = typeof error === 'string' ? error : error.message; - res.status(500).json({error: errorMsg}); + .then(user => { + res.json(user); + }) + .catch((err) => { + next(err); }); }); diff --git a/services/scraper.js b/services/scraper.js index 922ef77bc..10e0e4aa8 100644 --- a/services/scraper.js +++ b/services/scraper.js @@ -23,7 +23,7 @@ const scraper = { title: `Scrape for asset ${asset.id}`, asset_id: asset.id }) - .attempts(10) + .attempts(3) .delay(1000) .backoff({type: 'exponential'}) .save((err) => { @@ -106,7 +106,7 @@ const scraper = { // Handle errors that occur. .catch((err) => { - console.error(`Failed to scrape on Job[${job.id}] for Asset[${job.data.asset_id}]:`, err); + debug(`Failed to scrape on Job[${job.id}] for Asset[${job.data.asset_id}]:`, err); done(err); }); diff --git a/tests/models/comment.js b/tests/models/comment.js index a9c2f4787..3db7d67a2 100644 --- a/tests/models/comment.js +++ b/tests/models/comment.js @@ -11,14 +11,14 @@ describe('models.Comment', () => { const comments = [{ body: 'comment 10', asset_id: '123', - status: [], + status_history: [], parent_id: '', author_id: '123', id: '1' }, { body: 'comment 20', asset_id: '123', - status: [{ + status_history: [{ type: 'accepted' }], parent_id: '', @@ -27,14 +27,14 @@ describe('models.Comment', () => { }, { body: 'comment 30', asset_id: '456', - status: [], + status_history: [], parent_id: '', author_id: '456', id: '3' }, { body: 'comment 40', asset_id: '123', - status: [{ + status_history: [{ type: 'rejected' }], parent_id: '', @@ -43,7 +43,7 @@ describe('models.Comment', () => { }, { body: 'comment 50', asset_id: '1234', - status: [{ + status_history: [{ type: 'premod' }], parent_id: '', @@ -52,7 +52,7 @@ describe('models.Comment', () => { }, { body: 'comment 60', asset_id: '1234', - status: [{ + status_history: [{ type: 'premod' }], parent_id: '', @@ -99,8 +99,7 @@ describe('models.Comment', () => { expect(c).to.not.be.null; expect(c.id).to.not.be.null; expect(c.id).to.be.uuid; - expect(c.status).to.have.length(1); - expect(c.status[0]).to.have.property('type', 'accepted'); + expect(c.status).to.be.equal('accepted'); }); }); @@ -116,17 +115,15 @@ describe('models.Comment', () => { }]).then(([c1, c2, c3]) => { expect(c1).to.not.be.null; expect(c1.id).to.be.uuid; - expect(c1.status).to.have.length(1); - expect(c1.status[0]).to.have.property('type', 'accepted'); + expect(c1.status).to.be.equal('accepted'); expect(c2).to.not.be.null; expect(c2.id).to.be.uuid; - expect(c2.status).to.have.length(0); + expect(c2.status).to.be.null; expect(c3).to.not.be.null; expect(c3.id).to.be.uuid; - expect(c3.status).to.have.length(1); - expect(c3.status[0]).to.have.property('type', 'rejected'); + expect(c3.status).to.be.equal('rejected'); }); }); @@ -220,17 +217,16 @@ describe('models.Comment', () => { return Comment.findById(comment_id) .then((c) => { - expect(c).to.have.property('status'); - expect(c.status).to.have.length(0); + expect(c.status).to.be.null; return Comment.pushStatus(comment_id, 'rejected', '123'); }) .then(() => Comment.findById(comment_id)) .then((c) => { expect(c).to.have.property('status'); - expect(c.status).to.have.length(1); - expect(c.status[0]).to.have.property('type', 'rejected'); - expect(c.status[0]).to.have.property('assigned_by', '123'); + expect(c.status_history).to.have.length(1); + expect(c.status_history[0]).to.have.property('type', 'rejected'); + expect(c.status_history[0]).to.have.property('assigned_by', '123'); }); }); @@ -238,13 +234,13 @@ describe('models.Comment', () => { return Comment.pushStatus(comments[1].id, 'rejected', '123') .then(() => Comment.findById(comments[1].id)) .then((c) => { - expect(c).to.have.property('status'); - expect(c.status).to.have.length(2); - expect(c.status[0]).to.have.property('type', 'accepted'); - expect(c.status[0]).to.have.property('assigned_by', null); + expect(c).to.have.property('status_history'); + expect(c.status_history).to.have.length(2); + expect(c.status_history[0]).to.have.property('type', 