@webresto/graphql 1.3.0 → 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- package/package.json +25 -8
- package/src/resolvers/cart.d.ts +4 -2
- package/src/resolvers/cart.ts +9 -4
- package/test/bootstrap.ts +33 -0
- package/test/fixture/.tmp/localDiskDb/archive.db +1 -0
- package/test/fixture/.tmp/localDiskDb/dish.db +1 -0
- package/test/fixture/.tmp/localDiskDb/dish_images__image_dish.db +1 -0
- package/test/fixture/.tmp/localDiskDb/group.db +1 -0
- package/test/fixture/.tmp/localDiskDb/group_images__image_group.db +1 -0
- package/test/fixture/.tmp/localDiskDb/image.db +1 -0
- package/test/fixture/.tmp/localDiskDb/maintenance.db +1 -0
- package/test/fixture/.tmp/localDiskDb/order.db +1 -0
- package/test/fixture/.tmp/localDiskDb/orderdish.db +1 -0
- package/test/fixture/.tmp/localDiskDb/paymentdocument.db +1 -0
- package/test/fixture/.tmp/localDiskDb/paymentmethod.db +2 -0
- package/test/fixture/.tmp/localDiskDb/place.db +1 -0
- package/test/fixture/.tmp/localDiskDb/settings.db +2 -0
- package/test/fixture/.tmp/localDiskDb/street.db +1 -0
- package/test/{fixtures/v0.12-app → fixture}/api/controllers/.gitkeep +0 -0
- package/test/{fixtures/v0.12-app → fixture}/api/models/.gitkeep +0 -0
- package/test/{fixtures/v0.12-app → fixture}/api/services/.gitkeep +0 -0
- package/test/{fixtures/v0.12-app/app.js → fixture/app-export.js} +73 -73
- package/test/fixture/app.js +56 -0
- package/test/fixture/config/adminpanel.js +3 -0
- package/test/fixture/config/connections.js +9 -0
- package/test/fixture/config/env/development.js +10 -0
- package/test/{fixtures/v0.12-app → fixture}/config/env/production.js +16 -16
- package/test/fixture/config/globals.js +16 -0
- package/test/{fixtures/v0.12-app → fixture}/config/hookTimeout.js +8 -8
- package/test/{fixtures/v0.12-app → fixture}/config/http.js +93 -93
- package/test/{fixtures/v0.12-app → fixture}/config/i18n.js +57 -57
- package/test/{fixtures/v0.12-app → fixture}/config/log.js +29 -29
- package/test/fixture/config/models.js +9 -0
- package/test/fixture/config/modulemanager.js +22 -0
- package/test/{fixtures/v0.12-app → fixture}/config/policies.js +51 -51
- package/test/{fixtures/v0.12-app → fixture}/config/routes.js +49 -49
- package/test/{fixtures/v0.12-app → fixture}/config/session.js +100 -100
- package/test/{fixtures/v0.12-app → fixture}/config/sockets.js +141 -141
- package/test/{fixtures/v0.12-app → fixture}/config/views.js +94 -94
- package/test/fixture/package-lock.json +9805 -0
- package/test/fixture/package.json +30 -0
- package/test/{fixtures/v0.12-app → fixture}/views/403.ejs +68 -68
- package/test/{fixtures/v0.12-app → fixture}/views/404.ejs +68 -68
- package/test/{fixtures/v0.12-app → fixture}/views/500.ejs +73 -73
- package/test/{fixtures/v0.12-app → fixture}/views/homepage.ejs +74 -74
- package/test/{fixtures/v0.12-app → fixture}/views/layout.ejs +91 -91
- package/test/unit/first.test.js +6 -8
- package/test/unit/first.test.ts +11 -0
- package/test/unit/sails_not_crash.test.ts +3 -0
- package/test.zip +0 -0
- package/test/fixtures/v0.12-app/.gitignore +0 -11
- package/test/fixtures/v0.12-app/.sailsrc +0 -11
- package/test/fixtures/v0.12-app/api/models/TestModel.js +0 -22
- package/test/fixtures/v0.12-app/api/responses/badRequest.js +0 -76
- package/test/fixtures/v0.12-app/api/responses/created.js +0 -60
- package/test/fixtures/v0.12-app/api/responses/forbidden.js +0 -89
- package/test/fixtures/v0.12-app/api/responses/notFound.js +0 -94
