Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into dependabot/npm_and_yarn/date-and-time-0.14.2
Browse files Browse the repository at this point in the history
kyleecodes authored Jan 16, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
2 parents 9c7c0f7 + a9f0963 commit 44548f3
Showing 14 changed files with 596 additions and 66 deletions.
19 changes: 19 additions & 0 deletions .github/ISSUE_TEMPLATE/blank-issue-template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
name: Blank Issue Template
about: The standard issue template for Chayn
title: ''
labels: ''
assignees: ''

---

### Overview
Clearly state the purpose of this issue, ideally in 2 sentences or less.
For example: *_We need to do X for Y reason._*

### Action Items
List research to be done or the steps to be completed.
Note: If the steps can be divided into tasks for more than one person, we recommend dividing it up into separate issues, or assigning it as a pair programming task.

### Resources
Provide links to resources that may help solve or better understand with this issue. This can include external sites with solutions, documentation, etc.
39 changes: 39 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''

---

**Describe the bug**
A clear and concise description of what the bug is.
*Please do not report security vulnerabilities here. To report security vulnerabilities, please follow our Security Policy instructions:* https://github.com/chaynHQ/ysm-backend/security/policy

**To Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

**Expected behavior**
A clear and concise description of what you expected to happen.

**Screenshots**
If applicable, add screenshots to help explain your problem.

**Desktop (please complete the following information):**
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]

**Smartphone (please complete the following information):**
- Device: [e.g. iPhone6]
- OS: [e.g. iOS8.1]
- Browser [e.g. stock browser, safari]
- Version [e.g. 22]

**Additional context**
Add any other context about the problem here.
18 changes: 18 additions & 0 deletions .github/ISSUE_TEMPLATE/feature_request.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
name: Feature request
about: Suggest an idea
title: ''
labels: ''
assignees: ''

---

### Is your feature request related to a problem?
Please provide a clear and concise description of what the problem is.
*Ex. I'm always frustrated when [...]*

### Describe a solution:
If applicable, please a detailed description of what you want to see or build to fix the problem. Include who wants it (e.g. yourself, a survivor, volunteer, developer, organization, etc.), and what value you think this will bring.

### Additional context and resources:
Add any other context, documents, links, screenshots about the feature request here. Please be detailed!
13 changes: 13 additions & 0 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
### Issue link / number:

### What changes did you make?

### Why did you make the changes?

<!--- PR CHECKLIST: PLEASE REMOVE BEFORE SUBMITTING —>
Before submitting, check that you have completed the following tasks:
- [ ] Answered the questions above.
- [ ] Read Chayn's Contributing Guidelines in the CONTRIBUTING.md file.
- [ ] Enabled "Allow edits and access to secrets by maintainers" on this PR.
- [ ] If applicable, include images in the description.
After submitting, please be available for discussion. Thank you!
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -10,7 +10,7 @@ jobs:
test-and-build:
name: 'Test and build'

runs-on: ubuntu-18.04
runs-on: ubuntu-latest

defaults:
run:
4 changes: 2 additions & 2 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -27,14 +27,14 @@ lerna-debug.log*
*.sublime-workspace

# IDE - VSCode
.vscode/*
/.vscode
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json

# Local env files
.env.local
.env
.env.development
.env.development.local
.env.test.local
8 changes: 0 additions & 8 deletions .vscode/extensions.json

This file was deleted.

27 changes: 0 additions & 27 deletions .vscode/settings.json

This file was deleted.

128 changes: 128 additions & 0 deletions CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
# Contributor Covenant Code of Conduct

## Our Pledge

We as members, contributors, and leaders pledge to make participation in our
community a harassment-free experience for everyone, regardless of age, body
size, visible or invisible disability, ethnicity, sex characteristics, gender
identity and expression, level of experience, education, socio-economic status,
nationality, personal appearance, race, religion, or sexual identity
and orientation.

We pledge to act and interact in ways that contribute to an open, welcoming,
diverse, inclusive, and healthy community.

## Our Standards

Examples of behavior that contributes to a positive environment for our
community include:

* Demonstrating empathy and kindness toward other people
* Being respectful of differing opinions, viewpoints, and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing to those affected by our mistakes,
and learning from the experience
* Focusing on what is best not just for us as individuals, but for the
overall community

Examples of unacceptable behavior include:

* The use of sexualized language or imagery, and sexual attention or
advances of any kind
* Trolling, insulting or derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or email
address, without their explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting

## Enforcement Responsibilities

Community leaders are responsible for clarifying and enforcing our standards of
acceptable behavior and will take appropriate and fair corrective action in
response to any behavior that they deem inappropriate, threatening, offensive,
or harmful.

Community leaders have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
not aligned to this Code of Conduct, and will communicate reasons for moderation
decisions when appropriate.

## Scope

This Code of Conduct applies within all community spaces, and also applies when
an individual is officially representing the community in public spaces.
Examples of representing our community include using an official e-mail address,
posting via an official social media account, or acting as an appointed
representative at an online or offline event.

## Enforcement

Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
techcommunity@chayn.co.
All complaints will be reviewed and investigated promptly and fairly.

All community leaders are obligated to respect the privacy and security of the
reporter of any incident.

## Enforcement Guidelines

Community leaders will follow these Community Impact Guidelines in determining
the consequences for any action they deem in violation of this Code of Conduct:

### 1. Correction

**Community Impact**: Use of inappropriate language or other behavior deemed
unprofessional or unwelcome in the community.

**Consequence**: A private, written warning from community leaders, providing
clarity around the nature of the violation and an explanation of why the
behavior was inappropriate. A public apology may be requested.

### 2. Warning

**Community Impact**: A violation through a single incident or series
of actions.

**Consequence**: A warning with consequences for continued behavior. No
interaction with the people involved, including unsolicited interaction with
those enforcing the Code of Conduct, for a specified period of time. This
includes avoiding interactions in community spaces as well as external channels
like social media. Violating these terms may lead to a temporary or
permanent ban.

### 3. Temporary Ban

**Community Impact**: A serious violation of community standards, including
sustained inappropriate behavior.

**Consequence**: A temporary ban from any sort of interaction or public
communication with the community for a specified period of time. No public or
private interaction with the people involved, including unsolicited interaction
with those enforcing the Code of Conduct, is allowed during this period.
Violating these terms may lead to a permanent ban.

### 4. Permanent Ban

**Community Impact**: Demonstrating a pattern of violation of community
standards, including sustained inappropriate behavior, harassment of an
individual, or aggression toward or disparagement of classes of individuals.

**Consequence**: A permanent ban from any sort of public interaction within
the community.

## Attribution

This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.0, available at
https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.

Community Impact Guidelines were inspired by [Mozilla's code of conduct
enforcement ladder](https://github.com/mozilla/diversity).

[homepage]: https://www.contributor-covenant.org

For answers to common questions about this code of conduct, see the FAQ at
https://www.contributor-covenant.org/faq. Translations are available at
https://www.contributor-covenant.org/translations.
259 changes: 259 additions & 0 deletions CONTRIBUTING.md

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
# First stage: build server app
FROM node:12 as builder
FROM node:14 as builder
ENV NODE_ENV=development
WORKDIR /app
COPY . .
RUN yarn install --frozen-lockfile --non-interactive
RUN yarn build

# Second stage: leaner image to deploy and run the built app
FROM node:12-alpine
FROM node:14-alpine
ENV NODE_ENV=production
WORKDIR /app
COPY --from=builder /app/package.json /app/yarn.lock ./
109 changes: 86 additions & 23 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,39 +1,99 @@
# Your Story Matters (YSM)

Your Story Matters (YSM) is a digital companion for survivors of sexual assault launched in 2019. Formerly called YANA (You Are Not Alone) and funded by Nesta and the UK Department of Digital, Culture, Media and Sport through the Tech to Connect Challenge, YSM has curated content including recovery, moving through trauma, accessing justice through the law, stories of resilience, and allows survivors the option to create an account and save their journey.

## Get Involved

If you would like to help Chayn and receive special access to our organization and volunteer opportunities, please [visit our Getting Involved guide](https://chayn.notion.site/Get-involved-423c067536f3426a88005de68f0cab19). We'll get back to you to schedule an onboarding call. Other ways to get involved and support us are [donating](https://www.paypal.me/chaynhq), starring this repo and making an open-source contribution here on GitHub, and supporting us on social media!

