hof 20.0.0-beta.1 → 20.0.0-beta.10

package/middleware/rate-limiter.js

@@ -0,0 +1,98 @@
+
+const moment = require('moment');
+const redis = require('redis');
+const config = require('./../config/hof-defaults');
+
+module.exports = (options, rateLimitType) => {
+  // eslint-disable-next-line no-console
+  const logger = options.logger || { log: (func, msg) => console[func](msg) };
+  const rateLimits = options.rateLimits[rateLimitType];
+  const timestampName = `${rateLimitType}TimeStamp`;
+  const countName = `${rateLimitType}Count`;
+
+  const WINDOW_SIZE_IN_MINUTES = rateLimits.windowSizeInMinutes;
+  const MAX_WINDOW_REQUEST_COUNT = rateLimits.maxWindowRequestCount;
+  const WINDOW_LOG_INTERVAL_IN_MINUTES = rateLimits.windowLogIntervalInMinutes;
+  const ERROR_CODE = rateLimits.errCode;
+
+  return async (req, res, next) => {
+    const redisClient = redis.createClient(config.redis);
+
+    // check that redis client exists
+    if (!redisClient) {
+      logger.log('error', 'Redis client does not exist!');
+      return next();
+    }
+
+    const closeConnection = async err => {
+      await redisClient.quit();
+      return next(err);
+    };
+
+    try {
+      // fetch records of current user using IP address, returns null when no record is found
+      return await redisClient.get(req.ip, async (err, record) => {
+        if (err) {
+          logger.log('error', `Error with requesting redis session for rate limiting: ${err}`);
+          return await closeConnection();
+        }
+        const currentRequestTime = moment();
+        const windowStartTimestamp = moment().subtract(WINDOW_SIZE_IN_MINUTES, 'minutes').unix();
+        let oldRecord = false;
+        let data;
+        //  if no record is found , create a new record for user and store to redis
+        if (record) {
+          data = JSON.parse(record);
+          oldRecord = data[data.length - 1][timestampName] < windowStartTimestamp;
+        }
+
+        if (!record || oldRecord) {
+          const newRecord = [];
+          const requestLog = {
+            [timestampName]: currentRequestTime.unix(),
+            [countName]: 1
+          };
+          newRecord.push(requestLog);
+          await redisClient.set(req.ip, JSON.stringify(newRecord));
+          return await closeConnection();
+        }
+        // if record is found, parse it's value and calculate number of requests users has made within the last window
+        const requestsWithinWindow = data.filter(entry => entry[timestampName] > windowStartTimestamp);
+
+        const totalWindowRequestsCount = requestsWithinWindow.reduce((accumulator, entry) => {
+          return accumulator + entry[countName];
+        }, 0);
+
+        if (!options.rateLimits.env || options.rateLimits.env === 'development') {
+          const requestsRemaining = MAX_WINDOW_REQUEST_COUNT - totalWindowRequestsCount;
+          const msg = `Requests made by client: ${totalWindowRequestsCount}\nRequests remaining: ${requestsRemaining}`;
+          logger.log('info', msg);
+        }
+        // if number of requests made is greater than or equal to the desired maximum, return error
+        if (totalWindowRequestsCount >= MAX_WINDOW_REQUEST_COUNT) {
+          return await closeConnection({ code: ERROR_CODE });
+        }
+        // if number of requests made is less than allowed maximum, log new entry
+        const lastRequestLog = data[data.length - 1];
+        const potentialCurrentWindowIntervalStartTimeStamp = currentRequestTime
+          .subtract(WINDOW_LOG_INTERVAL_IN_MINUTES, 'minutes')
+          .unix();
+        //  if interval has not passed since last request log, increment counter
+        if (lastRequestLog[timestampName] > potentialCurrentWindowIntervalStartTimeStamp) {
+          lastRequestLog[countName]++;
+          data[data.length - 1] = lastRequestLog;
+        } else {
+          //  if interval has passed, log new entry for current user and timestamp
+          data.push({
+            [timestampName]: currentRequestTime.unix(),
+            [countName]: 1
+          });
+        }
+        await redisClient.set(req.ip, JSON.stringify(data));
+        return await closeConnection();
+      });
+    } catch (err) {
+      return await closeConnection(err);
+    }
+  };
+};

