Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| res | ||
| .status(500) | ||
| .send(`failed to proxy request: ${req.method} ${uri} - ${error.message} - ${resp}`); |
Check failure
Code scanning / SonarCloud
Endpoints should not be vulnerable to reflected cross-site scripting (XSS) attacks
| // we strip the `/api` part: /api/form/xxx => /form/xxx | ||
| const uri = process.env.DELA_NODE_URL + xss(req.url.slice(4)); | ||
|
|
||
| axios({ |
Check warning
Code scanning / SonarCloud
Server-side requests should not be vulnerable to forging attacks
|
|
||
| console.log('sending payload:', JSON.stringify(payload), 'to', uri); | ||
|
|
||
| axios({ |
Check warning
Code scanning / SonarCloud
Server-side requests should not be vulnerable to forging attacks
lanterno
force-pushed
the
refactor/moves-auth-code-to-different-module
branch
from
8c9fabf to
f8fa598
Compare
|
Regarding the SonarCloud complaints: is this from moved code, or from code you wrote? If it's the latter, it should be fixed. For the former, we'll ask Pierluca to override the block. |
@ineiti All of it from moved code. |
lanterno
force-pushed
the
refactor/moves-auth-code-to-different-module
branch
from
7be6ee6 to
8750939
Compare
Pull Request Test Coverage Report for Build 6235084693
💛 - Coveralls |
|
@lanterno good to go now. |
pierluca
left a comment
pierluca
left a comment
There was a problem hiding this comment.
A couple minor points, but this is so much better. Thank youuuu !!!
|
I also just checked something, documentation-wise: https://github.com/expressjs/session
I haven't checked the versions but it's something to keep an eye on. |
- no code changes
- no code changes
improves readability
lanterno
force-pushed
the
refactor/moves-auth-code-to-different-module
branch
from
d84b62d to
feaf710
Compare
|
-- update -- |
New versions of expressJs don't need this anymore
Notice that the http method was also switches from POST to GET. Yes, that works the same. GET is obviously better for us.
|
SonarCloud Quality Gate failed.
|
|
@ineiti @pierluca @PascalinDe Can I get another review here please? I think it's ready. btw @pierluca , regarding your comment:
I removed the middleware and it still works! 👍 |
|
heya, managed to set up integration test environment on this head I cannot shuffle an election, I get the following error message: but the interface proceeds to the next step (decrypting), which of course fails as well, since the ballots have not been shuffled I will try to reproduce on the main branch just to make sure although I haven't seen this error before |
PascalinDe
left a comment
PascalinDe
left a comment
There was a problem hiding this comment.
on-going integration tests
There was a problem hiding this comment.
the good news is that I can reproduce on the main's head, so it's not this PR that introduced the error
the bad news is that this means we have a regression on the main branch... I'll open a ticket and look into it: #361
pierluca
left a comment
pierluca
left a comment
There was a problem hiding this comment.
All lights are green for me !
5 participants
Splits the one-file project into different modules for different purposes.
I think this is a good first iteration, and I will keep trying to improve the structure as I go.
You will also see that I refactored the authentication part a little bit as I moved it to a separate module
authManager.ts.I believe all the module names will still evolve in the future, so no need to think about it too much right now.