remove old dependency

.gitignore

@@ -0,0 +1,46 @@
+# Ignore config files. Users should alter the sample.
+config.js
+
+# Thumbs
+Thumbs.db
+
+# Logs
+logs
+*.log
+npm-debug.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules
+jspm_packages
+
+# Optional npm cache directory
+.npm
+
+# Optional REPL history
+.node_repl_history
+
+# Optional IDEA file
+.idea
+
+# Package-lock JSON
+package-lock.json

LICENSE.md

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright {yyyy} {name of copyright owner}
+   Copyright [yyyy] [name of copyright owner]
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -1,3 +1,89 @@
-# Credit Offers API Reference App
+# Credit Offers API Reference Application Code
 
-Stuff here about how to build and use this
+Credit Offers is a card acquisition service that provides prequalified credit offer listings based on end customer provided information. Affiliates are able to provide these offers directly without need of a web redirect.  If a prequalified offer is not available, a default offer is returned by us.
+
+## Software Requirements Including version
+This is version 2.0 of the Credit Offers API Reference Application Code. For software requirements, see Build/Install Instructions below.
+
+This reference app illustrates the use of the Credit Offers API to
+
+* Retrieve and display card products (Business or Consumer) using the `/credit-offers/products/cards/{cardType}` endpoint
+* Collect customer information and retrieve a list of targeted product offers for display using the `/credit-offers/prequalifications` endpoint
+* Send acknowledgement to Capital One that the targeted product offers have been displayed using the `/credit-offers/prequalifications/{prequalificationId}` endpoint
+* Retrieve and display prequalification summary info using the `/credit-offers/prequalifications-summary` endpoint
+* Exemplify signing in and submitting example user data to the `/credit-offers/prefill-acceptance` endpoint
+
+Some additional API features that are **not** directly illustrated by this app include:
+
+* Using the `limit` and `offset` parameters to retrieve multiple pages of products
+* Using the `/credit-offers/products` endpoint to retrieve summaries of *all* products
+* Using the `/credit-offers/products/cards` endpoint to retrieve summaries of all card products
+* Using the `/credit-offers/products/cards/{cardType}/{productId}` endpoint to retrieve information about a single specific card product
+
+If you encounter any issues using this reference code, please submit them in the form of GitHub issues.
+
+## Build/Install Instructions
+### Dependencies
+* [Node.js](https://nodejs.org) 4.X or higher
+
+All other dependencies are loaded with [npm](https://www.npmjs.com/). All dependencies are cross-platform. Notable dependencies are listed below.
+* [express](http://expressjs.com/) - Minimalist web framework for Node.js
+
+### config.js
+You'll need to set up your `config.js` file before you can run the app.
+
+* Create this file by copying and renaming [config.js.sample](https://github.com/capitalone/CreditOffers-API-reference-app/blob/master/config.js.sample). Be careful not to put `config.js` into version control. (We've added it to the repository's `.gitignore` for you.)
+* Make sure that you've registered an app on [Capital One's developer portal](https://developer.capitalone.com/).
+* Edit the `clientID` and `clientSecret` values in `config.js` to specify the **Client ID** and **Client Secret** that were provided when you registered the app.
+
+### Start the app
+From the project root:
+
+`npm install`  
+`npm start`
+
+### Try it out
+
+Navigate to http://localhost:3000.  This will retrieve a list of Consumer card products from the API and display simple information about each.  From here, you can try a few simple things:
+
+  * Toggle the card type to 'Business' to request and display a list of business card products from the API
+  * Click on the 'Find Pre-Qualified Offers' button to launch a simple customer information form and test out the pre-qualification API behavior.  The results screen will also perform two asynchronous calls:
