To Do List Securty, Linting, and Deployment

[jamestewartjr]

---

authors: "jamestewartjr" team_size: 2 goal_id: - title: To Do List Security, Linting, and Deployment created_at: - labels: practice published: false level: '2' redirect_from: "/goals/-"

To Do List Security, Linting, and Deployment

Challenge Rating

This goal will likely be within your ZPD if you...

• Can build basic websites with HTML, CSS & JavaScript
• Have familiarity with SQL
• Can build full-stack web applications with Express and Postgres
• Can install and use frameworks and libraries in your applications
• Are comfortable jumping into a new codebase
• Are familiar with software testing
• Are familiar with testing tools for the Node.js environment
• Are interested in building full-stack web applications
• Are interested in improving testing skills
• Are interested in website security
• Are interested in linting your code
• Are interested in deployment

Description

In this goal, you will hack a simple to-do list app, where you will exploit the site for XSS, CSRF vulnerabilities and SQL injections. At the same time, you will have linted code. You will have a deployed web app.

This goal is a great introduction to learning why website security is important and why developers should think about adding these protections for their users.

You'll be working with the [Express][npm-express] library for Node.js to help you scaffold and build the server-side logic of your application.

Most learners have used [Postgres][postgres] for their database and [pg-promise][npm-pg-promise] for connecting to a Postgres database from a Node.js app.

Context

At Learners Guild, the goal is to become a talented creator of full-stack web applications. This project is an excellent opportunity to see how all your various skills will come together to defend against security attacks.

When working on this goal, you'll encounter questions such as:

• How could your code become readable for you and other developers?
• How is your code written to allow vulnerabilities for your users?
• When and where will users run into errors, and how should the app respond to them?
• What are deployment and continuous integration?
• What is the UI needed to satisfy this user story?

Specifications

[ ] The application is linted with ESLint

• [ ] Project has a configured ESLint file.
• [ ] Code for each project meets formatting specs in ESLint file.
• [ ] Application has a command to lint code (example: $ npm run lint). [ ] The application is deployed to Heroku.
• [ ] All tests are passing.
• [ ] Application has a command to deploy to production (example: $ npm run deploy).
• [ ] Link to deployed application on Heroku is included in README.
• [ ] README includes “How to Deploy” instructions (setting environment variables, configuring databases, etc.) [ ] Continuous integration is configured.
• [ ] CI status badge is added to the README (example: Circle CI docs on status badge).
• [ ] CI is integrated with GitHub to run tests with each new pull request.
• [ ] The application uses a deploy hook (Heroku’s built in Deploy Hooks is a good option) to send email or Slack message with each new deploy.
• [ ] Where appropriate, tests are updated to match refactored code.
• [ ] The artifact produced is properly licensed, preferably with the [MIT license][mit-license].

Stretch

• [ ] Users can rearrange to do list items.
• [ ] Users can create multiple to-do lists.
• [ ] Users have their own account and can sign up and log in/out.

Resources

Tools

• Express [Express]: https://www.npmjs.com/package/express
• Babel [Babel]: https://www.npmjs.com/package/babel

[tannerwelsh]

Yo @jamestewartjr! Is this still in draft, or are you looking for a review of this goal?