Tsconfig consolidation and related improvements; dependency updates (#6239)

* testing tsconfig changes with inspecjs

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* make inspecjs's tsconfig match what we have in ts-inspec-objects and the saf cli aside from the bonus stuff coming from the top level tsconfig

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* comments are fine actually

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* reorder toplevel tsconfig changes to match the order i'm introducing in other places

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* cleanup includes and excludes in tsconfig for hdfconverters and inspecjs

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* improve types for reverse converters

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* lint everything

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* match new style tsconfig

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* swap to my fork of retry-axios until the pr is merged

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* needed to be a branch that included the compiled artifacts

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* maybe this override keyword is what is causing the undefined issue

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* ok maybe it's the initialization in the first place so let's try using declare

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* let's make it consistent and use declare in both locations then

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* types are also .ts so don't need to have separate include for them

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* updated common libs

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* simplified includes by getting rid of the duplicative ts entry

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* eslint applies to everything

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* i do not think that the cypress dependency needs to be in the include either but i guess we'll see

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* get rid of those values but no replacements yet in tsconfig for cypress tests

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* bring in the standard tsconfig

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* we don't need the types attribute

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* upgrade backend tsconfig

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* forgot to update lib to esnext instead of es2020

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* there's no dom in the backend

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* removed unnecessary (ex. syntheticimports is enabled by default with esmoduleinterop), duplicative (ex. module resolution defined upstream), and unwanted (eg. tsx) things while cleaning stuff up

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* i think these files are unnecessary

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* frontend was directly importing winston logger stuff from hdf converters which is not something we should do - in the eslint pr should go through and actually replace it with a winston utility here

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* we're still leaving that cjs life so can use __dirname - might change back in the future idk

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* given up on .ts only and made the vitest file mts so that we could use the rootdir in that format and also not have to deal with async importing of the vitest config dep

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* just reordered imports

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* brought over as much as possible of the standard tsconfig.  the big difference is the module and moduleresolution which i couldn't move to nodenext just cause of how old the stack is and how it was not playing nice with the type resolution

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* transition code to re-enable useunknownincatchvariables

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* transition code to re-enable useunknownincatchvariables

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* transition code to re-enable useunknownincatchvariables

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* transition code to re-enable useunknownincatchvariables

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* have transitioned as much as possible to the top level tsconfig

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* fix typo - unnecessary comma

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* remove unused component - no longer necessary as of #5866

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* remove unnecessary file - vitest apparently does not choke on this like jest did

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* remove hdf converters direct dependency on ms since its use was removed in this pr: #5588

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* Non-relative paths are not allowed when 'baseUrl' is not set.

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* tailwindcss updated again

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* does not seem like @types/triple-beam is necessary anymore in hdfconverters

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* frontend tests sometimes flake due to timeout so let's increase the time

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* idk why it didn't catch it before but there's a type mismatch that occurs there when we're trying to manually assign the type to the imported module so let's just not and it works :)

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* updated yarn lock

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* if there are foreign keys between the models then concurrent deletes could create a lock cycle so we can instead run truncate which just kills the entire db properly as opposed to doing it ourselves model by model

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* updates from master

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* cleaned up and mode imports/excludes more consistent

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* changing from our old targets to esnext enabled usedefineforclassfields (as opposed to the previous default of leaving it disabled) which mucks up vue2 dynamically injecting props since it expects nothing to be there but something *was* there (cause of the implicit define).  an alternative solution would've been using declare on like every single prop but that sounds like a massive pain where the real solution is to move to vue3 + composition api.

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* unnecessary dependency: supertest

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* htmlparser2 moved to esm only so forced to go with the factory approach for making the function and then have to wrap all of the mapper classes with results classes that would have the ability to do async call on the factory func

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* remove direct dependency on concat-streams from frontend; original use was moved from a component to a utility in #1449 and then its functionality was replaced by a different dependency in #4410

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* when we changed it to throw an actual error instead of a string, didn't update the logic here properly esp since json.stringify of an instanceof error fails out as {}

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* improve flow for checkSplunkCredential so that the timeout throw works properly

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* we had an axios interceptor that would logout the app when it would see any 401; however, we could get 401s from other places like splunk login attempts.  if a login failed there and returned a 401, it would logout the heimdall app entirely which doesn't make any sense.  in order to determine if the 401 came from heimdall or from a different app, we have to have the externalurl var available so made that change.