- package/test/fixtures/v0.12-app/api/responses/ok.js +0 -60
- package/test/fixtures/v0.12-app/api/responses/serverError.js +0 -89
- package/test/fixtures/v0.12-app/config/bootstrap.js +0 -6
- package/test/fixtures/v0.12-app/config/connections.js +0 -5
- package/test/fixtures/v0.12-app/config/cors.js +0 -78
- package/test/fixtures/v0.12-app/config/csrf.js +0 -64
- package/test/fixtures/v0.12-app/config/env/development.js +0 -10
- package/test/fixtures/v0.12-app/config/globals.js +0 -63
- package/test/fixtures/v0.12-app/config/models.js +0 -3
- package/test/fixtures/v0.12-app/config/restoapi.js +0 -3
- package/test/fixtures/v0.12-app/config/restocore.js +0 -39
- package/test/fixtures/v0.12-app/config/stateflow.js +0 -4
- package/test/fixtures/v0.12-app/package.json +0 -34
@@ -1,89 +0,0 @@
|
|
1
|
-
/**
|
2
|
-
* 403 (Forbidden) Handler
|
3
|
-
*
|
4
|
-
* Usage:
|
5
|
-
* return res.forbidden();
|
6
|
-
* return res.forbidden(err);
|
7
|
-
* return res.forbidden(err, 'some/specific/forbidden/view');
|
8
|
-
*
|
9
|
-
* e.g.:
|
10
|
-
* ```
|
11
|
-
* return res.forbidden('Access denied.');
|
12
|
-
* ```
|
13
|
-
*/
|
14
|
-
|
15
|
-
module.exports = function forbidden (data, options) {
|
16
|
-
|
17
|
-
// Get access to `req`, `res`, & `sails`
|
18
|
-
var req = this.req;
|
19
|
-
var res = this.res;
|
20
|
-
var sails = req._sails;
|
21
|
-
|
22
|
-
// Set status code
|
23
|
-
res.status(403);
|
24
|
-
|
25
|
-
// Log error to console
|
26
|
-
if (data !== undefined) {
|
27
|
-
sails.log.verbose('Sending 403 ("Forbidden") response: \n',data);
|
28
|
-
}
|
29
|
-
else sails.log.verbose('Sending 403 ("Forbidden") response');
|
30
|
-
|
31
|
-
// Only include errors in response if application environment
|
32
|
-
// is not set to 'production'. In production, we shouldn't
|
33
|
-
// send back any identifying information about errors.
|
34
|
-
if (sails.config.environment === 'production' && sails.config.keepResponseErrors !== true) {
|
35
|
-
data = undefined;
|
36
|
-
}
|
37
|
-
|
38
|
-
// If the user-agent wants JSON, always respond with JSON
|
39
|
-
// If views are disabled, revert to json
|
40
|
-
if (req.wantsJSON || sails.config.hooks.views === false) {
|
41
|
-
return res.jsonx(data);
|
42
|
-
}
|
43
|
-
|
44
|
-
// If second argument is a string, we take that to mean it refers to a view.
|
45
|
-
// If it was omitted, use an empty object (`{}`)
|
46
|
-
options = (typeof options === 'string') ? { view: options } : options || {};
|
47
|
-
|
48
|
-
// Attempt to prettify data for views, if it's a non-error object
|
49
|
-
var viewData = data;
|
50
|
-
if (!(viewData instanceof Error) && 'object' == typeof viewData) {
|
51
|
-
try {
|
52
|
-
viewData = require('util').inspect(data, {depth: null});
|
53
|
-
}
|
54
|
-
catch(e) {
|
55
|
-
viewData = undefined;
|
56
|
-
}
|
57
|
-
}
|
58
|
-
|
59
|
-
// If a view was provided in options, serve it.
|
60
|
-
// Otherwise try to guess an appropriate view, or if that doesn't
|
61
|
-
// work, just send JSON.
|
62
|
-
if (options.view) {
|
63
|
-
return res.view(options.view, { data: viewData, title: 'Forbidden' });
|
64
|
-
}
|
65
|
-
|
66
|
-
// If no second argument provided, try to serve the default view,
|
67
|
-
// but fall back to sending JSON(P) if any errors occur.
|
68
|
-
else return res.view('403', { data: viewData, title: 'Forbidden' }, function (err, html) {
|
69
|
-
|
70
|
-
// If a view error occured, fall back to JSON(P).
