tigertrade

command module
v0.0.0-...-6bfafd3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2017 License: MIT Imports: 4 Imported by: 0

README

TigerTrade

Build Status codecov Code Climate

The Princeton COS333 Project of Andrew Casey Evan Maryam Perry.

1. Running the server

This assumes you have initialized and migrated the database, and have Go and NPM installed.

make dev         # this installs dev dependencies
make install
make serve

2. Running the client

In another terminal, build and run with

make serve-client

Development

Server

make install                    Install all dependencies
make build                      Builds the server
make serve                      Runs a hot-reloading server for development
make test                       Runs the test suite
make test-server                Runs a pretty testing server

Client

yarn start                      Runs an auto-reloading dev server
yarn build                      Builds the client code
yarn test                       Runs the test suite

Both

make dev                        Builds a development environment
make clean                      Removes all temporary files
make purge                      Uninstalls all dependencies, removes temp files

For dependency management, we use govendor. Their documentation isn't all that clear, so here's a quick cheat sheet of relevant commands:

govendor fetch [github_url]     Installs a package into the vendor folder.
govendor sync                   Downloads all indicated dependencies.
govendor list                   List all installed packages

Stack

  • Go [Language]
    • net/http [Web Server]
  • Postgres [Database]
  • AWS S3 [Image Storage]
  • Cloudflare [DNS, CDN]
  • Heroku [Server]
  • Sentry [Error Reporting]
  • React [Frontend]
    • create-react-app for boilerplate
  • Wordnet

Sentry

We use Sentry to track errors. If you would like this, set the SENTRY_DSN environment variable.

In Go:

import "github.com/getsentry/raven-go"
_, err := DoSomeOperation()
if err != nil {
    raven.CaptureError(err, nil)
    log.Warning(err)
}

In Javascript:

import raven from 'raven-js';

callback(function(err, res) {
    if (err) {
        raven.captureException(err);
    }
});

Code Layout

client/             client code
server/             server code
hooks/              useful development hooks
node_modules/       Javascript dependencies
vendor/             Go dependencies

Security

We aim for Security by Simplicity--that is, taking simple approaches to development that make it as obvious as possible whether we have security issues.

Cross-Site Scripting: Since React doesn't actually parse HTML, our site is inherently XSS-resistant as long as everything we do is rendered using React (which we believe it is).

Cross-Site Request Forgery: We prevent CSRF attacks using the Origin and referrer headers, which is the simplest valid way to do so with a RESTful API.

SQL Injection: We prevent SQL injection by using prepared statements in our SQL.

Resource Overload: Rather than trying to secure the system against abusive use for images, we decided to set up our storage to log who uploads what image and delete images after a year. We have notifications set up if the amount stored exceeds a certain threshold, and can restrict photo uploads from there. We also reduce photo usage by resizing and compressing all photos. Additionally, we validate the filetypes of the uploaded images.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
models

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.