diff --git a/package.json b/package.json index 746a1a8..03adc97 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ ], "license": "MIT", "dependencies": { - "axios": "^1.2.6", + "axios": "^1.3.1", "bcryptjs": "^2.4.3", "cors": "^2.8.5", "express": "^4.18.2", @@ -38,7 +38,7 @@ "helmet": "^6.0.1", "jsonwebtoken": "^9.0.0", "moment": "^2.29.4", - "mongodb": "^4.13.0", + "mongodb": "^5.0.0", "mongoose": "^6.9.0", "pino": "^8.8.0", "pino-pretty": "^9.1.1", diff --git a/src/models/component.js b/src/models/component.js index c16bc5e..67f4067 100644 --- a/src/models/component.js +++ b/src/models/component.js @@ -1,6 +1,7 @@ import mongoose from 'mongoose'; import moment from 'moment'; import bcryptjs from 'bcryptjs'; +import { randomBytes } from 'crypto'; import jwt from 'jsonwebtoken'; import { Config } from './config'; import Domain from './domain'; @@ -53,7 +54,9 @@ componentSchema.options.toJSON = { componentSchema.methods.generateApiKey = async function () { const component = this; - const apiKey = await bcryptjs.hash(component._id + component.name, 8); + + const buffer = randomBytes(32); + const apiKey = Buffer.from(buffer).toString('base64'); const hash = await bcryptjs.hash(apiKey, 8); component.apihash = hash; await component.save(); diff --git a/tests/fixtures/db_api.js b/tests/fixtures/db_api.js index fa396a8..afeee34 100644 --- a/tests/fixtures/db_api.js +++ b/tests/fixtures/db_api.js @@ -1,5 +1,6 @@ import mongoose from 'mongoose'; import bcryptjs from 'bcryptjs'; +import { randomBytes } from 'crypto'; import jwt from 'jsonwebtoken'; import Admin from '../../src/models/admin'; import Domain from '../../src/models/domain'; @@ -205,21 +206,21 @@ export const slack = { }; export const setupDatabase = async () => { - await ConfigStrategy.deleteMany(); - await Config.deleteMany(); - await GroupConfig.deleteMany(); - await Domain.deleteMany(); - await Admin.deleteMany(); - await Environment.deleteMany(); - await Component.deleteMany(); - await Slack.deleteMany(); - - await History.deleteMany(); - await Metric.deleteMany(); - - await Team.deleteMany(); - await TeamInvite.deleteMany(); - await Permission.deleteMany(); + await ConfigStrategy.deleteMany().exec(); + await Config.deleteMany().exec(); + await GroupConfig.deleteMany().exec(); + await Domain.deleteMany().exec(); + await Admin.deleteMany().exec(); + await Environment.deleteMany().exec(); + await Component.deleteMany().exec(); + await Slack.deleteMany().exec(); + + await History.deleteMany().exec(); + await Metric.deleteMany().exec(); + + await Team.deleteMany().exec(); + await TeamInvite.deleteMany().exec(); + await Permission.deleteMany().exec(); adminMasterAccount.token = Admin.extractTokenPart(adminMasterAccountToken); await new Admin(adminMasterAccount).save(); @@ -245,8 +246,9 @@ export const setupDatabase = async () => { await new Permission(permissionAll3).save(); await new Permission(permissionAll4).save(); - const hashApiKey = await bcryptjs.hash(component1._id + component1.name, 8); - const hash = await bcryptjs.hash(hashApiKey, 8); + const buffer = randomBytes(32); + const apiKey = Buffer.from(buffer).toString('base64'); + const hash = await bcryptjs.hash(apiKey, 8); component1.apihash = hash; await new Component(component1).save(); }; \ No newline at end of file diff --git a/tests/fixtures/db_client.js b/tests/fixtures/db_client.js index d049d20..2014735 100644 --- a/tests/fixtures/db_client.js +++ b/tests/fixtures/db_client.js @@ -1,6 +1,7 @@ import mongoose from 'mongoose'; import jwt from 'jsonwebtoken'; import bcryptjs from 'bcryptjs'; +import { randomBytes } from 'crypto'; import Admin from '../../src/models/admin'; import Domain from '../../src/models/domain'; import GroupConfig from '../../src/models/group-config'; @@ -188,20 +189,20 @@ export const slack = { }; export const setupDatabase = async () => { - await ConfigStrategy.deleteMany(); - await Config.deleteMany(); - await GroupConfig.deleteMany(); - await Domain.deleteMany(); - await Admin.deleteMany(); - await Environment.deleteMany(); - await Component.deleteMany(); + await ConfigStrategy.deleteMany().exec(); + await Config.deleteMany().exec(); + await GroupConfig.deleteMany().exec(); + await Domain.deleteMany().exec(); + await Admin.deleteMany().exec(); + await Environment.deleteMany().exec(); + await Component.deleteMany().exec(); - await History.deleteMany(); - await Metric.deleteMany(); + await History.deleteMany().exec(); + await Metric.deleteMany().exec(); - await Slack.deleteMany(); - await Team.deleteMany(); - await Permission.deleteMany(); + await Slack.deleteMany().exec(); + await Team.deleteMany().exec(); + await Permission.deleteMany().exec(); adminMasterAccount.token = Admin.extractTokenPart(adminMasterAccountToken); await new Admin(adminMasterAccount).save(); @@ -226,9 +227,10 @@ export const setupDatabase = async () => { await new ConfigStrategy(configStrategyTIME_BETWEENDocument).save(); await