feat: fixed AWS creds to standards, improved email setup

Author: niftylettuce

template/.env.defaults

@@ -55,21 +55,20 @@ GOOGLE_CLIENT_SECRET=
 GOOGLE_CALLBACK_URL={{WEB_URL}}/auth/google/ok
 # used by `mandarin` translation package
 GOOGLE_TRANSLATE_KEY=
-# your AWS credentials from:
-# https://console.aws.amazon.com/s3/home
-AWS_IAM_KEY=
-AWS_IAM_SECRET=
-AWS_S3_BUCKET=
-AWS_CF_DI=
-AWS_CF_DOMAIN=
-AWS_ACCESS_KEY_ID={{AWS_IAM_KEY}}
-AWS_SECRET_ACCESS_KEY={{AWS_IAM_SECRET}}
 # your Postmark token from:
 # https//postmarkapp.com
 POSTMARK_API_TOKEN=
 # your CodeCov token from:
 # https://codecov.io
 CODECOV_TOKEN=
+# aws credentials
+# https://docs.aws.amazon.com/en_pv/sdk-for-javascript/v2/developer-guide/loading-node-credentials-shared.html
+# https://docs.aws.amazon.com/en_pv/sdk-for-javascript/v2/developer-guide/loading-node-credentials-environment.html
+# https://docs.aws.amazon.com/en_pv/sdk-for-javascript/v2/developer-guide/loading-node-credentials-json-file.html
+AWS_PROFILE=
+AWS_S3_BUCKET=
+AWS_CLOUDFRONT_DOMAIN=
+AWS_CLOUDFRONT_DISTRIBUTION_ID=
 
 #############
 ## mongodb ##

template/.env.schema

@@ -55,21 +55,20 @@ GOOGLE_CLIENT_SECRET=
 GOOGLE_CALLBACK_URL=
 # used by `mandarain` translation package
 GOOGLE_TRANSLATE_KEY=
-# your AWS credentials from:
-# https://console.aws.amazon.com/s3/home
-AWS_IAM_KEY=
-AWS_IAM_SECRET=
-AWS_S3_BUCKET=
-AWS_CF_DI=
-AWS_CF_DOMAIN=
-AWS_ACCESS_KEY_ID=
-AWS_SECRET_ACCESS_KEY=
 # your Postmark token from:
 # https//postmarkapp.com
 POSTMARK_API_TOKEN=
 # your CodeCov token from:
 # https://codecov.io
 CODECOV_TOKEN=
+# aws credentials
+# https://docs.aws.amazon.com/en_pv/sdk-for-javascript/v2/developer-guide/loading-node-credentials-shared.html
+# https://docs.aws.amazon.com/en_pv/sdk-for-javascript/v2/developer-guide/loading-node-credentials-environment.html
+# https://docs.aws.amazon.com/en_pv/sdk-for-javascript/v2/developer-guide/loading-node-credentials-json-file.html
+AWS_PROFILE=
+AWS_S3_BUCKET=
+AWS_CLOUDFRONT_DOMAIN=
+AWS_CLOUDFRONT_DISTRIBUTION_ID=
 
 #############
 ## mongodb ##

template/app/controllers/web/index.js

@@ -1,12 +1,19 @@
-const titleize = require('titleize');
+const { extname } = require('path');
+
 const _ = require('lodash');
+const titleize = require('titleize');
 
-const support = require('./support');
-const auth = require('./auth');
 const admin = require('./admin');
+const auth = require('./auth');
 const myAccount = require('./my-account');
+const support = require('./support');
 
 function breadcrumbs(ctx, next) {
+  // return early if its not a pure path (e.g. ignore static assets)
+  // and also return early if it's not a GET request
+  // and also return early if it's an XHR request
+  if (ctx.method !== 'GET' || extname(ctx.path) !== '') return next();
+
   const breadcrumbs = _.compact(ctx.path.split('/')).slice(1);
   ctx.state.breadcrumbs = breadcrumbs;
   ctx.state.meta.title = ctx.request.t(

