security(authoring): upgrade dependencies

services/authoring/.gitignore

@@ -2,3 +2,4 @@
 searchIndex.json
 dist/
 uploads/
+.yarn

services/authoring/Dockerfile

@@ -1,5 +1,5 @@
 # ------- BASE -------
-FROM node:14.16.1 as base
+FROM node:18 as base
 WORKDIR /opt/app
 
 # ------- DEPS -------

services/authoring/package.json

@@ -24,76 +24,78 @@
     "format": "prettier --write **/*.ts"
   },
   "dependencies": {
-    "@sinclair/typebox": "^0.24.44",
-    "ajv": "^8.6.3",
+    "@sinclair/typebox": "^0.25.24",
+    "ajv": "^8.12.0",
     "ajv-formats": "^2.1.1",
     "bluebird": "^3.7.2",
-    "bunyan": "^1.8.14",
-    "express": "^4.17.1",
-    "fast-json-patch": "^3.0.0-1",
-    "fs-extra": "^9.0.1",
-    "glob": "^7.1.6",
+    "bunyan": "^1.8.15",
+    "express": "^4.17.3",
+    "fast-json-patch": "^3.1.1",
+    "fs-extra": "^11.1.0",
+    "glob": "^9.2.1",
     "highland": "^2.13.5",
-    "jszip": "^3.5.0",
+    "jszip": "^3.10.1",
     "lock-queue": "^1.0.1",
     "lunr": "^2.3.9",
     "morgan": "^1.10.0",
-    "multer": "^1.4.2",
-    "nconf": "^0.11.2",
+    "multer": "^1.4.4",
+    "nconf": "^0.12.0",
     "node-getopt": "^0.3.2",
-    "nodegit": "^0.27.0",
-    "object-hash": "^2.0.3",
-    "passport": "^0.4.1",
-    "passport-jwt": "^4.0.0",
+    "nodegit": "^0.28.0-alpha.21",
+    "object-hash": "^3.0.0",
+    "passport": "^0.6.0",
+    "passport-jwt": "^4.0.1",
     "passport-strategy": "^1.0.0",
-    "ramda": "^0.27.1",
-    "rxjs": "^7.0.0",
-    "shortid": "^2.2.15",
-    "simple-git": "^2.20.1",
-    "sshpk": "^1.16.1",
+    "ramda": "^0.28.0",
+    "rxjs": "^7.8.0",
+    "shortid": "^2.2.16",
+    "simple-git": "^3.17.0",
+    "sshpk": "^1.17.0",
     "typescript-ioc": "^3.2.2",
-    "typescript-rest": "^3.0.2",
-    "typescript-rest-ioc": "^1.0.0",
-    "typescript-rest-swagger": "^1.1.4",
-    "uuid": "^8.3.0"
+    "typescript-rest": "^3.0.4",
+    "typescript-rest-ioc": "^1.0.1",
+    "typescript-rest-swagger": "^1.1.7",
+    "uuid": "^9.0.0"
   },
   "devDependencies": {
-    "@types/bluebird": "^3.5.32",
-    "@types/bunyan": "^1.8.6",
-    "@types/chai": "^4.2.12",
-    "@types/express": "^4.17.7",
-    "@types/fs-extra": "^9.0.1",
-    "@types/mocha": "^8.0.3",
-    "@types/morgan": "^1.9.1",
-    "@types/lunr": "^2.3.2",
-    "@types/nconf": "^0.10.0",
-    "@types/node": "^14.6.0",
-    "@types/nodegit": "0.27.1",
-    "@types/object-hash": "^1.3.3",
-    "@types/passport": "^1.0.4",
-    "@types/passport-jwt": "^3.0.3",
+    "@types/bluebird": "^3.5.38",
+    "@types/bunyan": "^1.8.8",
+    "@types/chai": "^4.3.4",
+    "@types/express": "^4.17.17",
+    "@types/fs-extra": "^11.0.1",
+    "@types/highland": "^2.12.14",
+    "@types/lunr": "^2.3.4",
+    "@types/mocha": "^10.0.1",
+    "@types/morgan": "^1.9.4",
+    "@types/nconf": "^0.10.3",
+    "@types/node": "^18.15.0",
+    "@types/nodegit": "0.28.3",
+    "@types/object-hash": "^3.0.2",
+    "@types/passport": "^1.0.12",
+    "@types/passport-jwt": "^3.0.8",
     "@types/passport-strategy": "^0.2.35",
-    "@types/ramda": "^0.27.14",
+    "@types/ramda": "^0.28.23",
     "@types/shortid": "^0.0.29",
-    "@types/sinon": "^9.0.5",
-    "@types/sshpk": "^1.10.5",
-    "@typescript-eslint/eslint-plugin": "^3.10.1",
-    "@typescript-eslint/parser": "^3.10.1",
-    "chai": "^4.2.0",
+    "@types/sinon": "^10.0.13",
+    "@types/sshpk": "^1.17.1",
+    "@typescript-eslint/eslint-plugin": "^5.54.1",
+    "@typescript-eslint/parser": "^5.54.1",
+    "chai": "^4.3.7",
     "chai-as-promised": "^7.1.1",
     "chai-things": "^0.2.0",
     "cpr": "^3.0.1",
-    "cross-env": "^7.0.2",
-    "eslint": "^7.7.0",
-    "eslint-config-prettier": "^6.11.0",
-    "mocha": "^8.1.2",
+    "cross-env": "^7.0.3",
+    "eslint": "^8.36.0",
+    "eslint-config-prettier": "^8.7.0",
+    "mocha": "^10.2.0",
     "nodemon": "^2.0.4",
-    "prettier": "^2.1.0",
-    "rimraf": "^3.0.2",
+    "prettier": "^2.8.4",
+    "rimraf": "^4.4.0",
     "simple-mock": "^0.8.0",
-    "sinon": "^9.0.3",
-    "sinon-chai": "^3.5.0",
-    "ts-node": "^9.0.0",
-    "typescript": "^4.0.2"
+    "sinon": "^15.0.1",
+    "sinon-chai": "^3.7.0",
+    "ts-node": "^10.9.1",
+    "typescript": "^4.9.5",
+    "yarn-audit-fix": "^9.3.9"
   }
 }

