Remove mongolab addon from Heroku deploy #215
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collection drop commands were sent without waiting for their completion. The userId counter insert could complete before the counter collection drop. In that case the new counter would be deleted
* Make the web service connect to the mongo service, not mLab * Update readme to remove the "change config" step * Import NODE_ENV into the web service so the appropriate config is used
* Skip devDependency install by default * Use lowercase NODE_ENV so Heroku can strip devDependencies in production
* MONGOLAB_URI isn't needed as the mongolab addon has been removed * Removed the old mlab connection URI as that database will be deleted * Default db is localhost:27017, for all other cases set MONGODB_URI (don't commit database credentials to a public repo)
* Heroku section includes database set up instructions * "Remote MongoDB" sections cover Atlas instead of mLab * "Remote MongoDB" sections use MONGODB_URI env var (don't commit DB password) * Adjusted layout and fixed some typos
|
Added the updated instructions to the PR. As well as updating the instructions to cover Atlas instead of mLab, there are some structural changes. The main one is that Heroku is now the last option on the list. The loss of the mLab addon makes it a lot less convenient, as database setup is now required. Also, the local MongoDB and docker setups have become easier to use because they work with the default settings. The last thing needed to complete this PR is an updated A1 tutorial with a warning that the NoSQL injection vulnerability isn't demonstrable when using Atlas M0. Feel free to reply in the meantime with any feedback on the documentation or the functional changes. |
Also corrected the example connection string, which was in the wrong format
* Moved examples for NoSQL and SSJS attacks into a new panel * Added a note to the new panel about Atlas M0 (doesn't support js queries) * Updated log injection section formatting to match the others
ckarande
approved these changes
Nov 10, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As raised in #212, mLab is shutting down their mongolab Heroku addon on November 10th 2020. This is a WIP pull request containing the changes to remove the addon and update documentation.
The functional changes are complete and the next step is the documentation. I'm posting this draft so contributors can comment on the general approach and give feedback on the documentation changes once they are added.
This branch cannot be merged until after PR #214, and it also requires the docker-compose fix from my fix/mongodb-uri branch. It also includes a change to speed up Cypress tests, which can be pulled out if required.
Tasks:
"")A1 - Injectionto say NoSQL injection is blocked on deployments using Atlas M0