template/config/index.js

@@ -3,20 +3,22 @@ const path = require('path');
 const Axe = require('axe');
 const Boom = require('@hapi/boom');
 const I18N = require('@ladjs/i18n');
+const _ = require('lodash');
 const base64ToS3 = require('nodemailer-base64-to-s3');
 const boolean = require('boolean');
 const consolidate = require('consolidate');
 const nodemailer = require('nodemailer');
-const strength = require('strength');
 const pino = require('pino');
+const manifestRev = require('manifest-rev');
+const strength = require('strength');
 const { Signale } = require('signale');
 
 const pkg = require('../package');
 const env = require('./env');
-const utilities = require('./utilities');
-const polyfills = require('./polyfills');
-const phrases = require('./phrases');
 const meta = require('./meta');
+const phrases = require('./phrases');
+const polyfills = require('./polyfills');
+const utilities = require('./utilities');
 
 const config = {
   // package.json
@@ -37,7 +39,14 @@ const config = {
     },
     send: env.SEND_EMAIL,
     juiceResources: {
-      preserveImportant: true
+      preserveImportant: true,
+      preserveFontFaces: false,
+      preserveMediaQueries: false,
+      preserveKeyFrames: false,
+      removeStyleTags: true,
+      insertPreservedExtraCss: false,
+      extraCss: false,
+      preservePseudos: false
     }
   },
   logger: {
@@ -67,17 +76,11 @@ const config = {
     directory: path.join(__dirname, '..', 'locales')
   },
 
-  aws: {
-    key: env.AWS_IAM_KEY,
-    accessKeyId: env.AWS_IAM_KEY,
-    secret: env.AWS_IAM_SECRET,
-    secretAccessKey: env.AWS_IAM_SECRET,
-    distributionId: env.AWS_CF_DI,
-    domainName: env.AWS_CF_DOMAIN,
-    params: {
-      Bucket: env.AWS_S3_BUCKET
-    }
-  },
+  // <https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#constructor-property>
+  aws: {},
+
+  // build directory
+  buildBase: 'build',
 
   // templating
   views: {
@@ -180,6 +183,9 @@ const config = {
   lastLocaleField: 'last_locale'
 };
 
+// set build dir based off build base dir name
+config.buildDir = path.join(__dirname, '..', config.buildBase);
+
 // add lastLocale configuration path name to both email-templates and i18n
 config.i18n.lastLocaleField = config.lastLocaleField;
 config.email.lastLocaleField = config.lastLocaleField;
@@ -194,6 +200,16 @@ const i18n = new I18N({
   logger
 });
 
+// add manifest helper for rev-manifest.json support
+config.manifest = path.join(config.buildDir, 'rev-manifest.json');
+config.views.locals.manifest = manifestRev({
+  prepend:
+    env.AWS_CLOUDFRONT_DOMAIN && env.NODE_ENV === 'production'
+      ? `//${env.AWS_CLOUDFRONT_DOMAIN}/`
+      : '/',
+  manifest: config.manifest
+});
+
 // add pug filter for easy translation of nested blocks
 config.views.locals.filters.translate = function(...args) {
   return i18n.api.t(...args);
@@ -215,13 +231,6 @@ config.email.transport = nodemailer.createTransport({
   logger,
   debug: boolean(env.TRANSPORT_DEBUG)
 });
-config.email.transport.use(
-  'compile',
-  base64ToS3({
-    cloudFrontDomainName: env.AWS_CF_DOMAIN,
-    aws: config.aws
-  })
-);
 
 config.email.views = { ...config.views };
 config.email.views.root = path.join(__dirname, '..', 'emails');
@@ -231,4 +240,28 @@ config.email.juiceResources.webResources = {
   images: true
 };
 