services/authoring/src/repositories/git-repository.ts

@@ -68,14 +68,14 @@ export default class GitRepository {
     };
 
     logger.info('clonning rules repository');
-    const clonningOp = 'clonning end in';
+    const cloningOp = 'clonning end in';
     // FIXME: needs json logging
-    console.time(clonningOp);
-    const repo = await git.Clone.clone(settings.url, settings.localPath, {
+    console.time(cloningOp);
+    const repo = await git.Clone(settings.url, settings.localPath, {
       fetchOpts: operationSettings,
     });
     // FIXME: needs json logging
-    console.timeEnd(clonningOp);
+    console.timeEnd(cloningOp);
     return new GitRepository(repo, operationSettings);
   }
 

services/authoring/src/routes/apps.ts

@@ -19,10 +19,11 @@ import { Authorize } from '../security/authorize';
 import AppsRepository, { AppSecretKey, AppManifest } from '../repositories/apps-repository';
 import { addOid } from '../utils/response-utils';
 import { createNewAppManifest, createSecretKey } from '../utils/app-utils';
+import { Response } from 'express';
 
 const allowedPermissions = R.without(<any>PERMISSIONS.ADMIN, R.values(PERMISSIONS));
 
-const hasValidPermissions = R.all(<any>R.contains((<any>R).__, allowedPermissions));
+const hasValidPermissions = R.all(<any>R.includes((<any>R).__, allowedPermissions));
 
 const getPublicProps = (s: AppSecretKey) => ({ id: s.id, creationDate: s.creationDate });
 