|
71
|
-
if (err) {
|
72
|
-
//
|
73
|
-
// Additionally:
|
74
|
-
// • If the view was missing, ignore the error but provide a verbose log.
|
75
|
-
if (err.code === 'E_VIEW_FAILED') {
|
76
|
-
sails.log.verbose('res.forbidden() :: Could not locate view for error page (sending JSON instead). Details: ',err);
|
77
|
-
}
|
78
|
-
// Otherwise, if this was a more serious error, log to the console with the details.
|
79
|
-
else {
|
80
|
-
sails.log.warn('res.forbidden() :: When attempting to render error page view, an error occured (sending JSON instead). Details: ', err);
|
81
|
-
}
|
82
|
-
return res.jsonx(data);
|
83
|
-
}
|
84
|
-
|
85
|
-
return res.send(html);
|
86
|
-
});
|
87
|
-
|
88
|
-
};
|
89
|
-
|
@@ -1,94 +0,0 @@
|
|
1
|
-
/**
|
2
|
-
* 404 (Not Found) Handler
|
3
|
-
*
|
4
|
-
* Usage:
|
5
|
-
* return res.notFound();
|
6
|
-
* return res.notFound(err);
|
7
|
-
* return res.notFound(err, 'some/specific/notfound/view');
|
8
|
-
*
|
9
|
-
* e.g.:
|
10
|
-
* ```
|
11
|
-
* return res.notFound();
|
12
|
-
* ```
|
13
|
-
*
|
14
|
-
* NOTE:
|
15
|
-
* If a request doesn't match any explicit routes (i.e. `config/routes.js`)
|
16
|
-
* or route blueprints (i.e. "shadow routes", Sails will call `res.notFound()`
|
17
|
-
* automatically.
|
18
|
-
*/
|
19
|
-
|
20
|
-
module.exports = function notFound (data, options) {
|
21
|
-
|
22
|
-
// Get access to `req`, `res`, & `sails`
|
23
|
-
var req = this.req;
|
24
|
-
var res = this.res;
|
25
|
-
var sails = req._sails;
|
26
|
-
|
27
|
-
// Set status code
|
28
|
-
res.status(404);
|
29
|
-
|
30
|
-
// Log error to console
|
31
|
-
if (data !== undefined) {
|
32
|
-
sails.log.verbose('Sending 404 ("Not Found") response: \n',data);
|
33
|
-
}
|
34
|
-
else sails.log.verbose('Sending 404 ("Not Found") response');
|
35
|
-
|
36
|
-
// Only include errors in response if application environment
|
37
|
-
// is not set to 'production'. In production, we shouldn't
|
38
|
-
// send back any identifying information about errors.
|
39
|
-
if (sails.config.environment === 'production' && sails.config.keepResponseErrors !== true) {
|
40
|
-
data = undefined;
|
41
|
-
}
|
42
|
-
|
43
|
-
// If the user-agent wants JSON, always respond with JSON
|
44
|
-
// If views are disabled, revert to json
|
45
|
-
if (req.wantsJSON || sails.config.hooks.views === false) {
|
46
|
-
return res.jsonx(data);
|
47
|
-
}
|
48
|
-
|
49
|
-
// If second argument is a string, we take that to mean it refers to a view.
|
50
|
-
// If it was omitted, use an empty object (`{}`)
|
51
|
-
options = (typeof options === 'string') ? { view: options } : options || {};
|
52
|
-
|
53
|
-
// Attempt to prettify data for views, if it's a non-error object
|
54
|
-
var viewData = data;
|
55
|
-
if (!(viewData instanceof Error) && 'object' == typeof viewData) {
|
56
|
-
try {
|
57
|
-
viewData = require('util').inspect(data, {depth: null});
|
58
|
-
}
|
59
|
-
catch(e) {
|
60
|
-
viewData = undefined;
|
61
|
-
}
|
62
|
-
}
|
63
|
-
|
64
|
-
// If a view was provided in options, serve it.
|
65
|
-
// Otherwise try to guess an appropriate view, or if that doesn't
|
66
|
-
// work, just send JSON.
|
67
|
-
if (options.view) {
|
68
|
-
return res.view(options.view, { data: viewData, title: 'Not Found' });
|
69
|
-
}
|
70
|
-
|
71
|
-
// If no second argument provided, try to serve the default view,
|
72
|
-
// but fall back to sending JSON(P) if any errors occur.
