Skip to content

Instantly share code, notes, and snippets.

@adnan-i
adnan-i / StripeService.js
Created Dec 29, 2017
Node service for stripe payments
View StripeService.js
const Stripe = require('stripe');
const Promise = require('bluebird');
class StripeService {
constructor(server) {
this.server = server;
this.logger = server.plugins.core.LoggerService.tagged('StripeService');
const secretKey = this.server.app.config.get('/payments/stripe/secretKey');
if (!secretKey) {
@adnan-i
adnan-i / UserController.js
Created Dec 29, 2017
Example hapi controller
View UserController.js
const Boom = require('boom');
const BaseController = require('../../core/abstract/BaseApiController');
class UsersController extends BaseController {
constructor(...args) {
super(...args);
this.User = this.server.plugins.users.User;
this.UserService = this.server.plugins.users.UserService;
}
@adnan-i
adnan-i / EmailVerificationService.js
Created Dec 29, 2017
Node service responsible for generating and sending the email verification email and for verifying the link
View EmailVerificationService.js
const _ = require('lodash');
class EmailVerificationService {
constructor(server) {
this.server = server;
this.logger = server.plugins.core.LoggerService.tagged('EmailVerificationService');
this.jwtKey = server.app.config.get('/jwt/key');
this.MailService = server.plugins.mail.MailService;
this.MailTemplateService = server.plugins.mail.MailTemplateService;
@adnan-i
adnan-i / GoogleMapService.js
Last active Dec 29, 2017
node module for geocoding the address string
View GoogleMapService.js
const Promise = require('bluebird');
const GMaps = require('@google/maps');
const Joi = require('joi');
const geocodeResponseSchema = Joi.object().keys({
json: Joi.object().keys({
results: Joi.array().required().min(1).items(Joi.object().keys({
address_components: Joi.array().required(),
formatted_address: Joi.string().required(),
geometry: Joi.object().keys({
@adnan-i
adnan-i / config.js
Created Dec 29, 2017
Excerpt from the logging configuration for a HapiJS project
View config.js
/*
* All logs are streamed through the "white-out" middleware
* which is responsible for removing any instances of password
* properties from the logged objects
*/
{
myConsoleReporter: [{
module: 'good-squeeze',
name: 'Squeeze',
args: [{log: '*', response: '*', request: '*'}]
@adnan-i
adnan-i / UserModel.js
Created Dec 29, 2017
Password hashing using crypto.pbkdf2Sync
View UserModel.js
/*
* Password are never stored as plain-text.
* Instead, their one-way hashes are stored along with a unique salt.
* This means that not even the DB owner can reverse-engineer the plain passwords
*/
static hashPassword(password, salt) {
if (!password) throw new Error('Missing password argument');
if (!salt) throw new Error('Missing salt argument');
return crypto.pbkdf2Sync(password, new Buffer(salt, 'base64'), 10000, 64, 'sha512').toString('base64');
@adnan-i
adnan-i / ShopService.js
Created Dec 29, 2017
Excerpt from a service that constructs a complex SQL-GIS query
View ShopService.js
/*
* Whenever possible try and construct all the queries by using the ORM API.
* Manually written queries are susceptible to SQL-injections
*/
_getClosestQuery(params) {
const seq = this.Model.sequelize;
const point = seq.fn('ST_MakePoint', ...params.point.coordinates);
const srid = seq.fn('ST_SetSRID', point, 4326);
const stDistanceSphere = seq.fn('ST_DISTANCE_SPHERE', seq.col('point'), srid);
@adnan-i
adnan-i / customerRoutes.js
Created Dec 29, 2017
Demonstrating rate-limiting setup for the exposed public route (HapiJS)
View customerRoutes.js
/*
* This is one of the few public routes in the project.
* This particular route is accepting unauthenticated POST requests
* from a remote server.
* As such, this route is specifically rate-limited to 120 requests per hour
* in order to mitigate flooding.
*/
server.route({
method: 'POST',
path: `${path}/remote`,
@adnan-i
adnan-i / UsersController.js
Last active Dec 29, 2017
Mitigating Broken Access Control threat (HapiJS)
View UsersController.js
update(req, reply) {
return Promise.resolve()
.then(() => {
/*
* Even though this action is accessed from the "PUT /api/users/:id" route
* we cannot rely on reading the user id from the params. Instead we're using
* the user id from the session.
* This is to mitigate the Broken Access Control threat
* (https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control)
*/
@adnan-i
adnan-i / mongoose-aggregate-by-month-year.js
Last active Oct 22, 2020
Mongoose aggregation for grouping users by month/year subscribed
View mongoose-aggregate-by-month-year.js
User.aggregate([
{
/* Filter out users who have not yet subscribed */
$match: {
/* "joined" is an ISODate field */
'subscription.joined': {$ne: null}
}
},
{
/* group by year and month of the subscription event */