@@ -94,7 +95,7 @@ export class AppsController {
     const { secret: appSecret, key } = await createSecretKey();
     newApp.secretKeys.push(key);
     const oid = await this.appsRepository.createApp(appId, newApp, { name, email });
-    addOid(this.context.response, oid);
+    addOid(this.context.response as Response, oid);
 
     return {
       appId,
@@ -112,7 +113,7 @@ export class AppsController {
     patchAppModel: Partial<Pick<AppManifest, 'name' | 'permissions'>>,
   ): Promise<void> {
     const oid = await this.appsRepository.updateApp(appId, patchAppModel, { name, email });
-    addOid(this.context.response, oid);
+    addOid(this.context.response as Response, oid);
   }
 
   @Authorize({ permission: PERMISSIONS.ADMIN })
@@ -124,7 +125,7 @@ export class AppsController {
     @QueryParam('author.email') email: string,
   ): Promise<void> {
     const oid = await this.appsRepository.deleteApp(appId, { name, email });
-    addOid(this.context.response, oid);
+    addOid(this.context.response as Response, oid);
   }
 
   @Authorize({ permission: PERMISSIONS.ADMIN })
@@ -151,7 +152,7 @@ export class AppsController {
   ): Promise<AppSecretKeyCreationResponseModel> {
     const { secret, key } = await createSecretKey();
     const oid = await this.appsRepository.createSecretKey(appId, key, { name, email });
-    addOid(this.context.response, oid);
+    addOid(this.context.response as Response, oid);
     return { appId, keyId: key.id, secret };
   }
 
@@ -165,6 +166,6 @@ export class AppsController {
     @QueryParam('author.email') email: string,
   ): Promise<void> {
     const oid = await this.appsRepository.deleteSecretKey(appId, keyId, { name, email });
-    addOid(this.context.response, oid);
+    addOid(this.context.response as Response, oid);
   }
 }

services/authoring/src/routes/bulk-keys-upload.ts

@@ -9,6 +9,7 @@ import { Authorize } from '../security/authorize';
 import { PERMISSIONS } from '../security/permissions/consts';
 import KeysRepository from '../repositories/keys-repository';
 import { addOid } from '../utils/response-utils';
+import { Response } from 'express';
 
 const supportedPaths = [/^manifests\/.+?\.json/, /^implementations\/.+\/.+?\./];
 const isValidPath = (x) => R.any(<any>R.test((<any>R).__, x))(supportedPaths);
@@ -57,6 +58,6 @@ export class BulkKeysUpload {
     }
 
     const oid = await this.keysRepository.updateBulkKeys(fileEntries, { name, email });
-    addOid(this.context.response, oid);
+    addOid(this.context.response as Response, oid);
   }
 }

services/authoring/src/routes/hooks.ts

@@ -18,6 +18,7 @@ import { HooksRepositoryFactory, HooksRepository } from '../repositories/hooks-r
 import { addOid } from '../utils/response-utils';
 import Hook from '../utils/hook';
 import logger from '../utils/logger';
+import { Response } from 'express';
 
 @OnlyInstantiableByContainer
 @Tags('hooks')
@@ -52,7 +53,7 @@ export class HooksController {
     if (!(await this._handleETagValidation(hooksRepository))) return null;
 
     const oid = await hooksRepository.createHook(hook, { name, email });
-    addOid(this.context.response, oid);
+    addOid(this.context.response as Response, oid);
 
     this.context.response.status(201);
     return hook;
@@ -73,7 +74,7 @@ export class HooksController {
       if (!(await this._handleETagValidation(hooksRepository))) return;
 
       const oid = await hooksRepository.updateHook(hook, { name, email });
-      addOid(this.context.response, oid);
+      addOid(this.context.response as Response, oid);
     } catch (err) {
       logger.error({ err, hook }, err.message);
       throw new Errors.NotFoundError();
@@ -93,7 +94,7 @@ export class HooksController {
       if (!(await this._handleETagValidation(hooksRepository))) return;
 
