Merge pull request #2371 from sjiang-cb/g11n-js-client

[JSCLient]Solve potential security issues.

.github/workflows/node.js.yml

@@ -57,7 +57,7 @@ jobs:
     if: needs.pre-process.outputs.were-only-docs-updated != 'yes'
     strategy:
       matrix:
-        node-version: [10.x]
+        node-version: [14.x]
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
@@ -137,7 +137,7 @@ jobs:
     if: needs.pre-process.outputs.were-only-docs-updated != 'yes'
     strategy:
       matrix:
-        node-version: [10.x]
+        node-version: [14.x]
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
@@ -170,7 +170,7 @@ jobs:
           docker ps
           cd $GITHUB_WORKSPACE
           cd g11n-js-client
-          sed -i 's:@vip/vip-core-sdk-server:@vip/vip-core-sdk-dev:' package.json
+          sed -i 's:@singleton-i18n/js-core-sdk-server:@vip/vip-core-sdk-dev:' package.json
           npm install --registry https://registry.npmjs.org
           npm link
           cd $GITHUB_WORKSPACE/devops/autotest/client/jscoresdk
@@ -180,5 +180,3 @@ jobs:
           echo $str Smoke Test Start $str
           ./node_modules/.bin/jest
           echo $str Smoke Test End $str
-
-

README.md

@@ -47,25 +47,25 @@ Package the client library
 npm pack
 ```
 
-The library will be packaged in the same directory (eg. vip-vip-core-sdk-server-0.4.1.tgz)
+The library will be packaged in the same directory (eg. singleton-i18n-js-core-sdk-server-0.5.7.tgz)
 
 Import the library in your ES2015 application
 
 ```
 cd <root path of your app>
-npm install <path-to-location-of-library-in-previous-step/vip-vip-core-sdk-server-0.4.1.tgz>
+npm install <path-to-location-of-library-in-previous-step/singleton-i18n-js-core-sdk-server-0.5.7.tgz>
 ```
 
 Configure your main module file :
 
 ```js
-const vipCore = require('@vip/vip-core-sdk-server');
+const singletonCore = require('@singleton-i18n/js-core-sdk-server');
 const bundle = require('./source.l10n');
 
 module.exports.handle = (req, res, next) => {
     let currentLanguage = 'zh-Hans';
     let currentRegion = 'CN'
-    let i18nClient = vipCore.i18nClient.createInstance(
+    let i18nClient = singletonCore.i18nClient.createInstance(
         {
             productID: 'CoreSDK',
             version: '1.0.0',
@@ -75,9 +75,9 @@ module.exports.handle = (req, res, next) => {
             region: currentRegion,
             sourceBundles: [ bundle.ENGLISH ],
             i18nScope: [
-                vipCore.PatternCategories.DATE,
-                vipCore.PatternCategories.NUMBER,
-                vipCore.PatternCategories.CURRENCIES
+                singletonCore.PatternCategories.DATE,
+                singletonCore.PatternCategories.NUMBER,
+                singletonCore.PatternCategories.CURRENCIES
             ],
             isPseudo: false,
         }

package.client.json

@@ -1,12 +1,12 @@
 {
-    "name": "@vip/vip-core-sdk",
-    "version": "0.5.6",
+    "name": "@singleton-i18n/js-core-sdk",
+    "version": "0.5.7",
     "publishConfig": {
         "registry": ""
     },
-    "description": "A JavaScript VIP client library for internationalization and localization that leverage data from Singleton service. The library works both for the browser and as a Node.js module.",
+    "description": "A JavaScript Singleton client library for internationalization and localization that leverage data from Singleton service. The library works both for the browser and as a Node.js module.",
     "license": "EPL-2.0",
-    "main": "./bundles/vip.core.umd.js",
+    "main": "./bundles/singleton.core.umd.js",
     "module": "./dist/index.js",
     "typings": "./dist/index.d.ts",
     "repository": {
@@ -22,12 +22,12 @@
         "i18n",
         "l10n",
         "node",
-        "VIP"
+        "Singleton"
     ],
     "scripts": {
-        "compile": "tsc -p ./ --outDir dist/",
+        "compile": "rimraf dist && tsc -p ./ --outDir dist/",
         "build": "webpack",
-        "prepublish": "tsc -p ./ --outDir dist/ && npm run build",
+        "prepublish": "rimraf dist && tsc -p ./ --outDir dist/ && npm run build",
         "jest": "NODE_ENV=test jest -c jest.config.json",
         "test": "rimraf dist && npm run jest"
     },
@@ -47,13 +47,22 @@
         "ts-node": "^7.0.1",
         "tslint": "^5.11.0",
         "tslint-loader": "^3.5.4",
-        "typescript": "~3.4.5",
+        "typescript": "^4.4.4",
         "typescript-loader": "^1.1.3",
         "typings": "^2.1.1",
         "webpack": "^4.20.2",
         "webpack-cli": "^3.3.0"
     },
     "changelogHistory": [
+        {
+            "date": "06/05/23",
+            "version": "0.5.7",
+            "notes": [
+                {
+                    "description": "Solve potential security issues."
+                }
+            ]
+        },
         {
             "date": "02/22/23",
             "version": "0.5.6",

