Skip to content

Commit

Permalink
Merge pull request #359 from USEPA/feature/remove-app-scan-middleware
Browse files Browse the repository at this point in the history 
Feature/remove app scan middleware
  • Loading branch information
@courtneymyers
courtneymyers authored Sep 19, 2023
2 parents 532a5bc + 96b9a99 commit ddc38b2
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 90 deletions.
14 changes: 1 addition & 13 deletions app/server/app/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,7 @@ const passport = require("passport");
const errorHandler = require("./utilities/errorHandler");
const log = require("./utilities/logger");
const samlStrategy = require("./config/samlStrategy");
const {
appScan,
protectClientRoutes,
checkClientRouteExists,
} = require("./middleware");
const { protectClientRoutes, checkClientRouteExists } = require("./middleware");
const routes = require("./routes");

const {
Expand Down Expand Up @@ -92,14 +88,6 @@ if (NODE_ENV === "development") {
app.use(morgan("dev"));
}

/**
* Apply global middleware on dev/staging in order for scan to receive 200
* status on all endpoints
*/
if (CLOUD_SPACE === "dev" || CLOUD_SPACE === "staging") {
app.use(appScan);
}

app.use(express.json({ limit: JSON_PAYLOAD_LIMIT || "5mb" }));
app.use(cookieParser());
app.use(express.urlencoded({ extended: true }));
Expand Down
24 changes: 3 additions & 21 deletions app/server/app/middleware.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ function ensureAuthenticated(req, res, next, rejectCallback = rejectRequest) {
});

next();
}
},
);
}

Expand Down Expand Up @@ -140,7 +140,7 @@ function rejectRequest(req, res, jwtExpired) {
function protectClientRoutes(req, res, next) {
const subPath = SERVER_BASE_PATH || "";
const unprotectedRoutes = ["/", "/welcome", "/manifest.json"].map(
(route) => `${subPath}${route}`
(route) => `${subPath}${route}`,
);

if (!unprotectedRoutes.includes(req.path) && !req.path.includes("/static")) {
Expand All @@ -166,7 +166,7 @@ function checkClientRouteExists(req, res, next) {
const subPath = SERVER_BASE_PATH || "";

const clientRoutes = ["/", "/welcome", "/helpdesk", "/frf/new"].map(
(route) => `${subPath}${route}`
(route) => `${subPath}${route}`,
);

if (
Expand All @@ -184,23 +184,6 @@ function checkClientRouteExists(req, res, next) {
next();
}

/**
* Global middleware on dev/staging to send 200 status on all server endpoints
* (required for ZAP scan).
*
* @param {express.Request} req
* @param {express.Response} res
* @param {express.NextFunction} next
*/
function appScan(req, res, next) {
/** OpenAPI def must use global "scan" param and enum to "true". */
if (req.query.scan === "true") {
return res.json({ status: 200 });
}

next();
}

/**
* Fetch user's SAM.gov unique combo keys from the BAP and add "bapComboKeys"
* to request object if successful.
Expand Down Expand Up @@ -244,7 +227,6 @@ function verifyMongoObjectId(req, res, next) {
module.exports = {
ensureAuthenticated,
ensureHelpdesk,
appScan,
protectClientRoutes,
checkClientRouteExists,
storeBapComboKeys,
Expand Down
Loading

0 comments on commit ddc38b2

Please sign in to comment.