Merge pull request #4 from Filiosoft/develop

Confidential Milestone Improvements

Author: nprail

CODE_OF_CONDUCT.md

@@ -0,0 +1,46 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at [email protected]. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

CONTRIBUTING.md

@@ -0,0 +1,32 @@
+## How to contribute to GitLab Roadmap
+
+#### **Did you find a bug?**
+
+- **Do not open up a GitHub issue if the bug is a security vulnerability
+  in GitLab Roadmap**, and instead to refer to our [security policy](SECURITY.md).
+
+- **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/Filiosoft/gitlab-roadmap/issues).
+
+- If you're unable to find an open issue addressing the problem, [open a new one](https://github.com/Filiosoft/gitlab-roadmap/issues/new). Be sure to include a **title and clear description**, and as much relevant information as possible.
+
+#### **Did you write a patch that fixes a bug?**
+
+- Open a new GitHub pull request with the patch.
+
+- Ensure the PR description clearly describes the problem and solution. Include the relevant issue number if applicable.
+
+#### **Do you intend to add a new feature or change an existing one?**
+
+- Suggest your change and start writing code.
+
+- Do not open an issue on GitHub until you have collected positive feedback about the change. GitHub issues are primarily intended for bug reports and fixes.
+
+#### **Do you have questions about the source code?**
+
+- Ask any question about how to use GitLab Roadmap by emailing [Noah]([email protected]).
+
+Thanks!
+
+Noah Prail
+
+_This CONTRIBUTING.md file was adapted from the [Rails CONTRIBUTING.md](https://github.com/rails/rails/blob/master/CONTRIBUTING.md)_

README.md

@@ -10,32 +10,90 @@
 </p>
 <p align="center"><b>📢 Create a product roadmap website with GitLab Issue Boards as a backend!</b></p>
 
-## Quick Start
+## Setup
+
+### Quick Start (Heroku)
 
 Click the button below to deploy on Heroku!
 
 [![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy?template=https://github.com/Filiosoft/gitlab-roadmap)
 
-## Install on AWS Lambda
+### Slower Start (AWS Lambda)
+
+If you want to deploy to AWS Lambda, follow the steps below:
+
+Clone the repository
+
+```
+$ git clone https://github.com/Filiosoft/gitlab-roadmap
+```
+
+Install the dependencies
+
+```
+$ npm install
+```
 
 Copy `config.example.yml` to `config.yml` and edit it to your liking
 
 ```
 $ cp config.example.yml config.yml
 ```
 
+Setup the domain (see [here](https://github.com/amplify-education/serverless-domain-manager) for more instructions)
+
+```
+$ npx sls create_domain
+```
+
+And finally, deploy
+
+```
+$ npx sls deploy
+```
+
+### Development Setup
+
+Want to contribute? Awesome! First checkout the [contribution guidelines](#contributing) then follow these steps to get setup.
+
+Clone the repository
+
+```
+$ git clone https://github.com/Filiosoft/gitlab-roadmap
+```
+
 Install the dependencies
 
 ```
 $ npm install
 ```
 
-And then run the following:
+Copy `example.env` to `.env` and edit it to your liking
 
 ```
-$ npx sls deploy
+$ cp example.env .env
 ```
 
+Start the dev server
+
+```
+$ npm run dev
+```
+
+## Contributing
+
+Please read [CONTRIBUTING.md](https://github.com/Filiosoft/gitlab-roadmap/blob/develop/CONTRIBUTING.md) for details on our [code of conduct](https://github.com/Filiosoft/gitlab-roadmap/blob/develop/CODE_OF_CONDUCT.md), and the process for submitting pull requests to us.
+
+## Versioning
+
+We use [semantic-release](https://github.com/semantic-release/semantic-release) for versioning. Every commit to `master` will generate a release. For the versions available, see the [releases on the repositories](https://github.com/Filiosoft/gitlab-roadmap/releases).
+
+## Credits
+
+- **Noah Prail** - _Project Lead_ - [@nprail](https://github.com/nprail)
+
+See also the list of [contributors](https://github.com/Filiosoft/gitlab-roadmap/contributors) who participated in this project.
+
 ## License
 