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "hof",
   "description": "A bootstrap for HOF projects",
-  "version": "20.0.0-beta.1",
+  "version": "20.0.0-beta.10",
   "license": "MIT",
   "main": "index.js",
   "author": "HomeOffice",
@@ -70,10 +70,9 @@
     "lodash": "^4.17.21",
     "markdown-it": "^12.3.2",
     "minimatch": "^3.0.3",
-    "minimist": "^1.2.0",
+    "minimist": "^1.2.6",
     "mixwith": "^0.1.1",
-    "mkdirp": "^0.5.1",
-    "moment": "^2.24.0",
+    "moment": "^2.29.2",
     "morgan": "^1.10.0",
     "mustache": "^2.3.0",
     "nodemailer": "^6.6.3",
@@ -88,8 +87,8 @@
     "serve-static": "^1.14.1",
     "uglify-js": "^3.14.3",
     "underscore": "^1.12.1",
-    "urijs": "^1.19.10",
-    "winston": "^3.3.3"
+    "urijs": "^1.19.11",
+    "winston": "^3.7.2"
   },
   "devDependencies": {
     "@cucumber/cucumber": "^7.3.0",

package/sandbox/.env

@@ -1 +1 @@
-GA_TAG=UA-215558609-1
+// GA_TAG=UA-215558609-1

package/sandbox/apps/sandbox/fields.js

@@ -8,19 +8,20 @@ module.exports = {
   'landing-page-radio': {
     mixin: 'radio-group',
     validate: ['required'],
-    legend: {
-      className: 'visuallyhidden'
-    },
+    isPageHeading: true,
+    // Design system says to avoid in-line unless it's two options,
+    // so just added as an example below but by default it isn't
     className: ['govuk-radios--inline'],
     options: ['basic-form', 'complex-form', 'build-your-own-form']
   },
   name: {
     validate: ['required', 'notUrl', { type: 'maxlength', arguments: 200 }],
+    // need to remove this for the heading to go
     labelClassName: ['govuk-label--l'],
-    // noHeading: 'true'
+    isPageHeading: 'true'
   },
   'dateOfBirth': dateComponent('dateOfBirth', {
-    controlType: 'date-input',
+    isPageHeading: 'true',
     validate: [
       'required',
       'date',
@@ -45,6 +46,7 @@ module.exports = {
     formatter: ['removespaces', 'uppercase']
   },
   incomeTypes: {
+    isPageHeading: 'true',
     mixin: 'checkbox-group',
     labelClassName: 'visuallyhidden',
     validate: ['required'],
@@ -57,11 +59,9 @@ module.exports = {
     ]
   },
   countryOfHearing: {
+    isPageHeading: 'true',
     mixin: 'radio-group',
     validate: ['required'],
-    legend: {
-      className: 'visuallyhidden'
-    },
     options: [
       'englandAndWales',
       'scotland',
@@ -69,6 +69,8 @@ module.exports = {
     ]
   },
   email: {
+    isPageHeading: 'true',
+    labelClassName: ['govuk-label--l'],
     validate: ['required', 'email']
   },
   phone: {
@@ -80,6 +82,7 @@ module.exports = {
   },
   countrySelect: {
     mixin: 'select',
+    isPageHeading: 'true',
     className: ['typeahead'],
     options:[''].concat(require('homeoffice-countries').allCountries),
     legend: {
@@ -91,12 +94,13 @@ module.exports = {
     mixin: 'textarea',
     // we want to ignore default formatters as we want
     // to preserve white space
+    isPageHeading: 'true',
     'ignore-defaults': true,
     // apply the other default formatters
     formatter: ['trim', 'hyphens'],
     labelClassName: ['govuk-label--l'],
     // attributes here are passed to the field element
-    validate: ['required', { type: 'maxlength', arguments: 100 }],
+    validate: ['required', { type: 'maxlength', arguments: 10 }],
     attributes: [{
       attribute: 'rows',
       value: 8
@@ -104,6 +108,7 @@ module.exports = {
   },
   appealStages: {
     mixin: 'select',
+    isPageHeading: 'true',
     validate: ['required'],
     options: [{
       value: '',

package/sandbox/apps/sandbox/index.js

@@ -30,11 +30,7 @@ module.exports = {
     },
     '/dob': {
       fields: ['dateOfBirth'],
-      next: '/address',
-      locals: {
-        step: 'dob',
-        labelClassName: 'govuk-input'
-      }
+      next: '/address'
     },
     '/address': {
       fields: ['building', 'street', 'townOrCity', 'postcode'],

package/sandbox/apps/sandbox/translations/en/default.json

@@ -2,6 +2,7 @@
   "fields": {
     "landing-page-radio": {
       "legend": "Which form would you like to explore?",
+      "hint": "Choose one of the options below and press continue.",
       "options": {
         "basic-form": {
           "label": "Basic form"
@@ -56,7 +57,7 @@
       }
     },
     "countryOfHearing": {
-      "label": "Country of hearing",
+      "legend": "What country was the appeal lodged?",
       "options": {
         "englandAndWales": {
           "label": "England and Wales"
@@ -70,7 +71,7 @@
       }
     },
     "email": {
-      "label": "Email address"
+      "label": "Enter your email address"
     },
     "phone": {
       "label": "Phone number",
@@ -103,8 +104,7 @@
   },
   "pages": {
     "landing-page": {
-      "header": "Landing page",
-      "intro": "Choose one of the options below and press continue."
+      "header": "Landing page"
     },
     "build-your-own-form": {
       "title": "Build your own form",
@@ -114,15 +114,6 @@
       "header": "What is your address in the UK?",
       "intro": "If you have no fixed address, enter an address where we can contact you."
     },
-    "checkboxes": {
-      "header": "Where does your money come from each month?"
-    },
-    "radio": {
-      "header": "What country was the appeal lodged?"
-    },
-    "email": {
-      "header": "Enter your email address"
-    },
     "phone-number": {
       "header": "Enter your phone number"
     },

package/sandbox/apps/sandbox/translations/src/en/fields.json

@@ -1,6 +1,7 @@
 {
   "landing-page-radio": {
     "legend": "Which form would you like to explore?",
+    "hint": "Choose one of the options below and press continue.",
     "options": {
       "basic-form": {
         "label": "Basic form"
@@ -55,7 +56,7 @@
     }
   },
   "countryOfHearing": {
-    "label": "Country of hearing",
+    "legend": "What country was the appeal lodged?",
     "options": {
       "englandAndWales": {
         "label": "England and Wales"
@@ -69,7 +70,7 @@
     } 
   },
   "email" : {
-    "label": "Email address"
+    "label": "Enter your email address"
   },
   "phone": {
     "label": "Phone number",

package/sandbox/apps/sandbox/translations/src/en/pages.json

@@ -1,7 +1,6 @@
 {
   "landing-page": {
-    "header": "Landing page",
-    "intro": "Choose one of the options below and press continue."
+    "header": "Landing page"
   },
   "build-your-own-form": {
     "title": "Build your own form",
@@ -11,15 +10,6 @@
     "header": "What is your address in the UK?",
     "intro": "If you have no fixed address, enter an address where we can contact you."
   },
-  "checkboxes": {
-    "header": "Where does your money come from each month?"
-  },
-  "radio": {
-    "header": "What country was the appeal lodged?"
-  },
-  "email": {
-    "header": "Enter your email address"
-  },
   "phone-number": {
     "header": "Enter your phone number"
   },
@@ -55,4 +45,4 @@
     "subheader": "What happens next",
     "content": "We’ll contact you with the decision of your application or if we need more information from you."
   }
-}
+}

package/sandbox/assets/scss/app.scss

@@ -26,58 +26,3 @@
 .twitter-typeahead {
   width: 100%;
 }
-
-// govuk cookie banner styling
-.govuk-banner--success {
-  border-color: #00703c;
-  color: #00703c;
-}
-
-.govuk-banner {
-  border: 5px solid #1d70b8;
-  font-size: 0;
-  margin-bottom: 30px;
-  padding: 10px;
-}
-
-.govuk-banner__icon{
-  display: inline-block;
-}
-
-.govuk-banner__message {
-  font-family: "GDS Transport", Arial, sans-serif;
-  -webkit-font-smoothing: antialiased;
-  font-weight: 400;
-  font-size: 1rem;
-  line-height: 1.25;
-  color: #0b0c0c;
-  display: block;
-  overflow: hidden;
-  display: inline-block;
-  margin-left: 10px;
-}
-
-.govuk-banner__assistive {
-  position: absolute !important;
-  width: 1px !important;
-  height: 1px !important;
-  margin: 0 !important;
-  padding: 0 !important;
-  overflow: hidden !important;
-  clip: rect(0 0 0 0) !important;
-  clip-path: inset(50%) !important;
-  border: 0 !important;
-  white-space: nowrap !important;
-  }
-
-.cookie-table-holder > table > tbody > tr > td:first-child{
-  font-weight:bold;
-}
-
-.js-enabled #global-cookie-message {
-  display: none;
-}
-  
-#cookie-banner {
-  max-width: none;
-}

package/sandbox/public/css/app.css

@@ -2239,7 +2239,6 @@ strong {
 }
 
 #cookie-banner {
-  max-width: 960px;
   margin: 0 15px;
 }
 #cookie-banner p {
@@ -2294,6 +2293,56 @@ strong {
   height: fit-content;
 }
 
