javascript – Blacklisted Param/Header Names in NodeJS?

I’ve experienced a behavior where I would specify a header/parameter with a certain name in the request and send it to the Node application (using Postman/BurpSuite), but it doesn’t appear in the request body/headers in the application’s controller. I suspect it’s a NodeJS builtin security feature, but I’m not sure.

Are there blacklisted header/parameter names in NodeJS?

node.js – EWS(Exchange Web Service) How to reject tls unauthorized in java?

I tried to run typescript code that send email using EWS, it works fine.
But when, I run the java code its throws unauthorized error,

Caused by: microsoft.exchange.webservices.data.core.exception.http.HttpErrorException: The remote server returned an error: (401) Unauthorized
microsoft.exchange.webservices.data.core.exception.service.ServiceRequestException: The request failed. The request failed. The remote server returned an error: (401) Unauthorized

I assume it because the Ts code include this line:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

So the question is how to do this line in java?
Also, do you think there is any other thing I need to add, in order to make the java code work?

Here is the java code

@Configuration
public class MailConfig {

    @Bean(name = "mailExchangeService")
    public ExchangeService buildExchangeService() throws URISyntaxException {
        ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013);

        service.setCredentials(new WebCredentials(email, password, domain));
        service.setUrl(new URI("https://mail.address.something:4567/ews/exchange.asmx"));
        service.setWebProxy(new WebProxy(proxy, port));
        
        return service;
    }
}
@service
@RequiredArgsConstructor
public class MailService {

    @Resource(name = "mailExchangeService")
    private final ExchangeService service;

    public EmailMessage sendMail(String subscription, String subject, String body, File csvFiles) {
        EmailMessage message = null;

        try{
            message = new EmailMessage(this.service);

            message.setItemClass("IPM.Note");
            message.setSubject(subject);
            message.setBody(new MessageBody(bodyType.HTML, body));
            message.getAttachments().addFileAttachment(csvFiles.getAbsolutePath());
            message.getToRecipients().add(subscription);
            message.send();
        }catch (Exception e) {
            log.error("Error while sending mail", e);
        }
        return  message;
    }
}

nginx – How to Serve Nodejs Application from sub directory with PHP Application on root?

I have php running in root directory and wants to run a microservice built with nodejs in subdirectory. I did some configurations but the css/js/images are showing 404 not found. Below the nginx configuration.

server {
    listen 80 default_server;
    listen (::):80 default_server;

    server_name    www.test.com;
return         301 https://$server_name$request_uri;

    root /var/www/html/app/webroot;

    index index.php index.html index.htm index.nginx-debian.html;


    location / {
    try_files $uri $uri/ /index.php?$args;
    }
location ~ .php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        }

}

server {

listen  443 ssl http2;
    listen  (::):443 ssl http2;
ssl_certificate /etc/nginx/ssl/test_chain.crt;
    ssl_certificate_key /etc/nginx/ssl/www.test.com.key;

root /var/www/html/app/webroot;

    # Add index.php to the list if you are using PHP
    index index.php index.html;

    include snippets/phpmyadmin.conf;

    server_name www.test.com;



# . files
location ~ /.(?!well-known) {
        deny all;
}

    location / {

try_files $uri $uri/ /index.php?$args;
            }

location ~ .php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
    fastcgi_buffers               8 16k;
    fastcgi_buffer_size           32k;
        }

    #NODEJS SERVER BLOCK
location /public {
       root /var/www/html/newcars/public/;
    }

    location /newcars {
     rewrite ^/newcars/(.*)$ /$1 break;
 proxy_pass http://127.0.0.1:3000;

}
 #END of NODEJS SERVER BLOCK

}

location ^~ /estore {
        root /var/www/html;
        index index.php index.html index.htm;
        try_files $uri $uri/ @opencart;
location ~ .php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_intercept_errors on;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
    fastcgi_buffers               8 16k;
    fastcgi_buffer_size           32k;
        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}

    location ~* (.(tpl|ini))$
        { deny all; }
}

location @opencart {
    rewrite ^/(.+)$ /estore/index.php?_route_=$1 last;
}

location = /estore/sitemap.xml {
    rewrite ^(.*)$ /estore/index.php?route=extension/feed/google_sitemap break;
}

location = /estore/googlebase.xml {
rewrite ^(.*)$ /estore/index.php?route=extension/feed/google_base break;
}

location /estore/system {
rewrite ^/estore/system/download/(.*) /estore/index.php?route=error/not_found break;
}

location /estore/video {
rewrite ^/estore/video/courses/(.*) /estore/index.php?route=video/courses break;
}

location /estore/courses {
rewrite ^/estore/courses-lists(.*) /estore/index.php?route=course/courseslist break;
}