Our social medias:

Website - [Chayn](https://www.chayn.co/)

Twitter - [@ChaynHQ](https://twitter.com/ChaynHQ)

Instagram - [@chaynhq](https://www.instagram.com/chaynhq/)

Youtube - [Chayn Team](https://www.youtube.com/channel/UC5_1Ci2SWVjmbeH8_USm-Bg)

LinkedIn - [@chayn](https://www.linkedin.com/company/chayn)

# YSM Backend

![GitHub Actions CI workflow badge](https://github.com/chaynHQ/ysm-backend/workflows/YSM%20Backend%20CI%20pipeline/badge.svg)

A [NestJS](https://nestjs.com/) API server with [Jest](https://jestjs.io/) testing.
A NestJS API server with Jest testing.

This repo serves just the YSM backend, find YSM's frontend code here: https://github.com/chaynHQ/ysm

**Currently in active development.**

## How to Contribute:

Before making a contribution, please follow our Contributing Guidelines in [CONTRIBUTING.md](/CONTRIBUTING.md).

Happy coding! ⭐

## Development

Note: if you just want to run the backend service locally and not do any development work on it, you can instead skip to the section on how to run it in a Docker container.
**RECOMMENDED: You may skip ahead to the [Running as a Docker Container Locally section below](#running-as-a-docker-container-locally) if you just want to run the backend service locally and not do any development work on it.**

### Prerequisites

- NodeJS v12+
- NodeJS v14+
- Yarn v1.21+

### Technologies Used:

- [NestJS](https://nestjs.com/) - Node.js web framework
- [Jest](https://jestjs.io/) - JavaScript testing
- [Firebase](https://firebase.google.com/) - user authentication and analytics
- [Rollbar](https://rollbar.com/) - error reporting
- [StoryBlok](https://www.storyblok.com/) - headless CMS for pages and courses content
- [Heroku](https://www.heroku.com/) - build, deploy and operate staging and production apps
- [GitHub Actions](https://github.com/features/actions) - CI pipeline

### Set up local env config

Certain config values are required to run the server.
For local development, create a new **`.env.development`** file and add the following environment variables:

For local development, create a new **`.env.development`** file and add in the following:
If you're an official Chayn volunteer, please get in touch with the team for access to the environment variables.

```shell
STORYBLOK_TOKEN={value} # The API token from Storyblok (must have 'draft' access)
```
# The API token from Storyblok (must have 'draft' access)
STORYBLOK_TOKEN=
# The service account JSON object serialised into a string and then base64 encoded
FIREBASE_SERVICE_ACCOUNT={value}
FIREBASE_SERVICE_ACCOUNT={value} # The service account JSON object serialised into a string and then base64 encoded
# OPTIONAL: comma separated list of email addresses for users allowed to access preview mode (for viewing draft content from Storyblok)
CONTENT_EDITOR_EMAILS=
CONTENT_EDITOR_EMAILS={value} # Optional. A comma separated list of email addresses of the users that are allowed to access preview mode (for viewing draft content from Storyblok)
# OPTIONAL: when running in `dev` mode. Either set this to the Rollbar server token, or to `false` to disable.
ROLLBAR_TOKEN={value}
ROLLBAR_TOKEN={value} # Optional when running in `dev` mode. Either set this to the Rollbar server token, or to `false` to disable.
ROLLBAR_ENV=local-dev # Required in `production` mode or if `ROLLBAR_TOKEN` is set.
# OPTIONAL: required in `production` mode or if `ROLLBAR_TOKEN` is set.
ROLLBAR_ENV=local-dev
RATE_LIMIT_WINDOW_MS={value} # Optional. The window of time (in milliseconds) for the rate limiting to apply.
RATE_LIMIT_MAX=(value) # Optional. The max number of requests (per IP address) within the window of time (above).
# OPTIONAL: The window of time (in milliseconds) for the rate limiting to apply.
RATE_LIMIT_WINDOW_MS={value}
# OPTIONAL: The max number of requests (per IP address) within the window of time (above).
RATE_LIMIT_MAX=(value)
```

**If creating new environment variables:**

- Check if the new environment variable must be added the [ci.yml](.github/workflows/ci.yml) file.
- Note that new environment variables must be added to Heroku before release to production. Please tag staff in your issue if creating new environment variables.

### Install dependencies

```bash
yarn
```

#### Env config for tests
### Set up local env config for tests

Tests will use a separate `.env.test` file which should already be present.

@@ -49,12 +109,6 @@ FIREBASE_SERVICE_ACCOUNT={value} # Same as in .env.development - the service ac
FIREBASE_WEB_API_KEY={value} # Special API key just for use in e2e tests - found in the settings page for the Firebase project
```

