fix security url encoding

Arquisoft · Mar 8, 2024 · 26c295b · 26c295b
1 parent 9dca29b
commit 26c295b
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 23 deletions.
diff --git a/gatewayservice/gateway-service.js b/gatewayservice/gateway-service.js
@@ -72,8 +72,11 @@ app.post('/createGame', async (req, res) => {
 
 app.get('/getStats/:id', async (req, res) => {
   try {
+    const baseUrl = userServiceUrl + '/getStatistics/';
     const uuid = req.params.id;
-    const statsResponse = await axios.get(userServiceUrl+'/getStatistics/'+uuid);
+    const encodedUuid = encodeURIComponent(uuid);
+
+    const statsResponse = await axios.get(`${baseUrl}${encodedUuid}`);
     const userStats = statsResponse.data;
     const gameResponse = await axios.get(gameServiceUrl+'/getGame/'+userStats.lastGameId);
     const ids = gameResponse.data[0].questions;

diff --git a/gatewayservice/gateway-service.test.js b/gatewayservice/gateway-service.test.js
@@ -92,33 +92,45 @@ describe('Gateway Service', () => {
       lastGame: mockQuestionsData,
     });
   })
-  /*it('should return questions on successful request to /createGame', async () => {
-    const testData = {
-      "players": [
-        { "uuid": "3c68688e-84e7-4d29-b7c7-09474d42b669" }
-      ]
-    };
+
+  it('creates a game and updates last game for players', async () => {
+    const players = [
+      { uuid: 'user1-uuid' },
+      { uuid: 'user2-uuid' },
+    ];
+    const questions = [
+      { question: 'Sample Question 1' },
+      { question: 'Sample Question 2' }
+    ];
+    const game = { uuid: 'game-uuid-123' };
 
-    const response = await request(app)
-      .post('/createGame')
-      .send(testData);
+    axios.get.mockImplementation((url) => {
+      if (url.endsWith(`/game`)) {
+        return Promise.resolve({ data: questions });
+      }
+      return Promise.reject(new Error('Unexpected URL'));
+    });
+
+    axios.post.mockImplementation((url, data) => {
+      if (url.endsWith('/createGame')) {
+        return Promise.resolve({ data: game });
+      } else if(url.endsWith('/updateLastGame')){
+        return Promise.resolve();
+      }
+      return Promise.reject(new Error('Unexpected URL'));
+    });
+
+    const response = await request(app).post('/createGame').send({ players });
 
-    // Verify status code
     expect(response.statusCode).toBe(200);
+    expect(response.body).toEqual(questions);
+
+    // Assertions on axios calls
+    expect(axios.get).toHaveBeenCalledWith(qgServiceUrl + '/game');
+    expect(axios.post).toHaveBeenCalledWith(gameServiceUrl + '/createGame', { players, questions });
+    expect(axios.post).toHaveBeenCalledWith(userServiceUrl + '/updateLastGame', { gameUUID: game.uuid, players });
 
-    // Verify response body
-    expect(response.body).toEqual({ questions: [] });
   });
 
-  it('should handle internal server error from /game endpoint', async () => {
-    // Mock the axios.get method to simulate an error response from /game endpoint
-    axios.get.mockRejectedValue({ response: { status: 500, data: { error: 'Internal server error' } } });
-
-    const response = await request(app).get('/questionsGame');
-
-    expect(response.status).toBe(500);
-    expect(response.body).toEqual({ error: 'Internal server error' });
-  });
-  */
 
 });