Server re-build with latest AdonisJS framework & Typescript (#47)

* chore: setup first basis structure

* chore: ensure styling is loaded correctly

* chore: comply to new routing syntax by replace . with / in routes/resource locations

* chore: add login controller

* chore: correctly use views with slash instead of dot

* chore: working login + tests

* chore: clean up tests

* chore: add password-forgot endpoint and matching test

* chore: add delete page test

* chore: add logout test

* chore: add reset-password route and tests

* chore: remove obsolete comment

* chore: add account-page and tests

* chore: add data page & first step of the test

* chore: add transfer/import data feature and tests

* chore: add export and basic test

* chore: add all static api routes with tests

* Regenerate 'pnpm-lock.json' and fix bad merge conflict

WIP:
- Tests have been commented out since they dont work
- Server doesn't start

* easier dev and test runs

* - remove --require-pragma from reformat-files so formatting works properly
- run pnpm reformat-files over codebase
- remove .json files from .eslintignore
- add invalid.json file to .eslintignore
- configure prettier properly in eslint config
- add type jsdoc to prettier config
- run adonis generate:manifest command to regenerate ace-manifest.json
- specify volta in package.json
- introduce typecheck npm script
- remove unused .mjs extension from npm scripts
- install missing type definition dependencies
- add pnpm.allowedDeprecatedVersions to package.json
- fix invalid extends in tsconfig.json causing TS issues throughout codebase
- remove @ts-ignore throughout codebase which is not relevant anymore
- enable some of the tsconfig options
- remove outdated eslint-disable from codebase
- change deprecated faker.company.companyName() to faker.company.name()
- fix TS issues inside transfer.spec.ts

* - update to latest node and pnpm versions
- upgrade all non-major dependencies to latest
- install missing @types/luxon dependency
- add cuid to pnpm.allowedDeprecatedVersions
- add esModuleInterop config option to tsconfig
- migrate more deprecated faker methods to new ones
- add more temporary ts-ignore to code

* - update eslint config
- remove trailingComma: all since default in prettier v3
- add typecheck command to prepare-code npm script
- upgrade various dependencies to latest major version
- update tsconfig to include only useful config options
- disable some lint issues and fix others

* - add test command to prepare-code
- disable strictPropertyInitialization flag in tsconfig which creates issues with adonis models
- update precommit hook to excute pnpm prepare-code
- remove ts-ignore statements from all models

* fix node and pnpm dependency update

* add cross env (so that we can develop on windows)

* add signup endpoint (TODO: JWT auth)

* Add login endpoint

* Add me and updateMe endpoints

* Add service endpoint

* refactor: change endpoints to use jwt

* add recipes endpoint

* add workspaces endpoint

* fix web controllors for login and post import

* Update node deps

* Change auth middleware (for web) and exempt api from CSRF

* Add import endpoint (franz import)

* Fix export/import logic

* Fix service and workspace data in user/data

* Fix partial lint

* chore: workaround lint issues

* fix: migration naming had two .

* Sync back node with recipes repo

* Temporarily ignore typescript

* Fix adonisrc to handle public folder static assets

* Fix issue with production database

* add Legacy Password Provider

* Fix lint errors

* Fix issue on login errors frontend

* add Legacy Password Provider

* Fix issue with customIcons

* Fix issue with auth tokens

* Update 'node' to '18.18.0'

* make docker work

* improve docker entrypoint (test api performance)

* Add migration database script

* NODE_ENV on recipes

* prefer @ts-expect-error over @ts-ignore

* small fixes

* Update 'pnpm' to '8.7.6'

* fix error catch

* Automatically generate JWT Public and Private keys

* Use custom Adonis5-jwt

* Update code to use secret (old way, no breaking changes)

* Normalize appKey

* Trick to make JWT tokens on client work with new version

* Fix error with new JWT logic

* Change migration and how we store JWT

* Fix 500 response code (needs to be 401)

* Improve logic and fix bugs

* Fix build and entrypoint logic

* Catch error if appKey changes

* Add newToken logic

* Fix lint (ignore any errors)

* Add build for PRs

* pnpm reformat-files result

* Fix some tests

* Fix reset password not working (test failing)

