Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@bloom-housing/backend-core
Advanced tools
Listings service reference implementation for the Bloom affordable housing system
This package is a NestJS application that provides a core set of backend services via REST API endpoints to apps using the Bloom Housing framework. Information is stored in a Postgres database, accessed via TypeORM.
OpenAPI (fka Swagger) documentation is automatically generated by the server at http://localhost:3100/docs/
for a standard local development environment. A raw JSON version of the schema is also available at /docs-json/
, suitable for API client code generation or other code-based consumers.
brew install node@14.
brew install postgresql
brew install redis
.env.template
within backend/core
to .env
and edit variables appropriate to your local environment. Ensure sure the Database URL and Test Database URL match your Postgres configuration.yarn install
within backend/core
To start Redis:
redis-server
.
To launch Redis as background service and restart at login:
brew services start redis
.
Test if Redis is working:
redis-cli ping
There are two databases used in this project: bloom
and bloom_test
. The first is used every time you are starting a project with yarn dev
and second one is only used in end-to-end tests. Corresponding TypeORM configs are defined in ormconfig.ts
and ormconfig.test.ts
.
If you are just starting to work with the projects it's best to simply run:
yarn && yarn db:reseed
which will create the bloom
DB for you, migrate it to the latest schema, and seed with appropriate dev data. If running the reseed command requires that you input a password for Postgres, set the following environment variables: PGUSER
to postgres and PGPASSWORD
to the default password you inputted for the postgres user during Postgres installation. If you get the FATAL: database "<user>" does not exist
error please run: createdb <user>
first.
Dropping the DB:
yarn db:drop
Creating the DB:
yarn db:create
Seeding the DB:
yarn db:seed
Generating a new migration:
yarn db:migration:generate
Applying migrations:
yarn db:migration:run
End-to-end tests:
yarn test:e2e:local
Unit tests:
yarn test
The backend keeps translations for email related content in the DB in the translations
table.
The /translations
endpoint exposes CRUD operations on this table (admin only).
Translations are defined for each county code and language pair e.g. (Alameda, en). To modify a particular
translation pair:
GET /translations
and list all the translationsPUT /translations/:translationId
to modify it's contentName | Description | Default | Type |
---|---|---|---|
PORT | Port number the server will listen to for incoming connections | 3100 | number |
NODE_ENV | Controls build optimization and enables some additional logging when set to development | development | "development" | "production" |
DATABASE_URL | Database connection | postgres://localhost/bloom | string |
TEST_DATABASE_URL | Test database connection | postgres://localhost/bloom_test | string |
REDIS_TLS_URL | Secure Redis connection | rediss://127.0.0.1:6379/ | string |
REDIS_URL | TCP Redis connection string | redis://127.0.0.1:6379/0 | string |
REDIS_USE_TLS | Flag controlling the use of TLS or unsecure transport for Redis | 0 | 0 | 1 |
THROTTLE_TTL | Rate limit TTL in seconds (currently used only for application submission endpoint) | 60 | number |
THROTTLE_LIMIT | Max number of operations in given time window THROTTLE_TTL after which HTTP 429 Too Many Requests will be returned by the server | 2 | number |
EMAIL_API_KEY | Sendgrid API key (see sendgrid docs for creating API keys | Available internally | string |
APP_SECRET | Secret used for signing JWT tokens (generate it with e.g. openssl rand -hex 48 ) | Available internally | string |
PARTNERS_PORTAL_URL | URL for partners site | http://localhost:3001 | string |
FAQs
Listings service reference implementation for the Bloom affordable housing system
We found that @bloom-housing/backend-core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.