Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hmcts/cnp-plum-frontend

Plum plum plum Mister Sandbox
https://github.com/hmcts/cnp-plum-frontend

jenkins-cft jenkins-cft-a-c platops-owned-app team-platform

Last synced: about 1 month ago
JSON representation

Plum plum plum Mister Sandbox

Awesome Lists containing this project

README 

        
# cnp-plum-frontend



## Getting Started



### Prerequisites



Running the application requires the following tools to be installed in your environment:



- [Node.js](https://nodejs.org/) v12.0.0 or later

- [yarn](https://yarnpkg.com/)

- [Docker](https://www.docker.com)



### Running the application



Install dependencies by executing the following command:



```bash

yarn install

```



Bundle:



```bash

yarn webpack

```



Run:



```bash

yarn start

```



The applications's home page will be available at https://localhost:1337



### Running with Docker



Create docker image:



```bash

docker-compose build

```



Run the application by executing the following command:



```bash

docker-compose up

```



This will start the frontend container exposing the application's port

(set to `1337` in this template app).



In order to test if the application is up, you can visit https://localhost:1337 in your browser.

You should get a very basic home page (no styles, etc.).



## Developing



### Code style



We use [ESLint](https://github.com/typescript-eslint/typescript-eslint)

alongside [sass-lint](https://github.com/sasstools/sass-lint)



Running the linting with auto fix:



```bash

yarn lint --fix

```



### Running the tests



This template app uses [Jest](https://jestjs.io//) as the test engine. You can run unit tests by executing

the following command:



```bash

yarn test

```



Here's how to run functional tests (the template contains just one sample test):



```bash

yarn test:routes

```



Running accessibility tests:



```bash

yarn test:a11y

```



Make sure all the paths in your application are covered by accessibility tests (see [a11y.ts](src/test/a11y/a11y.ts)).



### Security



#### CSRF prevention



[Cross-Site Request Forgery](https://github.com/pillarjs/understanding-csrf) prevention has already been

set up in this template, at the application level. However, you need to make sure that CSRF token

is present in every HTML form that requires it. For that purpose you can use the `csrfProtection` macro,

included in this template app. Your njk file would look like this:



```

{% from "macros/csrf.njk" import csrfProtection %}

...



  ...

    {{ csrfProtection(csrfToken) }}

  ...



...

```



#### Helmet



This application uses [Helmet](https://helmetjs.github.io/), which adds various security-related HTTP headers

to the responses. Apart from default Helmet functions, following headers are set:



- [Referrer-Policy](https://helmetjs.github.io/docs/referrer-policy/)

- [Content-Security-Policy](https://helmetjs.github.io/docs/csp/)



There is a configuration section related with those headers, where you can specify:



- `referrerPolicy` - value of the `Referrer-Policy` header



Here's an example setup:



```json

    "security": {

      "referrerPolicy": "origin",

    }

```



Make sure you have those values set correctly for your application.



### Healthcheck



The application exposes a health endpoint (https://localhost:1337/health), created with the use of

[Nodejs Healthcheck](https://github.com/hmcts/nodejs-healthcheck) library. This endpoint is defined

in [health.ts](src/main/routes/health.ts) file. This health check will check the backend readiness state to see if it is up.



## License



This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details