Security fixes and debug logging #54
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| }; | ||
| const authMw = authenticator(_.pick(config, ["AUTH_SECRET", "VALID_ISSUERS"])); | ||
| let finished = false; | ||
| const bailoutTimer = setTimeout(() => { |
There was a problem hiding this comment.
[performance]
The use of a fixed timeout of 8000ms for the bailout timer in the authentication middleware may not be suitable for all environments and could lead to unexpected behavior if the authentication process takes longer. Consider making this timeout configurable or ensuring it is appropriate for the expected load and performance characteristics of the system.
| } | ||
| actions.push(method); | ||
|
|
||
| actions.push(async (req, res, next) => { |
There was a problem hiding this comment.
[❗❗ correctness]
The actions.push(async (req, res, next) => {...}) block assumes that the method function returns a promise if it is asynchronous. Ensure that all controller methods are consistently returning promises if they perform asynchronous operations, otherwise, this could lead to unhandled promise rejections or incorrect logging.
No description provided.