npm - hof - Versions diffs - 20.0.0-beta.2 → 20.0.0-beta.20 - Mend

hof 20.0.0-beta.2 → 20.0.0-beta.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/.github/workflows/automate-publish.yml +1 -1
package/.github/workflows/automate-tag.yml +1 -1
package/README.md +329 -256
package/build/lib/mkdir.js +2 -2
package/components/date/index.js +37 -26
package/components/date/templates/date.html +3 -3
package/components/emailer/index.js +49 -41
package/components/emailer/transports/debug.js +1 -2
package/components/index.js +2 -1
package/components/notify/index.js +60 -0
package/components/notify/notify.js +25 -0
package/components/summary/index.js +18 -0
package/config/hof-defaults.js +5 -3
package/config/rate-limits.js +20 -0
package/config/sanitisation-rules.js +29 -0
package/controller/base-controller.js +26 -8
package/controller/controller.js +11 -15
package/frontend/govuk-template/build/config.js +1 -1
package/frontend/template-mixins/mixins/template-mixins.js +12 -9
package/frontend/template-mixins/partials/forms/checkbox-group.html +12 -3
package/frontend/template-mixins/partials/forms/input-text-date.html +1 -1
package/frontend/template-mixins/partials/forms/input-text-group.html +3 -3
package/frontend/template-mixins/partials/forms/option-group.html +12 -3
package/frontend/template-mixins/partials/forms/select.html +3 -3
package/frontend/template-mixins/partials/forms/textarea-group.html +3 -3
package/frontend/template-mixins/partials/mixins/panel.html +1 -2
package/frontend/template-partials/translations/src/en/errors.json +12 -0
package/frontend/template-partials/views/partials/form.html +2 -1
package/frontend/template-partials/views/rate-limit-error.html +10 -0
package/frontend/themes/gov-uk/client-js/govuk-cookies.js +43 -44
package/frontend/themes/gov-uk/client-js/index.js +2 -2
package/frontend/themes/gov-uk/client-js/skip-to-main.js +18 -17
package/frontend/themes/gov-uk/styles/govuk.scss +4 -0
package/frontend/themes/gov-uk/styles/modules/_validation.scss +2 -2
package/frontend/toolkit/assets/javascript/form-focus.js +10 -1
package/frontend/toolkit/assets/javascript/validation.js +6 -1
package/index.js +9 -4
package/lib/router.js +2 -1
package/lib/settings.js +9 -8
package/middleware/errors.js +32 -0
package/middleware/index.js +2 -1
package/middleware/rate-limiter.js +98 -0
package/package.json +6 -6
package/sandbox/apps/sandbox/fields.js +11 -12
package/sandbox/apps/sandbox/index.js +1 -5
package/sandbox/assets/scss/app.scss +0 -52
package/sandbox/package.json +2 -0
package/sandbox/public/css/app.css +4908 -4965
package/sandbox/public/js/bundle.js +79 -65
package/sandbox/server.js +5 -0
package/sandbox/yarn.lock +25 -1
package/transpiler/lib/write-files.js +1 -2
package/utilities/helpers/index.js +16 -1
package/wizard/index.js +1 -0
package/.nyc_output/65af88d9-aebe-4d1b-a21d-6fbf7f2bbda4.json +0 -1
package/.nyc_output/processinfo/65af88d9-aebe-4d1b-a21d-6fbf7f2bbda4.json +0 -1
package/.nyc_output/processinfo/index.json +0 -1
package/.vscode/settings.json +0 -6
package/sandbox/.env +0 -1