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* expected error string is slightly different

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* does not appear like we use triple-beam

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* sonarqube

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* express-rate-limit got native types as of v6

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* bcryptjs added builtin types as of v3

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* we don't have a direct dependency on passport-oauth2 tho some of the other strategies we have do use it

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* we don't have a direct dependency on pg though we do have an indirect one via connect-pg-simple

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* linter

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* backend doesn't interact with ts-loader anymore

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* when we moved the html export to hdf converters, didn't get rid of this dependency within the frontend

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* frontend directly uses lru-cache ^11 (as of now), and lru-cache added better types as of v8 so the @types is no longer necessary

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* when we moved the html converter out, mustache was another forgotten dependency

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* doesn't seem like we use these anymore

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* connect was dropped in replacement for also using express for the 'npx heimdall-lite' command

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* i dunno if we ever actually used this dependency

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* turns out you still need reflect-metadata due to supporting the necessary polyfills required for the experimental decorator functionality

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* cut down d3 dependency to only the subpackages we actually need

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* turns out we still need class-transformer on the backend for nestjs's validationpipe

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* not sure if html-loader was ever used, seemed to be introduced here when they were experimenting with adding svg support: mitre/heimdall-lite#153

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* sonarqube

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* no direct dependency on highlightjs

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* don't seem to have ever used the vuetify loader

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* no longer use sinon for testing

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* forgot about the test dir in inspecjs

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* wait nvm

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* we don't use typedoc to generate documentation

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* do not use quicktype in hdf-converters tho we do use it in inspecjs

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* actually it does seem like we use it but implicitly

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* lodash is used in the backend so it should be imported

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* merge

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

* sonarqube

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

---------

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>

Author: Amndeep7

.gitignore

@@ -3,6 +3,9 @@
 apps/backend/dist
 node_modules
 
+# Typescript cache
+*.tsbuildinfo
+
 # Logs
 logs
 *.log
@@ -68,4 +71,4 @@ certs/*.pem
 .pnp.*
 
 # Database Content
-data/*
+data/*

apps/backend/config/app_config.ts

@@ -34,6 +34,15 @@ export default class AppConfig {
     return process.env[key] || this.envConfig[key];
   }
 
+  getExternalUrl(): string {
+    const external_url = this.get('EXTERNAL_URL');
+    if (external_url === undefined) {
+      return '';
+    } else {
+      return external_url;
+    }
+  }
+
   getSplunkHostUrl(): string {
     const splunk_host_url = this.get('SPLUNK_HOST_URL');
     if (splunk_host_url !== undefined) {

apps/backend/package.json

@@ -41,10 +41,8 @@
     "@nestjs/schematics": "^11.0.0",
     "@nestjs/sequelize": "^11.0.0",
     "@nestjs/serve-static": "^5.0.3",
-    "@types/bcryptjs": "^3.0.0",
     "@types/connect-pg-simple": "^7.0.0",
     "@types/express": "^5.0.0",
-    "@types/express-rate-limit": "^6.0.0",
     "@types/express-session": "^1.17.3",
     "@types/js-levenshtein": "^1.1.0",
     "@types/ms": "^0.7.31",
@@ -53,8 +51,6 @@
     "@types/passport-github": "^1.1.5",
     "@types/passport-jwt": "^4.0.0",
     "@types/passport-local": "^1.0.33",
-    "@types/supertest": "^7.2.0",
-    "@types/triple-beam": "^1.3.2",
     "@types/uuid": "^10.0.0",
     "@types/validator": "^13.0.0",
     "axios": "^1.4.0",
@@ -70,6 +66,7 @@
     "https-proxy-agent": "^8.0.0",
     "js-levenshtein": "^1.1.6",
     "jsonwebtoken": "^9.0.0",
+    "lodash": "^4.17.23",
     "moment": "^2.29.1",
     "ms": "^2.1.3",
     "passport": "^0.7.0",
@@ -80,15 +77,12 @@
     "passport-jwt": "^4.0.0",
     "passport-ldapauth": "^3.0.1",
     "passport-local": "^1.0.0",
-    "passport-oauth2": "^1.5.0",
-    "pg": "^8.2.1",
-    "reflect-metadata": "^0.2.1",
+    "reflect-metadata": "^0.2.2",
     "rimraf": "^6.0.1",
     "rxjs": "^7.2.0",
     "sequelize": "^6.31.0",
     "sequelize-cli": "^6.2.0",
     "sequelize-typescript": "^2.0.0",
-    "ts-loader": "^9.1.0",
     "tsx": "^4.7.1",
     "uuid": "^11.0.2",
     "winston": "^3.3.3"
@@ -98,7 +92,6 @@
     "@swc/core": "^1.13.0",
     "@types/mock-fs": "^4.10.0",
     "mock-fs": "^5.0.0",
-    "supertest": "^7.0.0",
     "unplugin-swc": "^1.5.5",
     "vitest": "^4.0.18"
   }