|
73
|
-
else return res.view('404', { data: viewData, title: 'Not Found' }, function (err, html) {
|
74
|
-
|
75
|
-
// If a view error occured, fall back to JSON(P).
|
76
|
-
if (err) {
|
77
|
-
//
|
78
|
-
// Additionally:
|
79
|
-
// • If the view was missing, ignore the error but provide a verbose log.
|
80
|
-
if (err.code === 'E_VIEW_FAILED') {
|
81
|
-
sails.log.verbose('res.notFound() :: Could not locate view for error page (sending JSON instead). Details: ',err);
|
82
|
-
}
|
83
|
-
// Otherwise, if this was a more serious error, log to the console with the details.
|
84
|
-
else {
|
85
|
-
sails.log.warn('res.notFound() :: When attempting to render error page view, an error occured (sending JSON instead). Details: ', err);
|
86
|
-
}
|
87
|
-
return res.jsonx(data);
|
88
|
-
}
|
89
|
-
|
90
|
-
return res.send(html);
|
91
|
-
});
|
92
|
-
|
93
|
-
};
|
94
|
-
|
@@ -1,60 +0,0 @@
|
|
1
|
-
/**
|
2
|
-
* 200 (OK) Response
|
3
|
-
*
|
4
|
-
* Usage:
|
5
|
-
* return res.ok();
|
6
|
-
* return res.ok(data);
|
7
|
-
* return res.ok(data, 'auth/login');
|
8
|
-
*
|
9
|
-
* @param {Object} data
|
10
|
-
* @param {String|Object} options
|
11
|
-
* - pass string to render specified view
|
12
|
-
*/
|
13
|
-
|
14
|
-
module.exports = function sendOK (data, options) {
|
15
|
-
|
16
|
-
// Get access to `req`, `res`, & `sails`
|
17
|
-
var req = this.req;
|
18
|
-
var res = this.res;
|
19
|
-
var sails = req._sails;
|
20
|
-
|
21
|
-
sails.log.silly('res.ok() :: Sending 200 ("OK") response');
|
22
|
-
|
23
|
-
// Set status code
|
24
|
-
res.status(200);
|
25
|
-
|
26
|
-
// If appropriate, serve data as JSON(P)
|
27
|
-
// If views are disabled, revert to json
|
28
|
-
if (req.wantsJSON || sails.config.hooks.views === false) {
|
29
|
-
return res.jsonx(data);
|
30
|
-
}
|
31
|
-
|
32
|
-
// If second argument is a string, we take that to mean it refers to a view.
|
33
|
-
// If it was omitted, use an empty object (`{}`)
|
34
|
-
options = (typeof options === 'string') ? { view: options } : options || {};
|
35
|
-
|
36
|
-
// Attempt to prettify data for views, if it's a non-error object
|
37
|
-
var viewData = data;
|
38
|
-
if (!(viewData instanceof Error) && 'object' == typeof viewData) {
|
39
|
-
try {
|
40
|
-
viewData = require('util').inspect(data, {depth: null});
|
41
|
-
}
|
42
|
-
catch(e) {
|
43
|
-
viewData = undefined;
|
44
|
-
}
|
45
|
-
}
|
46
|
-
|
47
|
-
// If a view was provided in options, serve it.
|
48
|
-
// Otherwise try to guess an appropriate view, or if that doesn't
|
49
|
-
// work, just send JSON.
|
50
|
-
if (options.view) {
|
51
|
-
return res.view(options.view, { data: viewData, title: 'OK' });
|
52
|
-
}
|
53
|
-
|
54
|
-
// If no second argument provided, try to serve the implied view,
|
55
|
-
// but fall back to sending JSON(P) if no view can be inferred.
|
56
|
-
else return res.guessView({ data: viewData, title: 'OK' }, function couldNotGuessView () {
|
57
|
-
return res.jsonx(data);
|
58
|
-
});
|
59
|
-
|
60
|
-
};
|
@@ -1,89 +0,0 @@
|
|
1
|
-
/**
|
2
|
-
* 500 (Server Error) Response
|
3
|
-
*
|
4
|
-
* Usage:
|
5
|
-
* return res.serverError();
|
6
|
-
* return res.serverError(err);
|
7
|
-
* return res.serverError(err, 'some/specific/error/view');
|
8
|
-
*
|
9
|
-
* NOTE:
|
10
|
-
* If something throws in a policy or controller, or an internal
|
11
|
-
* error is encountered, Sails will call `res.serverError()`
|
12
|
-
* automatically.
|
13
|
-
*/
|
14
|
-
|
15
|
-
module.exports = function serverError (data, options) {
|
16
|
-
|
17
|
-
// Get access to `req`, `res`, & `sails`
|
18
|
-
var req = this.req;
|
19
|
-
var res = this.res;
|
20
|
-
var sails = req._sails;
|
21
|
-
|
22
|
-
// Set status code
|
23
|
-
res.status(500);
|
24
|
-
|
25
|
-
// Log error to console
|
26
|
-
if (data !== undefined) {
|
27
|
-
sails.log.error('Sending 500 ("Server Error") response: \n',data);
|
28
|
-
}
|
29
|
-
else sails.log.error('Sending empty 500 ("Server Error") response');
|
30
|
-
|
31
|
-
// Only include errors in response if application environment
|
32
|
-
// is not set to 'production'. In production, we shouldn't
|
33
|
-
// send back any identifying information about errors.
|
34
|
-
if (sails.config.environment === 'production' && sails.config.keepResponseErrors !== true) {
|
35
|
-
data = undefined;
|
36
|
-
}
|
37
|
-
|
38
|
-
// If the user-agent wants JSON, always respond with JSON
|
39
|
-
// If views are disabled, revert to json
|
40
|
-
if (req.wantsJSON || sails.config.hooks.views === false) {
|
41
|
-
return res.jsonx(data);
|
42
|
-
}
|
43
|
-
|
44
|
-
// If second argument is a string, we take that to mean it refers to a view.
|
45
|
-
// If it was omitted, use an empty object (`{}`)
|
46
|
-
options = (typeof options === 'string') ? { view: options } : options || {};
|
47
|
-
|
48
|
-
// Attempt to prettify data for views, if it's a non-error object
|
49
|
-
var viewData = data;
|
50
|
-
if (!(viewData instanceof Error) && 'object' == typeof viewData) {
|
51
|
-
try {
|
52
|
-
viewData = require('util').inspect(data, {depth: null});
|
53
|
-
}
|
54
|
-
catch(e) {
|
55
|
-
viewData = undefined;
|
56
|
-
}
|
57
|
-
}
|
58
|
-
|
59
|
-
// If a view was provided in options, serve it.
|
60
|
-
// Otherwise try to guess an appropriate view, or if that doesn't
|
61
|
-
// work, just send JSON.
|
62
|
-
if (options.view) {
|
63
|
-
return res.view(options.view, { data: viewData, title: 'Server Error' });
|
64
|
-
}
|
65
|
-
|
66
|
-
// If no second argument provided, try to serve the default view,
|
67
|
-
// but fall back to sending JSON(P) if any errors occur.
|
68
|
-
else return res.view('500', { data: viewData, title: 'Server Error' }, function (err, html) {
|
69
|
-
|
70
|
-
// If a view error occured, fall back to JSON(P).
|
71
|
-
if (err) {
|
72
|
-
//
|
73
|
-
// Additionally:
|
74
|
-
// • If the view was missing, ignore the error but provide a verbose log.
|
75
|
-
if (err.code === 'E_VIEW_FAILED') {
|
76
|
-
sails.log.verbose('res.serverError() :: Could not locate view for error page (sending JSON instead). Details: ',err);
|
77
|
-
}
|
78
|
-
// Otherwise, if this was a more serious error, log to the console with the details.
