Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Develop #13

Closed
wants to merge 32 commits into from
Closed

Develop #13

wants to merge 32 commits into from

Conversation

smyllet
Copy link
Member

@smyllet smyllet commented Nov 17, 2023
edited
Loading

Required :

Vahelnir and others added 18 commits August 11, 2023 00:13
@Vahelnir
[IMPROVE] move sources into src/
e8d70e1
@Vahelnir
[ADD] build ts to js with esbuild
d718cc9
@smyllet
Merge pull request #10 from Vahelnir/improvement/build-ts
ee79572 
Remove ts-node and build the project to javascript
@smyllet
[DEV] Add MailDev in docker-compose
ef37f16
@smyllet
Merge pull request #8 from smyllet/dev/addDevMailServer
39ad9a0 
Add MailDev in docker-compose
@Vahelnir
[IMPROVE] Ensure the ENV variables are valid
835741c 
The zod schema will ensure that the ENV config is valid thanks to a zod schema.
It will also improve the DX thanks to the typed export `env` from `src/env.ts`.
@smyllet
[FEAT] add /users/me route (close #9)
a45cb67
@Vahelnir
[CHORE] add a .env.example
ed6ba3b 
This .env.example is also used to create the base .env, when the server does not find an existing .env file
@Vahelnir
[CHORE] remove useless call to Number()
e09049d
@Vahelnir
[FIX] boolean parsing was wrong for the env
d6be7fe
@smyllet
Merge pull request #11 from Vahelnir/improve/env_loading
b622662 
[IMPROVE] Ensure the ENV variables are valid
@Vahelnir
[FEAT] use jose instead of jsonwebtoken
6e712b1
@Vahelnir
[FIX] jwt.verify was not returning the right value
e5e8c6e
@Vahelnir
[FIX] having no access token was crashing the server
b230dcd
@Vahelnir
[IMPROVE] add typescript strict mode & improve model types
d67bb85
@smyllet
Merge pull request #12 from Vahelnir/feat/use_jose_jwt
8b4b409 
[FEAT] use jose instead of jsonwebtoken
@smyllet
[CHORE] Add prettier
27b65df
@smyllet
[CHORE] Apply prettier
30fbfa9
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 17, 2023
View reviewed changes
src/app.ts Outdated

app.use(express.json({limit: '50mb'}));
app.use(express.urlencoded({limit: '50mb' ,extended: false}));
app.use(cookieParser());

Check failure

Code scanning / CodeQL

Missing CSRF middleware

This cookie middleware is serving a [request handler](1) without CSRF protection.
src/app.ts Outdated
Comment on lines 51 to 119
app.all('*', function (req, res, next) {
if (req.path === '/users/login' || req.path === '/users') {
next();
} else {
const { application_token} = req.headers;
if(application_token && typeof application_token === "string") {
jwt.verify(application_token, env.APPLICATION_TOKEN_SECRET)
.then((decoded) => {
ApplicationModel.findOne({
where: {
token: req.headers.application_token,
},
})
.then((application) => {
// decoded cannot be a string since the
// token is generated from an object
if (application && typeof decoded !== "string") {
req.user = new UserDto(decoded.user);
next();
} else {
res.status(401).send({
message: "Invalid application token",
});
}
})
.catch((err) => {
res.status(500).send({
message: "Internal server error",
});
});
})
.catch((err) => {
console.log(err);
res.status(401).send({
message: "Invalid application token",
});
});
} else {
jwt.verify(req.cookies.access_token, env.ACCESS_TOKEN_SECRET)
.then(decoded => {
req.user = new UserDto(decoded);
next();
})
.catch((err) => {
jwt.verify(req.cookies.refresh_token, env.REFRESH_TOKEN_SECRET)
.then((user) => {
UserModel.findByPk(user.id)
.then(async function (user) {
if (user) {
res.cookie('access_token', await UserTokenUtil.generateAccessToken(new UserDto(user)), {maxAge: 1000 * 60 * 30});
res.cookie('refresh_token', req.cookies.refresh_token, {maxAge: 1000 * 60 * 60 * 24 * 30});
req.user = new UserDto(user);
next();
} else {
res.status(401).send();
}
})
.catch(function (err) {
res.status(401).send();
});
})
.catch((err) => {
res.status(401).send();
});

})
}
}
});

Check failure

Code scanning / CodeQL

Missing rate limiting

This route handler performs [authorization](1), but is not rate-limited. This route handler performs [authorization](2), but is not rate-limited.
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 17, 2023
View reviewed changes
src/app.ts Fixed Show fixed Hide fixed
src/app.ts Fixed Show fixed Hide fixed
src/routes/users.ts Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 20, 2023
View reviewed changes
src/app.ts Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 20, 2023
View reviewed changes
src/app.ts Fixed Show fixed Hide fixed
@aquatracking aquatracking deleted a comment from sonarcloud bot Feb 9, 2024
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Feb 9, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
2 Security Hotspots
3.9% Duplication on New Code (required ≤ 3%)
D Reliability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

idea Catch issues before they fail your Quality Gate with our IDE extension SonarLint SonarLint

@smyllet smyllet closed this Feb 9, 2024
@smyllet smyllet deleted the develop branch February 9, 2024 17:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@smyllet @Vahelnir