+    * POST to `/credit-offers/prequalifications/{prequalificationId}` to acknowledge that the results were displayed to the customer
+    * GET from the `/credit-offers/prequalifications-summary` endpoint to display simple pre-qualification statistics at the bottom of the page
+  * Click on the 'Sign in' button and use prepared credentials to simulate a session. Now, click on any products 'Apply Now' button. A confirmation window will launch, asking you to confirm whether you would like to prefill application information. Confirming will initiate a POST request to the `/credit-offers/prefill-acceptance` endpoint and append the returned applicantDetailsKey to the application link.
+    * username / password
+    * jsmith / Reference@123
+    * rhubbard / Reference@123
+
+#### A note about errors
+
+For demonstration purposes, API and server-side validation errors are displayed in an error page in the UI.  A full production-ready application should have more robust error handling, and keep a smooth user experience.
+
+### Viewing more details
+
+To get a deeper look at the messages being passed, start the app with the following command `DEBUG=credit-offers:* NODE_DEBUG=request npm start`.  This will activate detailed debug logging to the console, showing the details of the request to the API and the response received.
+
+## Best Practices
+This application makes use of the [helmet](https://www.npmjs.com/package/helmet) library for safer http headers, the [csurf](https://www.npmjs.com/package/csurf) library to avoid cross-site request forgery attacks, the [express-validator](https://www.npmjs.com/package/express-validator) library to validate customer info on the server side, and the [sanitize-html](https://www.npmjs.com/package/sanitize-html) library to safely sanitize values from the API before displaying them as HTML to the user. However, when developing and hosting a real world application, make sure to be aware of the [security](http://expressjs.com/en/advanced/best-practice-security.html) and [performance](http://expressjs.com/en/advanced/best-practice-performance.html) best practices for the Express framework. In particular, hosting with TLS is strongly recommended and free certificates can be acquired at https://letsencrypt.org/.
+
+## Architecture
+This is a [Node.js](https://nodejs.org) 4.x and higher app built with [Express](http://expressjs.com/) 4.13.1.  Because of the simple nature, there is no session management or data persistence.
+
+The Node.js https library is verbose and repetitive for our narrow use case, so we also used [request](https://github.com/request/request) for calls to the Credit Offers API.
+
+The application structure follows the pattern generated by the [Express application generator](http://expressjs.com/en/starter/generator.html).
+
+## Roadmap
+This reference app code is intended as a starting place for developers who want to use the Credit Offers API. As such, it will be updated with new functionality only when the Credit Offers API is updated with new functionality.
+
+## Contributors
+We welcome your interest in Capital One’s Open Source Projects (the “Project”). Any Contributor to the Project must accept and sign a CLA indicating agreement to the license terms. Except for the license granted in this CLA to Capital One and to recipients of software distributed by Capital One, You reserve all right, title, and interest in and to your Contributions; this CLA does not impact your rights to use your own contributions for any other purpose.
+
+##### [Link to Agreement] (https://docs.google.com/forms/d/19LpBBjykHPox18vrZvBbZUcK6gQTj7qv1O5hCduAZFU/viewform)
+
+This project adheres to the [Open Source Code of Conduct][code-of-conduct]. By participating, you are expected to honor this code.
+
+[code-of-conduct]: http://www.capitalone.io/codeofconduct/
+
+### Contribution Guidelines
+We encourage any contributions that align with the intent of this project and add more functionality or languages that other developers can make use of. To contribute to the project, please submit a PR for our review. Before contributing any source code, familiarize yourself with the Apache License 2.0 (license.md), which controls the licensing for this project.

