Skip to content

Full code refactor #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 15 commits into from
Closed

Full code refactor #4

wants to merge 15 commits into from

Conversation

@rotsen91
Copy link
Contributor

Performance Improvement

Description of the Change

The old code was messy, clunky and not well understood. Also, Although it was using TypeScript , it was not using TypeScripts full potential in regards of using types.

In this PR, I introduce a complete code change where I utilize TypeScripts full potential. I have also removed serialize and replaced it for TypeORM. In addition, we no longer have multiple endpoints as I have introduce an open-source data query and manipulation language created by Facebook called GraphQL.

This API uses RSA key/pair for authentication. The old code assumed that the sent signature was composed of the complete payload that a user is sending or requesting. This new code now requires users to only sign their UUID.

Couple of logical functionalities changed:

  1. Anyone can create an Organization.
  2. The first ever Organization that gets created, is automatically made into the Super Admin
    • Super Admins have the power to DeActivate Organizations with all CNA's under that Org included
  3. The first CNA of each Organization is the Admin for that Organization
    • No functionality created for now, but the possibilities exists.
  4. GraphQl contains a resolver called submitCVE. Purpose of this is for the client to send in their CVE, and once sent, a CVE ID is generated using the CVE-YEAR-XXXXX format.

Quantitative Performance Benefits

  • Database tables now have relationships between them.
  • No more multiple endpoints.
  • GraphQL makes it very easy for Open Source clients, only request the data they need.
  • Code base readability and maintainability increased.
  • Graphql playground with documentation.

db

playground

Possible Drawbacks

Verification Process

Applicable Issues

Release Notes

Complete code refactor was done.

@mattrbianchi
Copy link
Contributor

Hey Nestor! Glad to see you contributing to the CVE Services.

I wanted to let you know that we're looking through this, but right now there's a technicality that the text in the license file of the repo actually contained CC3 text instead of CC0, so there are some concerns with taking any contributions until we get that settled.

After that, and I do emphasize after, it would help if this PR was broken up into its individual components considering I don't want to risk it all being rejected on the basis that maybe the AWG doesn't want GraphQL as part of its services. As I can see currently, this could be five PRs: Changing the ORM, changing the authentication to only signing the UUID, improvements to the CNA business logic, swapping to the Jest test framework, and adding GraphQL.

So as soon as we get this licensing issue sorted out, I can work with you on separating out these changes. Until then, just sit tight and I'll get back to you.

@rotsen91
Copy link
Contributor Author

Makes sense separate them in different PR's like you suggest. Feel free to reach out to me. My email should be on my Git profile page.

@rotsen91 rotsen91 closed this Aug 29, 2019
cristina479 referenced this pull request in cristina479/cve-services Jun 17, 2021
@cristina479
Testing branch name extraction, test #4
867538c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rotsen91 @mattrbianchi