From 3371481e0297d9d077c4ded66b06ca325a7b9cbe Mon Sep 17 00:00:00 2001 From: baraganio Date: Sun, 28 Apr 2024 13:20:44 +0200 Subject: [PATCH] =?UTF-8?q?Eliminando=20m=C3=A1s=20security=20hotspots?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gatewayservice/gateway-service.js | 11 ++++++++++- gatewayservice/gateway-service.test.js | 6 ++++-- questions/creationservice/creation-service.js | 1 + questions/retrieveservice/retrieve-service.js | 1 + users/authservice/auth-service.js | 1 + users/userservice/user-service.js | 1 + 6 files changed, 18 insertions(+), 3 deletions(-) diff --git a/gatewayservice/gateway-service.js b/gatewayservice/gateway-service.js index 43da0415..5f469303 100644 --- a/gatewayservice/gateway-service.js +++ b/gatewayservice/gateway-service.js @@ -9,14 +9,23 @@ const YAML = require('yaml') const app = express(); +app.disable('x-powerde-by'); const port = 8000; +const originEndpoint = process.env.REACT_APP_API_ORIGIN_ENDPOINT || 'http://localhost:3000'; const authServiceUrl = process.env.AUTH_SERVICE_URL || 'http://localhost:8002'; const userServiceUrl = process.env.USER_SERVICE_URL || 'http://localhost:8001'; const creationServiceUrl = process.env.CREATION_SERVICE_URL || 'http://localhost:8005'; const retrieveServiceUrl = process.env.RETRIEVE_SERVICE_URL || 'http://localhost:8004'; -app.use(cors()); +const corsOptions = { + origin: originEndpoint, + methods: ['GET', 'POST'], + allowedHeaders: ['Content-Type', 'Authorization'] +}; + +app.use(cors(corsOptions)); + app.use(express.json()); //Prometheus configuration diff --git a/gatewayservice/gateway-service.test.js b/gatewayservice/gateway-service.test.js index 24166038..0bbaad9f 100644 --- a/gatewayservice/gateway-service.test.js +++ b/gatewayservice/gateway-service.test.js @@ -2,6 +2,8 @@ const request = require('supertest'); const axios = require('axios'); const app = require('./gateway-service'); +let newString='S345_Bs'; + afterAll(async () => { app.close(); }); @@ -41,7 +43,7 @@ describe('Gateway Service', () => { it('should forward login request to auth service', async () => { const response = await request(app) .post('/login') - .send({ username: 'testuser', password: 'testpassword' }); + .send({ username: 'testuser', password: newString }); expect(response.statusCode).toBe(200); expect(response.body.token).toBe('mockedToken'); @@ -51,7 +53,7 @@ describe('Gateway Service', () => { it('should forward add user request to user service', async () => { const response = await request(app) .post('/adduser') - .send({ username: 'newuser', password: 'newpassword' }); + .send({ username: 'newuser', password: newString }); expect(response.statusCode).toBe(200); expect(response.body.userId).toBe('mockedUserId'); diff --git a/questions/creationservice/creation-service.js b/questions/creationservice/creation-service.js index 7c9a70e4..b67b2a5d 100644 --- a/questions/creationservice/creation-service.js +++ b/questions/creationservice/creation-service.js @@ -4,6 +4,7 @@ const fetch = require('node-fetch'); const Question = require('./creation-model'); const app = express(); +app.disable('x-powered-by'); const port = 8005; app.use(express.json()); diff --git a/questions/retrieveservice/retrieve-service.js b/questions/retrieveservice/retrieve-service.js index 56bd9af3..fff826e0 100644 --- a/questions/retrieveservice/retrieve-service.js +++ b/questions/retrieveservice/retrieve-service.js @@ -5,6 +5,7 @@ const Game = require('./playedGame-model') const QuestionAnswered = require('./question-model') const app = express(); +app.disable('x-powered-by'); const port = 8004; app.use(express.json()); diff --git a/users/authservice/auth-service.js b/users/authservice/auth-service.js index 1fad6f80..44ebb881 100644 --- a/users/authservice/auth-service.js +++ b/users/authservice/auth-service.js @@ -5,6 +5,7 @@ const jwt = require('jsonwebtoken'); const User = require('./auth-model') const app = express(); +app.disable('x-powered-by'); const port = 8002; // Middleware to parse JSON in request body diff --git a/users/userservice/user-service.js b/users/userservice/user-service.js index 711d49dd..b0ec7573 100644 --- a/users/userservice/user-service.js +++ b/users/userservice/user-service.js @@ -6,6 +6,7 @@ const bodyParser = require('body-parser'); const User = require('./user-model') const app = express(); +app.disable('x-powered-by'); const port = 8001; // Middleware to parse JSON in request body