Merge pull request #142 from neonexus/master

v6.0.0

Author: neonexus

.ncurc

@@ -1,5 +1,5 @@
-// This allows us to "lock" Chai into v4.
+// This allows us to "lock" packages into specific versions (mostly because of ES updates).
 
 {
-    "reject": ["chai", "eslint"]
+    "reject": ["chai", "eslint", "scrypt-kdf"]
 }

README.md

@@ -1,10 +1,14 @@
 # sails-react-bootstrap-webpack
 
-[![Travis CI status](https://img.shields.io/travis/com/neonexus/sails-react-bootstrap-webpack.svg?branch=release&logo=travis)](https://app.travis-ci.com/github/neonexus/sails-react-bootstrap-webpack)
-[![Sails version](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fraw.githubusercontent.com%2Fneonexus%2Fsails-react-bootstrap-webpack%2Fv5.3.4%2Fpackage.json&query=%24.dependencies.sails&label=Sails&logo=sailsdotjs)](https://sailsjs.com)
-[![React version](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fraw.githubusercontent.com%2Fneonexus%2Fsails-react-bootstrap-webpack%2Fv5.3.4%2Fpackage.json&query=%24.devDependencies.react&label=React&logo=react)](https://react.dev)
-[![Bootstrap version](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fraw.githubusercontent.com%2Fneonexus%2Fsails-react-bootstrap-webpack%2Fv5.3.4%2Fpackage.json&query=%24.devDependencies.bootstrap&label=Bootstrap&logo=bootstrap&logoColor=white)](https://getbootstrap.com)
-[![Webpack version](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fraw.githubusercontent.com%2Fneonexus%2Fsails-react-bootstrap-webpack%2Fv5.3.4%2Fpackage.json&query=%24.devDependencies.webpack&label=Webpack&logo=webpack)](https://webpack.js.org)
+[//]: # ([![Travis CI status](https://img.shields.io/travis/com/neonexus/sails-react-bootstrap-webpack.svg?branch=release&logo=travis)](https://app.travis-ci.com/github/neonexus/sails-react-bootstrap-webpack))
+[![Sails version](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fraw.githubusercontent.com%2Fneonexus%2Fsails-react-bootstrap-webpack%2Fv6.0.0%2Fpackage.json&query=%24.dependencies.sails&label=Sails&logo=sailsdotjs)](https://sailsjs.com)
+[![React version](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fraw.githubusercontent.com%2Fneonexus%2Fsails-react-bootstrap-webpack%2Fv6.0.0%2Fpackage.json&query=%24.devDependencies.react&label=React&logo=react)](https://react.dev)
+[![Bootstrap version](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fraw.githubusercontent.com%2Fneonexus%2Fsails-react-bootstrap-webpack%2Fv6.0.0%2Fpackage.json&query=%24.devDependencies.bootstrap&label=Bootstrap&logo=bootstrap&logoColor=white)](https://getbootstrap.com)
+[![Webpack version](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fraw.githubusercontent.com%2Fneonexus%2Fsails-react-bootstrap-webpack%2Fv6.0.0%2Fpackage.json&query=%24.devDependencies.webpack&label=Webpack&logo=webpack)](https://webpack.js.org)
+
+Latest version only:
+[![FOSSA License Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fneonexus%2Fsails-react-bootstrap-webpack.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fneonexus%2Fsails-react-bootstrap-webpack?ref=badge_shield)
+[![FOSSA Security Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fneonexus%2Fsails-react-bootstrap-webpack.svg?type=shield&issueType=security)](https://app.fossa.com/projects/git%2Bgithub.com%2Fneonexus%2Fsails-react-bootstrap-webpack?ref=badge_shield&issueType=security)
 
 [//]: # ([![Codecov](https://img.shields.io/codecov/c/github/neonexus/sails-react-bootstrap-webpack?logo=codecov)](https://codecov.io/gh/neonexus/sails-react-bootstrap-webpack))
 
@@ -16,7 +20,7 @@ A virtual start-up in a box!
 
 ## Quick Install
 
-NOTE: You will need access to a MySQL / MariaDB database for the setup. If you want to use a different datastore, you'll need to configure it manually.
+NOTE: You will need access to a MySQL / MariaDB database for the quick setup. If you want to use a different datastore, you'll need to configure it manually.
 
 [Aiven.io](https://aiven.io) has FREE (no CC required) secure MySQL (5 GB), and Redis (1 GB). Both require use of SSL, and can be restricted to specified IPs. (If you are having trouble finding the
 FREE instances, you need to select Digital Ocean as the cloud provider.) Use my [referral link](https://console.aiven.io/signup?referral_code=mk36ekt3wo1dvij7joon) to signup, and you'll get $100
@@ -29,6 +33,9 @@ npm run setup
 npm run start   OR   npm run ngrok
 ```
 
+NOTE: `drfg` is a secondary, standalone script I've been working on, which can be used for your own projects: [Download Release From GitHub](https://www.npmjs.com/package/drfg). It downloads
+/ extracts / installs a release from a GitHub repo. (Currently only supports public repos...) `npx` downloads / runs NPM packages; comes standard with `npm` (at least, as of v5.2.0).
+
 ## Table of Contents
 
 * [Main Features](#main-features)

api/helpers/is-password-valid.js

@@ -51,15 +51,15 @@ module.exports = {
         }
 
         if (inputs.user) {
-            if (inputs.user.email && inputs.password.indexOf(inputs.user.email) >= 0) {
+            if (inputs.user.email && inputs.password.toLowerCase().indexOf(inputs.user.email.toLowerCase()) >= 0) {
                 errors.push('Password can not contain your email address.');
             }
 
-            if (inputs.user.firstName && inputs.password.indexOf(inputs.user.firstName) >= 0) {
+            if (inputs.user.firstName && inputs.password.toLowerCase().indexOf(inputs.user.firstName.toLowerCase()) >= 0) {
                 errors.push('Password can not contain your first name.');
             }
 
-            if (inputs.user.lastName && inputs.password.indexOf(inputs.user.lastName) >= 0) {
+            if (inputs.user.lastName && inputs.password.toLowerCase().indexOf(inputs.user.lastName.toLowerCase()) >= 0) {
                 errors.push('Password can not contain your last name.');
             }
         }

api/models/README.md

@@ -1,3 +1,5 @@
 # Models
 
+Models describe / control the structure of data required for the project.
+
 See: https://sailsjs.com/documentation/concepts/models-and-orm/models

api/policies/isLoggedIn.js

@@ -1,5 +1,9 @@
 const moment = require('moment-timezone');
 
+// Standardize messages; not just for ease of change...
+const invalid = 'Invalid credentials.';
+const notLoggedIn = 'You are not logged in';
+
 module.exports = async function(req, res, next) {
     const sessionId = req.signedCookies[sails.config.session.name] || null; // signed cookies: https://sailsjs.com/documentation/reference/request-req/req-signed-cookies
 
@@ -13,7 +17,7 @@ module.exports = async function(req, res, next) {
 
             await sails.models.session.destroy({id: sessionId});
 
-            return res.forbidden('You are not logged in');
+            return res.forbidden(notLoggedIn);
         }
 
         // If the session was found...
@@ -45,15 +49,15 @@ module.exports = async function(req, res, next) {
             }
 
             if (!token.includes(':')) {
-                return res.forbidden('Invalid credentials.');
+                return res.forbidden(invalid);
             }
 
             token = token.split(':');
 
             const foundToken = await sails.models.apitoken.findOne({id: token[0]}).decrypt().populate('user');
 
             if (!foundToken || token[1] !== foundToken.token) {
-                return res.forbidden('Invalid credentials.');
+                return res.forbidden(invalid);
             }
 
             if (foundToken) {
@@ -66,5 +70,5 @@ module.exports = async function(req, res, next) {
         }
     }
 
-    return res.forbidden('You are not logged in');
+    return res.forbidden(notLoggedIn);
 };

assets/src/index.jsx

@@ -13,20 +13,26 @@ const fs = require('fs');
 const express = require('express'); // Express is a requirement of Sails.
 
 module.exports.routes = {
-    'GET /': {
-        skipAssets: true,
-        fn: (req, res) => {
-            return res.redirect(302, '/main'); // redirect to the "main" React app (the marketing site)
-        }
-    },
+    // 'GET /': {
+    //     skipAssets: true,
+    //     fn: (req, res) => {
+    //         return res.redirect(302, '/main'); // redirect to the "main" React app (the marketing site)
+    //     }
+    // },
 
     'GET /*': { // default route used to auto switch React apps
         skipAssets: false,
         fn: [
             express.static(path.resolve(__dirname, '../.tmp/public/')),
             async (req, res) => {
                 // This will determine which React app we need to serve.
-                const parts = req.url.split('/');
+                let url = req.url;
+
+                if (url === '/') {
+                    url = '/main'; // Default to "main"
+                }
+
+                const parts = url.split('/');
                 const pathToCheck = path.join(__dirname, '../.tmp/public/', parts[1], '/index.html');
 
                 if (fs.existsSync(pathToCheck)) {