Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Sep 25 12:38
    ckhatton commented #748
  • Sep 25 12:37
    ckhatton commented #748
  • Sep 25 08:33
    Casablanca94 edited #748
  • Sep 25 08:28
    Casablanca94 opened #748
  • Aug 29 00:32
    mde closed #477
  • Feb 06 12:46
    phanect commented #745
  • Feb 06 12:45
    phanect commented #745
  • Feb 06 12:02
    ckhatton commented #747
  • Feb 06 12:02
    ckhatton commented #747
  • Feb 06 11:59
    ckhatton commented #745
  • Feb 03 14:55
    phanect commented #745
  • Feb 03 14:54
    phanect commented #745
  • Feb 03 14:42
    phanect commented #745
  • Feb 03 14:20
    phanect edited #745
  • Feb 03 14:20
    phanect edited #745
  • Feb 03 14:19

    phanect on master

    Use Markdown syntax for the tit… Add deprecation notice Merge pull request #30 from pha… (compare)

  • Feb 03 14:19
    phanect closed #30
  • Feb 03 14:19
    phanect synchronize #30
  • Feb 03 14:09

    phanect on master

    Add deprecation notice on README Fix Gitter badge image URL Merge pull request #746 from ph… (compare)

  • Feb 03 14:09
    phanect closed #746
Jumpei Ogawa
@phanect
@der-On Thanks.
I just fixed it and after all CI tests passed, I will merge it, tag it as 13.0.8, and release it as npm.
Ondrej Brinkel
@der-On
wonderfull
Ondrej Brinkel
@der-On
@phanect can you add a test for this?
Jumpei Ogawa
@phanect
@der-On Ah... Sorry, I have already published
Ondrej Brinkel
@der-On
no problem. We can push another release 13.0.9
security holes should actually have tests :)
Jumpei Ogawa
@phanect
@der-On Ah, maybe we don't need 13.0.9 only for test coz' users will have nothing.
We can included it in the release which includes other updates.
I confirmed test directory and I felt there are not so many files.
Maybe we should create test for all changes to Geddy.

Well, and about test for this security hall...
I considered to add test, but I have no idea how to create unit test.

I'm wondering if we can create E2E test. (Not sure I should call this as E2E...)
I expect like this:

"Prevent Directory Traversal": function() {
  geddy();

  fetch("http://localhost:3000/../../test.csv", {
    method: "GET",
    body: // ...
  }).then(function(res) {
    expect(res.status).to.be(404);
})
Ondrej Brinkel
@der-On
@phanect yes. Actually In one of my projects I'm using some utils for geddy testing. I might just include it in core. For real HTTP tests I recommend supertest
I need to polish things up
and think about a nicer API
testing in geddy has been a bit of a pain
Jumpei Ogawa
@phanect
Year, current tests are traditional unit test, but it is a little bit different from real world usage.
In my corporate project, I used superagent for API testing and recently switched to WHATWG fetch, but supertest seems also good.
Ondrej Brinkel
@der-On
This message was deleted
Geddy-unit
Ondrej Brinkel
@der-On
I will try to extract my testing tools into a new "geddy-unit" module.
Ondrej Brinkel
@der-On
Anyone here with experience in postgres? I could need a helping hand with #263
Ondrej Brinkel
@der-On
That one is currently causing real trouble in a production app.
Jumpei Ogawa
@phanect
@der-On I have a little experience in postgres, but I don't know what is related to Postgres in #263.
Jumpei Ogawa
@phanect
@der-On Ah, sorry, something wrong in linking in my env. You meant geddy/model#263, right?
Ondrej Brinkel
@der-On
yeah
Jumpei Ogawa
@phanect

@mde @der-On Sorry for my slow action, but I just applied directory traversal fixes in #699 to v13 & v14 branches.

I haven't applied to master yet. I'm not sure how to apply the changes to master.
Is following way OK?:

git clone git@github.com:geddy/geddy.git
git checkout v13
git rebase master
git push --force origin master
Ondrej Brinkel
@der-On
I think we do not rebase. I personally do not like rebasing very much.
mostly we just merge stuff into master
Jumpei Ogawa
@phanect
Ah, year, merge is better in this case.
Then I will do following:
git clone git@github.com:geddy/geddy.git
git merge origin/v13
git push origin master
Pushed.
Jumpei Ogawa
@phanect
BTW now Gitter badge is added and IRC info is removed from README
Ondrej Brinkel
@der-On
nice
thank you
Ondrej Brinkel
@der-On
I'm currently not sure if geddy can be called "active" or if it kind of died?
I see a lot of new patterns arise (I use them too) currently and there are not really a lot of active developers in geddy. It's code base is also fairly old(school).
Personally I moved to express and not using frameworks, but modules instead.
Another problem I see is the impossibility of geddy to make use of express-based modules.
Jumpei Ogawa
@phanect
@der-On I see. I think Geddy is at least temporally dead for now, but I agree the possibility to arise.
Ondrej Brinkel
@der-On
I just found functional javascript to be more appealing and composable then anything else.
And I'm currently building everything using functional composition and middlewares.
It's a powerfull concept.
away from monolithic apps
Dan Finlay
@danfinlay
I just heard a guy plug Geddy on the Software Engineering Daily podcast, as an example of how JS has things "just like Rails" http://softwareengineeringdaily.com/2015/12/22/future-javascript-eric-elliott/
Curious if there's going to be an influx from that.
maq
@maqboolkhan
hello i have a weird question is geddy dead project?
Hugo Ruíz
@hugotown
@maqboolkhan , now i have the same question :/
maq
@maqboolkhan
geddy/geddy#715
Vipan kumar
@vipankumar1988_twitter
Hi
any body knows? why css/js path is changed on heroku to localhost?
like i need to add 'css/' or 'js/' in files for heroku
?