package/middleware/errors.js CHANGED Viewed

@@ -1,6 +1,8 @@
 /* eslint-disable no-unused-vars */
 'use strict';
+const rateLimitsConfig = require('../config/rate-limits');
 const errorTitle = code => `${code}_ERROR`;
 const errorMsg = code => `There is a ${code}_ERROR`;
 // eslint-disable-next-line complexity
@@ -21,6 +23,36 @@ const getContent = (err, translate) => {
     content.message = (translate && translate('errors.cookies-required.message'));
   }
+  if (err.code === 'DDOS_RATE_LIMIT') {
+    err.status = 429;
+    err.template = 'rate-limit-error';
+    err.title = (translate && translate('errors.ddos-rate-limit.title'));
+    err.message = (translate && translate('errors.ddos-rate-limit.message'));
+    err.preTimeToWait = (translate && translate('errors.ddos-rate-limit.pre-time-to-wait'));
+    err.timeToWait = rateLimitsConfig.rateLimits.requests.windowSizeInMinutes;
+    err.postTimeToWait = (translate && translate('errors.ddos-rate-limit.post-time-to-wait'));
+    content.title = (translate && translate('errors.ddos-rate-limit.title'));
+    content.message = (translate && translate('errors.ddos-rate-limit.message'));
+    content.preTimeToWait = (translate && translate('errors.ddos-rate-limit.pre-time-to-wait'));
+    content.timeToWait = rateLimitsConfig.rateLimits.requests.windowSizeInMinutes;
+    content.postTimeToWait = (translate && translate('errors.ddos-rate-limit.post-time-to-wait'));
+  }
+  if (err.code === 'SUBMISSION_RATE_LIMIT') {
+    err.status = 429;
+    err.template = 'rate-limit-error';
+    err.title = (translate && translate('errors.submission-rate-limit.title'));
+    err.message = (translate && translate('errors.submission-rate-limit.message'));
+    err.preTimeToWait = (translate && translate('errors.submission-rate-limit.pre-time-to-wait'));
+    err.timeToWait = rateLimitsConfig.rateLimits.submissions.windowSizeInMinutes;
+    err.postTimeToWait = (translate && translate('errors.submission-rate-limit.post-time-to-wait'));
+    content.title = (translate && translate('errors.submission-rate-limit.title'));
+    content.message = (translate && translate('errors.submission-rate-limit.message'));
+    content.preTimeToWait = (translate && translate('errors.submission-rate-limit.pre-time-to-wait'));
+    content.timeToWait = rateLimitsConfig.rateLimits.submissions.windowSizeInMinutes;
+    content.postTimeToWait = (translate && translate('errors.submission-rate-limit.post-time-to-wait'));
+  }
   err.code = err.code || 'UNKNOWN';
   err.status = err.status || 500;

package/middleware/index.js CHANGED Viewed

@@ -4,5 +4,6 @@ module.exports = {
   cookies: require('./cookies'),
   errors: require('./errors'),
   notFound: require('./not-found'),
-  deepTranslate: require('./deep-translate')
+  deepTranslate: require('./deep-translate'),
+  rateLimiter: require('./rate-limiter')
 };

package/middleware/rate-limiter.js ADDED Viewed

@@ -0,0 +1,98 @@
+const moment = require('moment');
+const redis = require('redis');
+const config = require('./../config/hof-defaults');
+module.exports = (options, rateLimitType) => {
+  // eslint-disable-next-line no-console
+  const logger = options.logger || { log: (func, msg) => console[func](msg) };
+  const rateLimits = options.rateLimits[rateLimitType];
+  const timestampName = `${rateLimitType}TimeStamp`;
+  const countName = `${rateLimitType}Count`;
+  const WINDOW_SIZE_IN_MINUTES = rateLimits.windowSizeInMinutes;
+  const MAX_WINDOW_REQUEST_COUNT = rateLimits.maxWindowRequestCount;
+  const WINDOW_LOG_INTERVAL_IN_MINUTES = rateLimits.windowLogIntervalInMinutes;
+  const ERROR_CODE = rateLimits.errCode;
+  return async (req, res, next) => {
+    const redisClient = redis.createClient(config.redis);
+    // check that redis client exists
+    if (!redisClient) {
+      logger.log('error', 'Redis client does not exist!');
+      return next();
+    }
+    const closeConnection = async err => {
+      await redisClient.quit();
+      return next(err);
+    };
+    try {
+      // fetch records of current user using IP address, returns null when no record is found
+      return await redisClient.get(req.ip, async (err, record) => {
+        if (err) {
+          logger.log('error', `Error with requesting redis session for rate limiting: ${err}`);
+          return await closeConnection();
+        }
+        const currentRequestTime = moment();
+        const windowStartTimestamp = moment().subtract(WINDOW_SIZE_IN_MINUTES, 'minutes').unix();
+        let oldRecord = false;
+        let data;
+        //  if no record is found , create a new record for user and store to redis
+        if (record) {
+          data = JSON.parse(record);
+          oldRecord = data[data.length - 1][timestampName] < windowStartTimestamp;
+        }
+        if (!record || oldRecord) {
+          const newRecord = [];
+          const requestLog = {
+            [timestampName]: currentRequestTime.unix(),
+            [countName]: 1
+          };
+          newRecord.push(requestLog);
+          await redisClient.set(req.ip, JSON.stringify(newRecord));
+          return await closeConnection();
+        }
+        // if record is found, parse it's value and calculate number of requests users has made within the last window
+        const requestsWithinWindow = data.filter(entry => entry[timestampName] > windowStartTimestamp);
+        const totalWindowRequestsCount = requestsWithinWindow.reduce((accumulator, entry) => {
+          return accumulator + entry[countName];
+        }, 0);
+        if (!options.rateLimits.env || options.rateLimits.env === 'development') {
+          const requestsRemaining = MAX_WINDOW_REQUEST_COUNT - totalWindowRequestsCount;
+          const msg = `Requests made by client: ${totalWindowRequestsCount}\nRequests remaining: ${requestsRemaining}`;
+          logger.log('info', msg);
+        }
+        // if number of requests made is greater than or equal to the desired maximum, return error
+        if (totalWindowRequestsCount >= MAX_WINDOW_REQUEST_COUNT) {
+          return await closeConnection({ code: ERROR_CODE });
+        }
+        // if number of requests made is less than allowed maximum, log new entry
+        const lastRequestLog = data[data.length - 1];
+        const potentialCurrentWindowIntervalStartTimeStamp = currentRequestTime
+          .subtract(WINDOW_LOG_INTERVAL_IN_MINUTES, 'minutes')
+          .unix();
+        //  if interval has not passed since last request log, increment counter
+        if (lastRequestLog[timestampName] > potentialCurrentWindowIntervalStartTimeStamp) {
+          lastRequestLog[countName]++;
+          data[data.length - 1] = lastRequestLog;
+        } else {
+          //  if interval has passed, log new entry for current user and timestamp
+          data.push({
+            [timestampName]: currentRequestTime.unix(),
+            [countName]: 1
+          });
+        }
+        await redisClient.set(req.ip, JSON.stringify(data));
+        return await closeConnection();
+      });
+    } catch (err) {
+      return await closeConnection(err);
+    }
+  };
+};

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "hof",
   "description": "A bootstrap for HOF projects",
-  "version": "20.0.0-beta.2",
+  "version": "20.0.0-beta.20",
   "license": "MIT",
   "main": "index.js",
   "author": "HomeOffice",
@@ -70,16 +70,16 @@
     "lodash": "^4.17.21",
     "markdown-it": "^12.3.2",
     "minimatch": "^3.0.3",
-    "minimist": "^1.2.0",
+    "minimist": "^1.2.6",
     "mixwith": "^0.1.1",
-    "mkdirp": "^0.5.1",
-    "moment": "^2.24.0",
+    "moment": "^2.29.2",
     "morgan": "^1.10.0",
     "mustache": "^2.3.0",
     "nodemailer": "^6.6.3",
     "nodemailer-ses-transport": "^1.5.0",
     "nodemailer-smtp-transport": "^2.7.4",
     "nodemailer-stub-transport": "^1.1.0",
+    "notifications-node-client": "^5.1.1",
     "redis": "^3.1.2",
     "reqres": "^3.0.1",
     "request": "^2.79.0",
@@ -88,8 +88,8 @@
     "serve-static": "^1.14.1",
     "uglify-js": "^3.14.3",
     "underscore": "^1.12.1",
-    "urijs": "^1.19.10",
-    "winston": "^3.3.3"
+    "urijs": "^1.19.11",
+    "winston": "^3.7.2"
   },
   "devDependencies": {
     "@cucumber/cucumber": "^7.3.0",

package/sandbox/apps/sandbox/fields.js CHANGED Viewed

@@ -8,7 +8,7 @@ module.exports = {
   'landing-page-radio': {
     mixin: 'radio-group',
     validate: ['required'],
-    noHeading: true,
+    isPageHeading: true,
     // Design system says to avoid in-line unless it's two options,
     // so just added as an example below but by default it isn't
     className: ['govuk-radios--inline'],
@@ -16,12 +16,12 @@ module.exports = {
   },
   name: {
     validate: ['required', 'notUrl', { type: 'maxlength', arguments: 200 }],
+    // need to remove this for the heading to go
     labelClassName: ['govuk-label--l'],
-    // noHeading: 'true'
+    isPageHeading: 'true'
   },
   'dateOfBirth': dateComponent('dateOfBirth', {
-    // noHeading: 'true',
-    controlType: 'date-input',
+    isPageHeading: 'true',
     validate: [
       'required',
       'date',
@@ -29,28 +29,24 @@ module.exports = {
     ]
   }),
   building: {
-    noHeading: 'true',
     validate: ['required', 'notUrl', { type: 'maxlength', arguments: 100 }]
   },
   street: {
-    noHeading: 'true',
     validate: ['notUrl', { type: 'maxlength', arguments: 50 }],
     labelClassName: 'visuallyhidden'
   },
   townOrCity: {
-    noHeading: 'true',
     validate: ['required', 'notUrl',
       { type: 'regex', arguments: /^([^0-9]*)$/ },
       { type: 'maxlength', arguments: 100 }
     ]
   },
   postcode: {
-    noHeading: 'true',
     validate: ['required', 'postcode'],
     formatter: ['removespaces', 'uppercase']
   },
   incomeTypes: {
-    // noHeading: 'true',
+    isPageHeading: 'true',
     mixin: 'checkbox-group',
     labelClassName: 'visuallyhidden',
     validate: ['required'],
@@ -63,7 +59,7 @@ module.exports = {
     ]
   },
   countryOfHearing: {
-    // noHeading: 'true',
+    isPageHeading: 'true',
     mixin: 'radio-group',
     validate: ['required'],
     options: [
@@ -73,7 +69,7 @@ module.exports = {
     ]
   },
   email: {
-    // noHeading: 'true',
+    isPageHeading: 'true',
     labelClassName: ['govuk-label--l'],
     validate: ['required', 'email']
   },
@@ -86,6 +82,7 @@ module.exports = {
   },
   countrySelect: {
     mixin: 'select',
+    isPageHeading: 'true',
     className: ['typeahead'],
     options:[''].concat(require('homeoffice-countries').allCountries),
     legend: {
@@ -97,12 +94,13 @@ module.exports = {
     mixin: 'textarea',
     // we want to ignore default formatters as we want
     // to preserve white space
+    isPageHeading: 'true',
     'ignore-defaults': true,
     // apply the other default formatters
     formatter: ['trim', 'hyphens'],
     labelClassName: ['govuk-label--l'],
     // attributes here are passed to the field element
-    validate: ['required', { type: 'maxlength', arguments: 100 }],
+    validate: ['required', { type: 'maxlength', arguments: 10 }],
     attributes: [{
       attribute: 'rows',
       value: 8
@@ -110,6 +108,7 @@ module.exports = {
   },
   appealStages: {
     mixin: 'select',
+    isPageHeading: 'true',
     validate: ['required'],
     options: [{
       value: '',

package/sandbox/apps/sandbox/index.js CHANGED Viewed

@@ -30,11 +30,7 @@ module.exports = {
     },
     '/dob': {
       fields: ['dateOfBirth'],
-      next: '/address',
-      locals: {
-        step: 'dob',
-        labelClassName: 'govuk-input'
-      }
+      next: '/address'
     },
     '/address': {
       fields: ['building', 'street', 'townOrCity', 'postcode'],

package/sandbox/assets/scss/app.scss CHANGED Viewed

@@ -1,6 +1,5 @@
 @import "../../../frontend/themes/gov-uk/styles/govuk";
-@import "../../../node_modules/govuk-frontend/govuk/all";
 //autocomplete styling
 .tt-menu {
@@ -26,54 +25,3 @@
 .twitter-typeahead {
   width: 100%;
 }
-// govuk cookie banner styling
-.govuk-banner--success {
-  border-color: #00703c;
-  color: #00703c;
-}
-.govuk-banner {
-  border: 5px solid #1d70b8;
-  font-size: 0;
-  margin-bottom: 30px;
-  padding: 10px;
-}
-.govuk-banner__icon{
-  display: inline-block;
-}
-.govuk-banner__message {
-  font-family: "GDS Transport", Arial, sans-serif;
-  -webkit-font-smoothing: antialiased;
-  font-weight: 400;
-  font-size: 1rem;
-  line-height: 1.25;
-  color: #0b0c0c;
-  display: block;
-  overflow: hidden;
-  display: inline-block;
-  margin-left: 10px;
-}
-.govuk-banner__assistive {
-  position: absolute !important;
-  width: 1px !important;
-  height: 1px !important;
-  margin: 0 !important;
-  padding: 0 !important;
-  overflow: hidden !important;
-  clip: rect(0 0 0 0) !important;
-  clip-path: inset(50%) !important;
-  border: 0 !important;
-  white-space: nowrap !important;
-  }
-.cookie-table-holder > table > tbody > tr > td:first-child{
-  font-weight:bold;
-}
-.js-enabled #global-cookie-message {
-  display: none;
-}

package/sandbox/package.json CHANGED Viewed

@@ -15,7 +15,9 @@
   },
   "author": "",
   "dependencies": {
+    "govuk-frontend": "3.14",
     "jquery": "^3.6.0",
+    "sass": "^1.53.0",
     "typeahead-aria": "^1.0.4"
   },
   "devDependencies": {