       const oid = await hooksRepository.deleteHook(id, { name, email });
-      addOid(this.context.response, oid);
+      addOid(this.context.response as Response, oid);
     } catch (err) {
       logger.error({ err, hookId: id }, err.message);
       throw new Errors.NotFoundError();

services/authoring/src/routes/keys.ts

@@ -9,6 +9,7 @@ import KeysRepository from '../repositories/keys-repository';
 import { addOid } from '../utils/response-utils';
 import logger from '../utils/logger';
 import validate, { KeyUpdateModelType } from '../utils/validation';
+import { Response } from 'express';
 
 export type KeyUpdateModel = {
   implementation: any;
@@ -66,7 +67,7 @@ export class KeysController {
       name,
       email,
     });
-    addOid(this.context.response, oid);
+    addOid(this.context.response as Response, oid);
     await this._setKeyETagHeader(keyPath);
 
     return 'OK';
@@ -88,7 +89,7 @@ export class KeysController {
       keysToDelete = keysToDelete.concat(additionalKeys);
     }
     const oid = await this.keysRepository.deleteKeys(keysToDelete, { name, email });
-    addOid(this.context.response, oid);
+    addOid(this.context.response as Response, oid);
 
     return 'OK';
   }

services/authoring/src/routes/policies.ts

@@ -6,6 +6,7 @@ import PolicyRepository from '../repositories/policy-repository';
 import { addOid } from '../utils/response-utils';
 import { JsonValue } from '../utils/jsonValue';
 import jsonpatch = require('fast-json-patch');
+import { Response } from 'express';
 
 @OnlyInstantiableByContainer
 @Path('/policies')
@@ -31,7 +32,7 @@ export class PolicyController {
     content: JsonValue,
   ): Promise<string> {
     const oid = await this.policyRepository.replacePolicy(content, { name, email });
-    addOid(this.context.response, oid);
+    addOid(this.context.response as Response, oid);
 
     return 'OK';
   }
@@ -44,7 +45,7 @@ export class PolicyController {
     content: jsonpatch.Operation[],
   ): Promise<string> {
     const oid = await this.policyRepository.updatePolicy(content, { name, email });
-    addOid(this.context.response, oid);
+    addOid(this.context.response as Response, oid);
 
     return 'OK';
   }

services/authoring/src/routes/schema.ts

@@ -19,6 +19,7 @@ import { PERMISSIONS } from '../security/permissions/consts';
 import KeysRepository from '../repositories/keys-repository';
 import { JsonValue } from '../utils/jsonValue';
 import { addOid } from '../utils/response-utils';
+import { Response } from 'express';
 
 const schemaPrefix = '@tweek/schema/';
 const indexSchema = R.pipe(
@@ -55,7 +56,7 @@ export class SchemaController {
   ): Promise<string> {
     const keyPath = schemaPrefix + identityType;
     const oid = await this.keysRepository.deleteKeys([keyPath], { name, email });
-    addOid(this.context.response, oid);
+    addOid(this.context.response as Response, oid);
     return 'OK';
   }
 
@@ -87,7 +88,7 @@ export class SchemaController {
       dependencies: [],
     };
     const oid = await this.keysRepository.updateKey(key, manifest, null, { name, email });
-    addOid(this.context.response, oid);
+    addOid(this.context.response as Response, oid);
     return 'OK';
   }
 
@@ -107,7 +108,7 @@ export class SchemaController {
       jsonpatch.applyPatch(R.clone(manifest.implementation.value), <any>patch).newDocument,
     )(manifest);
     const oid = await this.keysRepository.updateKey(key, newManifest, null, { name, email });
-    addOid(this.context.response, oid);
+    addOid(this.context.response as Response, oid);
     return 'OK';
   }
 }