+config.email.transport.use(
+  'compile',
+  base64ToS3({
+    aws: _.merge(config.aws, {
+      params: {
+        Bucket: env.AWS_S3_BUCKET
+      }
+    }),
+    cloudFrontDomainName: env.AWS_CLOUDFRONT_DOMAIN,
+    fallbackDir: path.join(config.buildDir, 'img', 'nodemailer'),
+    fallbackPrefix: `${config.urls.web}/img/nodemailer/`,
+    logger
+  })
+);
+
+if (
+  !config.email.juiceResources.webResources.images ||
+  env.NODE_ENV !== 'production'
+)
+  config.email.views.locals.manifest = manifestRev({
+    prepend: `${config.urls.web}/`,
+    manifest: config.manifest
+  });
+
 module.exports = config;

template/emails/_footer.pug

@@ -1,7 +1,7 @@
 footer.py-3.mt-3
   .container.text-center
     a(href=config.urls.web)
-      img(src='/img/logo-square.svg', width=100, height=100, alt='').d-inline-block.align-middle
+      img(src=manifest('img/logo-square.svg'), width=100, height=100, alt='').d-inline-block.align-middle
     ul.m-0.p-0.text-muted.py-3
       li.d-inline: small: a(href=`${config.urls.web}/support`)= t('Support')
       li.d-inline.mx-1: small •

template/emails/_nav.pug

@@ -1,6 +1,6 @@
 nav.bg-light.border.border-top-0.border-left-0.border-right-0.navbar.navbar-light
   a(href=config.urls.web).navbar-brand
-    img(src='/img/logo-square.svg', width=30, height=30, alt='').d-inline-block.align-middle
+    img(src=manifest('img/logo-square.svg'), width=30, height=30, alt='').d-inline-block.align-middle
     = ' '
     != png2x({ text: config.appName, fontSize: 30, backgroundColor: '#f8f9fa', fontNameOrPath: 'Bitter Regular' })
   .navbar-expand

template/emails/account-updated/html.pug

@@ -0,0 +1,16 @@
+
+extends ../layout
+
+block content
+  .container.mt-3
+    .card
+      h5.card-header Account information updated
+      .card-body
+        .card-text
+          p= `${user[config.passport.fields.givenName] ? user[config.passport.fields.givenName] : t('Hello')},`
+          p= t(`The following changes were made to your account:`)
+          ul.list-group.list-group-flush
+            each change in changes
+              li.list-group-item= change
+          p= t('If you did not intend for this information to be updated, then please reply to let us know.')
+        a.btn.btn-lg.btn-block.btn-success(href=link, role="button")= t('Change your password')

template/emails/account-updated/subject.pug

@@ -0,0 +1 @@
+= `${emoji('white_check_mark')} ${user[config.passport.fields.givenName] ? `${user[config.passport.fields.givenName]}, ${t('your account information was updated')}` : t('Account information updated')}`

template/gulpfile.js

@@ -1,10 +1,12 @@
 const path = require('path');
 
+const AWS = require('aws-sdk');
+const _ = require('lodash');
+const awscloudfront = require('gulp-awspublish-cloudfront');
 const awspublish = require('gulp-awspublish');
 const babelify = require('@ladjs/babelify');
 const browserify = require('browserify');
 const buffer = require('vinyl-buffer');
-const cloudfront = require('gulp-cloudfront');
 const collapser = require('bundle-collapser/plugin');
 const commonShake = require('common-shakeify');
 const cssnano = require('cssnano');
@@ -47,28 +49,36 @@ process.env.I18N_UPDATE_FILES = true;
 
 const env = require('./config/env');
 const config = require('./config');
+const logger = require('./helpers/logger');
 
 const PROD = config.env === 'production';
 const DEV = config.env === 'development';
 const TEST = config.env === 'test';
-
 const staticAssets = [
   'assets/**/*',
   '!assets/css/**/*',
   '!assets/img/**/*',
   '!assets/js/**/*'
 ];
-
 const manifestOptions = {
   merge: true,
-  base: 'build'
+  base: config.buildBase
 };
 
