Server re-build with latest AdonisJS framework & Typescript (#47)

* chore: setup first basis structure

* chore: ensure styling is loaded correctly

* chore: comply to new routing syntax by replace . with / in routes/resource locations

* chore: add login controller

* chore: correctly use views with slash instead of dot

* chore: working login + tests

* chore: clean up tests

* chore: add password-forgot endpoint and matching test

* chore: add delete page test

* chore: add logout test

* chore: add reset-password route and tests

* chore: remove obsolete comment

* chore: add account-page and tests

* chore: add data page & first step of the test

* chore: add transfer/import data feature and tests

* chore: add export and basic test

* chore: add all static api routes with tests

* Regenerate 'pnpm-lock.json' and fix bad merge conflict

WIP:
- Tests have been commented out since they dont work
- Server doesn't start

* easier dev and test runs

* - remove --require-pragma from reformat-files so formatting works properly
- run pnpm reformat-files over codebase
- remove .json files from .eslintignore
- add invalid.json file to .eslintignore
- configure prettier properly in eslint config
- add type jsdoc to prettier config
- run adonis generate:manifest command to regenerate ace-manifest.json
- specify volta in package.json
- introduce typecheck npm script
- remove unused .mjs extension from npm scripts
- install missing type definition dependencies
- add pnpm.allowedDeprecatedVersions to package.json
- fix invalid extends in tsconfig.json causing TS issues throughout codebase
- remove @ts-ignore throughout codebase which is not relevant anymore
- enable some of the tsconfig options
- remove outdated eslint-disable from codebase
- change deprecated faker.company.companyName() to faker.company.name()
- fix TS issues inside transfer.spec.ts

* - update to latest node and pnpm versions
- upgrade all non-major dependencies to latest
- install missing @types/luxon dependency
- add cuid to pnpm.allowedDeprecatedVersions
- add esModuleInterop config option to tsconfig
- migrate more deprecated faker methods to new ones
- add more temporary ts-ignore to code

* - update eslint config
- remove trailingComma: all since default in prettier v3
- add typecheck command to prepare-code npm script
- upgrade various dependencies to latest major version
- update tsconfig to include only useful config options
- disable some lint issues and fix others

* - add test command to prepare-code
- disable strictPropertyInitialization flag in tsconfig which creates issues with adonis models
- update precommit hook to excute pnpm prepare-code
- remove ts-ignore statements from all models

* fix node and pnpm dependency update

* add cross env (so that we can develop on windows)

* add signup endpoint (TODO: JWT auth)

* Add login endpoint

* Add me and updateMe endpoints

* Add service endpoint

* refactor: change endpoints to use jwt

* add recipes endpoint

* add workspaces endpoint

* fix web controllors for login and post import

* Update node deps

* Change auth middleware (for web) and exempt api from CSRF

* Add import endpoint (franz import)

* Fix export/import logic

* Fix service and workspace data in user/data

* Fix partial lint

* chore: workaround lint issues

* fix: migration naming had two .

* Sync back node with recipes repo

* Temporarily ignore typescript

* Fix adonisrc to handle public folder static assets

* Fix issue with production database

* add Legacy Password Provider

* Fix lint errors

* Fix issue on login errors frontend

* add Legacy Password Provider

* Fix issue with customIcons

* Fix issue with auth tokens

* Update 'node' to '18.18.0'

* make docker work

* improve docker entrypoint (test api performance)

* Add migration database script

* NODE_ENV on recipes

* prefer @ts-expect-error over @ts-ignore

* small fixes

* Update 'pnpm' to '8.7.6'

* fix error catch

* Automatically generate JWT Public and Private keys

* Use custom Adonis5-jwt

* Update code to use secret (old way, no breaking changes)

* Normalize appKey

* Trick to make JWT tokens on client work with new version

* Fix error with new JWT logic

* Change migration and how we store JWT

* Fix 500 response code (needs to be 401)

* Improve logic and fix bugs

* Fix build and entrypoint logic

* Catch error if appKey changes

* Add newToken logic

* Fix lint (ignore any errors)

* Add build for PRs

* pnpm reformat-files result

* Fix some tests

* Fix reset password not working (test failing)

* Restore csrfTokens (disabled by accident)

* Fix pnpm start command with .env

* Disable failing tests on the transfer endpoint (TODO)

* Add tests to PR build

* Fix build

* Remove unnecessary assertStatus

* Add typecheck

* hash password on UserFactory (fix build)

* Add JWT_USE_PEM true by default (increase security)

