Fix security issues
All checks were successful
Jenkins Production Deployment

This commit is contained in:
Patrick Müller 2022-06-25 13:26:16 +02:00
parent eeace68b7b
commit fc65474930
Signed by: Paddy
GPG Key ID: 37ABC11275CAABCE
4 changed files with 336 additions and 328 deletions

21
app.ts
View File

@ -30,8 +30,25 @@ const server: http.Server = http.createServer(app);
// here we are adding middleware to parse all incoming requests as JSON
app.use(express.json());
// Use CORS
app.use(cors());
// Configure CORS
let allowedHosts = [
'https://rapla.p4ddy.com',
'https://betterzon.p4ddy.com'
];
app.use(cors({
origin: function (origin: any, callback: any) {
// Allow requests with no origin
if (!origin) return callback(null, true);
// Block requests with wrong origin
if (allowedHosts.indexOf(origin) === -1) {
return callback(new Error('The CORS policy doesn\'t allow access for your origin.'), false);
}
// Allow all other requests
return callback(null, true);
}
}));
// Swagger documentation
const swaggerDefinition = {

View File

@ -64,8 +64,6 @@ export const createUser = async (username: string, password: string, email: stri
} catch (err) {
throw err;
}
return {} as Session;
};
/**
@ -126,8 +124,6 @@ export const login = async (username: string, password: string, ip: string): Pro
} catch (err) {
throw err;
}
return {} as Session;
};
/**

View File

@ -143,8 +143,6 @@ export const deactivateListing = async (user_id: number, vendor_id: number, prod
} catch (err) {
throw err;
}
return false;
};
/**
@ -169,6 +167,4 @@ export const setShopStatus = async (user_id: number, vendor_id: number, isActive
} catch (err) {
throw err;
}
return false;
};

View File

@ -14,7 +14,6 @@ export const eventRouter = express.Router();
eventRouter.get('/:isDevCall', async (req: Request, res: Response) => {
try {
throw new Error('Test');
let userId = (req.query.userId ?? '').toString();
let sessionId = (req.query.sessionId ?? '').toString();
let sessionKey = (req.query.sessionKey ?? '').toString();