'accepted'); + expect(c.status_history[0]).to.have.property('assigned_by', null); - expect(c.status[1]).to.have.property('type', 'rejected'); - expect(c.status[1]).to.have.property('assigned_by', '123'); + expect(c.status_history[1]).to.have.property('type', 'rejected'); + expect(c.status_history[1]).to.have.property('assigned_by', '123'); }); }); diff --git a/tests/models/setting.js b/tests/models/setting.js index 3e77297fc..fbd5bf77f 100644 --- a/tests/models/setting.js +++ b/tests/models/setting.js @@ -39,4 +39,18 @@ describe('models.Setting', () => { }); }); }); + + describe('#merge', () => { + it('should merge a settings object and it\'s overrides', () => { + return Setting + .retrieve() + .then((settings) => { + let ovrSett = {moderation: 'post'}; + + settings.merge(ovrSett); + + expect(settings).to.have.property('moderation', 'post'); + }); + }); + }); }); diff --git a/tests/routes/api/comments/index.js b/tests/routes/api/comments/index.js index bf7a06ff6..988320e34 100644 --- a/tests/routes/api/comments/index.js +++ b/tests/routes/api/comments/index.js @@ -19,6 +19,11 @@ const settings = {id: '1', moderation: 'pre'}; describe('/api/v1/comments', () => { + beforeEach(() => Promise.all([ + wordlist.insert(['bad words']), + Setting.init(settings) + ])); + describe('#get', () => { const comments = [{ body: 'comment 10', @@ -32,13 +37,13 @@ describe('/api/v1/comments', () => { body: 'comment 20', asset_id: 'asset', author_id: '456', - status: [{ + status_history: [{ type: 'rejected' }] }, { body: 'comment 30', asset_id: '456', - status: [{ + status_history: [{ type: 'accepted' }] }]; @@ -75,11 +80,7 @@ describe('/api/v1/comments', () => { return Action.create(actions); }), - User.createLocalUsers(users), - wordlist.insert([ - 'bad words' - ]), - Setting.init(settings) + User.createLocalUsers(users) ]); }); @@ -161,8 +162,7 @@ describe('/api/v1/comments', () => { .then((res) => { expect(res).to.have.status(201); expect(res.body).to.have.property('id'); - expect(res.body).to.have.property('status').and.to.have.length(1); - expect(res.body.status[0]).to.have.property('type', 'rejected'); + expect(res.body).to.have.property('status', 'rejected'); }); }); @@ -184,8 +184,7 @@ describe('/api/v1/comments', () => { expect(res).to.have.status(201); expect(res.body).to.have.property('id'); expect(res.body).to.have.property('asset_id'); - expect(res.body).to.have.property('status').and.to.have.length(1); - expect(res.body.status[0]).to.have.property('type', 'premod'); + expect(res.body).to.have.property('status', 'premod'); }); }); }); @@ -301,20 +300,20 @@ describe('/api/v1/comments/:comment_id/actions', () => { body: 'comment 10', asset_id: 'asset', author_id: '123', - status: [] + status_history: [] }, { id: 'def', body: 'comment 20', asset_id: 'asset', author_id: '456', - status: [{ + status_history: [{ type: 'rejected' }] }, { id: 'hij', body: 'comment 30', asset_id: '456', - status: [{ + status_history: [{ type: 'accepted' }] }]; diff --git a/tests/routes/api/queue/index.js b/tests/routes/api/queue/index.js index d64423013..ce55836ab 100644 --- a/tests/routes/api/queue/index.js +++ b/tests/routes/api/queue/index.js @@ -21,7 +21,7 @@ describe('/api/v1/queue', () => { body: 'comment 10', asset_id: 'asset', author_id: '123', - status: [{ + status_history: [{ type: 'rejected' }] }, { @@ -29,14 +29,14 @@ describe('/api/v1/queue', () => { body: 'comment 20', asset_id: 'asset', author_id: '456', - status: [{ + status_history: [{ type: 'premod' }] }, { id: 'hij', body: 'comment 30', asset_id: '456', - status: [{ + status_history: [{ type: 'accepted' }] }]; diff --git a/tests/routes/api/stream/index.js b/tests/routes/api/stream/index.js index a128938ba..67088e37e 100644 --- a/tests/routes/api/stream/index.js +++ b/tests/routes/api/stream/index.js @@ -25,7 +25,7 @@ describe('/api/v1/stream', () => { body: 'comment 10', author_id: '', parent_id: '', - status: [{ + status_history: [{ type: 'accepted' }] }, { @@ -33,21 +33,21 @@ describe('/api/v1/stream', () => { body: 'comment 20', author_id: '', parent_id: '', - status: [] + status_history: [] }, { id: 'uio', body: 'comment 30', asset_id: 'asset', author_id: '456', parent_id: '', - status: [{ + status_history: [{ type: 'accepted' }] }, { id: 'hij', body: 'comment 40', asset_id: '456', - status: [{ + status_history: [{ type: 'rejected' }] }]; @@ -116,6 +116,16 @@ describe('/api/v1/stream', () => { }); }); + it('should reject requests without a scheme in the asset_url', () => { + return chai.request(app) + .get('/api/v1/stream') + .query({asset_url: 'test.com'}) + .catch((err) => { + expect(err).to.have.status(400); + expect(err.response.body.message).to.contain('asset_url is invalid'); + }); + }); + it('should merge the settings when the asset contains settings to override it with', () => { return chai.request(app) .get('/api/v1/stream') @@ -126,6 +136,7 @@ describe('/api/v1/stream', () => { expect(res.body.comments.length).to.equal(1); expect(res.body.users.length).to.equal(1); expect(res.body.settings).to.have.property('moderation', 'pre'); + expect(res.body.settings).to.not.have.property('wordlist'); }); }); }); From 4572d8e68ef9570e6f1ba324ec655ec889c1e6f7 Mon Sep 17 00:00:00 2001 From: Riley Davis Date: Thu, 8 Dec 2016 12:20:54 -1000 Subject: [PATCH 4/8] filter by premod status --- .../src/containers/ModerationQueue/ModerationQueue.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/client/coral-admin/src/containers/ModerationQueue/ModerationQueue.js b/client/coral-admin/src/containers/ModerationQueue/ModerationQueue.js index e5670d169..3774ed5f9 100644 --- a/client/coral-admin/src/containers/ModerationQueue/ModerationQueue.js +++ b/client/coral-admin/src/containers/ModerationQueue/ModerationQueue.js @@ -81,9 +81,11 @@ class ModerationQueue extends React.Component { singleView={singleView} commentIds={ comments.get('ids') - .filter(id => !comments.get('byId') + .filter(id => + comments + .get('byId') .get(id) - .get('status')) + .get('status') === 'premod') } comments={comments.get('byId')} users={users.get('byId')} From c8d0fae0970fa0bb9fe0639c9077ce125b272856 Mon Sep 17 00:00:00 2001 From: Kim Gardner Date: Thu, 8 Dec 2016 12:50:12 -1000 Subject: [PATCH 5/8] Fix formatting --- README.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 6589cddb9..51c0d1ab9 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ You can view product ideas and our longer term roadmap here: https://trello.com/ ### Local Dependencies Node + Mongo ### Getting Started @@ -26,17 +27,17 @@ inside the environment in order to run, those variables are listed here: - `TALK_SESSION_SECRET` (*required*) - a random string which will be used to secure cookies. -`TALK_FACEBOOK_APP_ID` (*required*) - the Facebook app id for your Facebook +- `TALK_FACEBOOK_APP_ID` (*required*) - the Facebook app id for your Facebook Login enabled app. -`TALK_FACEBOOK_APP_SECRET` (*required*) - the Facebook app secret for your +- `TALK_FACEBOOK_APP_SECRET` (*required*) - the Facebook app secret for your Facebook Login enabled app. -`TALK_ROOT_URL` (*required*) - root url of the installed application externally +- `TALK_ROOT_URL` (*required*) - root url of the installed application externally available in the format: `://` without the path. -`TALK_SMTP_PROVIDER` (*required*) - SMTP provider name. -`TALK_SMTP_USERNAME` (*required*) - username of the SMTP provider you are using. -`TALK_SMTP_PASSWORD` (*required*) - password for the SMTP provider you are using. -`TALK_SMTP_HOST` (*required*) - SMTP host url with format `smtp.domain.com`. -`TALK_SMTP_PORT` (*required*) - SMTP port. +- `TALK_SMTP_PROVIDER` (*required*) - SMTP provider name. +- `TALK_SMTP_USERNAME` (*required*) - username of the SMTP provider you are using. +- `TALK_SMTP_PASSWORD` (*required*) - password for the SMTP provider you are using. +- `TALK_SMTP_HOST` (*required*) - SMTP host url with format `smtp.domain.com`. +- `TALK_SMTP_PORT` (*required*) - SMTP port. ### Running with Docker Make sure you have Docker running first and then run `docker-compose up -d` From 500dafbafa5d3e513641b3092274ed58ef2760cb Mon Sep 17 00:00:00 2001 From: Riley Davis Date: Thu, 8 Dec 2016 12:51:45 -1000 Subject: [PATCH 6/8] riley being anal --- middleware/payload-filter.js | 2 +- tests/models/setting.