merge latest changes

.eslintrc.yml

@@ -0,0 +1,18 @@
+env:
+  browser: true
+  node: true
+  mocha: true
+extends: 'eslint:recommended'
+rules:
+  indent:
+    - error
+    - 2
+  linebreak-style:
+    - error
+    - unix
+  quotes:
+    - error
+    - single
+  semi:
+    - error
+    - always

Procfile

@@ -0,0 +1 @@
+web: npm start

README.md

@@ -1,107 +1,86 @@
-# Tone Analyzer Node.js Starter Application
-[![Build Status](https://travis-ci.org/watson-developer-cloud/tone-analyzer-nodejs.svg?branch=master)](http://travis-ci.org/watson-developer-cloud/tone-analyzer-nodejs)
-[![codecov.io](https://codecov.io/github/watson-developer-cloud/tone-analyzer-nodejs/coverage.svg?branch=master)](https://codecov.io/github/watson-developer-cloud/tone-analyzer-nodejs?branch=master)
+# Tone Analyzer Starter Application [![Build Status](https://travis-ci.org/watson-developer-cloud/tone-analyzer-nodejs.svg?branch=master)](http://travis-ci.org/watson-developer-cloud/tone-analyzer-nodejs)
 
-  The IBM Watson [Tone Analyzer][service_url] service is a cognitive linguistic analysis service that detects three types of tones from written text: emotions, social tendencies, and writing style. Emotions identified include things like anger, fear, joy, sadness, and disgust. Identified social tendencies include things from the Big Five personality traits used by some psychologists. These include openness, conscientiousness, extraversion, agreeableness, and neuroticism. Identified writing styles include confident, analytical, and tentative.
+  The IBM Watson [Tone Analyzer][docs] service is a cognitive linguistic analysis service that detects three types of tones from written text: emotions, social tendencies, and writing style. Emotions identified include things like anger, fear, joy, sadness, and disgust. Identified social tendencies include things from the Big Five personality traits used by some psychologists. These include openness, conscientiousness, extraversion, agreeableness, and neuroticism. Identified writing styles include confident, analytical, and tentative.
 
-Give it a try! Click the button below to fork into IBM DevOps Services and deploy your own copy of this application on Bluemix.
+## Getting started
 
-[![Deploy to Bluemix](https://bluemix.net/deploy/button.png)](https://bluemix.net/deploy?repository=https://github.com/watson-developer-cloud/tone-analyzer-nodejs)
+1. You need a Bluemix account. If you don't have one, [sign up][sign_up]. Experimental Watson Services are free to use.
 
-## Getting Started
+1. Download and install the [Cloud-foundry CLI][cloud_foundry] tool if you haven't already.
 
-1. Create a Bluemix Account
+1. Edit the `manifest.yml` file and change `<application-name>` to something unique. The name you use determines the URL of your application. For example, `<application-name>.mybluemix.net`.
 
-  [Sign up][sign_up] in Bluemix, or use an existing account. Watson Beta or Experimental Services are free to use.
+  ```yaml
+  applications:
+  - services:
+    - my-service-instance
+    name: <application-name>
+    command: npm start
+    path: .
+    memory: 512M
+  ```
 
-2. Download and install the [Cloud-foundry CLI][cloud_foundry] tool
+1. Connect to Bluemix with the command line tool.
 
-3. Edit the `manifest.yml` file and change the `<application-name>` to something unique.
-  ```none
-applications:
-- services:
-  - tone-analyzer-standard
-  name: <application-name>
-  command: npm start
-  path: .
-  memory: 256M
+  ```sh
+  cf api https://api.ng.bluemix.net
+  cf login
   ```
-  The name you use will determinate your application url initially, e.g. `<application-name>.mybluemix.net`.
 
-4. Connect to Bluemix in the command line tool
-  For US Region
-  ```sh
-  $ cf api https://api.ng.bluemix.net
+1. Create and retrieve service keys to access the [Tone Analyzer][docs] service:
+
+  ```none
+  cf create-service tone_analyzer standard my-tone-analyzer-service
+  cf create-service-key my-tone-analyzer-service myKey
+  cf service-key my-tone-analyzer-service myKey
   ```
 
-  For EU Region
-  ```sh
-  $ cf api https://api.eu-gb.bluemix.net
+1. Create a `.env` file in the root directory by copying the sample `.env.example` file using the following command:
+
+  ```none
+  cp .env.example .env
   ```
+  You will update the `.env` with the information you retrieved in steps 5.
 