* Restore csrfTokens (disabled by accident)

* Fix pnpm start command with .env

* Disable failing tests on the transfer endpoint (TODO)

* Add tests to PR build

* Fix build

* Remove unnecessary assertStatus

* Add typecheck

* hash password on UserFactory (fix build)

* Add JWT_USE_PEM true by default (increase security)

* fix name of github action

---------

Co-authored-by: Vijay A <vraravam@users.noreply.github.com>
Co-authored-by: Balaji Vijayakumar <kuttibalaji.v6@gmail.com>
Co-authored-by: MCMXC <16797721+mcmxcdev@users.noreply.github.com>
Co-authored-by: André Oliveira <oliveira.andrerodrigues95@gmail.com>

1 files changed, 244 insertions, 0 deletions

diff --git a/config/app.ts b/config/app.ts
new file mode 100644
index 0000000..fb3c0be
--- /dev/null
+++ b/config/app.ts
@@ -0,0 +1,244 @@
+/**
+ * Config source: https://git.io/JfefZ
+ *
+ * Feel free to let us know via PR, if you find something broken in this config
+ * file.
+ */
+
+import proxyAddr from 'proxy-addr';
+import Env from '@ioc:Adonis/Core/Env';
+import { ServerConfig } from '@ioc:Adonis/Core/Server';
+import { LoggerConfig } from '@ioc:Adonis/Core/Logger';
+import { ProfilerConfig } from '@ioc:Adonis/Core/Profiler';
+import { ValidatorConfig } from '@ioc:Adonis/Core/Validator';
+
+/*
+|--------------------------------------------------------------------------
+| Application secret key
+|--------------------------------------------------------------------------
+|
+| The secret to encrypt and sign different values in your application.
+| Make sure to keep the `APP_KEY` as an environment variable and secure.
+|
+| Note: Changing the application key for an existing app will make all
+| the cookies invalid and also the existing encrypted data will not
+| be decrypted.
+|
+*/
+export const appKey: string = Env.get('APP_KEY');
+
+export const url: string = Env.get('APP_URL');
+
+// TODO: this is parsed as string to be coherent with the previous version of the code we add (before migrating to AdonisJS 5)
+export const isRegistrationEnabled: string = Env.get('IS_REGISTRATION_ENABLED');
+export const connectWithFranz: string = Env.get('CONNECT_WITH_FRANZ');
+export const isCreationEnabled: string = Env.get('IS_CREATION_ENABLED');
+export const jwtUsePEM: boolean =
+  Env.get('JWT_USE_PEM', false) ||
+  (Env.get('JWT_PUBLIC_KEY', '') !== '' &&
+    Env.get('JWT_PRIVATE_KEY', '') !== '');
+/*
+|--------------------------------------------------------------------------
+| Http server configuration
+|--------------------------------------------------------------------------
+|
+| The configuration for the HTTP(s) server. Make sure to go through all
+| the config properties to make keep server secure.
+|
+*/
+export const http: ServerConfig = {
+  /*
+  |--------------------------------------------------------------------------
+  | Allow method spoofing
+  |--------------------------------------------------------------------------
+  |
+  | Method spoofing enables defining custom HTTP methods using a query string
+  | `_method`. This is usually required when you are making traditional
+  | form requests and wants to use HTTP verbs like `PUT`, `DELETE` and
+  | so on.
+  |
+  */
+  allowMethodSpoofing: false,
+
+  /*
+  |--------------------------------------------------------------------------
+  | Subdomain offset
+  |--------------------------------------------------------------------------
+  */
+  subdomainOffset: 2,
+
+  /*
+  |--------------------------------------------------------------------------
+  | Request Ids
+  |--------------------------------------------------------------------------
+  |
+  | Setting this value to `true` will generate a unique request id for each
+  | HTTP request and set it as `x-request-id` header.
+  |
+  */
+  generateRequestId: false,
+
+  /*
+  |--------------------------------------------------------------------------
+  | Trusting proxy servers
+  |--------------------------------------------------------------------------
+  |
+  | Define the proxy servers that AdonisJs must trust for reading `X-Forwarded`
+  | headers.
+  |
+  */
+  trustProxy: proxyAddr.compile('loopback'),
+
+  /*
+  |--------------------------------------------------------------------------
+  | Generating Etag
+  |--------------------------------------------------------------------------
+  |
+  | Whether or not to generate an etag for every response.
+  |
+  */
+  etag: false,
+
+  /*
+  |--------------------------------------------------------------------------
+  | JSONP Callback
