From d1fd4a3543e09b4db5a7e4f128e1783f582bde22 Mon Sep 17 00:00:00 2001
From: virgilchiriac <virgil.chiriac@dataport.de>
Date: Mon, 19 Aug 2024 09:03:13 +0200
Subject: [PATCH] BC-7804 - prevent logging of headers

---
 app.js                  |  7 +++-
 controllers/files.js    | 87 ++++++++++++++++++++++-------------------
 controllers/homework.js |  2 +
 3 files changed, 54 insertions(+), 42 deletions(-)

diff --git a/app.js b/app.js
index c1be5b614a..7f30bf3506 100644
--- a/app.js
+++ b/app.js
@@ -250,7 +250,12 @@ app.use((err, req, res, next) => {
 		res.locals = {};
 	}
 	// prevent logging jwts and x-api-keys
-	delete error.options.headers;
+	if (error.options && error.options.headers) {
+		delete error.options.headers;
+	}
+	if (error.response && error.response.request && error.response.request.headers) {
+		delete error.response.request.headers;
+	}
 
 	if (Configuration.get('FEATURE_LOG_REQUEST') === true) {
 		const reqInfo = {
diff --git a/controllers/files.js b/controllers/files.js
index b7f758fc17..b87fab3285 100644
--- a/controllers/files.js
+++ b/controllers/files.js
@@ -672,52 +672,57 @@ router.get('/courses/', (req, res, next) => {
 
 router.get('/courses/:courseId/:folderId?', FileGetter, async (req, res, next) => {
 	const basePath = '/files/courses/';
-	const record = await api(req).get(`/courses/${req.params.courseId}`);
-	res.locals.files.files = res.locals.files.files.map(addThumbnails);
-	let canCreateFile = true;
+	try {
+		const record = await api(req).get(`/courses/${req.params.courseId}`);
 
-	let breadcrumbs = [{
-		title: res.$t('files.label.filesFromMyCourse'),
-		url: basePath,
-		dataTestId: 'navigate-to-my-courses-files',
-	}, {
-		title: record.name,
-		url: basePath + record._id,
-		dataTestId: 'navigate-to-my-files-in-course',
-	}];
+		res.locals.files.files = res.locals.files.files.map(addThumbnails);
+		let canCreateFile = true;
 
-	if (req.params.folderId) {
-		const folderBreadcrumbs = (await getBreadcrumbs(req, req.params.folderId)).map((crumb) => {
-			crumb.url = `${basePath}${record._id}/${crumb.id}`;
-			return crumb;
-		});
-		breadcrumbs = [...breadcrumbs, ...folderBreadcrumbs];
-	}
+		let breadcrumbs = [{
+			title: res.$t('files.label.filesFromMyCourse'),
+			url: basePath,
+			dataTestId: 'navigate-to-my-courses-files',
+		}, {
+			title: record.name,
+			url: basePath + record._id,
+			dataTestId: 'navigate-to-my-files-in-course',
+		}];
 
-	if (['Schüler'].includes(res.locals.currentRole)) {
-		canCreateFile = false;
-	}
+		if (req.params.folderId) {
+			const folderBreadcrumbs = (await getBreadcrumbs(req, req.params.folderId)).map((crumb) => {
+				crumb.url = `${basePath}${record._id}/${crumb.id}`;
+				return crumb;
+			});
+			breadcrumbs = [...breadcrumbs, ...folderBreadcrumbs];
+		}
 
-	res.locals.files.files = getFilesWithSaveName(res.locals.files.files);
+		if (['Schüler'].includes(res.locals.currentRole)) {
+			canCreateFile = false;
+		}
 
-	res.render('files/files', {
-		title: res.$t('files.headline.courseFiles'),
-		canUploadFile: true,
-		canCreateDir: true,
-		canCreateFile,
-		path: res.locals.files.path,
-		inline: req.query.inline || req.query.CKEditor,
-		CKEditor: req.query.CKEditor,
-		breadcrumbs,
-		showSearch: false,
-		courseId: req.params.courseId,
-		ownerId: req.params.courseId,
-		toCourseText: res.$t('global.button.toCourse'),
-		courseUrl: `/rooms/${req.params.courseId}`,
-		canEditPermissions: true,
-		parentId: req.params.folderId,
-		...res.locals.files,
-	});
+		res.locals.files.files = getFilesWithSaveName(res.locals.files.files);
+
+		res.render('files/files', {
+			title: res.$t('files.headline.courseFiles'),
+			canUploadFile: true,
+			canCreateDir: true,
+			canCreateFile,
+			path: res.locals.files.path,
+			inline: req.query.inline || req.query.CKEditor,
+			CKEditor: req.query.CKEditor,
+			breadcrumbs,
+			showSearch: false,
+			courseId: req.params.courseId,
+			ownerId: req.params.courseId,
+			toCourseText: res.$t('global.button.toCourse'),
+			courseUrl: `/rooms/${req.params.courseId}`,
+			canEditPermissions: true,
+			parentId: req.params.folderId,
+			...res.locals.files,
+		});
+	} catch (error) {
+		next(error);
+	}
 });
 
 router.get('/teams/', (req, res, next) => {
diff --git a/controllers/homework.js b/controllers/homework.js
index bb07fd522c..d31ff675fd 100644
--- a/controllers/homework.js
+++ b/controllers/homework.js
@@ -186,6 +186,8 @@ const getCreateHandler = (service) => (req, res, next) => {
 						req,
 						`${base}/${referrer}`,
 					);
+				}).catch((err) => {
+					next(err);
 				});
 		}