From 8d6beb90d58f1fbb6018b981cabee7b9f6997177 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C5=A0indel=C3=A1=C5=99?= Date: Thu, 19 Oct 2023 18:53:39 +0200 Subject: [PATCH 1/8] Check for updates weekly From df04ec98da798f9f10936aadf63b2a09bd3d9ff0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C5=A0indel=C3=A1=C5=99?= Date: Thu, 19 Oct 2023 19:49:24 +0200 Subject: [PATCH 2/8] Update github actions weekly --- .github/dependabot.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3a3cce5..bef032c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,3 +9,8 @@ updates: directory: "/" # Location of package manifests schedule: interval: "weekly" + - package-ecosystem: "github-actions" + # Workflow files stored in the default location of `.github/workflows`. (You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`.) + directory: "/" + schedule: + interval: "weekly" From 74004a988e4a191d0ce6e073d70c557cdc94561c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Oct 2023 17:49:42 +0000 Subject: [PATCH 3/8] Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 0215645..4118e5e 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Docker Login # You may pin to the exact commit or the version. # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d From b58295501064d0473fad620e002959fd1f4845d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Oct 2023 17:49:54 +0000 Subject: [PATCH 4/8] Bump sinon from 16.1.0 to 16.1.3 Bumps [sinon](https://github.com/sinonjs/sinon) from 16.1.0 to 16.1.3. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](https://github.com/sinonjs/sinon/compare/v16.1.0...v16.1.3) --- updated-dependencies: - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9802c34..f3527d7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -47,7 +47,7 @@ "passport-mock-strategy": "^2.0.0", "proxyquire": "^2.1.3", "resnap": "^1.0.1", - "sinon": "^16.1.0", + "sinon": "^16.1.3", "supertest": "^6.3.3" } }, @@ -6868,9 +6868,9 @@ } }, "node_modules/sinon": { - "version": "16.1.0", - "resolved": "https://registry.npmjs.org/sinon/-/sinon-16.1.0.tgz", - "integrity": "sha512-ZSgzF0vwmoa8pq0GEynqfdnpEDyP1PkYmEChnkjW0Vyh8IDlyFEJ+fkMhCP0il6d5cJjPl2PUsnUSAuP5sttOQ==", + "version": "16.1.3", + "resolved": "https://registry.npmjs.org/sinon/-/sinon-16.1.3.tgz", + "integrity": "sha512-mjnWWeyxcAf9nC0bXcPmiDut+oE8HYridTNzBbF98AYVLmWwGRp2ISEpyhYflG1ifILT+eNn3BmKUJPxjXUPlA==", "dev": true, "dependencies": { "@sinonjs/commons": "^3.0.0", diff --git a/package.json b/package.json index 49dc455..7e50699 100644 --- a/package.json +++ b/package.json @@ -50,7 +50,7 @@ "passport-mock-strategy": "^2.0.0", "proxyquire": "^2.1.3", "resnap": "^1.0.1", - "sinon": "^16.1.0", + "sinon": "^16.1.3", "supertest": "^6.3.3" } } From c27cede91a31d19c6afa4afc687b474ef93ae762 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Oct 2023 17:50:06 +0000 Subject: [PATCH 5/8] Bump nock from 13.3.4 to 13.3.6 Bumps [nock](https://github.com/nock/nock) from 13.3.4 to 13.3.6. - [Release notes](https://github.com/nock/nock/releases) - [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md) - [Commits](https://github.com/nock/nock/compare/v13.3.4...v13.3.6) --- updated-dependencies: - dependency-name: nock dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 9 ++++----- package.json | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9802c34..cac49ba 100644 --- a/package-lock.json +++ b/package-lock.json @@ -42,7 +42,7 @@ "eslint-plugin-promise": "^6.1.1", "handlebars": "^4.7.7", "mocha": "^10.2.0", - "nock": "^13.3.4", + "nock": "^13.3.6", "nyc": "^15.1.0", "passport-mock-strategy": "^2.0.0", "proxyquire": "^2.1.3", @@ -5347,14 +5347,13 @@ } }, "node_modules/nock": { - "version": "13.3.4", - "resolved": "https://registry.npmjs.org/nock/-/nock-13.3.4.tgz", - "integrity": "sha512-DDpmn5oLEdCTclEqweOT4U7bEpuoifBMFUXem9sA4turDAZ5tlbrEoWqCorwXey8CaAw44mst5JOQeVNiwtkhw==", + "version": "13.3.6", + "resolved": "https://registry.npmjs.org/nock/-/nock-13.3.6.tgz", + "integrity": "sha512-lT6YuktKroUFM+27mubf2uqQZVy2Jf+pfGzuh9N6VwdHlFoZqvi4zyxFTVR1w/ChPqGY6yxGehHp6C3wqCASCw==", "dev": true, "dependencies": { "debug": "^4.1.0", "json-stringify-safe": "^5.0.1", - "lodash": "^4.17.21", "propagate": "^2.0.0" }, "engines": { diff --git a/package.json b/package.json index 49dc455..07a7456 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "eslint-plugin-promise": "^6.1.1", "handlebars": "^4.7.7", "mocha": "^10.2.0", - "nock": "^13.3.4", + "nock": "^13.3.6", "nyc": "^15.1.0", "passport-mock-strategy": "^2.0.0", "proxyquire": "^2.1.3", From 2e91e4f43bda287950c561067457a7571bbf4dfd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Oct 2023 17:50:18 +0000 Subject: [PATCH 6/8] Bump mongoose from 7.6.2 to 7.6.3 Bumps [mongoose](https://github.com/Automattic/mongoose) from 7.6.2 to 7.6.3. - [Release notes](https://github.com/Automattic/mongoose/releases) - [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md) - [Commits](https://github.com/Automattic/mongoose/compare/7.6.2...7.6.3) --- updated-dependencies: - dependency-name: mongoose dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9802c34..497a3d0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -21,7 +21,7 @@ "http-errors": "~2.0.0", "method-override": "^3.0.0", "moment": "^2.29.4", - "mongoose": "^7.6.2", + "mongoose": "^7.6.3", "mongoose-unique-validator": "^4.0.0", "morgan": "^1.10.0", "multer": "^1.4.5-lts.1", @@ -5055,9 +5055,9 @@ } }, "node_modules/mongoose": { - "version": "7.6.2", - "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-7.6.2.tgz", - "integrity": "sha512-OVx6RWbfNOzBbfTvXoOkgZmaizdXDU/B/KbBjietXQoInSg/OSULjOavXJzL51XWFkbefqkOvbeE07DfvW6FkQ==", + "version": "7.6.3", + "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-7.6.3.tgz", + "integrity": "sha512-moYP2qWCOdWRDeBxqB/zYwQmQnTBsF5DoolX5uPyI218BkiA1ujGY27P0NTd4oWIX+LLkZPw0LDzlc/7oh1plg==", "dependencies": { "bson": "^5.5.0", "kareem": "2.5.1", diff --git a/package.json b/package.json index 49dc455..ab893c3 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "http-errors": "~2.0.0", "method-override": "^3.0.0", "moment": "^2.29.4", - "mongoose": "^7.6.2", + "mongoose": "^7.6.3", "mongoose-unique-validator": "^4.0.0", "morgan": "^1.10.0", "multer": "^1.4.5-lts.1", From 221c30c8e47b447e081d81c2ce415e768c3345a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C5=A0indel=C3=A1=C5=99?= Date: Thu, 19 Oct 2023 19:57:51 +0200 Subject: [PATCH 7/8] Create SECURITY.md --- SECURITY.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..29e55de --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,12 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | +| ------- | ------------------ | +| 1.0.0 | :white_check_mark: | + +## Reporting a Vulnerability + +We have configured all default automation tools provided by Github to check for updates and vulnerabilities. +If you feel like something else should be done, feel free to open discussion or an issue. From 90c95ec4d8c2669f7639f3009e2ac67d6ea95f98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C5=A0indel=C3=A1=C5=99?= Date: Thu, 19 Oct 2023 21:14:08 +0200 Subject: [PATCH 8/8] Update README.md --- README.md | 69 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 37 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 4929de6..127381d 100755 --- a/README.md +++ b/README.md @@ -1,49 +1,42 @@ -# Small Business Fridge [![HitCount](http://hits.dwyl.io/houby-studio/small-business-fridge.svg)](http://hits.dwyl.io/houby-studio/small-business-fridge) +# Small Business Fridge -[![GitHub version](https://badge.fury.io/gh/houby-studio%2Fsmall-business-fridge.svg)](https://badge.fury.io/gh/houby-studio%2Fsmall-business-fridge) [![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/houby-studio/small-business-fridge/issues) [![GitHub license](https://img.shields.io/github/license/Naereen/StrapDown.js.svg)](https://github.com/houby-studio/small-business-fridge/blob/master/LICENSE) -[![Mergify Status](https://img.shields.io/endpoint.svg?url=https://gh.mergify.io/badges/houby-studio/small-business-fridge&style=flat)](https://github.com/houby-studio/small-business-fridge/pulls) -[![Build Status](https://travis-ci.com/houby-studio/small-business-fridge.svg?branch=master)](https://travis-ci.com/houby-studio/small-business-fridge) -[![Known Vulnerabilities](https://snyk.io/test/github/houby-studio/small-business-fridge/badge.svg)](https://snyk.io/test/github/houby-studio/small-business-fridge) -[![npm dependencies](https://david-dm.org/houby-studio/small-business-fridge.svg)](https://david-dm.org/) -[![codebeat badge](https://codebeat.co/badges/e58b4ed5-72d8-4d96-8722-d5d54b3f6605)](https://codebeat.co/projects/github-com-houby-studio-small-business-fridge-master) -[![Maintainability](https://api.codeclimate.com/v1/badges/65ee38e7c21e47a0fc76/maintainability)](https://codeclimate.com/github/houby-studio/small-business-fridge/maintainability) -[![Coverage Status](https://coveralls.io/repos/github/houby-studio/small-business-fridge/badge.svg?branch=master)](https://coveralls.io/github/houby-studio/small-business-fridge?branch=master) -[![Inline docs](http://inch-ci.org/github/houby-studio/small-business-fridge.svg?branch=master&style=shields)](http://inch-ci.org/github/houby-studio/small-business-fridge) +## 2023 UPDATE + +This simple system is alive and kicking for 4 years already in our office! While imperfect, it has enabled us to share 4379 pieces of drinks and food in total cost of 76374 CZK as of today. +We actually keep expanding to other colleagues, adding more products and features. That has obviously shown certain weak points of this system and for that very reason we have dusted off our javascript skills to get this system back on track! +You can expect fixes of many features, updating all dependencies, some most needed new features and who knows, maybe some magical ✨AI✨ add-ons? + +## Disclaimer + +This tool is exclusively made by us and used by us, but we have commited anyways to make it FOSS and configurable to allow others to use it if they want! +There are however couple things that may need some customizations on your end, whether you fork it or open a pull request on this repository. The list of gotchas: + +- Authentication is written for Microsoft Entra ID (Azure Active Directory) +- Application is in czech language and there is no internalization package currently +- Application has the minimum required features required for this model - no alternative methods for orders, payments, administration etc. ## Super simple e-shop for colleagues -*Ever had some nice colleague, who delivers refreshments to your office and allows you to buy it without any profit?