From 4ddc051565ba768e7983b1d238224e19e81fa123 Mon Sep 17 00:00:00 2001 From: elpla Date: Tue, 2 May 2023 21:55:45 +0200 Subject: [PATCH] Solucionando vulnerabilidad --- restapi/server.ts | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/restapi/server.ts b/restapi/server.ts index 5526d27..85587de 100644 --- a/restapi/server.ts +++ b/restapi/server.ts @@ -2,7 +2,7 @@ import express, { Application, RequestHandler } from "express"; import cors from 'cors'; import bp from 'body-parser'; import promBundle from 'express-prom-bundle'; -import api from "./api"; +import api from "./api"; const app: Application = express(); const port: number = 5000; @@ -13,7 +13,7 @@ const db = require("./src/db"); const httpsPort = 5001; -const metricsMiddleware:RequestHandler = promBundle({includeMethod: true}); +const metricsMiddleware: RequestHandler = promBundle({ includeMethod: true }); app.use(metricsMiddleware); app.disable("x-powered-by"); @@ -24,27 +24,29 @@ app.use(bp.json()); app.use("/api", api) const options = { - key: fs.readFileSync('./key.pem'), - cert: fs.readFileSync('./cert.pem') - }; - - app.use((req, res, next) => { - if (req.secure) { - next(); - } else { + key: fs.readFileSync('./key.pem'), + cert: fs.readFileSync('./cert.pem') +}; + +app.use((req, res, next) => { + if (req.secure) { + next(); + } else { + if (typeof req.query.url === "string" && req.query.url.startsWith("https:")) { res.redirect(`https://${req.headers.host}${req.url}`); - } - }); + } + } +}); https.createServer(options, app).listen(httpsPort, () => { - console.log(`Restapi server started on port ${httpsPort}`); - }).on("error", (error: Error) => { - console.error("Error occured: " + error.message); + console.log(`Restapi server started on port ${httpsPort}`); +}).on("error", (error: Error) => { + console.error("Error occured: " + error.message); }); -app.listen(port, ():void => { - console.log('Restapi listening on '+ port); -}).on("error",(error:Error)=>{ - console.error('Error occured: ' + error.message); +app.listen(port, (): void => { + console.log('Restapi listening on ' + port); +}).on("error", (error: Error) => { + console.error('Error occured: ' + error.message); });