KUBiC은 통일과 북한 관련 자료를 더 쉽게 검색하고, 빅데이터 분석을 통해 기존에 파악하지 못한 더 많은 직관과 깊은 통찰을 제공하려는 목적에서 개발되었습니다. 다양한 기관에서 생성되는 통일 및 북한 관련 자료들을 KUBiC에서 통합검색으로 모두 검색할 수 있으며, 주제 분석, 연관 문서 분석 등 다양한 데이터 분석과 데이터 시각화 기능을 제공합니다. KUBiC은 한동대학교 통일선도대학 사업단의 지원으로 개발되었습니다.
Angular 11.2.2
NodeJS 15.10.0
MongoDB 4.4.3
npm 7.5.3
All dependencies are recommended to be up-to-date
- fe-backend
- src
- app
- core
- components
- enums
- guards
- interceptor
- models
- servicies
- features
- shared
- components
- assets
- icons
- logos
- style.less
-
fe-backend
유저 정보, 데이터 분석 결과를 저장하는 데이터베이스 서버. [README]
-
app
앵귤러 프레임워크로 작성된 웹 어플리케이션
-
core
웹 어플리케이션 실행 시 단 한번만 생성되는 singleton 요소들을 저장하는 디렉토리
- components : 모든 페이지에서 실행되는 컴포넌트를 보관한다.
- enums : 여러번 지속적으로 사용되는
enum
타입 파일들을 보관한다. - guards : AuthGuard 와 같은 authenication guadring service 를 위한 요소들을 보관한다.
- interceptor : Token Interceptor 로직 파일을 보관한다.
- models : 본 홈페이지를 위해 정의된 model 들의 집합. 여러 모듈들에서 사용되는 model을 정의한다.
- servicies : 한번 실행되고 웹어플리케이션이 종료될 때까지 상태를 업데이트하며 유지하는 서비스들을 보관한다.
-
features
웹사이트의 각 페이지를 구성하는 모듈과 컴포넌트들을 보관한다.
- about-kubic : 홈페이지 소개 페이지
- article-anlysis : 자료분석 페이지
- article-library : 자료열람 페이지
- community-board : 커뮤니티 게시판 페이지
- search-result : 검색결과 페이지
- search-userpage : 마이페이지 페이지
-
shared
여러 모듈들에서 공유되는 컴포넌트들을 보관한다.
-
components
- article-card-view : 문서의 미리보기를 커드형태로 출력하는 컴포넌트
- article-list-component : 문서 리스트를 출력하는 컴포넌트
- route-location : 현재 사용중인 페이지 경로를 표시하는 컴포넌트
- search-bar : 검색 바 컴포넌트
-
-
-
assets
홈페이지에 사용되는 로고 및 아이콘을 저장한다.
- icons: 아이콘 저장 위치
- logos: 로고 저장 위치
-
style.css(less)
모든 컴포넌트에 적용하는 global style을 지정하는 파일
- prerequisite: nodeJS and Angular CLI should be installed
-
Fork this repository into your own.
-
Clone the repository.
-
Move to project root driectory.
-
intall dependencies
npm install
-
Run angular application with development server.
ng s --host <YOUR HOST> --port <YOUR PORT NUMBER>
- host and port is optional. default is
localhost
and4200
- This guide is to set development environment.
DO NOT
use this command as actual service. Read "Build Project as a Production" for actual service.
- host and port is optional. default is
-
run angular cli with below command
ng build --prod
-
dist
directory will be created in the project root directory. -
Copy
dist
into server as a resource.
-
Searching Logic
- User Type keyword on
SearchbarComponent
and press enter. SearchbarComponent
updates search keyword and search mode onElasticsearchService
.- After setting search configuration,
ElasticsearchService
triggers searching logic by sending query to backend server. At this time, according to the search configuration,EalsticsearchService
get query fromElasticsearchQueryModel
.
- User Type keyword on
-
Searching Logic with Analysis Data Filter
- Since analysis data is saved in database, we need to use the data as a filter when sending query to
Elasticsearch
. - For topic filter, searching logic send query to
MongoDB API server
to get document ids of specific topic. - After getting the document ids, searching logic use the list of ids to send searching query to
Elasticsearch
.
- Since analysis data is saved in database, we need to use the data as a filter when sending query to
-
Display Search Result
- When user press enter, the router moves to search/result page immediately.
