From f1e97ca839a3843bd545a51682335ee37ed6c22d Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@renovateapp.com>
Date: Wed, 20 Jan 2021 06:42:11 +0000
Subject: [PATCH 1/9] chore(deps): pin dependencies

---
 package.json | 4 ++--
 yarn.lock    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package.json b/package.json
index 368ad42..6248673 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
     "cors": "2.8.5",
     "cross-env": "7.0.3",
     "express": "4.17.1",
-    "express-rate-limit": "^5.2.3",
+    "express-rate-limit": "5.2.3",
     "jsonwebtoken": "8.5.1",
     "mongoose": "5.11.12",
     "morgan": "1.10.0",
@@ -47,7 +47,7 @@
     "@types/cors": "2.8.9",
     "@types/eslint": "7.2.6",
     "@types/express": "4.17.11",
-    "@types/express-rate-limit": "^5.1.1",
+    "@types/express-rate-limit": "5.1.1",
     "@types/jsonwebtoken": "8.5.0",
     "@types/mongoose": "5.10.3",
     "@types/morgan": "1.9.2",
diff --git a/yarn.lock b/yarn.lock
index 11f41db..89d912a 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -312,7 +312,7 @@
   resolved "https://registry.yarnpkg.com/@types/estree/-/estree-0.0.45.tgz#e9387572998e5ecdac221950dab3e8c3b16af884"
   integrity sha512-jnqIUKDUqJbDIUxm0Uj7bnlMnRm1T/eZ9N+AVMqhPgzrba2GhGG5o/jCTwmdPK709nEZsGoMzXEDUjcXHa3W0g==
 
-"@types/express-rate-limit@^5.1.1":
+"@types/express-rate-limit@5.1.1":
   version "5.1.1"
   resolved "https://registry.yarnpkg.com/@types/express-rate-limit/-/express-rate-limit-5.1.1.tgz#e5b0239d18c1580e52ae56dce4248333302a1dc8"
   integrity sha512-6oMYZBLlhxC5sdcRXXz528QyfGz3zTy9YdHwqlxLfgx5Cd3zwYaUjjPpJcaTtHmRefLi9P8kLBPz2wB7yz4JtQ==
@@ -1666,7 +1666,7 @@ etag@~1.8.1:
   resolved "https://registry.yarnpkg.com/etag/-/etag-1.8.1.tgz#41ae2eeb65efa62268aebfea83ac7d79299b0887"
   integrity sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc=
 
-express-rate-limit@^5.2.3:
+express-rate-limit@5.2.3:
   version "5.2.3"
   resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-5.2.3.tgz#ae73b3dc723decd697797611bd96e9b34a912f6c"
   integrity sha512-cjQH+oDrEPXxc569XvxhHC6QXqJiuBT6BhZ70X3bdAImcnHnTNMVuMAJaT0TXPoRiEErUrVPRcOTpZpM36VbOQ==

From 85faacba52c9a30693918c2e4581886067c43488 Mon Sep 17 00:00:00 2001
From: S1LV3R <s1lv3r@corax.team>
Date: Wed, 20 Jan 2021 10:06:19 +0100
Subject: [PATCH 2/9] fix: disable LGTM issue

LGTM is reporting an error with no rate limiting, but there is actually rate limiting
on the line above using `.all(...)`.
---
 src/api/v1/auth.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/api/v1/auth.ts b/src/api/v1/auth.ts
index 3b20eab..e71d2a3 100644
--- a/src/api/v1/auth.ts
+++ b/src/api/v1/auth.ts
@@ -42,7 +42,9 @@ export default (): Router => {
   router
     .route("/login")
     .all(authRateLimit)
-    .post(verifyLoginCreds, login)
+    // LGTM issue is disabled because i am actually using rate limiting, but for some reason LGTM
+    // isn't picking it up.
+    .post(verifyLoginCreds, login) // lgtm [js/missing-rate-limiting]
     .all(notImplemented);
   router
     .route("/logout")

