Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: release to test #1327

Merged
merged 33 commits into from
Dec 11, 2024
Merged

chore: release to test #1327

merged 33 commits into from
Dec 11, 2024

Conversation

NithinKuruba
Copy link
Contributor

No description provided.

Comment on lines +123 to +131
app.get(`/verify-token`, async (req, res) => {
try {
const session = (await authenticate(req.headers)) as Session;
res.status(200).json(session);
return session;
} catch (err) {
handleError(res, err);
}
});

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
, but is not rate-limited.

Copilot Autofix AI 3 months ago

To fix the problem, we will introduce rate limiting to the route handler that performs authorization. We will use the express-rate-limit package to set up a rate limiter and apply it to the /verify-token route. This will ensure that the number of requests to this route is limited, mitigating the risk of DoS attacks.

  1. Install the express-rate-limit package if it is not already installed.
  2. Import the express-rate-limit package in the lambda/app/src/routes.ts file.
  3. Set up a rate limiter with appropriate configuration (e.g., maximum number of requests per minute).
  4. Apply the rate limiter to the /verify-token route.
Suggested changeset 1
lambda/app/src/routes.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/lambda/app/src/routes.ts b/lambda/app/src/routes.ts
--- a/lambda/app/src/routes.ts
+++ b/lambda/app/src/routes.ts
@@ -2,2 +2,3 @@
 import { authenticate } from './authenticate';
+import rateLimit from 'express-rate-limit';
 import { getEvents } from './controllers/events';
@@ -81,2 +82,8 @@
 
+const authRateLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // limit each IP to 100 requests per windowMs
+  message: 'Too many requests from this IP, please try again after 15 minutes'
+});
+
 const tryJSON = (str) => {
@@ -122,3 +129,3 @@
 
-    app.get(`/verify-token`, async (req, res) => {
+    app.get(`/verify-token`, authRateLimiter, async (req, res) => {
       try {
EOF
@@ -2,2 +2,3 @@
import { authenticate } from './authenticate';
import rateLimit from 'express-rate-limit';
import { getEvents } from './controllers/events';
@@ -81,2 +82,8 @@

const authRateLimiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
message: 'Too many requests from this IP, please try again after 15 minutes'
});

const tryJSON = (str) => {
@@ -122,3 +129,3 @@

app.get(`/verify-token`, async (req, res) => {
app.get(`/verify-token`, authRateLimiter, async (req, res) => {
try {
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Comment on lines +133 to +150
app.get(`/teams/verify`, async (req, res) => {
try {
const token = req.query.token;
if (!token) return res.redirect(`${APP_URL}/verify-user?message=notoken`);
else {
const { error, message, userId, teamId } = parseInvitationToken(token);

if (error) return res.redirect(`${APP_URL}/verify-user?message=${message}`);

const verified = await verifyTeamMember(userId, teamId);
if (!verified) return res.redirect(`${APP_URL}/verify-user?message=notfound`);

return res.redirect(`${APP_URL}/verify-user?message=success&teamId=${teamId}`);
}
} catch (err) {
handleError(res, err);
}
});

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
, but is not rate-limited.

Copilot Autofix AI 3 months ago

To fix the problem, we will introduce a rate-limiting middleware using the express-rate-limit package. This middleware will limit the number of requests to the /teams/verify endpoint to a reasonable number within a specified time window. This will help prevent abuse and potential DoS attacks.

  1. Install the express-rate-limit package if it is not already installed.
  2. Import the express-rate-limit package in the lambda/app/src/routes.ts file.
  3. Define a rate limiter with appropriate settings (e.g., maximum of 100 requests per 15 minutes).
  4. Apply the rate limiter to the /teams/verify endpoint.
Suggested changeset 1
lambda/app/src/routes.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/lambda/app/src/routes.ts b/lambda/app/src/routes.ts
--- a/lambda/app/src/routes.ts
+++ b/lambda/app/src/routes.ts
@@ -78,3 +78,8 @@
 import { logsRateLimiter } from './utils/rate-limiters';
+import rateLimit from 'express-rate-limit';
 
+const verifyTeamRateLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // limit each IP to 100 requests per windowMs
+});
 const APP_URL = process.env.APP_URL || '';
@@ -132,3 +137,3 @@
 
