Update TaskMuncher to use React BrowserRouter

Using BrowserRouter rather than HashRouter

Update TaskMuncher to use React BrowserRouter

by John Vincent


Posted on January 25, 2019


Let's discuss updating TaskMuncher to use BrowserRouter rather than HashRouter.

TaskMuncher Version 3

TaskMuncher Version 3 also has some changes to address various ESLint problems.

For extensive discussions regarding TaskMuncher, please see TaskMuncher Overview

React HashRouter

HashRouter works great. It produces urls with, well, hashes, which some people love and which others love not quite so much. For example

https://www.taskmuncher.com/#/starred

Replace with BrowserRouter

Routes will now be of the form

https://www.taskmuncher.com/starred

which is probably what most users will expect to see.

Update TaskMuncher

All routes are in /routes/index.jsx, which allows for

  • Simple application architecture
  • Code that is easy to build and maintain
  • Provides for simple code splitting
  • Easily allows for components that extend the behavior of routing. For example PrivateRoute and SignedInRoute

To replace HashRouter with BrowserRouter, change

import { HashRouter as Router, Route, Switch, Redirect } from 'react-router-dom';

to

import { BrowserRouter as Router, Route, Switch, Redirect } from 'react-router-dom';

Anchor

Use of anchor tag now has to refer only to external urls. All else must use the Link tag from 'react-router-dom'

For example, changed

<a href="#join">Sign up here</a>

to

<Link to="/join">Sign up here</Link>

Node Server

Several emails contained TaskMuncher Urls. config/email.js was changed to create Urls without the hash tag.

Dev Server

Update webpack.config.js, added publicPath: '/',

if (!PRODUCTION_MODE) {
	config.output = {
		path: DIST_FOLDER,
		publicPath: '/',
		chunkFilename: '[name].bundle.js',
		filename: '[name].bundle.js'
	};

Update webpack.config.js, added historyApiFallback: true,

config.devServer = {
		contentBase: DIST_FOLDER,
		compress: false,
		// inline: true,
		port: 8065,
		clientLogLevel: 'info',
		historyApiFallback: true,
		proxy: {
			'/api/**': {
				target: 'http://localhost:3001',
				changeOrigin: true,
				secure: false
			}
		}
	};

Production Server

The switch to BrowserRouter revealed a basic weakness.

An attempt to access a non-existent endpoint would cause a 404.

Let's fix that.

TaskMuncher nginx config, add

   location / {
      try_files $uri /index.html;
    }

after server_name, thus

    server_name www.taskmuncher.com;

   location / {
      try_files $uri /index.html;
    }

Sidebar

The sidebar menu options are now dynamic and only display if there is data related to the menu option.

Admin Subsystem

Added delete user for an Admin user.

Encrypted Passwords

A late change in V2 regarding encrypted passwords caused a problem with Change Password. This was fixed in api/reset/reset.controller.js

ESLint changes

Added to package.json scripts section

"lint": "eslint 'src/**/*.{js,jsx}' --quiet",

Running the command revealed some problems.

Toggling state

A common problem. Although not causing any problems, the original code is not strictly correct.

For example MemberMain.jsx

toggleAddGoalDialog = () => this.setState({ addGoalDialogOpen: !this.state.addGoalDialogOpen });

should use a callback, thus was changed to

toggleAddGoalDialog = () => this.setState(prevState => ({ addGoalDialogOpen: !prevState.addGoalDialogOpen }));

or more simply, HomeLayout.jsx

this.setState({ mobileOpen: !this.state.mobileOpen });

was changed to

this.setState(prevState => ({ mobileOpen: !prevState.mobileOpen }));

Contact.jsx

this.setState({	...this.state, ...errors });

was changed to

this.setState(prevState => ({ ...prevState, ...errors }));

Vulnerability

npm install shows

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details

npm audit shows

Package: webpack-dev-server
High: Missing Origin Validation
More Info: https://nodesecurity.io/advisories/725

Advisories are now to be found at npm, for example

https://www.npmjs.com/advisories/725

Overview

Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.

Remediation

Update to version 3.1.11 or later.

The Fix

npm install --save-dev webpack-dev-server@3.1.14 

Vulnerability

npm audit shows

Package: morgan
High: Missing Origin Validation
More Info: https://nodesecurity.io/advisories/736

Overview

Versions of morgan before 1.9.1 are vulnerable to code injection when user input is allowed into the filter or combined with a prototype pollution attack.

Remediation

Update to version 1.9.1 or later.

The Fix

npm install morgan@1.9.1 

Calendar

Update react-big-calendar to the latest version.

npm install --save react-big-calendar@0.20.3 

Copy the css from

react-big-calendar/lib/css/react-big-calendar.css

to

components/calendar/react-big-calendar.scss

Material-UI Pickers

material-ui-pickers issuing warnings about Material-UI deprecations.

Update material-ui-pickers to the latest version.

npm install --save material-ui-pickers@2.1.2

the later version now requires

npm install --save @date-io/moment

The date pickers require a change from

import MomentUtils from 'material-ui-pickers/utils/moment-utils';
import MuiPickersUtilsProvider from 'material-ui-pickers/utils/MuiPickersUtilsProvider';

to

import MomentUtils from '@date-io/moment';
import MuiPickersUtilsProvider from 'material-ui-pickers/MuiPickersUtilsProvider';