+  |--------------------------------------------------------------------------
+  */
+  jsonpCallbackName: 'callback',
+
+  /*
+  |--------------------------------------------------------------------------
+  | Cookie settings
+  |--------------------------------------------------------------------------
+  */
+  cookie: {
+    domain: '',
+    path: '/',
+    maxAge: '2h',
+    httpOnly: true,
+    secure: false,
+    sameSite: false,
+  },
+
+  /*
+  |--------------------------------------------------------------------------
+  | Force Content Negotiation
+  |--------------------------------------------------------------------------
+  |
+  | The internals of the framework relies on the content negotiation to
+  | detect the best possible response type for a given HTTP request.
+  |
+  | However, it is a very common these days that API servers always wants to
+  | make response in JSON regardless of the existence of the `Accept` header.
+  |
+  | By setting `forceContentNegotiationTo = 'application/json'`, you negotiate
+  | with the server in advance to always return JSON without relying on the
+  | client to set the header explicitly.
+  |
+  */
+  forceContentNegotiationTo: 'application/json',
+};
+
+/*
+|--------------------------------------------------------------------------
+| Logger
+|--------------------------------------------------------------------------
+*/
+export const logger: LoggerConfig = {
+  /*
+  |--------------------------------------------------------------------------
+  | Application name
+  |--------------------------------------------------------------------------
+  |
+  | The name of the application you want to add to the log. It is recommended
+  | to always have app name in every log line.
+  |
+  | The `APP_NAME` environment variable is automatically set by AdonisJS by
+  | reading the `name` property from the `package.json` file.
+  |
+  */
+  name: Env.get('APP_NAME', 'Ferdium-server'),
+
+  /*
+  |--------------------------------------------------------------------------
+  | Toggle logger
+  |--------------------------------------------------------------------------
+  |
+  | Enable or disable logger application wide
+  |
+  */
+  enabled: true,
+
+  /*
+  |--------------------------------------------------------------------------
+  | Logging level
+  |--------------------------------------------------------------------------
+  |
+  | The level from which you want the logger to flush logs. It is recommended
+  | to make use of the environment variable, so that you can define log levels
+  | at deployment level and not code level.
+  |
+  */
+  level: Env.get('LOG_LEVEL', 'info'),
+
+  /*
+  |--------------------------------------------------------------------------
+  | Pretty print
+  |--------------------------------------------------------------------------
+  |
+  | It is highly advised NOT to use `prettyPrint` in production, since it
+  | can have huge impact on performance.
+  |
+  */
+  prettyPrint: Env.get('NODE_ENV') === 'development',
+};
+
+/*
+|--------------------------------------------------------------------------
+| Profiler
+|--------------------------------------------------------------------------
+*/
+export const profiler: ProfilerConfig = {
+  /*
+  |--------------------------------------------------------------------------
+  | Toggle profiler
+  |--------------------------------------------------------------------------
+  |
+  | Enable or disable profiler
+  |
+  */
+  enabled: true,
+
+  /*
+  |--------------------------------------------------------------------------
+  | Blacklist actions/row labels
+  |--------------------------------------------------------------------------
+  |
+  | Define an array of actions or row labels that you want to disable from
+  | getting profiled.
+  |
+  */
+  blacklist: [],
+
+  /*
+  |--------------------------------------------------------------------------
+  | Whitelist actions/row labels
+  |--------------------------------------------------------------------------
+  |
+  | Define an array of actions or row labels that you want to whitelist for
+  | the profiler. When whitelist is defined, then `blacklist` is ignored.
+  |
+  */
+  whitelist: [],
+};
+
+/*
+|--------------------------------------------------------------------------
+| Validator
+|--------------------------------------------------------------------------
+|
+| Configure the global configuration for the validator. Here's the reference
+| to the default config https://git.io/JT0WE
+|
+*/
+export const validator: ValidatorConfig = {};