Revert changes and add error handling (#113)

* 🔖 chore: Revert express update

* ✨ feat(user-auth-service): Add local error handling

* 🔖 chore: Bump version to 0.11.2

* 🐛 fix(chart): Add exception handling for the process

Author: KraProgrammer

chart/Chart.yaml

@@ -2,9 +2,9 @@ annotations:
   licenses: Apache-2.0
 apiVersion: v2
 name: unguard
-version: 0.11.0
+version: 0.11.2
 description: Unguard is an insecure cloud-native microservices demo application.
 type: application
 home: https://github.com/dynatrace-oss/unguard
 icon: https://github.com/dynatrace-oss/unguard/blob/main/docs/images/logo/unguard-logo-red-small.png
-appVersion: 0.11.1
+appVersion: 0.11.2

chart/README.md

@@ -84,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and
 To install Unguard in a specific version provide the `--version` flag with the version you want to install:
 
 ```sh
-helm install unguard  oci://ghcr.io/dynatrace-oss/unguard/chart/unguard --version 0.11.1
+helm install unguard  oci://ghcr.io/dynatrace-oss/unguard/chart/unguard --version 0.11.2
 ```
 
 ## Parameters

chart/values.yaml

@@ -54,7 +54,7 @@ maliciousLoadGenerator:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-malicious-load-generator
-        tag: 0.11.1
+        tag: 0.11.2
         pullPolicy: IfNotPresent
       ports:
         containerPort: 8083
@@ -113,7 +113,7 @@ userSimulator:
       container:
         image:
           repository: ghcr.io/dynatrace-oss/unguard/unguard-user-simulator
-          tag: 0.11.1
+          tag: 0.11.2
           pullPolicy: IfNotPresent
 
         env:
@@ -144,7 +144,7 @@ membershipService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-membership-service
-        tag: 0.11.1
+        tag: 0.11.2
         pullPolicy: IfNotPresent
       ports:
         containerPort: 8083
@@ -174,7 +174,7 @@ userAuthService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-user-auth-service
-        tag: 0.11.1
+        tag: 0.11.2
         pullPolicy: IfNotPresent
       ports:
         containerPort: 9091
@@ -209,7 +209,7 @@ adService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-ad-service
-        tag: 0.11.1
+        tag: 0.11.2
         pullPolicy: IfNotPresent
       ports:
         containerPort: 8082
@@ -243,7 +243,7 @@ envoyProxy:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-envoy-proxy
-        tag: 0.11.1
+        tag: 0.11.2
         pullPolicy: IfNotPresent
       ports:
         - name: http
@@ -267,7 +267,7 @@ microblogService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-microblog-service
-        tag: 0.11.1
+        tag: 0.11.2
         pullPolicy: IfNotPresent
       ports:
         containerPort: 8080
@@ -320,7 +320,7 @@ statusService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-status-service
-        tag: 0.11.1
+        tag: 0.11.2
         pullPolicy: IfNotPresent
       ports:
         containerPort: 8083
@@ -375,7 +375,7 @@ proxyService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-proxy-service
-        tag: 0.11.1
+        tag: 0.11.2
         pullPolicy: IfNotPresent
       ports:
         containerPort: 8081
@@ -402,7 +402,7 @@ likeService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-like-service
-        tag: 0.11.1
+        tag: 0.11.2
         pullPolicy: IfNotPresent
       ports:
         containerPort: 8000
@@ -438,7 +438,7 @@ paymentService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-payment-service
-        tag: 0.11.1
+        tag: 0.11.2
         pullPolicy: IfNotPresent
       env:
         API_PATH: /payment-service
@@ -468,7 +468,7 @@ frontend:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-frontend
-        tag: 0.11.1
+        tag: 0.11.2
         pullPolicy: IfNotPresent
       ports:
         containerPort: 3000

src/user-auth-service/app.js

@@ -32,31 +32,24 @@ const authRouter = require('./routes/auth');
 const jwtRouter = require('./routes/jwt');
 
 const app = express();
+process.on('uncaughtException', (err, origin) => {
+    console.error(err);
+});
 
 logger.token('userid', function (req) {
-    try {
-        const userid = req.body.userid ? `User ID: ${req.body.userid}`: '-';
-        return userid;
-    } catch (e) {
-        return "{ }"
-    }
-
+    const userid = req.body.userid ? `User ID: ${req.body.userid}`: '-';
+    return userid;
 });
 
