Alex Lambert

Alex Lambert


Rendering layer for the Book a secure move platform

Book a secure move frontend

This is the rendering application for the Book a secure move service.

Book a secure move is part of the HMPPS Prisoner Escort and Custody Service (PECS) programme.



  1. Clone repository and change directory:

    git clone && cd hmpps-book-secure-move-frontend
  2. Install node dependencies:

    npm install
  3. Build the assets

    npm run build

Configuring the application

Create a copy of the example environment variable file and add values for the keys:

cp .env.example .env

Set the environment variables accordingly.

Running the application

In production mode

NODE_ENV=production npm start

The app will run on port 3000 by default and be available at http://localhost:3000.

In development mode

Ensure Redis is installed and running.

npm run develop

The app will be running at http://localhost:3000 or with browsersync at http://localhost:3001.

Running with debugging

Some extra levels of debugging have been added to aid development.

To see all axios requests/responses run:

DEBUG=axios npm run develop

To see app level debug logs run:

DEBUG=app:* npm run develop

You can combine namespaces, for example:

DEBUG=axios,app:* npm run develop

Testing and linting

Unit tests

Unit tests are run using the Mocha test framework and the Chai library for assertions.

It also includes the Sinon library for test spies, stubs and mocks.

To check unit tests results:

npm test

To watch unit tests whilst developing:

npm run watch:test

Acceptance tests

Acceptance (end-to-end) tests run using TestCafe framework and configured in CircleCI to run against $E2E_BASE_URL variable (staging) when the app is merged to master and deployed to staging.

To run the CI tests locally run:

npm run test-e2e:ci

To debug tests on local server run:

npm run test-e2e:local

To debug tests on local server against the API running locally, run:

npm run test-e2e:local:api

Further options can be passed to all these commands.

Available options can be seen by running the command with the -h (help) option.

npm run test-e2e:ci -- -h
npm run test-e2e:local -- -h

Screenshots are taken whenever a test fails.

Videos are taken when a test fails if enabled (see the --video option).

Video and screenshots are stored in artifacts directory.

Code coverage

Code coverage is provided by Istanbul’s command line tool, nyc.

To see coverage reports run:

npm run coverage

To open the results in a browser after running use:

npm run coverage:open



ESLint is used to lint JavaScript code and keep a consistent standard in the way it is written within this project.

The config uses the StandardJS style as a base with some custom tweaks.

Prettifier is also used to extend eslint to add some extra rules around how files are formatted. It can be integrated to many popular editors to help with formatting on save.

To check linting results run:

npm run lint
Commit messages

Commitlint is used to lint commit messages to ensure they conform to conventional convention.

This convention is required to automate the generation of changelogs and release notes on GitHub during the release process.

Releases and deployment

Releases and changelogs are automatically generated using standard-version. To generate a new release run:

npm run release

This will:

  • update contributors in package.json
  • increase the version in package.json based on commits since last tag
  • create a new changelog entry
  • create a version commit
  • create a new git tag
  • push commit and tags to remote

It will also start a new deployment specific job on CircleCI which will run the full suite of automated tests and create a release on GitHub.

Note: The deployment job has a manual approval step before it will release that version to production.

Environment variables

The TZ (timezone) environment variable is set to ‘Europe/London’ in start.js.