-[MIT](LICENSE)
+[MIT](https://github.com/Filiosoft/gitlab-roadmap/blob/develop/LICENSE)

SECURITY.md

@@ -0,0 +1,23 @@
+# GitLab Roadmap Security
+
+## Found a Vulnerability?
+
+If you have found a security vulnerability, do _**NOT**_ create a regular issue!!! Instead, encrypt the issue with `gpg` or `openssl`.
+
+### GPG
+
+To report an issue with GPG, follow these steps:
+
+1.  Write the issue in a markdown file (e.g. `issue.md`)
+2.  Import the public key: `gpg --keyserver keyserver.ubuntu.com --recv 51AB060B`
+3.  Encrypt the `issue.md` file: `gpg --recipient 51AB060B --armor --encrypt issue.md`
+4.  Copy the contents of the `issue.md.asc` file and create a [new issue](https://github.com/Filiosoft/gitlab-roadmap/issues/new) with that.
+
+### OpenSSL
+
+To report an issue with OpenSSL, follow these steps:
+
+1.  Write the issue in a markdown file (e.g. `issue.md`)
+2.  Install `cipherhub`: `[sudo] npm install -g cipherhub`
+3.  Encrypt the `issue.md` file: `cipherhub nprail < issue.md`
+4.  Copy output and create a [new issue](https://github.com/Filiosoft/gitlab-roadmap/issues/new) with that.

app.js

@@ -1,50 +1,14 @@
 const express = require('express')
 
-const { internalConfig, config } = require('./config/config')()
-const axios = require('./config/axios')(internalConfig)
-
 const app = express()
 
 // setup express app
 require('./config/express')(app)
 
-app.get('/', async (req, res, next) => {
-  try {
-    const resp = await Promise.all([
-      axios.get(`/boards/${internalConfig.board_id}`),
-      axios.get('/?statistics=true')
-    ])
-    const boardResp = resp[0]
-    const projectResp = resp[1]
-    const lists = boardResp.data.lists
-    const project = projectResp.data
-
-    if (boardResp.status !== 200) {
-      const err = new Error(
-        `Non-200 response code from GitLab: ${boardResp.status}`
-      )
-      err.status = boardResp.status
-      return next(err)
-    }
-
-    const maps = lists.map(async list => {
-      const resp = await axios.get(`/issues?labels=${list.label.name}`)
-      list.issues = resp.data
-      list.noIssues = list.issues.length < 1
-    })
-
-    await Promise.all(maps)
+// setup passport
+require('./config/passport')(app)
 
-    const sendData = {
-      lists,
-      project,
-      config
-    }
-    return res.render('home', sendData)
-  } catch (err) {
-    return next(err)
-  }
-})
+app.use('/', require('./routes')())
 
 // setup error handlers
 require('./lib/errorHandler')(app)

app.json

@@ -25,6 +25,28 @@
       "description": "ID of GitLab issue board",
       "required": true
     },
+    "GL_RM_INT_CONFIG_GL_APP": {
+      "description": "Enable login with GitLab?",
+      "value":"false",
+      "required": false
+    },
+    "GL_RM_INT_CONFIG_GL_CLIENT_ID": {
+      "description": "GitLab application client ID",
+      "required": false
+    },
+    "GL_RM_INT_CONFIG_GL_CLIENT_SECRET": {
+      "description": "GitLab application client secret",
+      "required": false
+    },
+    "GL_RM_INT_CONFIG_BASE_URL": {
+      "description": "Base url of the roadmap",
+      "required": false
+    },
+    "GL_RM_INT_CONFIG_COOKIE_SECRET": {
+      "description": "Random secret for cookies",
+      "generator":"secret",
+      "required": false
+    },
     "GL_RM_CONFIG_THEME": {
       "description": "Bootstrap CSS theme",
       "value": "https://bootswatch.com/4/materia/bootstrap.min.css",

bin/www.js

@@ -6,6 +6,7 @@
 
 const app = require('../app')
 const http = require('http')
+const debug = require('debug')('glrm:http')
 
