arreglando Security Hotspots v3

gatewayservice/gateway-service.js

@@ -12,14 +12,14 @@ const app = express();
 app.disable('x-powered-by');
 const port = 8000;
 
-const originEndpoint = process.env.REACT_APP_API_ORIGIN_ENDPOINT || 'http://localhost:3000';
+//const originEndpoint = process.env.REACT_APP_API_ORIGIN_ENDPOINT || 'http://localhost:3000';
 const authServiceUrl = process.env.AUTH_SERVICE_URL || 'http://localhost:8002';
 const userServiceUrl = process.env.USER_SERVICE_URL || 'http://localhost:8001';
 const creationServiceUrl = process.env.CREATION_SERVICE_URL || 'http://localhost:8005';
 const retrieveServiceUrl = process.env.RETRIEVE_SERVICE_URL || 'http://localhost:8004';
 
 const corsOptions = {
-  origin: originEndpoint, 
+  origin: '*', 
   methods: ['GET', 'POST'], 
   allowedHeaders: ['Content-Type', 'Authorization'] 
 };

users/authservice/Dockerfile

@@ -8,20 +8,10 @@ WORKDIR /usr/src/authservice
 COPY package*.json ./
 
 # Install app dependencies
-RUN npm install --ignore-scripts
-
+RUN npm install
 # Copy the app source code to the working directory
 COPY . .
 
-# Create a new non-root user and group
-RUN addgroup -S myusergroup && adduser -S myuser -G myusergroup
-
-# Change the ownership of the working directory to the newly created user
-RUN chown -R myuser:myusergroup /usr/src/authservice
-
-# Switch to the new non-root user
-USER myuser
-
 # Expose the port the app runs on
 EXPOSE 8002
 

users/userservice/Dockerfile

@@ -1,25 +1,20 @@
-# Usa una imagen oficial de Node.js como imagen base
+# Use an official Node.js runtime as a parent image
 FROM node:20
 
-# Establece el directorio de trabajo en el contenedor
+# Set the working directory in the container
 WORKDIR /usr/src/userservice
 
-# Copia package.json y package-lock.json al directorio de trabajo
+# Copy package.json and package-lock.json to the working directory
 COPY package*.json ./
 
-# Instala las dependencias de la aplicación
-RUN npm install --ignore-scripts
+# Install app dependencies
+RUN npm install 
 
-# Copia el código fuente de la aplicación al directorio de trabajo
+# Copy the app source code to the working directory
 COPY . .
 
-# Cambia a un usuario no privilegiado
-RUN addgroup -S nonroot \
-    && adduser -S nonroot -G nonroot
-USER nonroot
-
-# Expone el puerto en el que se ejecuta la aplicación
+# Expose the port the app runs on
 EXPOSE 8001
 
-# Define el comando para ejecutar la aplicación
+# Define the command to run your app
 CMD ["node", "user-service.js"]