Running the application requires the following tools to be installed in your environment:
Ensure the prerequisites are met.
- (Optional) Install Redis:
This provides CLI tools for monitoring and changing the cache during the LA journey.
brew install redis
-
Connect to F5 VPN:
Go to the webpage https://portal.platform.hmcts.net/ and follow the instruction to connect to F5 VPN.
(This is needed because we connect to APIs deployed in AAT environment while running the application locally.) -
Log in to Azure:
Use the terminal where you are going to launch the application. Run below command and follow the instructions
(This is needed bacause we load secrets fromadoption-aat
while running the application locally.)
az login --use-device-code
- Run a local version of Draft Store in a Docker container with a Redis image:
docker-compose -f ./draft-store.yml up -d
- Comment out code that isn't used when running Draft Store locally:
Go to this file: src/main/modules/draft-store/index.ts and comment out like this:
const client = new Redis({
host: config.get('services.draftStore.redis.host'),
port: config.get('services.draftStore.redis.port'),
/* password: config.get('session.redis.key'),
tls: {
servername: config.get('services.draftStore.redis.host'),
}, */
});
- Install dependencies:
yarn install
Troubleshooting: If you have issues check your Node version and use Node Version Manager to change to a supported version if required:
nvm use 18.15.0
- Bundle:
yarn webpack
- Run:
yarn start:dev
- The application's home page will be available at http://localhost:3001
-
Connect to F5 VPN
-
Start the Docker container
-
Run:
yarn start:dev
We use ESLint alongside sass-lint
Running the linting with auto fix:
$ yarn lint --fix
This template app uses Jest as the test engine. You can run unit tests by executing the following command:
$ yarn test
NOTE - the oidc integration tests may fail locally, unless you create a file in config/local.yaml
with the content:
mockData:
authToken: 'VALUE_FROM_AAT_KEYVAULT'
Replacing VALUE_FROM_AAT_KEYVAULT with the contents of the secret adoption-web-auth-token
found in adoption-aat
.
Here's how to run functional tests (the template contains just one sample test):
$ yarn test:routes
Running accessibility tests:
$ yarn test:a11y
Make sure all the paths in your application are covered by accessibility tests (see a11y.ts).
Accessibility tests are also covered in playwright e2e tests using AXE-CORE.
Cross-Site Request Forgery prevention has already been
set up in this template, at the application level. However, you need to make sure that CSRF token
is present in every HTML form that requires it. For that purpose you can use the csrfProtection
macro,
included in this template app. Your njk file would look like this:
{% from "macros/csrf.njk" import csrfProtection %}
...
<form ...>
...
{{ csrfProtection(csrfToken) }}
...
</form>
...
Fortify scan is run in the nighly pipeline. See Fortify Scan Setup confluence page for more details on set up
This application uses Helmet, which adds various security-related HTTP headers to the responses. Apart from default Helmet functions, following headers are set:
There is a configuration section related with those headers, where you can specify:
referrerPolicy
- value of theReferrer-Policy
header
Here's an example setup:
"security": {
"referrerPolicy": "origin",
}
Make sure you have those values set correctly for your application.
The application exposes a health endpoint (https://localhost:3000/health), created with the use of Nodejs Healthcheck library. This endpoint is defined in health.ts file. Make sure you adjust it correctly in your application. In particular, remember to replace the sample check with checks specific to your frontend app, e.g. the ones verifying the state of each service it depends on.
This project is licensed under the MIT License - see the LICENSE file for details
Test is moving to playwright framework but old tests still exist.
#Old Tests: E2E tests are configured to run in parallel in 5 headless browsers by default.
To run e2e tests enter yarn test:local
in the command line.
We use Playwright with TypeScript. All the details can be found in the E2E README.md.
To run playwright tests, use command: 'yarn playwright test`
To run all tests only in one browser please set PARALLEL_CHUNKS
environment variable to 1
. By default 5 chunks are enabled.
PARALLEL_CHUNKS=1 yarn test:local
To show tests in browser window as they run please set SHOW_BROWSER_WINDOW
environment variable to true
. By default browser window is hidden.
SHOW_BROWSER_WINDOW=true yarn test:local
To disable chrome web security
DISABLE_SECURITY=true yarn test:local
ADOP_WEB_URL=https://adoption-web.aat.platform.hmcts.net/ SHOW_BROWSER_WINDOW=false CITIZEN_PASSWORD=Adoption12 yarn test:local --grep 'Verify apply my own option'
ADOP_WEB_URL=https://adoption-web-pr-146.service.core-compute-preview.internal/ SHOW_BROWSER_WINDOW=false CITIZEN_PASSWORD=Adoption12 yarn test:local --grep 'Verify apply my own option'
src/main/app/controller contains default controllers. These will be used if no controllers are specified alongside content in the steps folders. If a step needs additional functionality, add a controller alongside the content.ts, which inherits the default controller. Get and post controllers need 'get' or 'post' in their filenames.