diff --git a/backend/src/graphql/resolvers/registration.ts b/backend/src/graphql/resolvers/registration.ts index 138a21aea..d37d3663a 100644 --- a/backend/src/graphql/resolvers/registration.ts +++ b/backend/src/graphql/resolvers/registration.ts @@ -4,9 +4,9 @@ /* eslint-disable @typescript-eslint/no-unsafe-member-access */ /* eslint-disable @typescript-eslint/no-unsafe-assignment */ import { UserInputError } from 'apollo-server' +import { hash } from 'bcryptjs' import { getNeode } from '@db/neo4j' -import encryptPassword from '@helpers/encryptPassword' import existingEmailAddress from './helpers/existingEmailAddress' import generateNonce from './helpers/generateNonce' @@ -46,7 +46,8 @@ export default { delete args.nonce delete args.email delete args.inviteCode - args = encryptPassword(args) + args.encryptedPassword = await hash(args.password, 10) + delete args.password const { driver } = context const session = driver.session() diff --git a/backend/src/graphql/resolvers/users/location.ts b/backend/src/graphql/resolvers/users/location.ts index 6dfaede4e..dc515e70d 100644 --- a/backend/src/graphql/resolvers/users/location.ts +++ b/backend/src/graphql/resolvers/users/location.ts @@ -12,7 +12,6 @@ import { UserInputError } from 'apollo-server' import request from 'request' import CONFIG from '@config/index' -import asyncForEach from '@helpers/asyncForEach' const fetch = (url) => { return new Promise((resolve, reject) => { @@ -119,7 +118,7 @@ export const createOrUpdateLocations = async (nodeLabel, nodeId, locationName, s } if (data.context) { - await asyncForEach(data.context, async (ctx) => { + for await (const ctx of data.context) { await createLocation(session, ctx) await session.writeTransaction((transaction) => { return transaction.run( @@ -135,7 +134,7 @@ export const createOrUpdateLocations = async (nodeLabel, nodeId, locationName, s ) }) parent = ctx - }) + } } locationId = data.id diff --git a/backend/src/helpers/asyncForEach.ts b/backend/src/helpers/asyncForEach.ts deleted file mode 100644 index 354f2cd07..000000000 --- a/backend/src/helpers/asyncForEach.ts +++ /dev/null @@ -1,18 +0,0 @@ -/* eslint-disable @typescript-eslint/no-unsafe-member-access */ -/* eslint-disable @typescript-eslint/no-unsafe-call */ -/* eslint-disable promise/prefer-await-to-callbacks */ -/* eslint-disable security/detect-object-injection */ -/** - * Provide a way to iterate for each element in an array while waiting for async functions to finish - * - * @param array - * @param callback - * @returns {Promise} - */ -async function asyncForEach(array, callback) { - for (let index = 0; index < array.length; index++) { - await callback(array[index], index, array) - } -} - -export default asyncForEach diff --git a/backend/src/helpers/encryptPassword.ts b/backend/src/helpers/encryptPassword.ts deleted file mode 100644 index 1d12556ea..000000000 --- a/backend/src/helpers/encryptPassword.ts +++ /dev/null @@ -1,11 +0,0 @@ -/* eslint-disable @typescript-eslint/no-unsafe-return */ -/* eslint-disable @typescript-eslint/no-unsafe-member-access */ -/* eslint-disable @typescript-eslint/no-unsafe-argument */ -import { hashSync } from 'bcryptjs' - -export default function (args) { - // eslint-disable-next-line n/no-sync - args.encryptedPassword = hashSync(args.password, 10) - delete args.password - return args -} diff --git a/backend/src/helpers/jest.ts b/backend/src/helpers/jest.ts deleted file mode 100644 index 5594eb348..000000000 --- a/backend/src/helpers/jest.ts +++ /dev/null @@ -1,10 +0,0 @@ -/* eslint-disable @typescript-eslint/no-unsafe-argument */ -/* eslint-disable promise/avoid-new */ -// sometime we have to wait to check a db state by having a look into the db in a certain moment -// or we wait a bit to check if we missed to set an await somewhere -// see: https://www.sitepoint.com/delay-sleep-pause-wait/ -export function sleep(ms) { - return new Promise((resolve) => setTimeout(resolve, ms)) -} -// usage – 4 seconds for example -// await sleep(4 * 1000) diff --git a/backend/src/helpers/walkRecursive.ts b/backend/src/helpers/walkRecursive.ts deleted file mode 100644 index 5874ca3af..000000000 --- a/backend/src/helpers/walkRecursive.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* eslint-disable @typescript-eslint/no-unsafe-argument */ -/* eslint-disable @typescript-eslint/no-unsafe-return */ -/* eslint-disable @typescript-eslint/no-unsafe-call */ -/* eslint-disable @typescript-eslint/no-unsafe-member-access */ -/* eslint-disable @typescript-eslint/no-unsafe-assignment */ -/* eslint-disable promise/prefer-await-to-callbacks */ -/* eslint-disable security/detect-object-injection */ -/** - * iterate through all fields and replace it with the callback result - * @property data Array - * @property fields Array - * @property fieldName String - * @property callback Function - */ -function walkRecursive(data, fields, fieldName, callback, _key?) { - if (!Array.isArray(fields)) { - throw new Error('please provide an fields array for the walkRecursive helper') - } - const fieldDef = fields.find((f) => f.field === _key) - if (data && typeof data === 'string' && fieldDef) { - if (!fieldDef.excludes?.includes(fieldName)) data = callback(data, _key) - } else if (data && Array.isArray(data)) { - // go into the rabbit hole and dig through that array - data.forEach((res, index) => { - data[index] = walkRecursive(data[index], fields, fieldName, callback, index) - }) - } else if (data && typeof data === 'object') { - // lets get some keys and stir them - Object.keys(data).forEach((k) => { - data[k] = walkRecursive(data[k], fields, fieldName, callback, k) - }) - } - return data -} - -export default walkRecursive diff --git a/backend/src/middleware/xssMiddleware.ts b/backend/src/middleware/xssMiddleware.ts index 31ded633c..e8beb5463 100644 --- a/backend/src/middleware/xssMiddleware.ts +++ b/backend/src/middleware/xssMiddleware.ts @@ -1,13 +1,42 @@ +/* eslint-disable security/detect-object-injection */ +/* eslint-disable @typescript-eslint/no-unsafe-argument */ +/* eslint-disable promise/prefer-await-to-callbacks */ /* eslint-disable @typescript-eslint/require-await */ /* eslint-disable @typescript-eslint/no-unsafe-member-access */ /* eslint-disable @typescript-eslint/no-unsafe-call */ /* eslint-disable @typescript-eslint/no-unsafe-assignment */ /* eslint-disable @typescript-eslint/no-unsafe-return */ -import walkRecursive from '@helpers/walkRecursive' - import { cleanHtml } from './helpers/cleanHtml' -// exclamation mark separetes field names, that should not be sanitized +/** + * iterate through all fields and replace it with the callback result + * @property data Array + * @property fields Array + * @property fieldName String + * @property callback Function + */ +const walkRecursive = (data, fields, fieldName, callback, _key?) => { + if (!Array.isArray(fields)) { + throw new Error('please provide an fields array for the walkRecursive helper') + } + const fieldDef = fields.find((f) => f.field === _key) + if (data && typeof data === 'string' && fieldDef) { + if (!fieldDef.excludes?.includes(fieldName)) data = callback(data, _key) + } else if (data && Array.isArray(data)) { + // go into the rabbit hole and dig through that array + data.forEach((res, index) => { + data[index] = walkRecursive(data[index], fields, fieldName, callback, index) + }) + } else if (data && typeof data === 'object') { + // lets get some keys and stir them + Object.keys(data).forEach((k) => { + data[k] = walkRecursive(data[k], fields, fieldName, callback, k) + }) + } + return data +} + +// exclamation mark separates field names, that should not be sanitized const fields = [ { field: 'content', excludes: ['CreateMessage', 'Message'] }, { field: 'contentExcerpt' },