 logger.token('body', function (req) {
-    try {
-        const maxLoggingLength = 30;
-        Object.keys(req.body).forEach((key) => {
-            if (req.body[key] && req.body[key].length > maxLoggingLength) {
-                req.body[key] = req.body[key].substr(0, maxLoggingLength) + '...'
-            }
-        })
-
-        return JSON.stringify(req.body);
-    } catch {
-        return "{ }"
-    }
+    const maxLoggingLength = 30;
+    Object.keys(req.body).forEach((key) => {
+        if (req.body[key] && req.body[key].length > maxLoggingLength) {
+            req.body[key] = req.body[key].substr(0, maxLoggingLength) + '...'
+        }
+    })
 
+    return JSON.stringify(req.body);
 });
 
 if (process.env.NODE_ENV !== 'production') {

src/user-auth-service/package.json

@@ -10,7 +10,7 @@
     "colors": "^1.4.0",
     "cookie-parser": "~1.4.4",
     "debug": "~2.6.9",
-    "express": "~5.1.0",
+    "express": "~4.16.1",
     "http-errors": "~1.6.3",
     "jaeger-client": "^3.15.0",
     "jsonwebtoken": "^8.5.1",

src/user-auth-service/routes/user.js

@@ -55,48 +55,54 @@ router.get('/register', async function (req, res) {
     });
 });
 
-router.get('/login', async function (req, res) {
-    const username = req.query.username;
-    const password = req.query.password;
-
-    // check if user exists
-    // vulnerable to sql injection because prepared statements are not used
-    // https://snyk.io/de/blog/preventing-sql-injection-attacks-node-js/
-    const vulnerableQuery  = database.checkUserExistsQuery.replace('?', `"${username}"`);
-    const result = await database.dbConnection.query(vulnerableQuery);
-    if (result[0].length < 1) {
-        res.status(404).json({ message: "Given user does not exists!" })
-        return
-    }
-
-    const user = result[0][0];
-    const roles = await database.dbConnection.query(database.selectUserWithRole, [ user.id ]).then((response) => {
-        const userWithRoles = response[0];
-        if (userWithRoles.length === 0) {
-            return [];
+router.get('/login', async function (req, res, next) {
+    try {
+        const username = req.query.username;
+        const password = req.query.password;
+
+        // check if user exists
+        // vulnerable to sql injection because prepared statements are not used
+        // https://snyk.io/de/blog/preventing-sql-injection-attacks-node-js/
+        const vulnerableQuery = database.checkUserExistsQuery.replace('?', `"${username}"`);
+        const result = await database.dbConnection.query(vulnerableQuery);
+        if (result[0].length < 1) {
+            res.status(404).json({message: "Given user does not exists!"})
+            return
         }
 
-        const userRoles = [];
-        userWithRoles.forEach(user => {
-            if (user.role_name !== null) {
-                userRoles.push("" + user.role_name);
+        const user = result[0][0];
+        const roles = await database.dbConnection.query(database.selectUserWithRole, [user.id]).then((response) => {
+            const userWithRoles = response[0];
+            if (userWithRoles.length === 0) {
+                return [];
             }
+
+            const userRoles = [];
+            userWithRoles.forEach(user => {
+                if (user.role_name !== null) {
+                    userRoles.push("" + user.role_name);
+                }
+            });
+
+            return userRoles;
         });
 
-        return userRoles;
-    });
 
+        bcrypt.compare(password, user.password_hash, function (err, compareResult) {
+            if (compareResult) {
+                res.json({
+                    result: "successfully logged in!",
+                    jwt: jwtUtil.generateJwtAccessToken(username, user.id, roles)
+                })
+            } else {
+                res.status(401).json({message: 'Wrong password!'})
+            }
+        });
 
-    bcrypt.compare(password, user.password_hash, function (err, compareResult) {
-        if (compareResult) {
-            res.json({
-                result: "successfully logged in!",
-                jwt: jwtUtil.generateJwtAccessToken(username, user.id, roles)
-            })
-        } else {
-            res.status(401).json({ message: 'Wrong password!' })
-        }
-    });
+    } catch (err) {
+        console.error(err);
+        next(err);
+    }
 });
 
 router.post('/username', async function (req, res) {