prl-citizen-frontend

Updated with Release 4.0

Getting Started

Prerequisites

Running the application requires the following tools to be installed in your environment:

• Node.js v12.0.0 or later
• yarn
• Docker

Running the application

Install dependencies by executing the following command:

$ yarn install

Bundle:

$ yarn webpack

Run:

$ yarn start

The applications's home page will be available at https://localhost:3001

Running with CFTLib

The application can be run so it works in a local development environment that uses CFTLib to provide the backend services.

$ yarn start:cftlib

The applications's home page will be available at https://localhost:3005

Running with Docker

Create docker image:

  docker-compose build

Run the application by executing the following command:

  docker-compose up

This will start the frontend container exposing the application's port (set to 3001 in this template app).

In order to test if the application is up, you can visit https://localhost:3001 in your browser. You should get a very basic home page (no styles, etc.).

Developing

Code style

We use ESLint alongside sass-lint

Running the linting with auto fix:

$ yarn lint --fix

Running the tests

This template app uses Jest as the test engine. You can run unit tests by executing the following command:

$ yarn test

Functional End-to-End (E2E) Tests

Functional end-to-end (E2E) tests are hosted in the prl-e2e-tests repository.

Smoke tests from this repository are executed by triggering a build job in Jenkins.

To run E2E tests on your PR build, add the label enable-prl-e2e-tests. This will initiate a Playwright smoke test. Developers should add this label when their changes are ready for code review.

The smoke test is run against AAT in the master build.

How to single jest test and see details : jest src/main/steps/tasklistresponse/summary/postController.test.ts --detectOpenHandles

Security

CSRF prevention

Cross-Site Request Forgery prevention has already been set up in this template, at the application level. However, you need to make sure that CSRF token is present in every HTML form that requires it. For that purpose you can use the csrfProtection macro, included in this template app. Your njk file would look like this:

{% from "macros/csrf.njk" import csrfProtection %}
...
<form ...>
  ...
    {{ csrfProtection(csrfToken) }}
  ...
</form>
...

Helmet

This application uses Helmet, which adds various security-related HTTP headers to the responses. Apart from default Helmet functions, following headers are set:

• Referrer-Policy
• Content-Security-Policy

There is a configuration section related with those headers, where you can specify:

• referrerPolicy - value of the Referrer-Policy header

Here's an example setup:

    "security": {
      "referrerPolicy": "origin",
    }

Make sure you have those values set correctly for your application.

Troubleshooting

Managing Preview environment PODs

Make sure you have added the label 'enable_keep_helm' while creating the PR. Otherwise, add the label and re-trigger the build.

Healthcheck

The application exposes a health endpoint (https://localhost:3001/health), created with the use of Nodejs Healthcheck library. This endpoint is defined in health.ts file. Make sure you adjust it correctly in your application. In particular, remember to replace the sample check with checks specific to your frontend app, e.g. the ones verifying the state of each service it depends on.

License

This project is licensed under the MIT License - see the LICENSE file for details

Luxon Cheatsheet

Luxon is a time/date library for parsing, validating, manipulating and formatting dates in JavaScript. https://moment.github.io/luxon/#/formatting?id=table-of-tokens