app.js

@@ -0,0 +1,108 @@
+/*
+Copyright 2017 Capital One Services, LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and limitations under the License.
+
+SPDX-Copyright: Copyright (c) Capital One Services, LLC
+SPDX-License-Identifier: Apache-2.0
+*/
+
+var express = require('express')
+var path = require('path')
+var favicon = require('serve-favicon')
+var logger = require('morgan')
+var cookieParser = require('cookie-parser')
+var cookieSession = require('cookie-session')
+var bodyParser = require('body-parser')
+var expressValidator = require('express-validator')
+var helmet = require('helmet')
+var csrf = require('csurf')
+
+var validation = require('./validation')
+
+var CreditOffers = require('./creditoffers')
+var oauth = require('./oauth')
+var index = require('./routes/index')
+var offers = require('./routes/offers')
+
+var app = express()
+var config = require('./config')
+
+// view engine setup
+app.set('views', path.join(__dirname, 'views'))
+app.set('view engine', 'jade')
+
+// uncomment after placing your favicon in /public
+app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')))
+app.use(logger('dev'))
+app.use(bodyParser.json())
+app.use(bodyParser.urlencoded({
+  extended: false
+}))
+app.use(expressValidator({
+  customValidators: validation.customValidators
+}))
+app.use(cookieParser())
+app.use(cookieSession({
+  name: 'session',
+  secret: "b34ejefAt7a3eme5e7paCrEgatadEqEs",
+
+  // Cookie Options
+  maxAge: 24 * 60 * 60 * 1000 // 24 hours
+}))
+app.use(express.static(path.join(__dirname, 'public')))
+// Include the bootstrap package
+app.use('/css', express.static(path.join(__dirname, 'node_modules/bootstrap/dist/css')))
+app.use('/js', express.static(path.join(__dirname, 'node_modules/bootstrap/dist/js')))
+// Include font awesome
+app.use('/css', express.static(path.join(__dirname, 'node_modules/font-awesome/css')))
+app.use('/fonts', express.static(path.join(__dirname, 'node_modules/font-awesome/fonts')))
+
+app.use(helmet())
+
+// Initialize the routing
+var client = new CreditOffers(config.creditOffers.client, oauth(config.creditOffers.oauth))
+app.use('/', index(client))
+app.use('/offers', offers(client))
+
+// catch 404 and forward to error handler
+app.use(function(req, res, next) {
+  var err = new Error('Not Found')
+  err.status = 404
+  next(err)
+})
+
+// error handlers
+
+// development error handler
+// will print stacktrace
+if (app.get('env') === 'development') {
+  app.use(function(err, req, res, next) {
+    res.status(err.status || 500)
+    res.render('error', {
+      message: err.message,
+      error: err
+    })
+  })
+}
+
+// production error handler
+// no stacktraces leaked to user
+app.use(function(err, req, res, next) {
+  res.status(err.status || 500)
+  res.render('error', {
+    message: err.message,
+    error: {}
+  })
+})
+
+module.exports = app

bin/www

@@ -0,0 +1,104 @@
+#!/usr/bin/env node
+/*
+Copyright 2017 Capital One Services, LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and limitations under the License.
+*/
+
+/**
+ * Module dependencies.
+ */
+
+var app = require('../app');
+var debug = require('debug')('credit-offers:server');
+var http = require('http');
+
+/**
+ * Get port from environment and store in Express.
+ */
+
+var port = normalizePort(process.env.PORT || '3000');
+app.set('port', port);
+
+/**
+ * Create HTTP server.
+ */
+
+var server = http.createServer(app);
+
+/**
+ * Listen on provided port, on all network interfaces.
+ */
+
+server.listen(port);
+server.on('error', onError);
+server.on('listening', onListening);
+
+/**
+ * Normalize a port into a number, string, or false.
+ */
+
+function normalizePort(val) {
+  var port = parseInt(val, 10);
+
+  if (isNaN(port)) {
+    // named pipe
+    return val;
+  }
+
+  if (port >= 0) {
+    // port number
+    return port;
+  }
+
+  return false;
+}
+
+/**
+ * Event listener for HTTP server "error" event.
+ */
+
+function onError(error) {
+  if (error.syscall !== 'listen') {
+    throw error;
+  }
+
+  var bind = typeof port === 'string'
+    ? 'Pipe ' + port
+    : 'Port ' + port;
+
+  // handle specific listen errors with friendly messages
+  switch (error.code) {
+    case 'EACCES':
+      console.error(bind + ' requires elevated privileges');
+      process.exit(1);
+      break;
+    case 'EADDRINUSE':
+      console.error(bind + ' is already in use');
+      process.exit(1);
+      break;
+    default:
+      throw error;
+  }
+}
+
+/**
+ * Event listener for HTTP server "listening" event.
+ */
+
+function onListening() {
+  var addr = server.address();
+  var bind = typeof addr === 'string'
+    ? 'pipe ' + addr
+    : 'port ' + addr.port;
+  debug('Listening on ' + bind);
+}