Name Description Default
PORT Port the web server listens on 3000
LOG_LEVEL Level of logs to output production: error, development: debug
ASSETS_HOST Host for assets CDN
SESSION_SECRET (required) A complex string unique to the environment, used to encrypt cookies
SESSION_NAME Name of the session ID cookie to set in the response (and read from in the request) book-secure-move.sid
SESSION_TTL How long the user session should last (in milliseconds) 1800000 (30 minutes)
SESSION_DB_INDEX Redis database index in which to store session data 0 (Redis’ default)
REDIS_URL (required) Redis server URL, including port and protocol
REDIS_HOST (required) Redis hostname. Can be used instead of REDIS_URL. Will override REDIS_URL if set
REDIS_AUTH_TOKEN Optional auth token for the Redis instance
API_BASE_URL (required) Base URL for the backend API server for this service without any path
API_PATH (required) Base path for the API
API_TIMEOUT TimeAPI request timeout (ms) 30000
API_VERSION (required) API version to use
API_HEALTHCHECK_PATH (required) Path to which healthcheck pings are sent
API_AUTH_PATH (required) Path to which OAuth2 access token requests should be sent
API_CLIENT_ID (required) Client ID used to authenticate with the backend API
API_SECRET (required) Client secret used to authenticate with the backend API
API_CACHE_EXPIRY The expiry time of cached API request (in seconds) 7 days
API_DISABLE_CACHE Whether to disable caching of API requests false
AUTH_PROVIDER_KEY (required) Client key provided by the OAuth2 provider for user authentication
AUTH_PROVIDER_SECRET (required) Client secret provided by the OAuth2 provider for user authentication
AUTH_PROVIDER_URL (required) Base URL for the auth provider server
AUTH_EXPIRY_MARGIN How close the user authentication should be to expiring before refreshing it 300 (5 minutes)
NOMIS_ELITE2_API_URL (required) Base URL for the NOMIS Elite 2 API, without trailing slash
NOMIS_ELITE2_API_HEALTHCHECK_PATH Path to which healthcheck pings for NOMIS Elite 2 API are sent /health/ping
SERVER_HOST (required) The (accessible) hostname (and port) of the listening web server. Used by Grant to construct redirect URLs after OAuth authentication. For example localhost:3000
FEEDBACK_URL URL for the feedback link in the phase banner at the top of the page. If empty, the link will not be displayed.
SUPPORT_EMAIL Email address used to contact support or the team in parts of the app where the user may require further help.
SENTRY_KEY Sentry key
SENTRY_PROJECT Sentry project ID
GOOGLE_ANALYTICS_ID Google analytics tracking ID to use for the environment
E2E_BASE_URL Base URL used for acceptance testing http://${process.env.SERVER_HOST}
E2E_MAX_PROCESSES Max number of processes to use for end-to-end tests 1
E2E_FAIL_FAST Whether to stop all tests if an end-to-end tests fails false
E2E_VIDEO Whether to capture video when end-to-end tests fail false
E2E_SKIP Comma-delimited list of files to skip when running the end-to-end tests eg. test/e2/allocation.cancel.test.js
E2E_POLICE_USERNAME Police user username used for acceptance testing
E2E_POLICE_PASSWORD Police user password used for acceptance testing
E2E_SUPPLIER_USERNAME Supplier user username used for acceptance testing
E2E_SUPPLIER_PASSWORD Supplier user password used for acceptance testing
LOCATIONS_BATCH_SIZE Maximum number of location IDs to send in one request when requesting moves for all locations 40
FEATURE_FLAG_PERSON_ESCORT_RECORD Set to true to enable display of the Person Escort Record feature
FRAMEWORKS_VERSION Current Book a secure move frameworks version that the frontend will use to create new Person Escort Records or any other frameworks being used latest supported version (see @hmpps-book-secure-move-frameworks in package.json)

Development specific

The following environment variables can be set to help development.

Name Description Default
BYPASS_SSO Set to true to bypass authentication
USER_PERMISSIONS Comma delimited string of available permissions (required if bypassing auth)
USER_LOCATIONS Comma delimited string of available locations (required if bypassing auth)


See the components readme for more detail on how to structure app level components.

Book a secure move frameworks

The frontend uses the Book a secure move frameworks repo to build and maintain certain features like the Person Escort Record.

The frontend maintains a list of versions of the framework that are supported in the package.json manifest under a scope of @hmpps-book-secure-move-frameworks. Each version is then maintained as a folder underneath that scope, for example @hmpps-book-secure-move-frameworks/0.1.0.

The frontend needs to maintain separate versions so that it can render any previous records created using the framework or allow users to continue to edit existing records that have been created using specific versions.

To support a new version

  • Add a new item under the framework scope to the package manifest:

    "@hmpps-book-secure-move-frameworks/{semanticVersion}": "github:ministryofjustice/hmpps-book-secure-move-frameworks#v{semanticVersion}"

To override the current version

The current version is used when creating new framework resources. It can be overridden using an environment variable (FRAMEWORKS_VERSION), for example when adding support for a new version but we want to still create records using an older version.