- When searching logic has been done in
ElasticsearchService
, the service update the list of articles with new search list. At this timeElasticsearchService
send the updated data to all subscribers.SearchResultComponent
is one of the subscribers. - Whenever
SearchResultComponent
get updated ArticleSource data,SearchResultComponent
read the data and create list of current search result.
-
Sign-in
- Sign-in process will be done by
angularx-social-login
module. - Our domain is registered in Google API, so that we can request user sign-in by google account.
- When sign-in with google account is complete, we need to request
MongoDB API server
to check the user is registered in our system. - If the user is not registered, make the google account sign-out.
- If the user is registered, get extra information of the users saved in our database and save token named
'KUBIC'
into local storage of the user's browser for session maintainance.
- Sign-in process will be done by
-
User Authentication in Session
- When the angular appliacation is initialized(Web page is first loaded), the root component checks if there is a saved token in user's browser local storage. If there is a token named with
'KUBIC'
, requestAuthenticationService
to verify current user. - The verification is done by checking the token is alive. If it is valid, the web application maintain user information in session. Otherwise, it deletes the token from the local storage and current user information saved in
AuthenticationService
.
- When the angular appliacation is initialized(Web page is first loaded), the root component checks if there is a saved token in user's browser local storage. If there is a token named with
-
AuthGuard to Prevent User From Specific Page
- To prevent non-signed user from specific url, such as userpage, login, register, etc, we use
AuthGuard
. AuthGuard
check user's token in browser and allow the url only if the TOKEN is available.
- To prevent non-signed user from specific url, such as userpage, login, register, etc, we use
-
Applying Paging
-
To apply pagination, we need to know the number of total documents in result and current page number.
-
By passing current page, total number of document, and number of document to display in one page,
PaginationService
calculates page information and returnsPaginationModel
-
PaginationModel
has all information needed for paging as belows:- totalDocs: total number of articles to display
- currentPage: current page to display
- pageSize: number of articles per page
- totalPages: total pages to display
- startPage: begging number of current page number block
- endPage: last number of current page page number block
- startIndex: start index to search in this page number block
- endIndex: last inedx to search in this page number block
- pages: page numbers of current page number block
-
-
CSP (Content Security Policy)
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware. MDN
- To prevent attack, browser does not allow contents from non-allowed origin.
- For example, the search result data from backend server will be blocked by this policy since the content is from outside of current origin. To set the allowed resource, add your resource ip or domain name into
helmet-csp
setting inserver.js
where the angular resource is served.
-
CORS (Cross Origin Resouce Sharing)
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. CORS also relies on a mechanism by which browsers make a “preflight” request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request.
- The
CORS
issue in our project will occur when we make request to ourElasticsearch
server. The header setting of theElasticsearch
should include the origin(protocol, domain, port) on itscross-allow-origin
header.
- The
-
Mixed Content
When a user visits a page served over HTTPS, their connection with the web server is encrypted with TLS and is therefore safeguarded from most sniffers and man-in-the-middle attacks. An HTTPS page that includes content fetched using cleartext HTTP is called a mixed content page. Pages like this are only partially encrypted, leaving the unencrypted content accessible to sniffers and man-in-the-middle attackers. That leaves the pages unsafe
- Since our front-end server is built in HTTPS protocol, the communication between our server and other server should also use HTTPS protocol.
** All of the above issues occur by browser. You can disable the application of the above policies but it is not recommended.
Use these methods only in development phase.
-
Allowing CSP
- Open server.js.
- In csp setting code, add your resource source into
defaultSrc
value. - The browser cookies and chaches may need to be deleted to check if the setting is applied.
-
Allowing CORS
https://stackoverflow.com/questions/3102819/disable-same-origin-policy-in-chrome
If you are using OSX:
-
Open terminal
-
Run command to open google chrome without CORS policy
open -a Google\ Chrome --args --disable-web-security --user-data-dir
If you are using Windows:
-
Open CMD
-
Run command to open google chrome without CORS policy
chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security
-
-
Allowing Mixed Content
- Open google chrome
- Open setting
- Go to
'개인정보 및 보안'
tab - Select
'사이트 설정'
menu - Find
'안전하지 않은 콘텐츠'
and add your domain