+// set aws logger
+AWS.config.logger = logger;
+
 function publish() {
   // create a new publisher
-  const publisher = awspublish.create(config.aws);
+  const publisher = awspublish.create(
+    _.merge(config.aws, {
+      params: {
+        Bucket: env.AWS_S3_BUCKET
+      }
+    })
+  );
   return (
-    src(['build/**/*', '!build/rev-manifest.json'])
+    src([`${config.buildBase}/**/*`, `!${config.manifest}`])
       // gzip, Set Content-Encoding headers and add .gz extension
       .pipe(awspublish.gzip())
       // publisher will add Content-Length, Content-Type
@@ -83,7 +93,7 @@ function publish() {
       .pipe(publisher.cache())
       // print upload updates to console
       .pipe(awspublish.reporter())
-      .pipe(cloudfront(config.aws))
+      .pipe(awscloudfront(env.AWS_CLOUDFRONT_DISTRIBUTION_ID))
   );
 }
 
@@ -105,12 +115,10 @@ function img() {
         use: [pngquant()]
       })
     )
-    .pipe(dest('build'))
+    .pipe(dest(config.buildBase))
     .pipe(gulpif(DEV, lr(config.livereload)))
-    .pipe(
-      gulpif(PROD, rev.manifest('build/rev-manifest.json', manifestOptions))
-    )
-    .pipe(gulpif(PROD, dest('build')));
+    .pipe(gulpif(PROD, rev.manifest(config.manifest, manifestOptions)))
+    .pipe(gulpif(PROD, dest(config.buildBase)));
 }
 
 function scss() {
@@ -134,7 +142,7 @@ function css() {
     .pipe(
       postcss([
         fontMagician({
-          hosted: [path.join(__dirname, 'build', 'fonts'), '/fonts']
+          hosted: [path.join(__dirname, config.buildBase, 'fonts'), '/fonts']
         }),
         unprefix(),
         postcssPresetEnv(),
@@ -145,12 +153,10 @@ function css() {
     )
     .pipe(gulpif(PROD, rev()))
     .pipe(sourcemaps.write('./'))
-    .pipe(dest('build'))
+    .pipe(dest(config.buildBase))
     .pipe(gulpif(DEV, lr(config.livereload)))
-    .pipe(
-      gulpif(PROD, rev.manifest('build/rev-manifest.json', manifestOptions))
-    )
-    .pipe(gulpif(PROD, dest('build')));
+    .pipe(gulpif(PROD, rev.manifest(config.manifest, manifestOptions)))
+    .pipe(gulpif(PROD, dest(config.buildBase)));
 }
 
 function xo() {
@@ -161,7 +167,7 @@ function xo() {
 }
 
 function eslint() {
-  return src('build/**/*.js', { since: lastRun(eslint) })
+  return src(`${config.buildBase}/**/*.js`, { since: lastRun(eslint) })
     .pipe(
       gulpEslint({
         allowInlineConfig: false,
@@ -198,12 +204,10 @@ function js() {
     .pipe(gulpif(PROD, uglify()))
     .pipe(gulpif(PROD, rev()))
     .pipe(sourcemaps.write('./'))
-    .pipe(dest('build'))
+    .pipe(dest(config.buildBase))
     .pipe(gulpif(DEV, lr(config.livereload)))
-    .pipe(
-      gulpif(PROD, rev.manifest('build/rev-manifest.json', manifestOptions))
-    )
-    .pipe(gulpif(PROD, dest('build')));
+    .pipe(gulpif(PROD, rev.manifest(config.manifest, manifestOptions)))
+    .pipe(gulpif(PROD, dest(config.buildBase)));
 }
 
 function remark() {
@@ -222,11 +226,11 @@ function static() {
     base: 'assets',
     allowEmpty: true,
     since: lastRun(static)
-  }).pipe(dest('build'));
+  }).pipe(dest(config.buildBase));
 }
 
 function clean() {
-  return del(['build']);
+  return del([config.buildBase]);
 }
 
 const build = series(