|
79
|
-
else {
|
80
|
-
sails.log.warn('res.serverError() :: When attempting to render error page view, an error occured (sending JSON instead). Details: ', err);
|
81
|
-
}
|
82
|
-
return res.jsonx(data);
|
83
|
-
}
|
84
|
-
|
85
|
-
return res.send(html);
|
86
|
-
});
|
87
|
-
|
88
|
-
};
|
89
|
-
|
@@ -1,78 +0,0 @@
|
|
1
|
-
/**
|
2
|
-
* Cross-Origin Resource Sharing (CORS) Settings
|
3
|
-
* (sails.config.cors)
|
4
|
-
*
|
5
|
-
* CORS is like a more modern version of JSONP-- it allows your server/API
|
6
|
-
* to successfully respond to requests from client-side JavaScript code
|
7
|
-
* running on some other domain (e.g. google.com)
|
8
|
-
* Unlike JSONP, it works with POST, PUT, and DELETE requests
|
9
|
-
*
|
10
|
-
* For more information on CORS, check out:
|
11
|
-
* http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
|
12
|
-
*
|
13
|
-
* Note that any of these settings (besides 'allRoutes') can be changed on a per-route basis
|
14
|
-
* by adding a "cors" object to the route configuration:
|
15
|
-
*
|
16
|
-
* '/get foo': {
|
17
|
-
* controller: 'foo',
|
18
|
-
* action: 'bar',
|
19
|
-
* cors: {
|
20
|
-
* origin: 'http://foobar.com,https://owlhoot.com'
|
21
|
-
* }
|
22
|
-
* }
|
23
|
-
*
|
24
|
-
* For more information on this configuration file, see:
|
25
|
-
* http://sailsjs.org/#!/documentation/reference/sails.config/sails.config.cors.html
|
26
|
-
*
|
27
|
-
*/
|
28
|
-
|
29
|
-
module.exports.cors = {
|
30
|
-
|
31
|
-
/***************************************************************************
|
32
|
-
* *
|
33
|
-
* Allow CORS on all routes by default? If not, you must enable CORS on a *
|
34
|
-
* per-route basis by either adding a "cors" configuration object to the *
|
35
|
-
* route config, or setting "cors:true" in the route config to use the *
|
36
|
-
* default settings below. *
|
37
|
-
* *
|
38
|
-
***************************************************************************/
|
39
|
-
|
40
|
-
// allRoutes: false,
|
41
|
-
|
42
|
-
/***************************************************************************
|
43
|
-
* *
|
44
|
-
* Which domains which are allowed CORS access? This can be a *
|
45
|
-
* comma-delimited list of hosts (beginning with http:// or https://) or *
|
46
|
-
* "*" to allow all domains CORS access. *
|
47
|
-
* *
|
48
|
-
***************************************************************************/
|
49
|
-
|
50
|
-
// origin: '*',
|
51
|
-
|
52
|
-
/***************************************************************************
|
53
|
-
* *
|
54
|
-
* Allow cookies to be shared for CORS requests? *
|
55
|
-
* *
|
56
|
-
***************************************************************************/
|
57
|
-
|
58
|
-
// credentials: true,
|
59
|
-
|
60
|
-
/***************************************************************************
|
61
|
-
* *
|
62
|
-
* Which methods should be allowed for CORS requests? This is only used in *
|
63
|
-
* response to preflight requests (see article linked above for more info) *
|
64
|
-
* *
|
65
|
-
***************************************************************************/
|
66
|
-
|
67
|
-
// methods: 'GET, POST, PUT, DELETE, OPTIONS, HEAD',
|
68
|
-
|
69
|
-
/***************************************************************************
|
70
|
-
* *
|
71
|
-
* Which headers should be allowed for CORS requests? This is only used in *
|
72
|
-
* response to preflight requests. *
|
73
|
-
* *
|
74
|
-
***************************************************************************/
|
75
|
-
|
76
|
-
// headers: 'content-type'
|
77
|
-
|
78
|
-
};
|
@@ -1,64 +0,0 @@
|
|
1
|
-
/**
|
2
|
-
* Cross-Site Request Forgery Protection Settings
|
3
|
-
* (sails.config.csrf)
|
4
|
-
*
|
5
|
-
* CSRF tokens are like a tracking chip. While a session tells the server that a user
|
6
|
-
* "is who they say they are", a csrf token tells the server "you are where you say you are".
|
7
|
-
*
|
8
|
-
* When enabled, all non-GET requests to the Sails server must be accompanied by
|
9
|
-
* a special token, identified as the '_csrf' parameter.
|
10
|
-
*
|
11
|
-
* This option protects your Sails app against cross-site request forgery (or CSRF) attacks.
|
12
|
-
* A would-be attacker needs not only a user's session cookie, but also this timestamped,
|
13
|
-
* secret CSRF token, which is refreshed/granted when the user visits a URL on your app's domain.
|
14
|
-
*
|
15
|
-
* This allows us to have certainty that our users' requests haven't been hijacked,
|
16
|
-
* and that the requests they're making are intentional and legitimate.