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/middleware/payload-filter.js b/middleware/payload-filter.js index 8ce3d39d5..0cafd91fe 100644 --- a/middleware/payload-filter.js +++ b/middleware/payload-filter.js @@ -38,7 +38,7 @@ module.exports = (req, res, next) => { } else if (typeof o === 'object') { - // Itterate over the props, find only properties owned by the object. + // Iterate over the props, find only properties owned by the object. for (let prop in o) { // If and only if the object owns the property do we actually pull the diff --git a/tests/models/setting.js b/tests/models/setting.js index fbd5bf77f..8fd23d6a0 100644 --- a/tests/models/setting.js +++ b/tests/models/setting.js @@ -41,7 +41,7 @@ describe('models.Setting', () => { }); describe('#merge', () => { - it('should merge a settings object and it\'s overrides', () => { + it('should merge a settings object and its overrides', () => { return Setting .retrieve() .then((settings) => { From 7ce44ccd8c40d7098d2283a2d8bed836a232239b Mon Sep 17 00:00:00 2001 From: Kim Gardner Date: Thu, 8 Dec 2016 12:53:39 -1000 Subject: [PATCH 7/8] More formatting --- README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 51c0d1ab9..0b77e95b7 100644 --- a/README.md +++ b/README.md @@ -49,9 +49,11 @@ Make sure you have Docker running first and then run `docker-compose up -d` `npm run lint` ### Helpful URLs -Bare comment stream: http://localhost:5000/client/coral-embed-stream/ -Comment stream embedded on sample article: http://localhost:5000/client/coral-embed-stream/samplearticle.html -Moderator view: http://localhost:5000/admin/ +Comment stream: http://localhost:3000/ + +Comment stream embedded on sample article: http://localhost:3000/assets/samplearticle.html + +Moderator view: http://localhost:3000/admin ### Docs `swagger.yaml` From dd5c114dc2ea82bd521ff6327db1ee129328ca32 Mon Sep 17 00:00:00 2001 From: Riley Davis Date: Thu, 8 Dec 2016 18:36:20 -1000 Subject: [PATCH 8/8] don't use well-known email settings --- docker-compose.yml | 1 + services/mailer.js | 12 ++++-------- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index d7a180277..16df60095 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,6 +7,7 @@ services: restart: always ports: - "5000:5000" + - "2525:2525" environment: - "TALK_PORT=5000" - "TALK_MONGO_URL=mongodb://mongo" diff --git a/services/mailer.js b/services/mailer.js index b7d621954..fe07f063b 100644 --- a/services/mailer.js +++ b/services/mailer.js @@ -3,7 +3,7 @@ const nodemailer = require('nodemailer'); const smtpRequiredProps = [ 'TALK_SMTP_USERNAME', 'TALK_SMTP_PASSWORD', - 'TALK_SMTP_PROVIDER' + 'TALK_SMTP_HOST' ]; smtpRequiredProps.forEach(prop => { @@ -13,9 +13,7 @@ smtpRequiredProps.forEach(prop => { }); const options = { - // list of providers here: - // https://github.com/nodemailer/nodemailer-wellknown#supported-services - service: process.env.TALK_SMTP_PROVIDER, + host: process.env.TALK_SMTP_HOST, auth: { user: process.env.TALK_SMTP_USERNAME, pass: process.env.TALK_SMTP_PASSWORD @@ -24,10 +22,8 @@ const options = { if (process.env.TALK_SMTP_PORT) { options.port = process.env.TALK_SMTP_PORT; -} - -if (process.env.TALK_SMTP_HOST) { - options.host = process.env.TALK_SMTP_HOST; +} else { + options.port = 25; } const defaultTransporter = nodemailer.createTransport(options);