Merge pull request #94 from neonexus/master

v4.2.0

Author: neonexus

.dockerignore

@@ -7,12 +7,12 @@ config/local.js
 .editorconfig
 .eslintignore
 .eslintrc
-.mocharc.yaml
+.mocharc.yml
 .nycrc
 .tmp
 .travis.yml
 test
 
-README.md
+**/README*
 CHANGELOG.md
 LICENSE

.idea/dictionaries/neonexusdemortis.xml

@@ -9,3 +9,6 @@ loglevel=error
 
 # Make "npm audit" an opt-in thing for subsequent installs within this app:
 audit=true
+
+# Don't install optional dependencies automatically (which is a weird default NPM...):
+omit=optional

.idea/runConfigurations/Start_Ngrok.xml

@@ -1,12 +1,38 @@
 # Changelog
 
+## [v4.2.0](https://github.com/neonexus/sails-react-bootstrap-webpack/compare/v4.1.1...v4.2.0) (2023-04-20)
+### Features
+
+* Built a script for [`Ngrok`](https://www.npmjs.com/package/ngrok), which will build assets, start Sails, and create an Ngrok tunnel (to the configured PORT).
+* Built 2FA (2-Factor Authentication) capabilities.
+* Added `appName` as a config option.
+* Added `createdBy` to the [`User`](api/models/User.js) model.
+* Added [`sails-hook-autoreload`](https://www.npmjs.com/package/sails-hook-autoreload) support (must manually install).
+* Built session expiration handling.
+* Built password changing modal / API.
+* Made session data saving automatic, and work with both sessions / API tokens.
+* Fixed some README quirks.
+* Removed unneeded React imports (because of the Babel transform). For more info, [read this announcement (from 2020...)](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html).
+* Updated React links to use their new domain.
+* Removed `serve-static` in favor of `express.static`.
+* Updated dependencies.
+
+### Breaking Changes
+
+* Moved CSRF secret storage from the `data` column, to its own column, so it can easily be encrypted/decrypted in the [`Session`](api/models/Session.js) model.
+* Changed how API tokens are handled. So now, when using an API token, the ID must be given first, then the token, seperated by a colon.<br />Example: `Authorization` header is: `tokenID:apiToken` (or `Bearer tokenID:apiToken`). This is because `token` is now an encrypted column.
+* Renamed `sails.helpers.updateCsrf` -> `sails.helpers.updateCsrfAndExpiry` to reflect the session expiry update.
+* Renamed `req.requestId`/`env.req.requestId` -> `req.id`/`env.req.id` to better match general convention.
+* Renamed `process.env` -> `appConfig` in the Webpack config (a variable used to pass data down to the frontend). What was I doing?!...
+
 ## [v4.1.1](https://github.com/neonexus/sails-react-bootstrap-webpack/compare/v4.1.0...v4.1.1) (2023-03-14)
 ### Features
 
-* Fixed a stupid mistake in `api/controllers/get-users.js`.
+* Fixed a stupid mistake in [`api/controllers/admin/get-users.js`](api/controllers/admin/get-users.js).
 * Updated dependencies.
 
 ## [v4.1.0](https://github.com/neonexus/sails-react-bootstrap-webpack/compare/v4.0.1...v4.1.0) (2023-03-13)
+
 ### Features
 
 * Alphabetized the scripts in `package.json`.
@@ -48,7 +74,7 @@
 
 ### Breaking Changes
 
-* Renamed tests entry point (`hooks.js` -> `startTests.js`).
+* Renamed tests entry point (`test/hooks.js` -> `test/startTests.js`).
 
 ## [v3.2.1](https://github.com/neonexus/sails-react-bootstrap-webpack/compare/v3.2.0...v3.2.1) (2022-11-16)
 
@@ -119,7 +145,7 @@
 
 ### Breaking Changes
 
-* Updated to React v18. See: [the upgrade guide to React 18](https://reactjs.org/blog/2022/03/08/react-18-upgrade-guide.html).
+* Updated to React v18. See: [the upgrade guide to React 18](https://react.dev/blog/2022/03/08/react-18-upgrade-guide).
 * Updated to React Router DOM v6. See: [the v5 -> v6 migration guide](https://reactrouter.com/docs/en/v6/upgrading/v5). This requires a **MAJOR** overhaul of how routes are handled.
 * Moved some controllers into a "common" folder, instead of the "admin" folder (as they could be used outside of admin controls).
 

.mocharc.yaml renamed to .mocharc.yml

@@ -1,4 +1,4 @@
-FROM node:18.15
+FROM node:18.16
 MAINTAINER NeoNexus DeMortis
 
 RUN mkdir /var/www && mkdir /var/www/myapp

.npmrc

@@ -0,0 +1,5 @@
+# Controllers
+
+Here is where all of our API actions live. A controller in this context is a folder, and an action of the controller is an individual file. Each action is using the new "actions2" style, as opposed to the classic.
+
+See: https://sailsjs.com/documentation/concepts/actions-and-controllers

CHANGELOG.md

@@ -1,7 +1,7 @@
 module.exports = {
     friendlyName: 'Create API Token',
 
-    description: 'Get an API token, which replaces CSRF token / session cookie usage.',
+    description: 'Create an API token, which replaces CSRF token / session cookie usage.',
 
     inputs: {},
 
@@ -14,12 +14,16 @@ module.exports = {
     fn: async (inputs, exits, env) => {
         const newToken = await sails.models.apitoken.create({
             id: 'c', // required, auto-generated
-            user: env.req.session.user.id
-        }).fetch();
+            user: env.req.session.user.id,
+            token: sails.helpers.generateToken(),
+            data: {} // Used to store things that are temporary, or only apply to this session.
+        }).fetch().decrypt();
+
+        const outToken = newToken.id + ':' + newToken.token;
 
         return exits.created({
-            token: newToken.token,
-            __skipCSRF: true // this tells our "created" response to ignore the CSRF token update
+            token: outToken,
+            header: 'Bearer ' + outToken
         });
     }
 };