|
17
|
-
*
|
18
|
-
* This token has a short-lived expiration timeline, and must be acquired by either:
|
19
|
-
*
|
20
|
-
* (a) For traditional view-driven web apps:
|
21
|
-
* Fetching it from one of your views, where it may be accessed as
|
22
|
-
* a local variable, e.g.:
|
23
|
-
* <form>
|
24
|
-
* <input type="hidden" name="_csrf" value="<%= _csrf %>" />
|
25
|
-
* </form>
|
26
|
-
*
|
27
|
-
* or (b) For AJAX/Socket-heavy and/or single-page apps:
|
28
|
-
* Sending a GET request to the `/csrfToken` route, where it will be returned
|
29
|
-
* as JSON, e.g.:
|
30
|
-
* { _csrf: 'ajg4JD(JGdajhLJALHDa' }
|
31
|
-
*
|
32
|
-
*
|
33
|
-
* Enabling this option requires managing the token in your front-end app.
|
34
|
-
* For traditional web apps, it's as easy as passing the data from a view into a form action.
|
35
|
-
* In AJAX/Socket-heavy apps, just send a GET request to the /csrfToken route to get a valid token.
|
36
|
-
*
|
37
|
-
* For more information on CSRF, check out:
|
38
|
-
* http://en.wikipedia.org/wiki/Cross-site_request_forgery
|
39
|
-
*
|
40
|
-
* For more information on this configuration file, including info on CSRF + CORS, see:
|
41
|
-
* http://sailsjs.org/#!/documentation/reference/sails.config/sails.config.csrf.html
|
42
|
-
*
|
43
|
-
*/
|
44
|
-
|
45
|
-
/****************************************************************************
|
46
|
-
* *
|
47
|
-
* Enabled CSRF protection for your site? *
|
48
|
-
* *
|
49
|
-
****************************************************************************/
|
50
|
-
|
51
|
-
// module.exports.csrf = false;
|
52
|
-
|
53
|
-
/****************************************************************************
|
54
|
-
* *
|
55
|
-
* You may also specify more fine-grained settings for CSRF, including the *
|
56
|
-
* domains which are allowed to request the CSRF token via AJAX. These *
|
57
|
-
* settings override the general CORS settings in your config/cors.js file. *
|
58
|
-
* *
|
59
|
-
****************************************************************************/
|
60
|
-
|
61
|
-
// module.exports.csrf = {
|
62
|
-
// grantTokenViaAjax: true,
|
63
|
-
// origin: ''
|
64
|
-
// }
|
@@ -1,63 +0,0 @@
|
|
1
|
-
/**
|
2
|
-
* Global Variable Configuration
|
3
|
-
* (sails.config.globals)
|
4
|
-
*
|
5
|
-
* Configure which global variables which will be exposed
|
6
|
-
* automatically by Sails.
|
7
|
-
*
|
8
|
-
* For more information on configuration, check out:
|
9
|
-
* http://sailsjs.org/#!/documentation/reference/sails.config/sails.config.globals.html
|
10
|
-
*/
|
11
|
-
module.exports.globals = {
|
12
|
-
|
13
|
-
/****************************************************************************
|
14
|
-
* *
|
15
|
-
* Expose the lodash installed in Sails core as a global variable. If this *
|
16
|
-
* is disabled, like any other node module you can always run npm install *
|
17
|
-
* lodash --save, then var _ = require('lodash') at the top of any file. *
|
18
|
-
* *
|
19
|
-
****************************************************************************/
|
20
|
-
|
21
|
-
// _: true,
|
22
|
-
|
23
|
-
/****************************************************************************
|
24
|
-
* *
|
25
|
-
* Expose the async installed in Sails core as a global variable. If this is *
|
26
|
-
* disabled, like any other node module you can always run npm install async *
|
27
|
-
* --save, then var async = require('async') at the top of any file. *
|
28
|
-
* *
|
29
|
-
****************************************************************************/
|
30
|
-
|
31
|
-
