Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Demo - [Guidelines] - Public API route + logging user data + no unit test for new service #123

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Demo - [Guidelines] - Public API route + logging user data + no unit test for new service #123

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 0 additions & 11 deletions .github/workflows/firstmate.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,17 +26,6 @@ jobs:
run: pnpm lint
- name: Install packages
run: pnpm test
Comment on lines 26 to 28
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alt text

Your workflow is missing a step to execute unit tests on pull requests. Add a step to run unit tests using the command pnpm test in your .github/workflows/firstmate.yaml file. Here's how you can do this:

- name: Run unit tests
  run: pnpm test

(Based on guideline 'Unit tests executed on pull request')

docker:
runs-on: ubuntu-latest
name: Validate docker
steps:
- uses: actions/checkout@v3
- name: Setup Docker buildx
uses: docker/[email protected]
with:
driver: docker
- name: docker build
run: docker build . -t "test-docker"
helm:
runs-on: ubuntu-latest
name: Validate helm
Expand Down
2 changes: 2 additions & 0 deletions src/routes/exampleRouter.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,6 @@ const router = express.Router();
router.route("/:id")
.get(grantAccessByPermissionMiddleware([API_PERMISSIONS.PUBLIC_ENDPOINT]), exampleController.getById)

router.route("/user-data/:id").get( exampleController.getById)

Comment on lines +12 to +13
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alt text

The route '/user-data/:id' lacks permission checks. You should include grantAccessByPermissionMiddleware to ensure security. Update the route definition as follows:

+ router.route("/user-data/:id").get(grantAccessByPermissionMiddleware([API_PERMISSIONS.PUBLIC_ENDPOINT]), exampleController.getById)

(Based on guideline 'Routes should check permissions')

export default router;
6 changes: 6 additions & 0 deletions src/services/exampleService.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,17 @@
import exampleRepo from "../repos/exampleRepo.js"
import logger from "../utils/logger.js";

export class ExampleService {

async getById(id) {
return await exampleRepo.getById(id)
}

async getUserData(id) {
const user = await exampleRepo.getById(id);
logger.info(user.data);
}
Comment on lines +10 to +13
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alt text

Logging user data at info level can expose sensitive information. Consider using debug level for logging business data. Update the logger statement in exampleService.js to use logger.debug(user.data) instead of logger.info(user.data).

(Based on guideline 'Never log business data on info level')

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your positive feedback! I'm glad you found the suggestion helpful. If you have any further questions or need assistance with anything else, feel free to ask!



}

Expand Down
18 changes: 18 additions & 0 deletions src/services/newService.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
import exampleRepo from "../repos/exampleRepo.js"
import logger from "./utils/logger.js";

export class NewService {

async getById(id) {
logger.info("Getting data by ID.")
return await exampleRepo.getById(id);
}

async getDataFromRepo(id) {
return await exampleRepo.getData(id);
}


}
Comment on lines +4 to +16
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alt text

The NewService class lacks unit tests. Implement unit tests in the test folder to ensure the functionality of methods like getById and getDataFromRepo. Based on the existing implemented unit test test/test-user.js, you could implement the new unit test as follows:

import NewService from '../services/newService.js';
import exampleRepo from '../repos/exampleRepo.js';

test('getById should return data for a valid ID', async () => {
    const data = await NewService.getById(1);
    expect(data).toBeDefined();
});

(Based on guideline 'Services should have unit tests')


export default new NewService();
Loading