Guardrails Challenge

This represents the solution to the GuardRails Challenge.

It consists of the following tech stack:

• A docker setup to serve the application in multiple containers hoisting the different services we need
• A backend that exposes a REST API using Node.js with Express. This API contains several services running inside of it and it's also connected to some services exposed in the docker environment:
  • Redis for caching purposes.
  • PM2 to handle clustering and auto-restart on failure.
  • Compression to increase response performance.
  • Swagger for API documentation.
  • Rate limiting to prevent issues with too many requests per second.
  • Sentry to log system errors and keep track of them.
  • Winston to do logging.
  • PostgreSQL as DB and Sequelize as abstraction.
  • Mocha + Node.js's assert module for testing.
• A frontend Dashboard built with React to display the data.

API Description

The API exposes 3 necessary endpoints for this to work:

• GET /scans-results to get the list of all Security Scan Results.
• GET /scans-results/{id} to get a single Security Scan Result item.
• POST /scans-results to create Security Scan Result items into the database.

The API is available on localhost:5000 in your local env after installing and running the containers.

The API documentation is exposed on localhost:5000/api-docs with Swagger.

Dashboard Description

The frontend dashboard is built with React using the latest React Hooks API.

This dashboard consists of 3 pages:

• The home page, which displays a list of Security Scan Results.
• The /scan-results/:id/findings page, which displays the list of findings for a certain Security Scan Result.
• The /create page which displays a form in order to add Security Scan Results into the system.

After initializing the containers, the dashboard will be available on http://localhost:3001/ in your local environment.

Install instructions

First you should install docker locally, this is due to the project running in a docker container. You won't need anything more, docker will download everything.

After installing docker, clone this repository. You'll notice an executable file docker-challenge, this file will help you running commands to specific containers.

You run ./docker-challenge up -d --build to start running the container and all dependencies.

DB Commands

• ./docker-challenge exec api npm run migrate to run migrations.
• ./docker-challenge exec api npm run unmigrate to revert migrations.
• ./docker-challenge exec api npm run generate-migration to generate a migration file.
• ./docker-challenge exec api npm run sequelize to run sequelize commands based on your needs.

Running the server

• ./docker-challenge exec api npm run build to transpile JS code to use ES6 in Node.js (no needed for dev).
• ./docker-challenge exec api npm run build:watch to auto-generate the transpiled files on changes.
• ./docker-challenge exec api npm start to run the server.

Notice that after starting the container, the server will be running already.

To Take into Consideration

We are using sequelize to manage DB operations.

Coming soon

• Important frontend test coverage.