From 81a1019cf878e2b9236109fd857c543415c3987c Mon Sep 17 00:00:00 2001
From: S1LV3R <s1lv3r@corax.team>
Date: Wed, 20 Jan 2021 16:17:48 +0100
Subject: [PATCH 3/9] fix: use Promise.all where possible

See BACK-52
---
 src/services/Team.ts | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/services/Team.ts b/src/services/Team.ts
index 8844a27..427e21c 100644
--- a/src/services/Team.ts
+++ b/src/services/Team.ts
@@ -90,10 +90,18 @@ export default class TeamService {
     Logger.verbose("Getting team");
     const decodedJWT = verifyJWT(jwt);
 
-    Logger.silly("Getting user");
-    const user = await (await UserModel.findById(decodedJWT.id))
-      .execPopulate()
-      .then()
+    let team: ITeamModel;
+    let user: IUserModel;
+
+    Logger.silly("Getting user and team");
+    await Promise.all([
+      TeamModel.findById(teamID),
+      UserModel.findById(decodedJWT.id),
+    ])
+      .then((results) => {
+        team = results[0];
+        user = results[1];
+      })
       .catch((err) => {
         Logger.error(err);
         throw new InternalServerError();
@@ -104,8 +112,6 @@ export default class TeamService {
       throw new NotFoundError({ errorCode: "error_user_not_found" });
     }
 
-    Logger.silly("Getting team");
-    const team = await TeamModel.findById(teamID);
     if (!team) {
       throw new NotFoundError({ errorCode: "error_team_not_found" });
     }

From 7903d6dd24e2051ed20e52987102c58006e9ccbe Mon Sep 17 00:00:00 2001
From: S1LV3R <s1lv3r@corax.team>
Date: Wed, 20 Jan 2021 16:22:46 +0100
Subject: [PATCH 4/9] fix: update typing to be correct

See BACK-56
---
 src/types/index.d.ts | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/types/index.d.ts b/src/types/index.d.ts
index 09ee240..3c8760d 100644
--- a/src/types/index.d.ts
+++ b/src/types/index.d.ts
@@ -1,8 +1,8 @@
 import { Types as mongooseTypes } from "mongoose";
 
 export interface TeamSocials {
-  twitter: string;
-  website: string;
+  twitter?: string;
+  website?: string;
 }
 
 // The params an error errorMessage can take
@@ -55,13 +55,13 @@ export interface JWTData {
 }
 
 export interface TeamDetailsUpdateData {
-  name: string;
-  socials: TeamSocials;
+  name?: string;
+  socials?: TeamSocials;
 }
 
 export interface InviteOptions {
-  maxUses: number;
-  expiry: Date;
+  maxUses?: number;
+  expiry?: Date;
 }
 
 export interface BasicInvite {

From 43629e29a5f8368c06200061d6f58dae6532716a Mon Sep 17 00:00:00 2001
From: S1LV3R <s1lv3r@corax.team>
Date: Wed, 20 Jan 2021 16:27:53 +0100
Subject: [PATCH 5/9] refactor: make some methods private

Old code had public methods that were only used privately

See BACK-57
---
 src/services/Auth.ts | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/services/Auth.ts b/src/services/Auth.ts
index 5456d1f..e7b56bc 100644
--- a/src/services/Auth.ts
+++ b/src/services/Auth.ts
@@ -182,7 +182,7 @@ export default class AuthService {
    * @returns {Promise<IUserModel>} the whole document on the user
    * @memberof AuthService
    */
-  public async getFullUser(id: mongoose.Types.ObjectId): Promise<IUserModel> {
+  private async getFullUser(id: mongoose.Types.ObjectId): Promise<IUserModel> {
     Logger.silly("Checking for valid ObjectId");
     if (!isValidObjectId(id)) {
       throw new BadRequestError({ errorCode: "error_invalid_id" });
@@ -245,7 +245,7 @@ export default class AuthService {
    * @returns {string} the JWT
    * @memberof AuthService
    */
-  public generateAccessToken(user: IUserModel): string {
+  private generateAccessToken(user: IUserModel): string {
     const jwtData: JWTData = { sub: user._id, id: user._id };
 
     if (user.isAdmin) {
@@ -266,7 +266,7 @@ export default class AuthService {
    * @returns {Promise<IRefreshTokenModel>} the token document
    * @memberof AuthService
    */
-  public async getRefreshToken(token: string): Promise<IRefreshTokenModel> {
+  private async getRefreshToken(token: string): Promise<IRefreshTokenModel> {
     const refreshToken = await RefreshToken.findOne({ token }).then();
 
     if (!refreshToken || !refreshToken.isActive) {
@@ -285,7 +285,7 @@ export default class AuthService {
    * @param {string} ipAddress what ip address is generating the new refresh token
    * @memberof AuthService
    */
-  public generateRefreshToken(
+  private generateRefreshToken(
     user: IUserModel,
     ipAddress: string
   ): IRefreshTokenModel {
@@ -305,7 +305,7 @@ export default class AuthService {
    * @param {string} [replacedByToken] an optional parameter that indicates what token replaces this one
    * @memberof AuthService
    */
-  public async revokeToken(
+  private async revokeToken(
     token: string,
     ipAddress: string,
     replacedByToken?: string

From c6f877cd95d5a18d331b8bbe5643066d87a849b2 Mon Sep 17 00:00:00 2001
From: S1LV3R <s1lv3r@corax.team>
Date: Wed, 20 Jan 2021 16:31:36 +0100
Subject: [PATCH 6/9] fix: fix codeql scanning

See #31
---
 .github/workflows/codeql-analysis.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 41729ed..697c118 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -7,10 +7,10 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [main]
+    branches: [master, dev]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [main]
+    branches: [master, dev]
   schedule:
     - cron: '0 8 * * 0'
 

From 5eb1758775903ddba9b2d6b87ba5f862b418f2d9 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@renovateapp.com>
Date: Wed, 20 Jan 2021 17:41:16 +0000
Subject: [PATCH 7/9] fix(deps): update dependency mongoose to v5.11.13

---
 package.json | 2 +-
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index 6248673..59c072a 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
     "express": "4.17.1",
     "express-rate-limit": "5.2.3",
     "jsonwebtoken": "8.5.1",
-    "mongoose": "5.11.12",
+    "mongoose": "5.11.13",
     "morgan": "1.10.0",
     "ts-node": "9.1.1",
     "typescript": "4.1.3",
diff --git a/yarn.lock b/yarn.lock
index 89d912a..9c84456 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2938,10 +2938,10 @@ mongoose-legacy-pluralize@1.0.2:
   resolved "https://registry.yarnpkg.com/mongoose-legacy-pluralize/-/mongoose-legacy-pluralize-1.0.2.tgz#3ba9f91fa507b5186d399fb40854bff18fb563e4"
   integrity sha512-Yo/7qQU4/EyIS8YDFSeenIvXxZN+ld7YdV9LqFVQJzTLye8unujAWPZ4NWKfFA+RNjh+wvTWKY9Z3E5XM6ZZiQ==
 
-mongoose@5.11.12:
-  version "5.11.12"
-  resolved "https://registry.yarnpkg.com/mongoose/-/mongoose-5.11.12.tgz#452d28ef04b9c6a9601e62a54064851c3b57d4ee"
-  integrity sha512-70wST9hnVlPbt5nKClPKJo54ULIACOVGYdg8fyj17sWtCJLyURCDahhzUh+oUA7WVykOW2ZMqWm2kujBIWYagg==
+mongoose@5.11.13:
+  version "5.11.13"
+  resolved "https://registry.yarnpkg.com/mongoose/-/mongoose-5.11.13.tgz#1a8af3c83152d5e0427509966926ea7f5ead4d66"
+  integrity sha512-rXbaxSJfLnKKO2RTm8MKt65glrtfKDc4ATEb6vEbbzsVGCiLut753K5axdpyvE7KeTH7GOh4LzmuQLOvaaWOmA==
   dependencies:
     "@types/mongodb" "^3.5.27"
     bson "^1.1.4"

From 87f9db8b2b16ea0e8003423ceca27a294173678e Mon Sep 17 00:00:00 2001
From: S1LV3R <s1lv3r@corax.team>
Date: Wed, 20 Jan 2021 19:39:58 +0100
Subject: [PATCH 8/9] chore: update renovate config

Schedule the bot to run the first day of every month to prevent annoying
and spammy pull requests.
---
 renovate.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/renovate.json b/renovate.json
index 57d1542..bdd6d86 100644
--- a/renovate.json
+++ b/renovate.json
@@ -1,4 +1,5 @@
 {
   "extends": ["config:base"],
-  "baseBranches": ["dev"]
+  "baseBranches": ["dev"],
+  "schedule": ["first day of every month"]
 }

From 8daa990782ad617cf19a964b682f625b8e231241 Mon Sep 17 00:00:00 2001
From: S1LV3R <s1lv3r@corax.team>
Date: Wed, 20 Jan 2021 19:45:46 +0100
Subject: [PATCH 9/9] chore(release): 0.1.0-alpha.2

---
 CHANGELOG.md | 23 +++++++++++++++++++++++
 package.json |  2 +-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a6f6f90..a5d39be 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,29 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [0.1.0-alpha.2](https://github.com/CTFNote/backend/compare/v0.1.0-alpha.1...v0.1.0-alpha.2) (2021-01-20)
+
+
+### Bug Fixes
+
+* **deps:** update dependency mongoose to v5.11.13 ([5eb1758](https://github.com/CTFNote/backend/commit/5eb1758775903ddba9b2d6b87ba5f862b418f2d9))
+* disable LGTM issue ([85faacb](https://github.com/CTFNote/backend/commit/85faacba52c9a30693918c2e4581886067c43488))
+* fix codeql scanning ([c6f877c](https://github.com/CTFNote/backend/commit/c6f877cd95d5a18d331b8bbe5643066d87a849b2)), closes [#31](https://github.com/CTFNote/backend/issues/31)
+* update typing to be correct ([7903d6d](https://github.com/CTFNote/backend/commit/7903d6dd24e2051ed20e52987102c58006e9ccbe))
+* use Promise.all where possible ([81a1019](https://github.com/CTFNote/backend/commit/81a1019cf878e2b9236109fd857c543415c3987c))
+
+
+### Refactor
+
+* make some methods private ([43629e2](https://github.com/CTFNote/backend/commit/43629e29a5f8368c06200061d6f58dae6532716a))
+
+
+### Chore
+
+* update renovate config ([87f9db8](https://github.com/CTFNote/backend/commit/87f9db8b2b16ea0e8003423ceca27a294173678e))
+* **deps:** pin dependencies ([f1e97ca](https://github.com/CTFNote/backend/commit/f1e97ca839a3843bd545a51682335ee37ed6c22d))
+* update renovate config ([7908137](https://github.com/CTFNote/backend/commit/790813791adfe27bf93dab26a3c591542e02ce78))
+
 ## [0.1.0-alpha.1](https://github.com/CTFNote/backend/compare/v0.1.0-alpha.0...v0.1.0-alpha.1) (2021-01-20)
 
 
diff --git a/package.json b/package.json
index 59c072a..8ed8ac2 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ctfnote-backend",
-  "version": "0.1.0-alpha.1",
+  "version": "0.1.0-alpha.2",
   "description": " The backend for CTFNote, made using Node.js, express.js, and Typescript.",
   "main": "src/app.ts",
   "repository": "git@github.com:CTFNote/backend",