* fix name of github action

---------

Co-authored-by: Vijay A <vraravam@users.noreply.github.com>
Co-authored-by: Balaji Vijayakumar <kuttibalaji.v6@gmail.com>
Co-authored-by: MCMXC <16797721+mcmxcdev@users.noreply.github.com>
Co-authored-by: André Oliveira <oliveira.andrerodrigues95@gmail.com>

1 files changed, 0 insertions, 144 deletions

diff --git a/config/shield.js b/config/shield.js
deleted file mode 100644
index 9849d29..0000000
--- a/config/shield.js
+++ /dev/null
@@ -1,144 +0,0 @@
-
-module.exports = {
-  /*
-  |--------------------------------------------------------------------------
-  | Content Security Policy
-  |--------------------------------------------------------------------------
-  |
-  | Content security policy filters out the origins not allowed to execute
-  | and load resources like scripts, styles and fonts. There are wide
-  | variety of options to choose from.
-  */
-  csp: {
-    /*
-    |--------------------------------------------------------------------------
-    | Directives
-    |--------------------------------------------------------------------------
-    |
-    | All directives are defined in camelCase and here is the list of
-    | available directives and their possible values.
-    |
-    | https://content-security-policy.com
-    |
-    | @example
-    | directives: {
-    |   defaultSrc: ['self', '@nonce', 'cdnjs.cloudflare.com']
-    | }
-    |
-    */
-    directives: {
-    },
-    /*
-    |--------------------------------------------------------------------------
-    | Report only
-    |--------------------------------------------------------------------------
-    |
-    | Setting `reportOnly=true` will not block the scripts from running and
-    | instead report them to a URL.
-    |
-    */
-    reportOnly: false,
-    /*
-    |--------------------------------------------------------------------------
-    | Set all headers
-    |--------------------------------------------------------------------------
-    |
-    | Headers staring with `X` have been depreciated, since all major browsers
-    | supports the standard CSP header. So its better to disable deperciated
-    | headers, unless you want them to be set.
-    |
-    */
-    setAllHeaders: false,
-
-    /*
-    |--------------------------------------------------------------------------
-    | Disable on android
-    |--------------------------------------------------------------------------
-    |
-    | Certain versions of android are buggy with CSP policy. So you can set
-    | this value to true, to disable it for Android versions with buggy
-    | behavior.
-    |
-    | Here is an issue reported on a different package, but helpful to read
-    | if you want to know the behavior. https://github.com/helmetjs/helmet/pull/82
-    |
-    */
-    disableAndroid: true,
-  },
-
-  /*
-  |--------------------------------------------------------------------------
-  | X-XSS-Protection
-  |--------------------------------------------------------------------------
-  |
-  | X-XSS Protection saves from applications from XSS attacks. It is adopted
-  | by IE and later followed by some other browsers.
-  |
-  | Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
-  |
-  */
-  xss: {
-    enabled: true,
-    enableOnOldIE: false,
-  },
-
-  /*
-  |--------------------------------------------------------------------------
-  | Iframe Options
-  |--------------------------------------------------------------------------
-  |
-  | xframe defines whether or not your website can be embedded inside an
-  | iframe. Choose from one of the following options.
-  | @available options
-  | DENY, SAMEORIGIN, ALLOW-FROM http://example.com
-  |
-  | Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-  */
-  xframe: 'DENY',
-
-  /*
-  |--------------------------------------------------------------------------
-  | No Sniff
-  |--------------------------------------------------------------------------
-  |
-  | Browsers have a habit of sniffing content-type of a response. Which means
-  | files with .txt extension containing Javascript code will be executed as
-  | Javascript. You can disable this behavior by setting nosniff to false.
-  |
-  | Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-  |
-  */
-  nosniff: true,
-
-  /*
-  |--------------------------------------------------------------------------
-  | No Open
-  |--------------------------------------------------------------------------
-  |
-  | IE users can execute webpages in the context of your website, which is
-  | a serious security risk. Below option will manage this for you.
-  |
-  */
-  noopen: true,
-
-  /*
-  |--------------------------------------------------------------------------
-  | CSRF Protection
-  |--------------------------------------------------------------------------
-  |
-  | CSRF Protection adds another layer of security by making sure, actionable
-  | routes does have a valid token to execute an action.
-  |
-  */
-  csrf: {
-    enable: true,
-    methods: ['POST', 'PUT', 'DELETE'],
-    filterUris: [],
-    cookieOptions: {
-      httpOnly: true,
-      sameSite: true,
-      path: '/',
-      maxAge: 7200,
-    },
-  },
-};