 /**
  * Get port from environment and store in Express.
@@ -54,10 +55,10 @@ function onError (error) {
   // handle specific listen errors with friendly messages
   switch (error.code) {
     case 'EACCES':
-      console.error(bind + ' requires elevated privileges')
+      debug(`${bind} requires elevated privileges`)
       process.exit(1)
     case 'EADDRINUSE':
-      console.error(bind + ' is already in use')
+      debug(`${bind} is already in use`)
       process.exit(1)
     default:
       throw error
@@ -70,8 +71,8 @@ function onError (error) {
 
 function onListening () {
   const addr = server.address()
-  const bind = typeof addr === 'string' ? 'pipe ' + addr : 'port ' + addr.port
-  console.log('Listening on ' + bind)
+  const bind = typeof addr === 'string' ? `pipe ${addr}` : `port ${addr.port}`
+  debug(`Listening on ${bind}`)
 }
 
 /**

config.example.yml

@@ -3,6 +3,11 @@ internal-config:
   url: https://gitlab.com # gitlab instance address
   project-id: filiosoft/roadmap # can be ID or path
   board-id: 49 # issue board ID
+  gl-app: true # enable login with GitLab?
+  gl-client-id: f135d8df73f083f632d877ffa4d5252e953255de5bd78458cbe994dbb92cc9a9 # gitlab application client id
+  gl-client-secret: 51ca773af0789f1c6afe1a8a118364cace26fa06a511227acfa9f5de0c83da13 # gitlab application client secret
+  base-url: https://roadmap.filiosoft.com # base url of roadmap
+  cookie-secret: change-me # random secret
 config:
   theme: https://bootswatch.com/4/materia/bootstrap.min.css # boostrap theme
   domain: roadmap.filiosoft.com # domain to deploy to

config/config.js

@@ -4,18 +4,22 @@ const getConfig = () => {
   const internalConfig = {}
   const config = {}
 
-  // convert undefined string to actual undefined
-  const convertUndefined = input => {
+  // convert undefined, true, and false string to type
+  const convert = input => {
     if (input === 'undefined') {
       return undefined
+    } else if (input === 'false') {
+      return false
+    } else if (input === 'true') {
+      return true
     }
     return input
   }
 
   const loadConfig = (prefix, object) => {
     for (const key in process.env) {
       if (key.startsWith(prefix)) {
-        const newValue = convertUndefined(process.env[key])
+        const newValue = convert(process.env[key])
         const newKey = key.replace(prefix, '').toLowerCase()
 
         object[newKey] = newValue

config/express.js

@@ -1,17 +1,36 @@
 const cors = require('cors')
 const exphbs = require('express-handlebars')
 const moment = require('moment')
+const morgan = require('morgan')
+const debug = require('debug')('glrm:express')
 
-module.exports = app => {
+const { internalConfig, config } = require('../config')()
+const axios = require('../config/axios')(internalConfig)
+
+module.exports = async app => {
+  // set config globals
+  app.locals.config = config
+  app.locals.appEnabled = internalConfig.gl_app
+  try {
+    const projectResp = await axios.get('/')
+    app.locals.project = projectResp.data
+  } catch (err) {
+    debug(err)
+  }
+
+  // setup middleware
+  app.use(morgan('dev'))
   app.use(cors())
+
+  // setup view engine
   app.engine(
     '.hbs',
     exphbs({
       extname: '.hbs',
       defaultLayout: 'main',
       helpers: {
         moment: input => {
-          return moment(input).format('MMMM Do YYYY, h:mm:ss a')
+          return moment(input).format('MMMM Do YYYY')
         }
       }
     })