package.json

@@ -1,12 +1,12 @@
 {
-    "name": "@vip/vip-core-sdk-server",
-    "version": "0.5.6",
+    "name": "@singleton-i18n/js-core-sdk-server",
+    "version": "0.5.7",
     "publishConfig": {
         "registry": ""
     },
-    "description": "A JavaScript VIP client library for internationalization and localization that leverage data from Singleton service. The library works both for the browser and as a Node.js module.",
+    "description": "A JavaScript Singleton client library for internationalization and localization that leverage data from Singleton service. The library works both for the browser and as a Node.js module.",
     "license": "EPL-2.0",
-    "main": "./bundles/vip.core.umd.server.js",
+    "main": "./bundles/singleton.core.umd.server.js",
     "module": "./dist/index.js",
     "typings": "./dist/index.d.ts",
     "repository": {
@@ -22,7 +22,7 @@
         "i18n",
         "l10n",
         "node",
-        "VIP"
+        "Singleton"
     ],
     "scripts": {
         "compile": "rimraf dist && tsc -p ./ --outDir dist/",
@@ -47,13 +47,22 @@
         "ts-node": "^7.0.1",
         "tslint": "^5.11.0",
         "tslint-loader": "^3.5.4",
-        "typescript": "~3.4.5",
+        "typescript": "^4.4.4",
         "typescript-loader": "^1.1.3",
         "typings": "^2.1.1",
         "webpack": "^4.20.2",
         "webpack-cli": "^3.3.0"
     },
     "changelogHistory": [
+        {
+            "date": "06/05/23",
+            "version": "0.5.7",
+            "notes": [
+                {
+                    "description": "Solve potential security issues."
+                }
+            ]
+        },
         {
             "date": "02/22/23",
             "version": "0.5.6",

samples/client/js/README.md

@@ -12,7 +12,7 @@
 - You can load the translation by two ways, either from the Singleton service or from your predefined sources. If you want to use custom sources you have to add them in the src/translations
   with the following format: translation_locale.json and uncomment the code in the src/i18n.utils.js on row 30. The src/translations/translation_zh.json is example. 
 ```
-"@vip/vip-core-sdk": "file:../../../vip-vip-core-sdk-0.4.2.tgz"
+"@singleton-i18n/js-core-sdk": "file:../../../singleton-i18n-js-core-sdk-0.5.7.tgz"
 ```
 
 ## Install
@@ -38,5 +38,5 @@ open: http://localhost:3000/example
 # In the dev tools terminal change the lang
 
 ```
-$ document.cookie = "language=zh"
+$ document.cookie = "vcs_locale=zh"
 ```

samples/client/js/index.js

@@ -1,14 +1,28 @@
 /*
- * Copyright 2019-2021 VMware, Inc.
+ * Copyright 2019-2023 VMware, Inc.
  * SPDX-License-Identifier: EPL-2.0
  */
 const express = require('express');
 const path = require('path');
 
+// set up rate limiter: maximum of five requests per minute
+const RateLimit = require('express-rate-limit');
+const limiter = RateLimit({
+  windowMs: 1 * 60 * 1000, // 1 minute
+  max: 5
+});
+
 const app = express();
 const port = process.env.PORT || 3000;
 
-app.use(express.static(__dirname));
+// apply rate limiter to all requests
+app.use(limiter);
+
+app.use ('/dist',express.static(__dirname + '/dist/'));
+
+app.use ('/assets',express.static(__dirname + '/assets/'));
+
+app.use ('/src/translations',express.static(__dirname + '/src/translations'));
 
 app.get('/', (req, res) => {
   res.send(`Welcome to the static localizer. Navigate to /example`);