// async: true,
|
32
|
-
|
33
|
-
/****************************************************************************
|
34
|
-
* *
|
35
|
-
* Expose the sails instance representing your app. If this is disabled, you *
|
36
|
-
* can still get access via req._sails. *
|
37
|
-
* *
|
38
|
-
****************************************************************************/
|
39
|
-
|
40
|
-
// sails: true,
|
41
|
-
|
42
|
-
/****************************************************************************
|
43
|
-
* *
|
44
|
-
* Expose each of your app's services as global variables (using their *
|
45
|
-
* "globalId"). E.g. a service defined in api/models/NaturalLanguage.js *
|
46
|
-
* would have a globalId of NaturalLanguage by default. If this is disabled, *
|
47
|
-
* you can still access your services via sails.services.* *
|
48
|
-
* *
|
49
|
-
****************************************************************************/
|
50
|
-
|
51
|
-
// services: true,
|
52
|
-
|
53
|
-
/****************************************************************************
|
54
|
-
* *
|
55
|
-
* Expose each of your app's models as global variables (using their *
|
56
|
-
* "globalId"). E.g. a model defined in api/models/User.js would have a *
|
57
|
-
* globalId of User by default. If this is disabled, you can still access *
|
58
|
-
* your models via sails.models.*. *
|
59
|
-
* *
|
60
|
-
****************************************************************************/
|
61
|
-
|
62
|
-
models: true
|
63
|
-
};
|
@@ -1,39 +0,0 @@
|
|
1
|
-
module.exports.restocore = {
|
2
|
-
project: "Test",
|
3
|
-
project_slug: "test",
|
4
|
-
timeSyncBalance: 30, // seconds
|
5
|
-
timeSyncMenu: 5 * 60 , // seconds
|
6
|
-
timeSyncStreets: 12, // hours
|
7
|
-
images: {
|
8
|
-
adapter: 'imagemagick-local',
|
9
|
-
dish: {
|
10
|
-
format: 'png',
|
11
|
-
path: '/images',
|
12
|
-
resize: {
|
13
|
-
small: {
|
14
|
-
width: 200,
|
15
|
-
height: 200
|
16
|
-
},
|
17
|
-
large: {
|
18
|
-
width: 600
|
19
|
-
}
|
20
|
-
}
|
21
|
-
},
|
22
|
-
group: {
|
23
|
-
format: 'png',
|
24
|
-
path: '/imagesG',
|
25
|
-
}
|
26
|
-
},
|
27
|
-
development: true,
|
28
|
-
masterKey: 'test',
|
29
|
-
city: 'Xlan',
|
30
|
-
defaultName: "name",
|
31
|
-
defaultNumber: "77777777777",
|
32
|
-
timezone: 'Asia/Yekaterinburg',
|
33
|
-
timeSyncMap: 15 * 60, //seconds
|
34
|
-
checkType: 'native', //'rms',
|
35
|
-
groupShift: '',
|
36
|
-
rmsAdapter: '',
|
37
|
-
prefix: '/api/0.5/'
|
38
|
-
|
39
|
-
};
|
@@ -1,34 +0,0 @@
|
|
1
|
-
{
|
2
|
-
"name": "app",
|
3
|
-
"private": true,
|
4
|
-
"version": "0.0.0",
|
5
|
-
"description": "a Sails application",
|
6
|
-
"keywords": [],
|
7
|
-
"dependencies": {
|
8
|
-
"@webresto/core": "git+https://github.com/webresto/core.git#staging",
|
9
|
-
"@webresto/graphql": "file:../../..",
|
10
|
-
"ejs": "^2.3.4",
|
11
|
-
"include-all": "^1.0.8",
|
12
|
-
"jade": "^1.11.0",
|
13
|
-
"rc": "^1.0.1",
|
14
|
-
"request": "^2.88.2",
|
15
|
-
"request-promise": "^4.2.4",
|
16
|
-
"sails": "^0.12.14",
|
17
|
-
"sails-hook-orm": "^1.0.9",
|
18
|
-
"sails-hook-slugs": "^2.1.0",
|
19
|
-
"sails-hook-stateflow": "git+https://github.com/pub42/sails-hook-stateflow.git",
|
20
|
-
"sails-memory": "^0.10.7",
|
21
|
-
"sails-postgresql": "^0.12.2"
|
22
|
-
},
|
23
|
-
"scripts": {
|
24
|
-
"debug": "node debug app.js",
|
25
|
-
"start": "node app.js"
|
26
|
-
},
|
27
|
-
"main": "app.js",
|
28
|
-
"repository": {
|
29
|
-
"type": "git",
|
30
|
-
"url": "git://github.com/webresto/app.git"
|
31
|
-
},
|
32
|
-
"author": "webresto",
|
33
|
-
"license": ""
|
34
|
-
}
|