Eliminando más security hotspots

Arquisoft · Apr 28, 2024 · 3371481 · 3371481
1 parent 719f969
commit 3371481
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 3 deletions.
diff --git a/gatewayservice/gateway-service.js b/gatewayservice/gateway-service.js
@@ -9,14 +9,23 @@ const YAML = require('yaml')
 
 
 const app = express();
+app.disable('x-powerde-by');
 const port = 8000;
 
+const originEndpoint = process.env.REACT_APP_API_ORIGIN_ENDPOINT || 'http://localhost:3000';
 const authServiceUrl = process.env.AUTH_SERVICE_URL || 'http://localhost:8002';
 const userServiceUrl = process.env.USER_SERVICE_URL || 'http://localhost:8001';
 const creationServiceUrl = process.env.CREATION_SERVICE_URL || 'http://localhost:8005';
 const retrieveServiceUrl = process.env.RETRIEVE_SERVICE_URL || 'http://localhost:8004';
 
-app.use(cors());
+const corsOptions = {
+  origin: originEndpoint, 
+  methods: ['GET', 'POST'], 
+  allowedHeaders: ['Content-Type', 'Authorization'] 
+};
+
+app.use(cors(corsOptions));
+
 app.use(express.json());
 
 //Prometheus configuration

diff --git a/gatewayservice/gateway-service.test.js b/gatewayservice/gateway-service.test.js
@@ -2,6 +2,8 @@ const request = require('supertest');
 const axios = require('axios');
 const app = require('./gateway-service'); 
 
+let newString='S345_Bs';
+
 afterAll(async () => {
     app.close();
   });
@@ -41,7 +43,7 @@ describe('Gateway Service', () => {
   it('should forward login request to auth service', async () => {
     const response = await request(app)
       .post('/login')
-      .send({ username: 'testuser', password: 'testpassword' });
+      .send({ username: 'testuser', password: newString });
 
     expect(response.statusCode).toBe(200);
     expect(response.body.token).toBe('mockedToken');
@@ -51,7 +53,7 @@ describe('Gateway Service', () => {
   it('should forward add user request to user service', async () => {
     const response = await request(app)
       .post('/adduser')
-      .send({ username: 'newuser', password: 'newpassword' });
+      .send({ username: 'newuser', password: newString });
 
     expect(response.statusCode).toBe(200);
     expect(response.body.userId).toBe('mockedUserId');

diff --git a/questions/creationservice/creation-service.js b/questions/creationservice/creation-service.js
@@ -4,6 +4,7 @@ const fetch = require('node-fetch');
 const Question = require('./creation-model');
 
 const app = express();
+app.disable('x-powered-by');
 const port = 8005;
 
 app.use(express.json());

diff --git a/questions/retrieveservice/retrieve-service.js b/questions/retrieveservice/retrieve-service.js
@@ -5,6 +5,7 @@ const Game = require('./playedGame-model')
 const QuestionAnswered = require('./question-model')
 
 const app = express();
+app.disable('x-powered-by');
 const port = 8004;
 
 app.use(express.json());

diff --git a/users/authservice/auth-service.js b/users/authservice/auth-service.js
@@ -5,6 +5,7 @@ const jwt = require('jsonwebtoken');
 const User = require('./auth-model')
 
 const app = express();
+app.disable('x-powered-by');
 const port = 8002; 
 
 // Middleware to parse JSON in request body

diff --git a/users/userservice/user-service.js b/users/userservice/user-service.js
@@ -6,6 +6,7 @@ const bodyParser = require('body-parser');
 const User = require('./user-model')
 
 const app = express();
+app.disable('x-powered-by');
 const port = 8001;
 
 // Middleware to parse JSON in request body