apps/backend/src/authn/authn.module.ts

@@ -22,8 +22,7 @@ import {OidcStrategy} from './oidc.strategy';
 import {OktaStrategy} from './okta.strategy';
 
 async function buildHttpsProxyAgent(proxyUrl: string): Promise<Agent> {
-  const {HttpsProxyAgent} =
-    (await import('https-proxy-agent')) as typeof import('https-proxy-agent');
+  const {HttpsProxyAgent} = await import('https-proxy-agent');
   return new HttpsProxyAgent(proxyUrl);
 }
 

apps/backend/src/authn/authn.service.ts

@@ -7,7 +7,7 @@ import {JwtService} from '@nestjs/jwt';
 import {compare} from 'bcryptjs';
 import * as crypto from 'crypto';
 import jwt from 'jsonwebtoken';
-import * as _ from 'lodash';
+import _ from 'lodash';
 import moment from 'moment';
 import ms from 'ms';
 import winston from 'winston';

apps/backend/src/authn/gitlab.strategy.ts

@@ -26,8 +26,7 @@ export class GitlabStrategy extends PassportStrategy(Strategy, 'gitlab') {
       clientSecret: configService.get('GITLAB_SECRET') || 'disabled',
       baseURL: configService.get('GITLAB_BASEURL'),
       callbackURL:
-        `${configService.get('EXTERNAL_URL')}/authn/gitlab/callback` ||
-        'disabled'
+        `${configService.getExternalUrl()}/authn/gitlab/callback` || 'disabled'
     });
   }
 

apps/backend/src/authn/google.strategy.ts

@@ -28,8 +28,7 @@ export class GoogleStrategy extends PassportStrategy(OAuth2Strategy, 'google') {
       clientID: configService.get('GOOGLE_CLIENTID') || 'disabled',
       clientSecret: configService.get('GOOGLE_CLIENTSECRET') || 'disabled',
       callbackURL:
-        `${configService.get('EXTERNAL_URL')}/authn/google/callback` ||
-        'disabled',
+        `${configService.getExternalUrl()}/authn/google/callback` || 'disabled',
       scope: ['email', 'profile']
     });
   }

apps/backend/src/authn/ldap.strategy.ts

@@ -1,7 +1,7 @@
 import {Injectable} from '@nestjs/common';
 import {PassportStrategy} from '@nestjs/passport';
 import * as fs from 'fs';
-import * as _ from 'lodash';
+import _ from 'lodash';
 import Strategy from 'passport-ldapauth';
 import {ConfigService} from '../config/config.service';
 import {AuthnService} from './authn.service';

apps/backend/src/authn/oidc.strategy.ts

@@ -55,7 +55,7 @@ export class OidcStrategy extends PassportStrategy(Strategy as any, 'oidc') {
         userInfoURL: configService.get('OIDC_USER_INFO_URL') || 'disabled',
         clientID: configService.get('OIDC_CLIENTID') || 'disabled',
         clientSecret: configService.get('OIDC_CLIENT_SECRET') || 'disabled',
-        callbackURL: `${configService.get('EXTERNAL_URL')}/authn/oidc_callback`,
+        callbackURL: `${configService.getExternalUrl()}/authn/oidc_callback`,
         pkce:
           configService.get('OIDC_USES_PKCE_S256') === 'true'
             ? 'S256'

apps/backend/src/authn/okta.strategy.ts

@@ -58,7 +58,7 @@ export class OktaStrategy extends PassportStrategy(Strategy as any, 'okta') {
           `https://${configService.get('OKTA_DOMAIN') || 'disabled'}/oauth2/v1/userinfo`,
         clientID: configService.get('OKTA_CLIENTID') || 'disabled',
         clientSecret: configService.get('OKTA_CLIENTSECRET') || 'disabled',
-        callbackURL: `${configService.get('EXTERNAL_URL')}/authn/okta_callback`,
+        callbackURL: `${configService.getExternalUrl()}/authn/okta_callback`,
         scope: ['openid', 'email', 'profile'],
         skipUserProfile: false,
         proxy: