Skip to content

Commit

Permalink
Merge pull request #21 from Inist-CNRS/fix/cve-side-effect
Browse files Browse the repository at this point in the history
Fix CVE/CWE and side effect
AlasDiablo authored Mar 11, 2024
2 parents 2319b17 + e584f24 commit f74f11d
Showing 8 changed files with 63 additions and 27 deletions.
15 changes: 15 additions & 0 deletions tdm-be/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion tdm-be/package.json
Original file line number Diff line number Diff line change
@@ -7,7 +7,9 @@
"scripts": {
"dev": "nodemon src/app.ts",
"start": "ts-node --transpile-only ./src/app.ts",
"swagger-autogen": "ts-node --project tsconfig.dev.json bin/swagger.ts 3000"
"swagger-autogen": "ts-node --project tsconfig.dev.json bin/swagger.ts 3000",
"lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
"lint:test": "eslint \"{src,apps,libs,test}/**/*.ts\""
},
"keywords": [],
"author": "",
@@ -19,6 +21,7 @@
"cors": "^2.8.5",
"express": "^4.18.2",
"express-basic-auth": "^1.2.1",
"express-rate-limit": "^7.2.0",
"md5": "^2.3.0",
"multer": "^1.4.5-lts.1",
"node-cron": "^3.0.3",
17 changes: 12 additions & 5 deletions tdm-be/src/app.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import cors from 'cors';
import express from 'express';
import basicAuth from 'express-basic-auth'; // This package is used for basic authentication
import basicAuth from 'express-basic-auth';
import rateLimit from 'express-rate-limit';
import cron from 'node-cron';
import swaggerUi from 'swagger-ui-express';
import fs from 'node:fs';
@@ -17,7 +18,13 @@ import swaggerFile from '~/swagger/swagger-config.json';

const app = express();

const port = environment.port;
const limiter = rateLimit({
windowMs: 10 * 60 * 1000, // 10 minute
limit: 2000, // Limit each IP to 1000 requests per `window` (here, per 10 minutes)
standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
legacyHeaders: false, // Disable the `X-RateLimit-*` headers
});
app.use(limiter);

// Simple example user credentials
const users = {
@@ -27,7 +34,7 @@ const users = {
// Middleware for basic authentication
const auth = basicAuth({
users,
challenge: true, // Sends 401 authentication challenge if credentials are missing
challenge: true, // Sends 401 authentication challenges if credentials are missing
unauthorizedResponse: 'Authentication required.', // Message for unauthorized access
});

@@ -69,8 +76,8 @@ app.use((req, res) => {
});

initFilesSystem().then(() => {
const server = app.listen(port, () => {
logger.debug(`Running on ${port}`);
const server = app.listen(environment.port, () => {
logger.debug(`Running on ${environment.port}`);
});

server.setTimeout(600000); // 10 minutes timeout for all routes
17 changes: 13 additions & 4 deletions tdm-be/src/controller/traitment.ts
Original file line number Diff line number Diff line change
@@ -8,7 +8,9 @@ import environment from '~/lib/config';
import { sendStartedMail } from '~/lib/email';
import { filesLocation, randomFileName } from '~/lib/files';
import {
HTTP_ACCEPTED,
HTTP_BAD_REQUEST,
HTTP_CONFLICT,
HTTP_CREATED,
HTTP_INTERNAL_SERVER_ERROR,
HTTP_NOT_FOUND,
@@ -92,6 +94,14 @@ router.post(
return;
}

if (processing.status !== Status.UNKNOWN) {
res.status(HTTP_CONFLICT).send({
status: HTTP_CONFLICT,
message: 'Conflict - The processing as already been started',
});
return;
}

// --- Get processing params
// Set default params as undefined
let wrapperUrl: string | undefined = undefined;
@@ -176,10 +186,9 @@ router.post(
},
}).then(undefined);

// Send a http response with the processing information
res.send({
message: `Enrichissement démarré vous allez recevoir un email.`,
url: statusPanelUrl,
// Send an http response with code 202
res.status(HTTP_ACCEPTED).send({
status: HTTP_ACCEPTED,
});
},
(error) => {
2 changes: 1 addition & 1 deletion tdm-be/src/lib/http.ts
Original file line number Diff line number Diff line change
@@ -5,7 +5,7 @@ export const HTTP_ACCEPTED = 202;
// --- HTTP CODE 400 ---
export const HTTP_BAD_REQUEST = 400;
export const HTTP_NOT_FOUND = 404;
export const HTTP_PAGE_EXPIRED = 419;
export const HTTP_CONFLICT = 409;
export const HTTP_PRECONDITION_REQUIRED = 428;

// --- HTTP CODE 500 ---
22 changes: 11 additions & 11 deletions tdm-be/src/model/Config.ts
Original file line number Diff line number Diff line change
@@ -2,17 +2,17 @@ import { readFileSync } from 'node:fs';
import { writeFile } from 'node:fs/promises';
import logger from '~/lib/logger';

export class Tag {
name = '';
excluded?: string[] = [];
}

export class SwaggerApi {
url = '';
retrieveUrl?: string;
tags: Tag[] = [];
}

export class Tag {
name = '';
excluded?: string[] = [];
}

export class Mail {
subject = '';
text = '';
@@ -74,12 +74,6 @@ export class Config {
this.saveConfig();
}

private saveConfig() {
writeFile('dynamic-config.json', JSON.stringify(this.config), 'utf-8').then(() => {
logger.info('Dynamic config successfully written to disk');
});
}

getConfig(): ConfigType {
return this.config;
}
@@ -110,6 +104,12 @@ export class Config {
this.saveConfig();
}
}

private saveConfig() {
writeFile('dynamic-config.json', JSON.stringify(this.config), 'utf-8').then(() => {
logger.info('Dynamic config successfully written to disk');
});
}
}

const singleton = new Config();
4 changes: 2 additions & 2 deletions tdm-fe/src/app/components/form/ProcessingFormConfirmation.tsx
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@ import { RouteProcessingStatus } from '~/app/shared/routes';
export type ProcessingFormConfirmationProps = {
processingId: string;
state: {
status: 200 | 400 | 428 | 500 | null | undefined;
status: 202 | 400 | 409 | 428 | 500 | null | undefined;
pending: boolean;
};
};
@@ -43,7 +43,7 @@ const ProcessingFormConfirmation = ({ processingId, state }: ProcessingFormConfi
/**
* Show an error if we get any other error
*/
if (state.status !== 200) {
if (state.status !== 202 && state.status !== 409) {
return <Alert severity="error">Un problème inattendu est survenu.</Alert>;
}

8 changes: 5 additions & 3 deletions tdm-fe/src/app/services/creation/processing.ts
Original file line number Diff line number Diff line change
@@ -15,7 +15,7 @@ export const start = async ({
enrichment,
mail,
id,
}: ProcessingStartParams): Promise<200 | 400 | 428 | 500> => {
}: ProcessingStartParams): Promise<202 | 400 | 409 | 428 | 500> => {
const response = await fetch(createQuery(environment.post.processing.start), {
method: 'POST',
headers: {
@@ -40,10 +40,12 @@ export const start = async ({
});

switch (response.status) {
case 200:
return 200;
case 202:
return 202;
case 400:
return 400;
case 409:
return 409;
case 428:
return 428;
default:

0 comments on commit f74f11d

Please sign in to comment.