Download Details:

Author: ministryofjustice

Source Code:

#nodejs #javascript #node

What is GEEK

Buddha Community

Rendering layer for the Book a secure move platform
Wilford  Pagac

Wilford Pagac


Best Custom Web & Mobile App Development Company

Everything around us has become smart, like smart infrastructures, smart cities, autonomous vehicles, to name a few. The innovation of smart devices makes it possible to achieve these heights in science and technology. But, data is vulnerable, there is a risk of attack by cybercriminals. To get started, let’s know about IoT devices.

What are IoT devices?

The Internet Of Things(IoT) is a system that interrelates computer devices like sensors, software, and actuators, digital machines, etc. They are linked together with particular objects that work through the internet and transfer data over devices without humans interference.

Famous examples are Amazon Alexa, Apple SIRI, Interconnected baby monitors, video doorbells, and smart thermostats.

How could your IoT devices be vulnerable?

When technologies grow and evolve, risks are also on the high stakes. Ransomware attacks are on the continuous increase; securing data has become the top priority.

When you think your smart home won’t fudge a thing against cybercriminals, you should also know that they are vulnerable. When cybercriminals access our smart voice speakers like Amazon Alexa or Apple Siri, it becomes easy for them to steal your data.

Cybersecurity report 2020 says popular hacking forums expose 770 million email addresses and 21 million unique passwords, 620 million accounts have been compromised from 16 hacked websites.

The attacks are likely to increase every year. To help you secure your data of IoT devices, here are some best tips you can implement.

Tips to secure your IoT devices

1. Change Default Router Name

Your router has the default name of make and model. When we stick with the manufacturer name, attackers can quickly identify our make and model. So give the router name different from your addresses, without giving away personal information.

2. Know your connected network and connected devices

If your devices are connected to the internet, these connections are vulnerable to cyber attacks when your devices don’t have the proper security. Almost every web interface is equipped with multiple devices, so it’s hard to track the device. But, it’s crucial to stay aware of them.

3. Change default usernames and passwords

When we use the default usernames and passwords, it is attackable. Because the cybercriminals possibly know the default passwords come with IoT devices. So use strong passwords to access our IoT devices.

4. Manage strong, Unique passwords for your IoT devices and accounts

Use strong or unique passwords that are easily assumed, such as ‘123456’ or ‘password1234’ to protect your accounts. Give strong and complex passwords formed by combinations of alphabets, numeric, and not easily bypassed symbols.

Also, change passwords for multiple accounts and change them regularly to avoid attacks. We can also set several attempts to wrong passwords to set locking the account to safeguard from the hackers.

5. Do not use Public WI-FI Networks

Are you try to keep an eye on your IoT devices through your mobile devices in different locations. I recommend you not to use the public WI-FI network to access them. Because they are easily accessible through for everyone, you are still in a hurry to access, use VPN that gives them protection against cyber-attacks, giving them privacy and security features, for example, using Express VPN.

6. Establish firewalls to discover the vulnerabilities

There are software and firewalls like intrusion detection system/intrusion prevention system in the market. This will be useful to screen and analyze the wire traffic of a network. You can identify the security weakness by the firewall scanners within the network structure. Use these firewalls to get rid of unwanted security issues and vulnerabilities.

7. Reconfigure your device settings

Every smart device comes with the insecure default settings, and sometimes we are not able to change these default settings configurations. These conditions need to be assessed and need to reconfigure the default settings.

8. Authenticate the IoT applications

Nowadays, every smart app offers authentication to secure the accounts. There are many types of authentication methods like single-factor authentication, two-step authentication, and multi-factor authentication. Use any one of these to send a one time password (OTP) to verify the user who logs in the smart device to keep our accounts from falling into the wrong hands.

9. Update the device software up to date

Every smart device manufacturer releases updates to fix bugs in their software. These security patches help us to improve our protection of the device. Also, update the software on the smartphone, which we are used to monitoring the IoT devices to avoid vulnerabilities.