# favicon.ico
    location = /favicon.ico {
            log_not_found off;
            access_log    off;
    }

    # robots.txt
    location = /robots.txt {
            log_not_found off;
            access_log    off;
    }

    # assets, media
    location ~* .(?:css(.map)?|js(.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
            expires    7d;
            access_log off;
    }

    # svg, fonts
    location ~* .(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
            add_header Access-Control-Allow-Origin "*";
            expires    7d;
            access_log off;
    }

}

nodejs – como acceder a un campo mediante el metodo populate en mongoose

estoy haciendo un sistema de notificaciones, este es mi modelo en mongoose:

notificaciones: (
  {
    de:({ type: Schema.Types.ObjectId, ref: 'usuario'}),
    motivo: {type: String, require: true},
    visto: {type: Boolean, default: false},
    date: {type: Date, default: new Date()}
  }
)

esto se esta guardando tal y como quería, mi problema es el siguiente, estoy trayendo los datos del usuario de la siguiente manera:

const usuario = await Usuario.findById(_id)
  .populate({path:'notificaciones'})

este método me devuelve todo, excepto un array, al mostrar por consola lo que me devuelve dicha consulta me devuelve esto:

notificaciones: (
  {
   de: (Array),
   visto: false,
   date: 2020-10-22T23:10:28.741Z,
   _id: 5f921c989bac890454708bc2,
   motivo: 'ah comenzado a seguirte.'
  }
)

lo que necesito es que en el campo de me muestre el array con los datos del usuario, pero solo me muestra (Array) y no lo que pretendo, ayuda por favor

node.js – Multi regions events to be deduplicated and processed in a single region – How do I do this?

General overview

I am working on building a system that deals with an external resource which has been having issues and I am unable to switch away from it. It gives regional endpoints – this post is about handling the errors and taking actions and alerting without duplicate actions or alerts. Do note that this system is being designed to work with multiple external resources which have a serviceID to identify them.

Explaination of current state

Events are generated in multiple regions, they only happen on error cases however when an error occurs in one region it is likely that another region will have the same error on the external resource mentioned

What happens is say us-east-1 has an error and us-west-1 has one as well, both of these errors need to be processed by a single system which will take actions and alert if needed based on the error.

My current setup is pretty terrible in that it is region specific and if in the case above where there are issues in both us-east-1 and us-west-1 that the action needed will be taken twice same with the alert. This causes spam and also has a tendancy to break things in some edge cases I’ve experienced lately.

Goal

My goal is to have a system that when a single region has the issue the correct action and alert is done and when two or more regions have an issue that the action is only taken once and if needed a single alert goes out that lists the effected regions.

About the application and infrastructure

  • AWS based
  • Node.js micro services running in mix of EKS and Lambda
  • IaC via Terraform

Question

How can I design this system to handle the multi region events but have a single point where the actions and alerts are deduplicated and still retain their region for inclusion in the action (super important) and the alert?

My idea that hasn’t worked

Each region would generate the events when needed which would contain a serviceID like mentioned at the top of this post. Then on the primary region it would deduplicate the events using that service ID – I have zero clue how to do this, like using SQS queue or SNS or maybe my DB (MongoDB). Once the deduplication is done it would then send a SNS message in a fan out to 2 SQS queues which have Lambda’s attached to take either an action or alert based on the error message from the inital alert. This last part of Lamba working to do the action(s) and alerts needed is already done as it is part of the terrible existing mentioned.

Current issues with my idea

  • No deduplication working
  • Unable to get SQS/SNS messages to work across regions

I am open to any suggestions on how I could go about solving this problem of mine. Pretty much anything is possible from an approval standpoint.

node.js – Rating controller – Code Review Stack Exchange

Rating controller using express js and mongoose to controll the Rating of a product. I create the rating and then update the product rating, but I create and update in the same route endpoint. Is this a bad idea?

const express = require('express');
const {body,validationResult} = require('express-validator');

const Rating = require('../../models/rating/rating');
const Product = require('../../models/product/product');


exports.createRating = async (req,res) => {
    const errors = validationResult(req);
    if(!errors.isEmpty()){
        return res.status(422).json({errors: errors.array()})
    }
  
    const {idProduct,rating} = req.body;
    
    try {
        const newRating = await new Rating({
            idProduct,
            rating
        });
        await newRating.save();

        const product = await updateRating(idProduct);

        return res.status(200).json(product);
        
    } catch (error) {
        res.json(error.message)
    }
}
const updateRating = async (idProduct) => {
    try{
        const avgRating = await getRatingByProduct(idProduct);
        
        const product = await Product.updateOne(
            {'_id' : idProduct},
            {$set : { rating : avgRating }},
        );        
        return product;
        
    }
}
const getRatingByProduct = async idProduct => {
    
    try {
        const rating = await Rating.aggregate((
            {$match : {idProduct: idProduct}},
            {$group : {_id: null, amount: {$avg: "$rating"}}}
        ));
        
        return rating(0).amount;
        
    } catch (error) {
        return error.message;
    }
}
exports.validator = () => {
    return (
        body('rating')
            .not().isEmpty()
            .custom(value => {
                if(value < 0 || value > 5) return Promise.reject('Rating must be gr than 0');
                return true;
            })
    )
}
 

nodejs – req.body muestra [Object: null prototype] al usar enctype=”multipart/form-data”

Estoy tratando de enviar en un form unas imagenes (mediante multer) y texto asi:

 app.use(multer({
        dest: path.join(__dirname, '../public/upload/temp')
    }).array('images'));

    app.use(express.urlencoded({extended: true}));
    app.use(express.json());

la info se procesa en la sig ruta

  router.post('/create', (req,res)=>{
        console.log(req.body);
        console.log(req.files);
    })

Efectivamente obtengo la info de las imágenes en un array de objetos, pero los otros inputs muestran un objeto con (Object: null prototype) , si yo envío solo información de texto sin imágenes en un form sin enctype=”multipart/form-data” me llega un objeto normal siemrpe y cuando app.use(express.urlencoded({extended: true})); si subo imágenes y texto en el mismo form me arroja este problema con el extended en true o en false

Como podría corregir este error o manejar los enctype=”multipart/form-data” con nodejs y express, gracias por la ayuda

(Object: null prototype) {
  brand: 'Kia',
  model: 'Pikanto',
  color: 'Rojo',
  fuelType: 'Gasolina',
  doors: '5',
  transmision: 'Automática',
  description: 'lorem ipsum'
}
(
  {
    fieldname: 'images',
    originalname: 'pexels-ketut-subiyanto-4429509.jpg',
    encoding: '7bit',
    mimetype: 'image/jpeg',
    destination: 'D:\Programming\PROJECTS\car2\src\public\upload\temp',
    filename: 'bdfc896fd77c2e123e5954a1c17fc40b',
    path: 'D:\Programming\PROJECTS\car2\src\public\upload\temp\bdfc896fd77c2e123e5954a1c17fc40b',
    size: 2371461
  }
)