new ConfigStrategy(configStrategyTIME_GREATDocument).save(); - const hashApiKey = await bcryptjs.hash(component1._id + component1.name, 8); - const hash = await bcryptjs.hash(hashApiKey, 8); + const buffer = randomBytes(32); + const newApiKey = Buffer.from(buffer).toString('base64'); + const hash = await bcryptjs.hash(newApiKey, 8); component1.apihash = hash; await new Component(component1).save(); - apiKey = Buffer.from(hashApiKey).toString('base64'); + apiKey = Buffer.from(newApiKey).toString('base64'); }; \ No newline at end of file diff --git a/tests/fixtures/db_client_payload.js b/tests/fixtures/db_client_payload.js index 970aeb5..e3a1898 100644 --- a/tests/fixtures/db_client_payload.js +++ b/tests/fixtures/db_client_payload.js @@ -1,6 +1,7 @@ import mongoose from 'mongoose'; import jwt from 'jsonwebtoken'; import bcryptjs from 'bcryptjs'; +import { randomBytes } from 'crypto'; import Admin from '../../src/models/admin'; import Domain from '../../src/models/domain'; import GroupConfig from '../../src/models/group-config'; @@ -97,13 +98,13 @@ export const component1 = { configPayloadDocument.components.push(component1Id); export const setupDatabase = async () => { - await ConfigStrategy.deleteMany(); - await Config.deleteMany(); - await GroupConfig.deleteMany(); - await Domain.deleteMany(); - await Admin.deleteMany(); - await Environment.deleteMany(); - await Component.deleteMany(); + await ConfigStrategy.deleteMany().exec(); + await Config.deleteMany().exec(); + await GroupConfig.deleteMany().exec(); + await Domain.deleteMany().exec(); + await Admin.deleteMany().exec(); + await Environment.deleteMany().exec(); + await Component.deleteMany().exec(); adminMasterAccount.token = Admin.extractTokenPart(adminMasterAccountToken); await new Admin(adminMasterAccount).save(); @@ -115,9 +116,10 @@ export const setupDatabase = async () => { await new Config(configPayloadDocument).save(); await new ConfigStrategy(configStrategyPAYLOAD_HAS_ONEDocument).save(); - const hashApiKey = await bcryptjs.hash(component1._id + component1.name, 8); - const hash = await bcryptjs.hash(hashApiKey, 8); + const buffer = randomBytes(32); + const newApiKey = Buffer.from(buffer).toString('base64'); + const hash = await bcryptjs.hash(newApiKey, 8); component1.apihash = hash; await new Component(component1).save(); - apiKey = Buffer.from(hashApiKey).toString('base64'); + apiKey = Buffer.from(newApiKey).toString('base64'); }; \ No newline at end of file diff --git a/tests/fixtures/db_metrics.js b/tests/fixtures/db_metrics.js index aba68ed..0967fc6 100644 --- a/tests/fixtures/db_metrics.js +++ b/tests/fixtures/db_metrics.js @@ -1,6 +1,7 @@ import mongoose from 'mongoose'; import jwt from 'jsonwebtoken'; import bcryptjs from 'bcryptjs'; +import { randomBytes } from 'crypto'; import { Metric } from '../../src/models/metric'; import Admin from '../../src/models/admin'; import { EnvType } from '../../src/models/environment'; @@ -146,12 +147,12 @@ export const entry5 = { }; export const setupDatabase = async () => { - await Metric.deleteMany(); - await Admin.deleteMany(); - await Domain.deleteMany(); - await GroupConfig.deleteMany(); - await Config.deleteMany(); - await Component.deleteMany(); + await Metric.deleteMany().exec(); + await Admin.deleteMany().exec(); + await Domain.deleteMany().exec(); + await GroupConfig.deleteMany().exec(); + await Config.deleteMany().exec(); + await Component.deleteMany().exec(); adminMasterAccount.token = Admin.extractTokenPart(adminMasterAccountToken); await new Admin(adminMasterAccount).save(); @@ -169,8 +170,9 @@ export const setupDatabase = async () => { await new Metric(entry3).save(); await new Metric(entry4).save(); - const apiKey = await bcryptjs.hash(component1._id + component1.name, 8); - const hash = await bcryptjs.hash(apiKey, 8); + const buffer = randomBytes(32); + const newApiKey = Buffer.from(buffer).toString('base64'); + const hash = await bcryptjs.hash(newApiKey, 8); component1.apihash = hash; await new Component(component1).save(); }; \ No newline at end of file diff --git a/tests/fixtures/db_team_permission.js b/tests/fixtures/db_team_permission.js index 769315b..db91ab4 100644 --- a/tests/fixtures/db_team_permission.js +++ b/tests/fixtures/db_team_permission.js @@ -143,13 +143,13 @@ export const adminAccount3 = { }; export const setupDatabase = async () => { - await Config.deleteMany(); - await GroupConfig.deleteMany(); - await Domain.deleteMany(); - await Admin.deleteMany(); - await Team.deleteMany(); - await TeamInvite.deleteMany(); - await Permission.deleteMany(); + await Config.deleteMany().exec(); + await GroupConfig.deleteMany().exec(); + await Domain.deleteMany().exec(); + await Admin.deleteMany().exec(); + await Team.deleteMany().exec(); + await TeamInvite.deleteMany().exec(); + await Permission.deleteMany().exec(); await new Admin(adminMasterAccount).save(); await new Admin(adminAccount).save();