10. Track the smartphones and keep them safe

When we connect the smart home to the smartphone and control them via smartphone, you need to keep them safe. If you miss the phone almost, every personal information is at risk to the cybercriminals. But sometimes it happens by accident, makes sure that you can clear all the data remotely.

However, securing smart devices is essential in the world of data. There are still cybercriminals bypassing the securities. So make sure to do the safety measures to avoid our accounts falling out into the wrong hands. I hope these steps will help you all to secure your IoT devices.

If you have any, feel free to share them in the comments! I’d love to know them.

Are you looking for more? Subscribe to weekly newsletters that can help your stay updated IoT application developments.

#iot #enterprise iot security #how iot can be used to enhance security #how to improve iot security #how to protect iot devices from hackers #how to secure iot devices #iot security #iot security devices #iot security offerings #iot security technologies iot security plus #iot vulnerable devices #risk based iot security program

Security  IT

Security IT


10 Cyber Security Tools to Watch Out for in 2021 - DZone Security

With an immense number of companies and entities climbing onto the digital bandwagon, cybersecurity considerations have come up as limelight. Besides, new technologies such as Big Data, IoT, and Artificial Intelligence/Machine Learning are gradually more making inroads into our everyday lives, the threats related to cybercrime are mounting as well. Additionally, the usage of mobile and web apps in transacting financial information has put the complete digital stuff exposed to cybersecurity breaches. The inherent risks and vulnerabilities found in such apps can be exploited by attackers or cybercriminals to draw off crucial information data counting money. Internationally, cyber-security breaches have caused a yearly loss of USD 20.38 million in 2019 (Source: Statista). Plus, cybercrime has led to a 0.80 percent loss of the entire world’s Gross domestic product, which sums up to approx. USD 2.1 trillion in the year 2019 alone (Source:

In this article, take a look at ten cyber security tools to watch out for in 2021, including NMap, Wireshark, Metasploit, and more!

#security #cyber security #security testing #security testing tools #cyber security tools

Platform App Design | Cross-Platform Development Services

Cross-Platform Development Services

With the development in mobile app technology, a huge time saver as well as the quality maintainer technology is Cross-Platform App development. The development of an app that takes less time to develop as well as uses one technology to develop an app for both android and iOS is game-changing technology in mobile app development.

Want to develop or design a Cross-platform app?

With the successful delivery of more than 950 projects, WebClues Infotech has got the expertise as well as a huge experience of cross-platform app development and design. With global offices in 4 continents and a customer presence in most developed countries, WebClues Infotech has got a huge network around the world.

Want to know more about our cross-platform app designs?


Share your requirements

View Portfolio

#cross-platform development services #cross platform mobile app development services #cross-platform mobile app development services #cross platform app development services #hire cross platform app developer #hire cross-platform app developer india usa,

Mark Anderson

Mark Anderson


Security Token Platform crowdfund your business growth easily

Security Token Offerings can be created on efficient blockchain networks like Ethereum, Hyperledger, and Stellar. We are experts in developing a Security Token Platform.

##security token offerings ##security token platform ##sto development ##security token development ##security token offering services

Ida  Nader

Ida Nader


Cloud Security: Is it Worth it?

Storing and managing corporate data by applying the cloud is becoming more and more popular. Companies grow, and it gets too expensive, and resources consuming to store their data on traditional servers. To prove it, look at the research conducted by Google in 2019 that includes insights for the cloud computing market for the next 10 years.

Around 80% of US respondents (about 1,100 businesses participated) revealed that they are thinking about cloud adoption by 2029. In 2019, only about 40% made a switch. 72% of businesses state that they’d like to automate security solutions by 2029, while now only 33% actually do it.

What do these numbers tell us? That companies seem to be suspicious about cloud security and prefer traditional on-premises data storage to the cloud environment. Why are they afraid to entrust cloud providers with their data? What to do to get rid of this fear? How to prove that the future of security is after the cloud?

In our article, we aim to answer these questions and more, but first, you need to be able to identify the reasons why companies have cloud-related trust issues. The first step in eliminating a problem is identifying it, let’s do it together!

#cloud-security #security-of-data #cybersecurity #cloud-computing #aws-security #azure-security #data-breaches #cyber-security