Este es el from

<div class="container p-0" style="margin-top: 200px;">
       <form action="/create"  method="post" enctype="multipart/form-data" class="d-flex flex-wrap">
            <div class="form-group col-6">
                <label for="exampleFormControlInput1">Marca</label>
                <input type="text" name="brand" class="form-control" id="exampleFormControlInput1" placeholder="Kia, chevrolet, etc" required>
            </div>
            <div class="form-group col-6">
                <label for="exampleFormControlInput1">Modelo</label>
                <input type="text" name="model" class="form-control" id="exampleFormControlInput1" placeholder="Pikanto 2020 etc" required>
            </div>
            <div class="form-group col-6">
                <label for="exampleFormControlInput1">Color</label>
                <input type="text" name="color" class="form-control" id="exampleFormControlInput1" placeholder="rojo verde etc" required>
            </div>
            <div class="form-group col-6">
                <label for="exampleFormControlInput1">Combustible</label>
                <input type="text" name="fuelType" class="form-control" id="exampleFormControlInput1" placeholder="Gasolina diesel etc" required>
            </div>
            <div class="form-group col-6">
                <label for="exampleFormControlInput1">Puertas</label>
                <input type="number" name="doors" class="form-control" id="exampleFormControlInput1" placeholder="2, 3, 5" required>
            </div>
            <div class="form-group col-6">
                <label for="exampleFormControlInput1">Transmisión</label>
                <input type="text" name="transmision" class="form-control" id="exampleFormControlInput1" placeholder="manual automática" required>
            </div>
            <div class="form-group col-12">
                <label for="exampleFormControlInput1">Descripción</label>
                <textarea  class="form-control" name="description" id="" cols="30" rows="10" required></textarea>
            </div>
            <div class="col-12">
               <div class="input-group">
                    <div class="input-group-prepend">
                        <span class="input-group-text" id="inputGroupFileAddon01">Upload</span>
                    </div>
                    <div class="custom-file">
                        <input type="file"  name="images" class="custom-file-input" multiple="multiple" id="inputGroupFile01"
                        aria-describedby="inputGroupFileAddon01" required>
                        <label class="custom-file-label" for="inputGroupFile01">Seleccione un archivo</label>
                    </div>
                </div>
            </div>
            <div class="col-12 mt-3">
                <button class="btn btn-primary w-100">Enviar</button>
            </div>
       </form>
    </div>

node.js – npm start dando erro

npm ERR! code ELIFECYCLE

npm ERR! errno 1

npm ERR! ipet@1.0.0 dev: cross-env NODE_ENV=development webpack-dev-server --config ./build/webpack.config.js

npm ERR! Exit status 1

npm ERR!

npm ERR! Failed at the ipet@1.0.0 dev script.

npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:

npm ERR! C:UsersRobson DaniloAppDataRoamingnpm-cache_logs2020-10-18T16_11_55_844Z-debug.log

npm ERR! code ELIFECYCLE

npm ERR! errno 1

npm ERR! ipet@1.0.0 start: npm run dev

npm ERR! Exit status 1

npm ERR!

npm ERR! Failed at the ipet@1.0.0 start script.

npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:

npm ERR! C:UsersRobson DaniloAppDataRoamingnpm-cache_logs2020-10-18T16_11_55_921Z-debug.log

node.js – Adonis 5 alterar o env de produção para o env de testes

Estou implementando os testes no adonis 5 e gostaria de alterar o .env de produção para o .env.test de testes. No env de produção utilizo banco de dados postgres e no env de teste utilizo o banco sqlite. Durante a execução dos testes adiciono e removo dados fictícios, rodo migrations e rollbackMigrations.

Para rodar os testes eu subo o servidor com node ace serve –watch e depois e depois executo o comando node build/japaFile.js

Portanto gostaria de saber onde eu seto o env de testes?

Meu arquivo japaFile está igual a documentação do adonis 5, abaixo esta o arquivo japaFile.ts

import 'reflect-metadata'
import execa from 'execa'
import { join } from 'path'
import getPort from 'get-port'
import { configure } from 'japa'
import sourceMapSupport from 'source-map-support'

process.env.NODE_ENV = 'testing'
process.env.ADONIS_ACE_CWD = join(__dirname, '..')
sourceMapSupport.install({ handleUncaughtExceptions: false })

async function runMigrations() {
  await execa.node('ace', ('migration:run'), {
    stdio: 'inherit',
  })
}

async function rollbackMigrations() {
  await execa.node('ace', ('migration:rollback'), {
    stdio: 'inherit',
  })
}

async function startHttpServer() {
  const { Ignitor } = await import('@adonisjs/core/build/src/Ignitor')
  process.env.PORT = String(await getPort())
  await new Ignitor(__dirname).httpServer().start()
}

/**
 * Configure test runner
 */
configure({
  files: (
    'build/test/**/*.spec.js',
  ),
  before: (
    runMigrations,
    startHttpServer,
  ),
  after: (
    rollbackMigrations,
  )
})