-  ```sh
-  $ cf login -u <your user ID>
+1. Install the dependencies you application need:
+
+  ```none
+  npm install
   ```
 
-5. Create the Tone Analyzer Service in Bluemix
+1. Start the application locally:
 
-  ```sh
-  $ cf create-service tone_analyzer standard tone-analyzer-standard
+  ```none
+  npm start
   ```
 
-6. Push it live!
+1. Point your browser to [http://localhost:3000](http://localhost:3000).
 
-  ```sh
-  $ cf push
+1. **Optional:** Push the application to Bluemix:
+
+  ```none
+  cf push
   ```
 
-See the full [Getting Started][getting_started] documentation for more details, including code snippets and references.
-
-## Running locally
-
-  The application uses [Node.js](http://nodejs.org/) and [npm](https://www.npmjs.com/).
-
-1. Copy the credentials from your `tone-analyzer-standard` service in Bluemix to `app.js`. To see the credentials, use:
-
-    ```sh
-    $ cf env <application-name>
-    ```
-    Example output:
-    ```sh
-    System-Provided:
-    {
-    "VCAP_SERVICES": {
-      "tone_analyzer": [{
-          "credentials": {
-            "url": "<url>",
-            "password": "<password>",
-            "username": "<username>"
-          },
-        "label": "tone_analyzer",
-        "name": "tone-analyzer-standard",
-        "plan": "standard"
-     }]
-    }
-    }
-    ```
-
-    You need to copy `username`, `password` and `url`.
-
-2. Install [Node.js](http://nodejs.org/)
-3. Go to the project folder in a terminal and run:
-    `npm install`
-4. Start the application
-5.  `npm start`
-6. Go to `http://localhost:3000`
+After completing the steps above, you are ready to test your application. Start a browser and enter the URL of your application.
+
+            <your application name>.mybluemix.net
+
+
+For more details about developing applications that use Watson Developer Cloud services in Bluemix, see [Getting started with Watson Developer Cloud and Bluemix][getting_started].
+
 
 ## Troubleshooting
 
-To troubleshoot your Bluemix application, use the logs. To see the logs, run:
+* The main source of troubleshooting and recovery information is the Bluemix log. To view the log, run the following command:
 
   ```sh
-  $ cf logs <application-name> --recent
+  cf logs <application-name> --recent
   ```
 
+* For more details about the service, see the [documentation][docs] for the Tone Analyzer.
+
+
 ## License
 
   This sample code is licensed under Apache 2.0. Full license text is available in [LICENSE](LICENSE).
@@ -130,7 +109,7 @@ This data is collected from the `VCAP_APPLICATION` environment variable in IBM B
 Deployment tracking can be disabled by removing `require('cf-deployment-tracker-client').track();` from the beginning of the `server.js` file at the root of this repo.
 
 [deploy_track_url]: https://github.com/cloudant-labs/deployment-tracker
-[service_url]: http://www.ibm.com/smarterplanet/us/en/ibmwatson/developercloud/tone-analyzer.html
+[docs]: http://www.ibm.com/smarterplanet/us/en/ibmwatson/developercloud/doc/tone-analyzer
 [cloud_foundry]: https://github.com/cloudfoundry/cli
 [getting_started]: http://www.ibm.com/smarterplanet/us/en/ibmwatson/developercloud/doc/getting_started/
 [sign_up]: https://console.ng.bluemix.net/registration/

app.js

@@ -17,8 +17,9 @@
 'use strict';
 
 require('dotenv').load({silent: true});
-var express = require('express'),
-  app = express();
+
+var express = require('express');
+var app = express();
 var ToneAnalyzerV3 = require('watson-developer-cloud/tone-analyzer/v3');
 
