Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v3.0.0 Release Wishlist #367

Open
13 of 21 tasks
niftylettuce opened this issue Sep 5, 2019 · 20 comments
Open
13 of 21 tasks

v3.0.0 Release Wishlist #367

niftylettuce opened this issue Sep 5, 2019 · 20 comments

Comments

@niftylettuce
Copy link
Collaborator

niftylettuce commented Sep 5, 2019

2.0.0 Release Wishlist

Features

Thoughts

Swagger

Automatic code introspection and Swagger YAML file generation (parses routes, allows inline annotations for overriding/enhancing YAML file, parses mocks/tests for parameters and request body params, parses response for object and its properties, parses available status codes based off complete code coverage, uses widdershins -> shins and swagger-ui for "try it out" code blocks, postman integration, open api v3 spec testing)

@niftylettuce
Copy link
Collaborator Author

niftylettuce commented Dec 11, 2019

Moved from #368:

  • Drop momentjs
  • moment and usage of i18n.api.t and i18n.translate in models, views, and email templates need to use localization of user
  • Sitemap crawler
  • Babel polyfill vs polyfill.io
  • Two factor authentication
  • Admin filtering by group, search by name/email
  • User avatar upload (via lipo.io) (@niftylettuce will handle)
  • Manifest PNG icon (@niftylettuce will handle)
  • Figure out how to add lint-staged's xo --fix && git add to the template/package.json file (right now it errors out, see https://github.com/sudo-suhas/lint-staged-multi-pkg possibly we can use lerna or something)
  • Record demo video and put it on README
  • Lad LTS 1.0.0 "Chap"
  • Lad email verification to verify account (otherwise someone can register in advance of someone else signing up for an account, then third party signs in with Google/GitHub)
  • Deprecations:
    0|web      | ⚠  warning   The option `reconnectTries` is incompatible with the unified topology, please read more by visiting http://bit.ly/2D8WfT6 {
    0|web      |   app: {
    0|web      |     name: 'lad',
    0|web      |     version: '0.0.2',
    0|web      |     node: 'v12.10.0',
    0|web      |     hash: 'ecec4017fb14fd299e161b30b5e93c7c73f52041',
    0|web      |     environment: 'production',
    0|web      |     hostname: 'lad-demo-1',
    0|web      |     pid: 699
    0|web      |   }
    0|web      | }
    0|web      | ⚠  warning   The option `reconnectInterval` is incompatible with the unified topology, please read more by visiting http://bit.ly/2D8WfT6 {
  • proxy server should remove "www" prefix from host on redirect
  • server setup script needs --webroot-path server setup script needs --webroot-path #352 (?)
  • Browser setAppInfo and parse-logs to parse this if it was passed
  • Emails when security changes made (web/api account update or key rotation)
  • Document all env vars that can be customized (e.g. rg "process.env" node_modules)

@niftylettuce
Copy link
Collaborator Author

cc @shaunwarman I added above "OTP tests need added" checkbox

@niftylettuce
Copy link
Collaborator Author

niftylettuce commented May 5, 2020

- [ ] OptimalBits/bull#1659 (no longer using Bull)

@niftylettuce
Copy link
Collaborator Author

@niftylettuce
Copy link
Collaborator Author

niftylettuce commented May 26, 2020

@niftylettuce
Copy link
Collaborator Author

niftylettuce commented May 26, 2020

  • Report-To header (we already have reportUri option being used in helmet)

@niftylettuce
Copy link
Collaborator Author

@niftylettuce
Copy link
Collaborator Author

  • Managed translation override concept (also investigate why Markdown not working in mandarin.markdown())

@niftylettuce
Copy link
Collaborator Author

@niftylettuce
Copy link
Collaborator Author

  • axe should only use parse-app-info in non-development and non-testing environment (configurable)

@niftylettuce
Copy link
Collaborator Author

niftylettuce commented Jun 21, 2020

  • prefix koa cash keys with koa-cash: or something

@niftylettuce
Copy link
Collaborator Author

niftylettuce commented Jun 21, 2020

  • X-Cached-Result: true (or false value) in koa-cash as an option addHeader: true enabled by default, and version bump it

@niftylettuce
Copy link
Collaborator Author

niftylettuce commented Jun 21, 2020

  • improve caching by content-encoding gzip on fonts+svg (not sure why they aren't)

Screen Shot 2020-06-21 at 5 07 40 AM

@niftylettuce
Copy link
Collaborator Author

niftylettuce commented Jun 21, 2020

  • add cache policy option to koa-cash

Screen Shot 2020-06-21 at 5 05 48 AM

@niftylettuce niftylettuce changed the title 2.0.0 Release Wishlist 3.0.0 Release Wishlist Jul 23, 2020
@niftylettuce niftylettuce changed the title 3.0.0 Release Wishlist 2.0.0 Release Wishlist Jul 23, 2020
@niftylettuce niftylettuce changed the title 2.0.0 Release Wishlist v3.0.0 Release Wishlist Jul 23, 2020
@niftylettuce
Copy link
Collaborator Author

All of the above issues are now for v3.0.0 release or later.

@niftylettuce
Copy link
Collaborator Author

  • Add ability to "Cancel" a pending email address change
  • Investigate if reset password functionality circumvents 2FA
  • Move /change-email to /my-account/change-email

@niftylettuce
Copy link
Collaborator Author

  • Changing password should prompt for re-entry of password and OTP to continue
  • Changing email should prompt for re-entry of password and OTP to continue

@niftylettuce
Copy link
Collaborator Author

  • Configurable rate limit middleware that's specific to endpoints that send emails or insert data into database (e.g. contact form, signup, verify email, forgot password, reset password, change email, etc)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant