Fix security issues

app.ts

@@ -30,8 +30,25 @@ const server: http.Server = http.createServer(app);
 // here we are adding middleware to parse all incoming requests as JSON
 app.use(express.json());
 
-// Use CORS
-app.use(cors());
+// Configure CORS
+let allowedHosts = [
+	'https://rapla.p4ddy.com',
+	'https://betterzon.p4ddy.com'
+];
+app.use(cors({
+	origin: function (origin: any, callback: any) {
+		// Allow requests with no origin
+		if (!origin) return callback(null, true);
+
+		// Block requests with wrong origin
+		if (allowedHosts.indexOf(origin) === -1) {
+			return callback(new Error('The CORS policy doesn\'t allow access for your origin.'), false);
+		}
+
+		// Allow all other requests
+		return callback(null, true);
+	}
+}));
 
 // Swagger documentation
 const swaggerDefinition = {

src/models/betterzon/users/users.service.ts

@@ -64,8 +64,6 @@ export const createUser = async (username: string, password: string, email: stri
 	} catch (err) {
 		throw err;
 	}
-
-    return {} as Session;
 };
 
 /**
@@ -126,8 +124,6 @@ export const login = async (username: string, password: string, ip: string): Pro
 	} catch (err) {
 		throw err;
 	}
-
-    return {} as Session;
 };
 
 /**

src/models/betterzon/vendors/vendors.service.ts

@@ -143,8 +143,6 @@ export const deactivateListing = async (user_id: number, vendor_id: number, prod
 	} catch (err) {
 		throw err;
 	}
-
-    return false;
 };
 
 /**
@@ -169,6 +167,4 @@ export const setShopStatus = async (user_id: number, vendor_id: number, isActive
 	} catch (err) {
 		throw err;
 	}
-
-    return false;
 };

src/models/partyplaner/event/Event.router.ts

@@ -14,7 +14,6 @@ export const eventRouter = express.Router();
 
 eventRouter.get('/:isDevCall', async (req: Request, res: Response) => {
 	try {
-		throw new Error('Test');
 		let userId = (req.query.userId ?? '').toString();
 		let sessionId = (req.query.sessionId ?? '').toString();
 		let sessionKey = (req.query.sessionKey ?? '').toString();