### Install dependencies

```bash
yarn
```

### Run locally

```bash
@@ -117,16 +171,17 @@ DEBUG=axios yarn start:dev

Note: the `axios-debug-log` library used to provide this logging has only been added as a dev dependency, so this will not work in production environments.

## Running as a Docker container locally
# Running as a Docker Container Locally

You may want to run the backend service in a Docker container if:

1. You don't intend to do any development work on it and just need a running service for the frontend to access.
1. You want to test that the Docker image works as expected, e.g. if you've made any changes to the `Dockerfile`.

First, ensure you have the Docker service installed and running on your machine. More info on how to do this: <https://docs.docker.com/get-docker/>.
**Steps to run the docker container locally:**

Then, follow the section on setting up your local env config, above. Note that you don't need to follow any other instructions from the previous sections (like having the prerequisites, installing dependencies, etc.) as the Docker build process will do all this for you.
1. Ensure you have the Docker service installed and running on your machine. More info on how to do this: <https://docs.docker.com/get-docker/>.
2. Follow the directions above on [setting up your local env config](#set-up-local-env-config). Note that you don't need to follow any other instructions from the previous sections (like having the prerequisites, installing dependencies, etc.) as the Docker build process will do all this for you.

Then, build the image:

@@ -147,3 +202,11 @@ curl -v http://localhost:3000/api/resources
```

… or opening the URL <http://localhost:3000/api/resources> in your browser. It should show the JSON output of the `/resources` API.

# License

This project uses the [MIT License](/LICENSE).

YSM and all of Chayn's projects are open-source.

While the core tech stack included here is open-source, some external integrations used in this project may require subscriptions.
26 changes: 26 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Chayn Security Policy

## Report a Vulnerability

To report a security issue, please email techcommunity@chayn.co with the following information:

1. **The Chayn product** with the vulnerability.
2. **A short summary of the problem.** Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server.
3. Complete instructions, including specific configuration details, to **reproduce the vulnerability.**

Optional information to include if applicable:
- Propose a remediation suggestion if you have one. Make it clear that this is just a suggestion, as the maintainer might have a better idea to fix the issue.
- Credit: List all researchers who contributed to this disclosure. If you found the vulnerability with a specific tool, you can also credit this tool.
- Contact information for further collaboration. If the vulernerability is accepted, we will be happy to collaborate with you, and review your fix to make sure that all corner cases are covered.

You will receive an email from us confirming we have received your bug report.

## Disclosure Policy

Chayn is dedicated to working closely with the open source community and with projects that are affected by a vulnerability, in order to protect users and ensure a coordinated disclosure.

If the project team responds and agrees the issue poses a security risk, we will work with the project security team or maintainers to communicate the vulnerability in detail, and agree on the process for public disclosure. Responsibility for developing and releasing a patch lies firmly with the project team, though we aim to facilitate this by providing detailed information about the vulnerability.

Our disclosure deadline for publicly disclosing a vulnerability is: 90 days after the first report to the project team.

We **appreciate the hard work** contributors and maintainers put into fixing vulnerabilities and understand that sometimes more time is required to properly address an issue. We want project maintainers and contributors to succeed and because of that we are always open to discuss our disclosure policy to fit your specific requirements, when warranted.
6 changes: 3 additions & 3 deletions yarn.lock
Original file line number Diff line number Diff line change
@@ -2777,9 +2777,9 @@ cookie@0.4.0:
integrity sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg==

cookiejar@^2.1.2:
version "2.1.2"
resolved "https://registry.yarnpkg.com/cookiejar/-/cookiejar-2.1.2.tgz#dd8a235530752f988f9a0844f3fc589e3111125c"
integrity sha512-Mw+adcfzPxcPeI+0WlvRrr/3lGVO0bD75SxX6811cxSh1Wbxx7xZBGK1eVtDf6si8rg2lhnUjsVLMFMfbRIuwA==
version "2.1.4"
resolved "https://registry.yarnpkg.com/cookiejar/-/cookiejar-2.1.4.tgz#ee669c1fea2cf42dc31585469d193fef0d65771b"
integrity sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw==

copy-concurrently@^1.0.0:
version "1.0.5"

0 comments on commit 44548f3

Please sign in to comment.