Merge pull request #11866 from Uzlopak/fix-lgtm-warnings

chore: fix lgtm warnings

examples/redis-todo/.npmrc

@@ -0,0 +1 @@
+package-lock=false

examples/redis-todo/config.js

@@ -0,0 +1,5 @@
+const JWT_SECRET = 'token';
+
+module.exports = {
+  JWT_SECRET
+};

examples/redis-todo/db/models/userModel.js

@@ -3,6 +3,7 @@
 const mongoose = require('mongoose');
 const jwt = require('jsonwebtoken');
 const bcrypt = require('bcryptjs');
+const JWT_SECRET = require('../../config').JWT_SECRET;
 
 const { Schema, model } = mongoose;
 
@@ -26,7 +27,7 @@ userSchema.methods.toJSON = function() {
 
 // creating token
 userSchema.methods.genAuthToken = function() {
-  return jwt.sign({ userId: this._id.toString() }, 'token'); // this = user
+  return jwt.sign({ userId: this._id.toString() }, JWT_SECRET); // this = user
 };
 
 // password hasing

examples/redis-todo/middleware/auth.js

@@ -1,18 +1,19 @@
 'use strict';
 
 const jwt = require('jsonwebtoken');
+const JWT_SECRET = require('../config').JWT_SECRET;
 
 module.exports = async function(req, res, next) {
   try {
     const authToken = req.header('x-auth');
     if (!authToken) return res.status(404).send({ msg: 'AuthToken not found' });
 
-    const decodedValue = jwt.verify(authToken, 'token');
+    const decodedValue = jwt.verify(authToken, JWT_SECRET);
     if (!decodedValue) return res.status(401).send({ msg: 'Invalid Authentication' });
 
     req.userId = decodedValue.userId;
     next();
   } catch (err) {
-    res.status(401).send({ msg: 'Invalid Authentication:' + err });
+    res.status(401).send({ msg: 'Invalid Authentication'});
   }
 };

examples/redis-todo/package.json

@@ -25,14 +25,16 @@
   "homepage": "https://github.com/usama-asfar/redis-todo#readme",
   "dependencies": {
     "bcryptjs": "^2.4.3",
-    "express": "^4.17.1",
+    "express": "^4.18.1",
+    "express-rate-limit": "^6.4.0",
     "jsonwebtoken": "^8.5.1",
-    "mongoose": "^5.6.5",
+    "mongoose": "^6.3.5",
     "redis": "^4.1.0"
   },
   "devDependencies": {
+    "nodemon": "^2.0.16",
     "morgan": "^1.9.1",
-    "snazzy": "^8.0.0",
-    "standard": "^13.0.2"
+    "snazzy": "^9.0.0",
+    "standard": "^17.0.0"
   }
 }

examples/redis-todo/routers/todoRouter.js

@@ -15,7 +15,7 @@ Router.get('/all', auth, async function({ userId }, res) {
     res.status(200).json({ todos: await Todo.find({ userId }).sort({ createdAt: -1 }).cache({ key: userId }) });
   } catch (err) {
     console.log(err);
-    res.status(501).send('Server Error: ' + err);
+    res.status(501).send('Server Error');
   }
 });
 
@@ -26,11 +26,15 @@ Router.get('/all', auth, async function({ userId }, res) {
  */
 Router.post('/create', auth, clearCache, async function({ userId, body }, res) {
   try {
-    const todo = new Todo({ ...body, userId });
+    const todo = new Todo({
+      text: body.text,
+      completed: body.completed,
+      userId
+    });
     await todo.save();
     res.status(201).json({ todo });
   } catch (err) {
-    res.status(501).send('Server Error: ' + err);
+    res.status(501).send('Server Error');
   }
 });
 
@@ -49,7 +53,7 @@ Router.post('/update', auth, async function({ userId, body }, res) {
     await updatedTodo.save();
     res.status(200).json({ todo: updatedTodo });
   } catch (err) {
-    res.status(501).send('Server Error: ' + err);
+    res.status(501).send('Server Error');
   }
 });
 
@@ -62,7 +66,7 @@ Router.delete('/delete', auth, async function({ userId, body: { todoId } }, res)
     await Todo.findOneAndDelete({ $and: [{ userId }, { _id: todoId }] });
     res.status(200).send({ msg: 'Todo deleted' });
   } catch (err) {
-    res.status(501).send('Server Error: ' + err);
+    res.status(501).send('Server Error');
   }
 });
 

examples/redis-todo/routers/userRouter.js

@@ -15,7 +15,12 @@ Router.post('/create', async function({ body }, res) {
   try {
     // storing password
     const password = new Password({ password: body.password });
-    const user = new User({ ...body, passwordId: password._id }); // body = user data
+    const user = new User({
+      name: body.name,
+      username: body.username,
+      email: body.email,
+      passwordId: password._id
+    }); // body = user data
 
     // gen auth token
     const token = await user.genAuthToken();
@@ -26,7 +31,7 @@ Router.post('/create', async function({ body }, res) {
     res.status(201).json({ token });
   } catch (err) {
     console.log(err);
-    res.status(501).send('Server Error: ' + err);
+    res.status(501).send('Server Error');
   }
 });
 
@@ -48,7 +53,7 @@ Router.post('/login', async function({ body }, res) {
     const token = user.genAuthToken();
     res.status(201).json({ token });
   } catch (err) {
-    res.status(501).send('Server Error: ' + err);
+    res.status(501).send('Server Error');
   }
 });
 
@@ -73,7 +78,7 @@ Router.post('/update', auth, async function({ userId, body }, res) {
 
     res.status(200).json({ user: updatedUser });
   } catch (err) {
-    res.status(500).send('Server Error: ' + err);
+    res.status(500).send('Server Error');
   }
 });
 
@@ -86,7 +91,7 @@ Router.delete('/delete', auth, async function({ userId }, res) {
     await Todo.deleteMany({ userId });
     res.status(200).send({ msg: 'User deleted' });
   } catch (err) {
-    res.status(501).send('Server Error: ' + err);
+    res.status(501).send('Server Error');
   }
 });
 

examples/redis-todo/server.js

@@ -2,14 +2,22 @@
 
 const http = require('http');
 const express = require('express');
+const rateLimit = require('express-rate-limit');
 
 // DB
 require('./db');
 require('./services/cache');
 
+const limiter = rateLimit({
+  windowMs: 1*60*1000, // 1 minute
+  max: 100
+});
+
 const app = express();
 app.use(express.json());
 
+app.use(limiter);
+
 // morgan test
 app.use(require('morgan')('dev'));
 

static.js

@@ -7,7 +7,7 @@ const port = process.env.PORT
   : 8089;
 
 require('http').createServer(function(req, res) {
-  handler(req, res, { public: '.' }).catch(err => res.statusCode(500).send(err.message));
+  handler(req, res).catch(err => res.statusCode(500).send(err.message));
 }).listen(port);
 
 console.log(`now listening on http://localhost:${port}`);