* -Yes? Awesome! -*Do you always carry enough change to pay it outright?* -No? -*Do you write it down on a paper and pay it off later?* -Maybe? That's nice, but.. -*How often do you forget to write it down?* -*How often does the paper get lost?* -*How often do you want to know how much you spent and when?* -*How often does your colleague AKA supplier wonder how much stuff is left and how much money did he put into it?* -*How often do you dream about seeing all those data in wonderful tables and graphs?* -**I made an answer for all those questions!** - -**Small Business Fridge** is project which aims exactly on solving this common situation. It offers simple, mostly intuitive e-shop which shows what products are available, how many and for how much. -Customers can buy product with one simple click. The only other thing they have to do is to take the product and consume it. They also receive nice e-mail notification. +**Small Business Fridge** offers simple, mostly intuitive e-shop which shows what products are available, how many and for how much. +Customers can buy product with one simple click. The only other thing they have to do is to take the product and consume it. They also receive simple e-mail notification. This obviously comes with many other utilities such as: - - page to display order history, total amounts spent + - page to display order history, total amount spent - page for supplier to add products to the stock - - page for supplier to automatically create invoices for all customers and send it to their e-mail addresses + - page for supplier to automatically create invoices (read QR code) for all customers and send it to their e-mail addresses - page to mark invoice as paid from both customer and supplier side - page for admin who can view all the standard pages across all the customers and suppliers - colorful graphs which are hopefully useful *But what if I do not want to launch browser to buy product even though it is super easy?* -No problem! There is actually API for simple IoT device which is placed directly on the fridge, which allows customers to press some buttons and voilà, they just bought your favorite refreshment! -The simple IoT device is Arduino based project which will be placed on GitHub also very soon. +No problem! You can either assign kiosk role to a user, which can be logged on a some thin client with browser next to a fridge, eventually with touch screen display to allow easy shopping right at the fridge, +or there is API for anything you can and want to make! We have also worked and used for some time simple Arduino ESP32 device which may be found here [Small business fridge IoT keypad](https://github.com/houby-studio/small-business-fridge-keypad) -The whole system is running on Node.js with Express.js framework and stores data in MongoDB. It is also strongly secured (I believe) by using Azure passport allowing you to use your company ID to login and manage everything. Also it should be pretty lightweight, as we run it on a potato without any problems. +The whole system is running on Node.js with Express.js framework and stores data in MongoDB. We have made everything in our power to secure this application by using Azure passport allowing you to use your company ID to login and manage everything. +It should be pretty lightweight, as we run it on a potato without any problems for around 20 users. ## Want to know more? @@ -64,7 +57,7 @@ Go checkout [Wiki](https://github.com/houby-studio/small-bussiness-fridge/wiki) ### MIT -Copyright 2019 Jakub Šindelář +Copyright 2023 Jakub Šindelář Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: @@ -74,6 +67,18 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI ## Development +One way + +- You can customize docker-compose.dev.example.yaml to develop with all required tools in containers + - Not tested, we debug main application directly on our computer and use containers to run database and other dev tools + +Second way + +- Download and install NodeJS +- Install dependencies `npm install` +- Copy `defaults.env` as `.env` and configure variables +- Start server with `npm start` or run debug task in VSCode + For linux users, you may want to allow node to bind to system protected ports -`sudo setcap 'cap_net_bind_service=+ep' $(readlink -f $(which node))` \ No newline at end of file +`sudo setcap 'cap_net_bind_service=+ep' $(readlink -f $(which node))`