Merge branch 'feat/identity/site-token-middleware' into feat/identity…

…/email-login

* feat/identity/site-token-middleware: (25 commits)
  feat: add github_id column to user model
  Refactor/collection pages refactor (#215)
  build(deps): bump dompurify from 2.3.0 to 2.3.1 (#264)
  Introduce standard issue templates (#58)
  build(deps): bump cookie-parser from 1.4.4 to 1.4.5 (#261)
  build(deps): bump path-parse from 1.0.6 to 1.0.7 (#255)
  build(deps-dev): bump eslint-plugin-prettier from 3.3.1 to 3.4.0 (#229)
  build(deps-dev): bump lint-staged from 11.0.0 to 11.1.2 (#251)
  build(deps): bump morgan from 1.9.1 to 1.10.0 (#228)
  build(deps-dev): bump eslint-plugin-import from 2.22.1 to 2.23.4 (#223)
  build(deps): bump moment-timezone from 0.5.31 to 0.5.33 (#221)
  fix: upgrade bluebird from 3.7.0 to 3.7.2 (#239)
  fix: upgrade http-errors from 1.6.3 to 1.8.0 (#238)
  fix: upgrade js-base64 from 2.5.1 to 2.6.4 (#237)
  build(deps): bump dotenv from 8.1.0 to 10.0.0 (#219)
  fix: upgrade query-string from 6.8.3 to 6.14.1 (#235)
  [develop] fix: update logout (#252)
  feat: validate and sanitize media files (#249)
  Fix: update path to netlify.toml (#248)
  fix: add helmet for security (#243)
  ...

.env-example

@@ -5,6 +5,7 @@ export NODE_ENV="LOCAL_DEV"
 export COOKIE_DOMAIN="localhost"
 export AUTH_TOKEN_EXPIRY_DURATION_IN_MILLISECONDS=3600000
 export JWT_SECRET=mysecretblah
+export ENCRYPTION_SECRET=anothersecretblah
 export FRONTEND_URL='http://localhost:8081'
 export GITHUB_ORG_NAME="isomerpages"
 export GITHUB_BUILD_ORG_NAME="opengovsg"

.eslintrc.json

@@ -55,6 +55,11 @@
                         "pattern": "@utils/**",
                         "group": "internal",
                         "position": "before"
+                    },
+                    {
+                      "pattern": "@validators/**",
+                      "group": "internal",
+                      "position": "before"
                     }
                 ]
             }
@@ -72,7 +77,9 @@
                 ["@utils", "./utils"],
                 ["@loaders", "./loaders"],
                 ["@database", "./database"],
-                ["@services", "./services"]
+                ["@services", "./services"],
+                ["@controllers", "./controllers"],
+                ["@validators", "./validators"]
             ]
         }
     },

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/custom.md

@@ -0,0 +1,10 @@
+---
+name: Custom issue template
+about: Describe this issue template's purpose here.
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "npm" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"

.github/workflows/ci.yml

@@ -28,7 +28,7 @@ jobs:
           prod = os.environ['PRODUCTION_BRANCH']
           staging = os.environ['STAGING_BRANCH']
           dev = os.environ['DEV_BRANCH']
-          if ref == prod:
+          if ref == prod or ref == staging or ref == dev:
             print('::set-output name=proceed::true')
           else:
             print('::set-output name=proceed::false')

classes/MediaFile.js

@@ -4,9 +4,11 @@ const {
   ConflictError,
   inputNameConflictErrorMsg,
 } = require("@errors/ConflictError")
+const { MediaTypeError } = require("@errors/MediaTypeError")
 const { NotFoundError } = require("@errors/NotFoundError")
 
 const validateStatus = require("@utils/axios-utils")
+const { validateAndSanitizeFileUpload } = require("@utils/file-upload-utils")
 
 // Import error
 
@@ -73,9 +75,7 @@ class MediaFile {
     if (resp.status !== 200) return {}
 
     return resp.data
-      .filter((object) => {
-        return object.type === "file"
-      })
+      .filter((object) => object.type === "file")
       .map((object) => {
         const pathNameSplit = object.path.split("/")
         const fileName = pathNameSplit[pathNameSplit.length - 1]
@@ -88,15 +88,20 @@ class MediaFile {
   }
 
   async create(fileName, content) {
-    try {
-      const endpoint = `${this.baseEndpoint}/${fileName}`
+    const sanitizedContent = await validateAndSanitizeFileUpload(content)
+    if (!sanitizedContent) {
+      throw new MediaTypeError(`File extension is not within the approved list`)
+    }
 
-      const params = {
-        message: `Create file: ${fileName}`,
-        content,
-        branch: "staging",
-      }
+    const endpoint = `${this.baseEndpoint}/${fileName}`
 
+    const params = {
+      message: `Create file: ${fileName}`,
+      content: sanitizedContent,
+      branch: "staging",
+    }
+
+    try {
       const resp = await axios.put(endpoint, params, {
         headers: {
           Authorization: `token ${this.accessToken}`,

classes/NetlifyToml.js

@@ -16,7 +16,7 @@ class NetlifyToml {
   }
 
   async read() {
-    const endpoint = `https://api.github.com/repos/${GITHUB_BUILD_ORG_NAME}/${GITHUB_BUILD_REPO_NAME}/contents/netlify.toml`
+    const endpoint = `https://api.github.com/repos/${GITHUB_BUILD_ORG_NAME}/${GITHUB_BUILD_REPO_NAME}/contents/overrides/netlify.toml`
 
     const resp = await axios.get(endpoint, {
       validateStatus,

controllers/CollectionController.js

@@ -0,0 +1,109 @@
+class CollectionController {
+  constructor({ collectionPageService, subcollectionPageService }) {
+    this.collectionPageService = collectionPageService
+    this.subcollectionPageService = subcollectionPageService
+  }
+
+  async createPage(
+    reqDetails,
+    { fileName, collectionName, subcollectionName, content, frontMatter }
+  ) {
+    if (subcollectionName)
+      return this.subcollectionPageService.create(reqDetails, {
+        fileName,
+        collectionName,
+        subcollectionName,
+        content,
+        frontMatter,
+      })
+    return this.collectionPageService.create(reqDetails, {
+      fileName,
+      collectionName,
+      content,
+      frontMatter,
+    })
+  }
+
+  async readPage(reqDetails, { fileName, collectionName, subcollectionName }) {
+    if (subcollectionName)
+      return this.subcollectionPageService.read(reqDetails, {
+        fileName,
+        collectionName,
+        subcollectionName,
+      })
+    return this.collectionPageService.read(reqDetails, {
+      fileName,
+      collectionName,
+    })
+  }
+
+  async updatePage(
+    reqDetails,
+    {
+      fileName,
+      newFileName,
+      collectionName,
+      subcollectionName,
+      content,
+      frontMatter,
+      sha,
+    }
+  ) {
+    if (subcollectionName) {
+      if (newFileName)
+        return this.subcollectionPageService.rename(reqDetails, {
+          oldFileName: fileName,
+          newFileName,
+          collectionName,
+          subcollectionName,
+          content,
+          frontMatter,
+          sha,
+        })
+      return this.subcollectionPageService.update(reqDetails, {
+        fileName,
+        collectionName,
+        subcollectionName,
+        content,
+        frontMatter,
+        sha,
+      })
+    }
+    if (newFileName)
+      return this.collectionPageService.rename(reqDetails, {
+        oldFileName: fileName,
+        newFileName,
+        collectionName,
+        content,
+        frontMatter,
+        sha,
+      })
+    return this.collectionPageService.update(reqDetails, {
+      fileName,
+      collectionName,
+      content,
+      frontMatter,
+      sha,
+    })
+  }
+
+  async deletePage(
+    reqDetails,
+    { fileName, collectionName, subcollectionName, sha }
+  ) {
+    if (subcollectionName)
+      return this.subcollectionPageService.delete(reqDetails, {
+        fileName,
+        collectionName,
+        subcollectionName,
+        sha,
+      })
+    return this.collectionPageService.delete(reqDetails, {
+      fileName,
+      collectionName,
+      sha,
+    })
+  }
+}
+
+module.exports = { CollectionController }