+.govuk-banner--success {
+  border-color: #00703c;
+  color: #00703c;
+}
+
+.govuk-banner {
+  border: 5px solid #1d70b8;
+  font-size: 0;
+  margin-bottom: 30px;
+  padding: 10px;
+}
+
+.govuk-banner__icon {
+  display: inline-block;
+}
+
+.govuk-banner__message {
+  font-family: "GDS Transport", Arial, sans-serif;
+  -webkit-font-smoothing: antialiased;
+  font-weight: 400;
+  font-size: 1rem;
+  line-height: 1.25;
+  color: #0b0c0c;
+  display: block;
+  overflow: hidden;
+  display: inline-block;
+  margin-left: 10px;
+}
+
+.govuk-banner__assistive {
+  position: absolute !important;
+  width: 1px !important;
+  height: 1px !important;
+  margin: 0 !important;
+  padding: 0 !important;
+  overflow: hidden !important;
+  clip: rect(0 0 0 0) !important;
+  clip-path: inset(50%) !important;
+  border: 0 !important;
+  white-space: nowrap !important;
+}
+
+.cookie-table-holder > table > tbody > tr > td:first-child {
+  font-weight: bold;
+}
+
+.js-enabled #global-cookie-message {
+  display: none;
+}
+
 #cookie-settings .js-enabled {
   display: none;
 }
@@ -2709,8 +2758,7 @@ fieldset + .reveal {
 
 .alert-number {
   float: left;
-  margin-right: 0.41666667em;
-  /* 20px ÷ 48px font size */
+  margin-right: 0.41666667em; /* 20px ÷ 48px font size */
 }
 
 .alert-message {
@@ -2778,8 +2826,7 @@ fieldset + .reveal {
   -moz-osx-font-smoothing: grayscale;
   text-decoration: underline;
 }
-/*! Copyright (c) 2011 by Margaret Calvert & Henrik Kubel. All rights reserved. The font has been customised for exclusive use on gov.uk. This cut is not commercially available. */
-/* stylelint-disable-line scss/comment-no-loud  */
+/*! Copyright (c) 2011 by Margaret Calvert & Henrik Kubel. All rights reserved. The font has been customised for exclusive use on gov.uk. This cut is not commercially available. */ /* stylelint-disable-line scss/comment-no-loud  */
 @font-face {
   font-family: "GDS Transport";
   font-style: normal;
@@ -6256,7 +6303,6 @@ x:-moz-any-link {
     -webkit-column-count: 2;
     column-count: 2;
   }
-
   .govuk-footer__list--columns-3 {
     -webkit-column-count: 3;
     column-count: 3;
@@ -6688,11 +6734,9 @@ x:-moz-any-link {
     color: #0b0c0c;
     background: transparent;
   }
-
   .govuk-header__logotype-crown-fallback-image {
     display: none;
   }
-
   .govuk-header__link:link, .govuk-header__link:visited {
     color: #0b0c0c;
   }
@@ -9342,58 +9386,4 @@ x:-moz-any-link {
 
 .twitter-typeahead {
   width: 100%;
-}
-
-.govuk-banner--success {
-  border-color: #00703c;
-  color: #00703c;
-}
-
-.govuk-banner {
-  border: 5px solid #1d70b8;
-  font-size: 0;
-  margin-bottom: 30px;
-  padding: 10px;
-}
-
-.govuk-banner__icon {
-  display: inline-block;
-}
-
-.govuk-banner__message {
-  font-family: "GDS Transport", Arial, sans-serif;
-  -webkit-font-smoothing: antialiased;
-  font-weight: 400;
-  font-size: 1rem;
-  line-height: 1.25;
-  color: #0b0c0c;
-  display: block;
-  overflow: hidden;
-  display: inline-block;
-  margin-left: 10px;
-}
-
-.govuk-banner__assistive {
-  position: absolute !important;
-  width: 1px !important;
-  height: 1px !important;
-  margin: 0 !important;
-  padding: 0 !important;
-  overflow: hidden !important;
-  clip: rect(0 0 0 0) !important;
-  clip-path: inset(50%) !important;
-  border: 0 !important;
-  white-space: nowrap !important;
-}
-
-.cookie-table-holder > table > tbody > tr > td:first-child {
-  font-weight: bold;
-}
-
-.js-enabled #global-cookie-message {
-  display: none;
-}
-
-#cookie-banner {
-  max-width: none;
 }