Merge branch 'dev' of https://github.com/CVEProject/cve-services into…

… jd-706

package.json

@@ -27,12 +27,12 @@
     "dependencies": {
         "ajv": "^8.6.2",
         "ajv-formats": "^2.1.1",
-        "argon2": "^0.27.1",
+        "argon2": "^0.27.2",
         "config": "^3.3.6",
         "cors": "^2.8.5",
         "crypto-random-string": "^3.3.1",
         "dotenv": "^5.0.1",
-        "express": "^4.15.4",
+        "express": "^4.18.2",
         "express-jsonschema": "^1.1.6",
         "express-rate-limit": "^6.5.2",
         "express-validator": "^6.14.2",
@@ -51,7 +51,6 @@
         "swagger-autogen": "^2.19.0",
         "swagger-ui-express": "^4.3.0",
         "uuid": "^8.3.2",
-        "uuid-apikey": "^1.5.1",
         "validate-date": "^2.0.0",
         "validator": ">=13.7.0",
         "winston": "^3.2.1",
@@ -73,10 +72,6 @@
         "action:lint-test": "node node_modules/eslint/bin/eslint.js test/",
         "action:lint-test-utils": "node node_modules/eslint/bin/eslint.js test-utils/",
         "clean": "node node_modules/depcheck/bin/depcheck.js",
-        "hash:dev": "NODE_ENV=development node-dev src/scripts/hashPasswords.js",
-        "hash:stage": "NODE_ENV=staging node src/scripts/hashPasswords.js",
-        "hash:int": "NODE_ENV=integration node src/scripts/hashPasswords.js",
-        "hash:prd": "NODE_ENV=production node src/scripts/hashPasswords.js",
         "lint:src": "node node_modules/eslint/bin/eslint.js src/ --fix",
         "lint:test": "node node_modules/eslint/bin/eslint.js test/ --fix",
         "lint:test-utils": "node node_modules/eslint/bin/eslint.js test-utils/ --fix",

src/controller/cve-id.controller/index.js

@@ -244,6 +244,14 @@ router.get('/cve-id/:id',
       }
     }
   }
+  #swagger.responses[429] = {
+    description: 'Too Many Requests',
+    content: {
+      "application/json": {
+        schema: { $ref: '/schemas/errors/generic.json' }
+      }
+    }
+  }
   #swagger.responses[500] = {
     description: 'Internal Server Error',
     content: {

src/controller/cve.controller/index.js

@@ -63,6 +63,14 @@ router.get('/cve/:id',
       }
     }
   }
+  #swagger.responses[429] = {
+    description: 'Too Many Requests',
+    content: {
+      "application/json": {
+        schema: { $ref: '/schemas/errors/generic.json' }
+      }
+    }
+  }
   #swagger.responses[500] = {
     description: 'Internal Server Error',
     content: {

src/controller/org.controller/org.controller.js

@@ -8,7 +8,7 @@ const cryptoRandomString = require('crypto-random-string')
 const uuid = require('uuid')
 const errors = require('./error')
 const error = new errors.OrgControllerError()
-const uuidAPIKey = require('uuid-apikey')
+const validateUUID = require('uuid').validate
 const decodeEntities = require('html-entities').decode
 const booleanIsTrue = require('../../utils/utils').booleanIsTrue
 
@@ -66,7 +66,7 @@ async function getOrg (req, res, next) {
     let agt = setAggregateOrgObj({ short_name: identifier })
 
     // check if identifier is uuid and if so, reassign agt and orgIdentifier
-    if (uuidAPIKey.isUUID(identifier)) {
+    if (validateUUID(identifier)) {
       orgIdentifer = org.UUID
       agt = setAggregateOrgObj({ UUID: identifier })
     }

src/middleware/errorMessages.js

@@ -2,5 +2,5 @@
 
 module.exports = {
   ID_QUOTA: 'The id_quota does not comply with CVE id quota limitations',
-  TIMESTAMP_FORMAT: 'Bad date, or invalid timestamp format: valid format is yyyy-MM-ddTHH:mm:ss or yyyy-MM-ddTHH:mm:ss.ZZZZ'
+  TIMESTAMP_FORMAT: 'Bad date, or invalid timestamp format: valid format is yyyy-MM-ddTHH:mm:ss or yyyy-MM-ddTHH:mm:ssZZZZ'
 }

src/middleware/middleware.js

@@ -327,14 +327,15 @@ function errorHandler (err, req, res, next) {
 }
 
 const limiter = rateLimit({
-  // over 1 minutes, allow a max of 1000 requests
+  // over 1 second, allow a max of 1000 requests
   // can configure by setting env vars
   windowMs: 1000 * parseInt((process.env.RATE_LIMIT_WINDOW_SECONDS || 1)),
   max: parseInt(process.env.RATE_LIMIT_MAX_CONNECTIONS || 1000),
   // apply to all requests this middleware is used, so always return the same key
   keyGenerator: (req, res) => '*',
   standardHeaders: true,
-  legacyHeaders: false
+  legacyHeaders: false,
+  message: error.tooManyRequests()
 })
 
 module.exports = {

src/utils/error.js

@@ -96,6 +96,13 @@ class IDRError {
 
     return err
   }
+
+  tooManyRequests () {
+    return {
+      error: 'TOO_MANY_REQUESTS',
+      message: 'Too many requests. Please try again later.'
+    }
+  }
 }
 
 module.exports = {