From 26c295b680c7f03ec226f0a76f02edc975639a7a Mon Sep 17 00:00:00 2001 From: carlospelazas Date: Fri, 8 Mar 2024 17:15:46 +0100 Subject: [PATCH] fix security url encoding --- gatewayservice/gateway-service.js | 5 ++- gatewayservice/gateway-service.test.js | 56 ++++++++++++++++---------- 2 files changed, 38 insertions(+), 23 deletions(-) diff --git a/gatewayservice/gateway-service.js b/gatewayservice/gateway-service.js index d8c6758..e69100e 100644 --- a/gatewayservice/gateway-service.js +++ b/gatewayservice/gateway-service.js @@ -72,8 +72,11 @@ app.post('/createGame', async (req, res) => { app.get('/getStats/:id', async (req, res) => { try { + const baseUrl = userServiceUrl + '/getStatistics/'; const uuid = req.params.id; - const statsResponse = await axios.get(userServiceUrl+'/getStatistics/'+uuid); + const encodedUuid = encodeURIComponent(uuid); + + const statsResponse = await axios.get(`${baseUrl}${encodedUuid}`); const userStats = statsResponse.data; const gameResponse = await axios.get(gameServiceUrl+'/getGame/'+userStats.lastGameId); const ids = gameResponse.data[0].questions; diff --git a/gatewayservice/gateway-service.test.js b/gatewayservice/gateway-service.test.js index 7d00b58..32aeaaf 100644 --- a/gatewayservice/gateway-service.test.js +++ b/gatewayservice/gateway-service.test.js @@ -92,33 +92,45 @@ describe('Gateway Service', () => { lastGame: mockQuestionsData, }); }) - /*it('should return questions on successful request to /createGame', async () => { - const testData = { - "players": [ - { "uuid": "3c68688e-84e7-4d29-b7c7-09474d42b669" } - ] - }; + + it('creates a game and updates last game for players', async () => { + const players = [ + { uuid: 'user1-uuid' }, + { uuid: 'user2-uuid' }, + ]; + const questions = [ + { question: 'Sample Question 1' }, + { question: 'Sample Question 2' } + ]; + const game = { uuid: 'game-uuid-123' }; - const response = await request(app) - .post('/createGame') - .send(testData); + axios.get.mockImplementation((url) => { + if (url.endsWith(`/game`)) { + return Promise.resolve({ data: questions }); + } + return Promise.reject(new Error('Unexpected URL')); + }); + + axios.post.mockImplementation((url, data) => { + if (url.endsWith('/createGame')) { + return Promise.resolve({ data: game }); + } else if(url.endsWith('/updateLastGame')){ + return Promise.resolve(); + } + return Promise.reject(new Error('Unexpected URL')); + }); + + const response = await request(app).post('/createGame').send({ players }); - // Verify status code expect(response.statusCode).toBe(200); + expect(response.body).toEqual(questions); + + // Assertions on axios calls + expect(axios.get).toHaveBeenCalledWith(qgServiceUrl + '/game'); + expect(axios.post).toHaveBeenCalledWith(gameServiceUrl + '/createGame', { players, questions }); + expect(axios.post).toHaveBeenCalledWith(userServiceUrl + '/updateLastGame', { gameUUID: game.uuid, players }); - // Verify response body - expect(response.body).toEqual({ questions: [] }); }); - it('should handle internal server error from /game endpoint', async () => { - // Mock the axios.get method to simulate an error response from /game endpoint - axios.get.mockRejectedValue({ response: { status: 500, data: { error: 'Internal server error' } } }); - - const response = await request(app).get('/questionsGame'); - - expect(response.status).toBe(500); - expect(response.body).toEqual({ error: 'Internal server error' }); - }); - */ }); \ No newline at end of file