 // Bootstrap application settings
@@ -35,7 +36,6 @@ var toneAnalyzer = new ToneAnalyzerV3({
 
 app.get('/', function(req, res) {
   res.render('index', {
-    ct: req._csrfToken,
     ga: process.env.GOOGLE_ANALYTICS
   });
 });

config/error-handler.js

@@ -31,6 +31,7 @@ module.exports = function(app) {
       code: err.code || 500,
       error: err.error || err.message
     };
+    // eslint-disable-next-line no-console
     console.log('error:', error);
     next ? '' : '';
     res.status(error.code).json(error);

config/security.js

@@ -19,64 +19,15 @@
 // security.js
 var rateLimit = require('express-rate-limit');
 var helmet = require('helmet');
-var csrf = require('csurf');
-var cookieParser = require('cookie-parser');
 
 module.exports = function(app) {
   app.enable('trust proxy');
 
-  // 1. helmet with custom CSP header
-  var cspReportUrl = '/report-csp-violation';
+  // 1. helmet with defaults
   app.use(helmet({
     cacheControl: false,
-    contentSecurityPolicy: {
-      // Specify directives as normal.
-      directives: {
-        defaultSrc: ["'self'"], // default value for unspecified directives that end in -src
-        scriptSrc: [
-          "'self'",
-          "'unsafe-eval'", // underscore.js requires this for templates :(
-          'https://cdnjs.cloudflare.com/',
-          'https://ajax.googleapis.com/',
-          'www.google-analytics.com'
-        ], // jquery cdn, etc. try to avid "'unsafe-inline'" and "'unsafe-eval'"
-        styleSrc: ["'self'", "'unsafe-inline'"], // no inline css
-        imgSrc: ['*', 'data:'], // should be "'self'" and possibly 'data:' for most apps, but vr demo loads random user-supplied image urls, and apparently * doesn't include data: URIs
-        connectSrc: ["'self'", '*.watsonplatform.net'], // ajax domains
-        // fontSrc: ["'self'"], // cdn?
-        objectSrc: [], // embeds (e.g. flash)
-        // mediaSrc: ["'self'", '*.watsonplatform.net'], // allow watson TTS streams
-        childSrc: [], // child iframes
-        frameAncestors: [], // parent iframes
-        formAction: ["'self'"], // where can forms submit to
-        pluginTypes: [], // e.g. flash, pdf
-        // sandbox: ['allow-forms', 'allow-scripts', 'allow-same-origin'], // options: allow-forms allow-same-origin allow-scripts allow-top-navigation
-        reportUri: cspReportUrl
-      },
-
-      // Set to true if you only want browsers to report errors, not block them.
-      // You may also set this to a function(req, res) in order to decide dynamically
-      // whether to use reportOnly mode, e.g., to allow for a dynamic kill switch.
-      reportOnly: false,
-
-      // Set to true if you want to blindly set all headers: Content-Security-Policy,
-      // X-WebKit-CSP, and X-Content-Security-Policy.
-      setAllHeaders: false,
-
-      // Set to true if you want to disable CSP on Android where it can be buggy.
-      disableAndroid: false,
-
-      // Set to false if you want to completely disable any user-agent sniffing.
-      // This may make the headers less compatible but it will be much faster.
-      // This defaults to `true`.
-      browserSniff: true
-    }
+    frameguard: false
   }));
-  // endpoint to report CSP violations
-  app.post(cspReportUrl, function(req, res) {
-    console.log('Content Security Policy Violation:\n', req.body);
-    res.status(204).send(); // 204 = No Content
-  });
 
   // 2. rate limiting
   app.use('/api/', rateLimit({
@@ -88,15 +39,4 @@ module.exports = function(app) {
       code: 429
     })
   }));
-
-  // 3. setup cookies
-  var secret = Math.random().toString(36).substring(7);
-  app.use(cookieParser(secret));
-
-  // 4. csrf
-  var csrfProtection = csrf({ cookie: true });
-  app.get('/', csrfProtection, function(req, res, next) {
-    req._csrfToken = req.csrfToken();
-    next();
-  });
 };

manifest.yml

@@ -1,11 +1,11 @@
 ---
 declared-services:
-  tone-analyzer-standard:
+  my-tone-analyzer-service:
     label: tone_analyzer
     plan: standard
 applications:
 - services:
-  - tone-analyzer-standard
+  - my-tone-analyzer-service
   name: tone-analyzer-demo
   command: npm start
   path: .

package.json

@@ -1,6 +1,6 @@
 {
   "name": "tone-analyzer-nodejs",
-  "version": "3.1.1",
+  "version": "4.0.0",
   "description": "Web application that uses Tone Analyzer to get the tone from a text message",
   "repository": {
     "type": "git",
@@ -27,23 +27,21 @@
   },
   "scripts": {
     "start": "node server.js",
-    "test": "istanbul cover ./node_modules/mocha/bin/_mocha",
+    "test": "npm run lint && npm run test-unit",
+    "test-unit": "istanbul cover ./node_modules/mocha/bin/_mocha test/unit",
     "lint": "eslint .",
     "autofix": "eslint --fix .",
     "codecov": "npm run test && (codecov || true)"
   },
   "dependencies": {
     "body-parser": "^1.13.2",
-    "cf-deployment-tracker-client": "0.0.8",
-    "cookie-parser": "^1.4.1",
-    "csurf": "^1.8.3",
+    "cf-deployment-tracker-client": "^0.1.1",
     "dotenv": "^2.0.0",
-    "ejs": "^2.3.4",
-    "errorhandler": "^1.4.1",
+    "ejs": "^2.5.2",
+    "eslint": "^2.13.1",
     "express": "^4.12.2",
-    "express-rate-limit": "^2.1.0",
+    "express-rate-limit": "^2.5.0",
     "express-secure-only": "^0.2.1",
-    "helmet": "^2.1.1",
     "watson-developer-cloud": "^2.2.0"
   },
   "devDependencies": {
@@ -52,8 +50,8 @@
     "eslint": "^2.8.0",
     "eslint-config-airbnb-es5": "^1.0.9",
     "eslint-plugin-react": "^5.1.1",
-    "istanbul": "^0.4.2",
-    "mocha": "^2.4.5",
-    "supertest": "^1.2.0"
+    "istanbul": "^0.4.5",
+    "mocha": "^3.1.2",
+    "supertest": "^2.0.1"
   }
 }

public/data/personal-email.txt

@@ -1,12 +1,8 @@
 Hi Team,
 
-The times are difficult! Our sales have been disappointing for the past three quarters for our data analytics product suite. We have a competitive data analytics product suite in the industry. But we are not doing a good job at selling it.
+The times are difficult! Our sales have been disappointing for the past three quarters for our data analytics product suite. We have a competitive data analytics product suite in the industry. But we are not doing a good job at selling it and this is really frustrating.
 
-We need to acknowledge and fix our sales challenges. We cannot blame the economy for our lack of execution! We are missing critical sales opportunities. Our clients are hungry for analytical tools to improve their business outcomes. In fact, it is in times such as this, our clients want to get the insights they need to turn their businesses around. We need to buckle up and execute.
-
-In summary, we have a competitive product, and a hungry market. We have to do our job to close the deals.
+We need to acknowledge and fix our sales challenges. We cannot blame the economy for our lack of execution! We are missing critical sales opportunities. Our clients are hungry for analytical tools to improve their business outcomes. In fact, it is in times such as this, our clients want to get the insights they need to turn their businesses around. We need to buckle up and execute. In summary, we have a competitive product, and a hungry market. We are really failing at closing deals and we need to now focus on that.
 
 Jennifer Baker
-
 Sales Leader, North-East region
-

server.js

@@ -3,15 +3,13 @@
 
 require('dotenv').config({silent: true});
 
-if (process.env.GOOGLE_ANALYTICS) {
-  process.env.GOOGLE_ANALYTICS = process.env.GOOGLE_ANALYTICS.replace(/\"/g, '');
-}
 // Deployment tracking
 require('cf-deployment-tracker-client').track();
 
 var server = require('./app');
 var port = process.env.PORT || process.env.VCAP_APP_PORT || 3000;
 
 server.listen(port, function() {
+  // eslint-disable-next-line no-console
   console.log('Server running on port: %d', port);
 });