-    app.get(`/teams/verify`, async (req, res) => {
+    app.get(`/teams/verify`, verifyTeamRateLimiter, async (req, res) => {
       try {
EOF
@@ -78,3 +78,8 @@
import { logsRateLimiter } from './utils/rate-limiters';
import rateLimit from 'express-rate-limit';

const verifyTeamRateLimiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});
const APP_URL = process.env.APP_URL || '';
@@ -132,3 +137,3 @@

app.get(`/teams/verify`, async (req, res) => {
app.get(`/teams/verify`, verifyTeamRateLimiter, async (req, res) => {
try {
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Comment on lines +168 to +187
try {
const { id: teamId, saId } = req.params;
const result = await getServiceAccountCredentials(req.user.id, teamId, saId);
res.status(200).json(result);
} catch (err) {
handleError(res, err);
}
});

app.put(`/teams/:id/service-accounts/:saId/credentials`, async (req, res) => {
try {
const { id: teamId, saId } = req.params;
const result = await updateServiceAccountSecret(req.user.id, teamId, saId);
res.status(200).json(result);
} catch (err) {
handleError(res, err);
}
});

app.delete(`/teams/:id/service-accounts/:saId`, async (req, res) => {
try {
const { id: teamId, saId } = req.params;
const result = await deleteServiceAccount(req.session as Session, req.user.id, teamId, saId);
res.status(200).json(result);
} catch (err) {
handleError(res, err);
}
});

app.get(`/reports/all-standard-integrations`, async (req, res) => {
try {
assertSessionRole(req.session, 'sso-admin');
const result = await getAllStandardIntegrations();
res.status(200).json(result);
} catch (err) {
handleError(res, err);
}
});

app.get(`/reports/database-tables`, async (req, res) => {
try {
assertSessionRole(req.session, 'sso-admin');
const result = await getDatabaseTable(req.query.type, req.query.orderBy);
res.status(200).json(result);
} catch (err) {
handleError(res, err);
}
});

app.get(`/reports/all-bceid-approved-requests-and-events`, async (req, res) => {
try {
assertSessionRole(req.session, 'sso-admin');
const result = await getBceidApprovedRequestsAndEvents();
res.status(200).json(result);
} catch (err) {
handleError(res, err);
}
});

app.get(`/reports/data-integrity`, async (req, res) => {
try {
assertSessionRole(req.session, 'sso-admin');
const result = await getDataIntegrityReport();
res.status(200).json(result);
} catch (err) {
handleError(res, err);
}
});

app.get('/bc-services-card/privacy-zones', async (req, res) => {
try {
const result = await getPrivacyZones();
res.status(200).json(result);
} catch (err) {
handleError(res, err);
}
});

app.get('/bc-services-card/claim-types', async (req, res) => {
try {
const result = await getAttributes();
res.status(200).json(result);
} catch (err) {
handleError(res, err);
}
});

try {
const user: User = await findOrCreateUser(session);
user.isAdmin = isAdmin(session);
session.user = user;
req.user = user;
req.session = session;
} catch (err) {
handleError(res, err);
return false;
}

if (next) next();
});

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
, but is not rate-limited.

Copilot Autofix AI 3 months ago

To fix the problem, we will introduce rate limiting to the route handler that performs authorization. We will use the express-rate-limit package to set up a rate limiter and apply it to the relevant route. This will help prevent denial-of-service attacks by limiting the number of requests that can be made to the authorization endpoint within a specified time window.

  1. Install the express-rate-limit package if it is not already installed.
  2. Import the express-rate-limit package in the lambda/app/src/routes.ts file.
  3. Set up a rate limiter with appropriate configuration (e.g., maximum number of requests per minute).
  4. Apply the rate limiter to the route handler that performs authorization.
Suggested changeset 1
lambda/app/src/routes.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/lambda/app/src/routes.ts b/lambda/app/src/routes.ts
--- a/lambda/app/src/routes.ts
+++ b/lambda/app/src/routes.ts
@@ -1,2 +1,3 @@
 import isString from 'lodash.isstring';
+import rateLimit from 'express-rate-limit';
 import { authenticate } from './authenticate';
@@ -81,2 +82,7 @@
 
+const authRateLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // limit each IP to 100 requests per windowMs
+});
+
 const tryJSON = (str) => {
@@ -167,3 +173,3 @@
 
-    app.use(async (req, res, next) => {
+    app.use(authRateLimiter, async (req, res, next) => {
       const session = (await authenticate(req.headers)) as Session;
EOF
@@ -1,2 +1,3 @@
import isString from 'lodash.isstring';
import rateLimit from 'express-rate-limit';
import { authenticate } from './authenticate';
@@ -81,2 +82,7 @@

const authRateLimiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

const tryJSON = (str) => {
@@ -167,3 +173,3 @@

app.use(async (req, res, next) => {
app.use(authRateLimiter, async (req, res, next) => {
const session = (await authenticate(req.headers)) as Session;
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖failure

Show Plan

terraform

Pusher: @NithinKuruba, Action: pull_request

Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖failure

Show Plan

terraform

Pusher: @NithinKuruba, Action: pull_request

Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖failure

Show Plan

terraform

Pusher: @NithinKuruba, Action: pull_request

1 similar comment
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖failure

Show Plan

terraform

Pusher: @NithinKuruba, Action: pull_request

Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @NithinKuruba, Action: pull_request

Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @NithinKuruba, Action: pull_request

* chore: disable archived approval

* chore: create tests

* chore: fix name

* chore: remove old file

* chore: move the tests
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @thegentlemanphysicist, Action: pull_request

* chore: local cypress

record in gh action instead of cy cloud

* test: pipeline

test gh pipeline run

* chore: flags

remove flags for cy cloud

* chore: flags

remove flags for cy cloud

* chore: flags

remove flags for cy cloud

* chore: path

fix path wildcard settings

* chore: path

fix path wildcard settings

* chore: path

fix path wildcard settings

* chore: path

fix path wildcard settings

* chore: screenshots

upload artifacts from cypress in ci

* chore: remove cloud

remove cypress cloud in e2e suite
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @jlangy, Action: pull_request

remove testing push trigger
Copy link

github-actions bot commented Nov 5, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @jlangy, Action: pull_request

* feat: log download

allow log download from css api

* chore: clearer test

remove duplicate test, clarify variable names
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @jlangy, Action: pull_request

* feat: log download

allow log download from css api

* chore: clearer test

remove duplicate test, clarify variable names

* fix: redis config

add redis config for css api

* chore: optional chain

add optional chain and nullish coalescer
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @jlangy, Action: pull_request

update bcsc vars for docker-compose setup
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @jlangy, Action: pull_request

* feat: log download

allow log download from css api

* chore: clearer test

remove duplicate test, clarify variable names

* fix: redis config

add redis config for css api

* chore: optional chain

add optional chain and nullish coalescer

* feat: date order check

enforce date order in api route
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @jlangy, Action: pull_request

add information on the service account usernames to json payload
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @jlangy, Action: pull_request

* chore: svc acct username

add information on the service account usernames to json payload

* chore: log compress

add compression to sso api

* chore: swagger

update swagger docs for css api
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @jlangy, Action: pull_request

* chore: notification

only send notification if not archived

* chore: test coments

remove skips and test comments
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @jlangy, Action: pull_request

* feat: refactored css api to boost load test perf

* feat: fixed unit tests for css api
Copy link

github-actions bot commented Dec 2, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @NithinKuruba, Action: pull_request

* chore: inactive user email

fix inactive user logic and email messages

* fix: env in email

add env to remaining user deletion emails

* chore: email snapshot

update email snapshot test

* fix: base url

fix syntax on cypress base url in ci

* chore: ci

testing e2e tests in ci

* chore: ci

testing e2e tests in ci

* chore: ci

testing e2e tests in ci

* chore: ci

testing e2e tests in ci

* chore: memory

limit docker memory for ci pipeline runs

* chore: memory

limit docker memory for ci pipeline runs

* chore: debug logs

run docker compose with verbose logging

* chore: e2e test

run docker compose directly

* chore: e2e test

run docker compose directly

* chore: e2e test

run docker compose directly

* chore: dockerfile version

lock terraform version in docker

* chore: dockerfile version

lock terraform version in docker

* chore: dockerfile version

lock terraform version in docker

* chore: curl install

fix curl install

* chore: revert tests

revert gh action testing changes

* chore: cleanup deploy

remove unesecary deploy configs
Copy link

github-actions bot commented Dec 3, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @jlangy, Action: pull_request

* chore: backoff limit

add a backoff limit to the request queue

* fix: reference error

fix incorrect key access

* chore: too many requests msg

update error message when rate limiting

* chore: rocketchat message

update rc handling and unit test
Copy link

github-actions bot commented Dec 4, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @jlangy, Action: pull_request

* fix: sequalize connections

ensure to close and reconnect from pool on runs

* fix: connection pool

close and reopen connection in request queue

* chore: redundent await

rmeove un-needed await

* chore: sequelize config

separate sequelize connection for request queue

* fix: global let

move var definition into function

* chore: sonarcloud

refactor for sonarcloud warnings

* chore: revert models

revert change to other model imports

* chore: connection

restore getConnection if overridden by close
Copy link

github-actions bot commented Dec 5, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @jlangy, Action: pull_request

* chore: connection limit

prevent too many open db connections

* chore: early return

remove early return statement

* chore: env

indicate environment in rc notification

* chore: msg test

fix message in test runs
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @jlangy, Action: pull_request

* feat: service account roles

allow api to use the client id as the service account username

* test: css api tests

test client id works as a username

* test: unit

move k6 to unit tests

* chore: sonarcloud

implement sonarcloud recommendations

* chore: swagger docs

document service account names in swagger
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan

terraform

Pusher: @jlangy, Action: pull_request

@NithinKuruba NithinKuruba merged commit 8ac990b into test Dec 11, 2024
21 of 23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants