Merge pull request #155 from fhswf/sonarqube

fix: sonarqube issues

.github/workflows/sonarqube.yml

@@ -24,7 +24,7 @@
 # Feel free to take a look at our documentation (https://docs.sonarqube.org/latest/analysis/github-integration/)
 # or reach out to our community forum if you need some help (https://community.sonarsource.com/c/sq/10)
 
-name: SonarQube analysis
+name: Test & SonarQube analysis
 
 on:
   push:
@@ -39,14 +39,41 @@ permissions:
 jobs:
   Analysis:
     runs-on: ubuntu-latest
+    permissions: write-all
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v4
         with:
           # Disabling shallow clone is recommended for improving relevancy of reporting
           fetch-depth: 0
-      - name: Analyze with SonarQube
 
+      # Install package dependencies
+      - name: Install
+        run: yarn install --immutable
+
+      # Build
+      - name: Build
+        run: yarn workspace common build
+
+      # Run tests
+      - name: Test
+        run: yarn run ci
+
+      - name: Post PR Comment
+        run: npx github-actions-ctrf ctrf/ctrf-report.json --pr-comment
+        if: always()
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: Upload Cypress screenshots
+          path: client/cypress/screenshots
+          overwrite: true
+
+      - name: Analyze with SonarQube
+        if: always()
         # You can pin the exact commit or the version.
         # uses: SonarSource/[email protected]
         uses: sonarsource/sonarqube-scan-action@master

.gitignore

@@ -24,3 +24,5 @@ sonar-scanner-5.0.1.3006-linux/**
 
 
 */TEST-*.xml
+*/*-ctrf.json
+**/ctrf/*.json

backend/Dockerfile

@@ -1,7 +1,7 @@
 FROM node:18-bullseye as build
 ARG CLIENT_ID=692793330469-6iupo55tt0kelejcie26m4njeckbmnv8.apps.googleusercontent.com
-ARG APP_URL=/meeting
-ARG APP_API_URL=https://hopper.fh-swf.de/meeting/api/v1
+ARG APP_URL=/
+ARG APP_API_URL=https://argocd.gawron.cloud/api/v1
 
 ENV CLIENT_ID=${CLIENT_ID}
 # Not set via ARG to prevent it from being stored in the image!
@@ -33,6 +33,9 @@ ARG TZ=Europe/Berlin
 ENV TZ=${TZ}
 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 
+ENV APP_URL=${APP_URL}
+ENV APP_API_URL=${APP_API_URL}
+
 WORKDIR /usr/src/app 
 COPY --from=build /base/package.json .
 COPY --from=build /base/yarn.lock .

backend/k8s/deployment.yaml

@@ -76,6 +76,10 @@ spec:
           name: bookme
           ports:
             - containerPort: 5000
-          resources: {}
+          resources: 
+            limits:
+              memory: 100Mi
       restartPolicy: Always
+      automountServiceAccountToken: false
+
 status: {}

backend/package.json

@@ -10,7 +10,7 @@
   "type": "module",
   "scripts": {
     "test": "vitest run src/**/*.spec.ts --coverage",
-    "ci": "vitest run src/**/*.spec.ts --coverage",
+    "ci": "vitest run src/**/*.spec.ts --coverage; yarn dlx junit-to-ctrf -o ../ctrf/backend-ctrf.json TEST-backend.xml",
     "start": "node build/server.js",
     "server": "nodemon src/server.ts",
     "dev": "concurrently \"npm run server\" \"npm run client\"",
@@ -49,7 +49,8 @@
     "mongoose": "^7.5.0",
     "nodemailer": "^6.4.14",
     "remark": "15.0.1",
-    "remark-html": "16.0.1"
+    "remark-html": "16.0.1",
+    "validator": "^13.12.0"
   },
   "devDependencies": {
     "@babel/core": "^7.23.3",
@@ -59,21 +60,21 @@
     "@types/bcrypt": "^5.0.0",
     "@types/bcryptjs": "^2.4.2",
     "@types/express": "^4.17.11",
-    "@types/jest": "^29.5.8",
+    "@types/jest": "^29.5.13",
     "@types/jsonwebtoken": "^9.0.3",
     "@types/node": "^22.6.0",
     "@types/nodemailer": "^6.4.0",
-    "@vitest/coverage-v8": "^0.34.6",
+    "@vitest/coverage-v8": "^2.1.2",
     "eslint": "^8.48.0",
     "eslint-config-prettier": "^8.3.0",
     "eslint-config-react-app": "^7.0.1",
     "jest": "^29.7.0",
     "nodemon": "^3.0.1",
     "supertest": "^7.0.0",
-    "ts-jest": "^29.1.1",
+    "ts-jest": "^29.2.5",
     "ts-node": "^10.9.1",
     "typescript": "^5.6.2",
-    "vitest": "^2.1.1"
+    "vitest": "^2.1.2"
   },
   "eslintConfig": {
     "extends": [

backend/src/controller/authentication_controller.ts

@@ -5,9 +5,9 @@
  */
 import { UserModel } from "../models/User.js";
 import { validationResult } from "express-validator";
+import validator from "validator";
 import { createTransport } from "nodemailer";
-import { google } from "googleapis";
-import { OAuth2Client, Credentials } from 'google-auth-library';
+import { OAuth2Client } from 'google-auth-library';
 import { Request, Response } from "express";
 
 // Dotenv Config
@@ -17,10 +17,7 @@ const env = dotenv.config({
 });
 
 import { compare } from 'bcrypt';
-
-import pkg from 'jsonwebtoken';
-const { sign, verify } = pkg;
-import { JwtPayload } from 'jsonwebtoken';
+import { sign, verify, JwtPayload } from 'jsonwebtoken';
 
 const REDIRECT_URI = `${process.env.API_URL}/google/oauthcallback`;
 console.log("redirectUri: %s", REDIRECT_URI);
@@ -165,14 +162,15 @@ export const activationController = (req, res): void => {
  * @param {response} res
  */
 export const loginController = (req, res): void => {
-  const { email, password } = req.body;
+  let { email, password } = req.body;
+  email = validator.isEmail(email) ? validator.normalizeEmail(email) : "";
   const errors = validationResult(req);
 
   if (!errors.isEmpty()) {
     const newError = errors.array().map(error => error.msg)[0];
     res.status(422).json({ errors: newError });
   } else {
-    void UserModel.findOne({ email })
+    UserModel.findOne({ email: { $eq: email } })
       .exec()
       .then(user => {
         if (!user) {

backend/src/controller/google_controller.ts

@@ -10,7 +10,7 @@ import { calendar_v3, google } from 'googleapis';
 import { GaxiosResponse, GaxiosPromise } from "gaxios";
 import { OAuth2Client } from 'google-auth-library';
 import Schema$Event = calendar_v3.Schema$Event;
-import { UserModel, User } from "../models/User.js";
+import { UserModel, User, isValidObjectId } from "../models/User.js";
 import { Request, Response } from 'express';
 
 import { Event, IntervalSet } from 'common';
@@ -67,7 +67,7 @@ export const googleCallback = (req: Request, res: Response): void => {
   const code = <string>req.query.code;
   const user = <string>req.query.state;
   if (code) {
-    void oAuth2Client.getToken(code)
+    oAuth2Client.getToken(code)
       .then(token => {
         saveTokens(user, token);
         res.redirect(`${process.env.CLIENT_URL}${process.env.BASE_PATH}/integration/select`);
@@ -149,7 +149,7 @@ export function insertEventToGoogleCal(req: Request, res: Response) {
         .process(req.body.event.description as string)
       */
 
-      void UserModel.findOne({ _id: req.params.user_id })
+      UserModel.findOne({ _id: req.params.user_id })
         .then(user => {
 
           const event: Schema$Event = {
@@ -196,7 +196,7 @@ export function insertEventToGoogleCal(req: Request, res: Response) {
 
           oAuth2Client.setCredentials(user.google_tokens);
           console.log('insert: event=%j', event)
-          void google.calendar({ version: "v3" }).events
+          google.calendar({ version: "v3" }).events
             .insert({
               auth: oAuth2Client,
               calendarId: user.push_calendar,
@@ -230,7 +230,7 @@ export const revokeScopes = (req: Request, res: Response): void => {
   const userid = req['user_id'];
   let tokens = null;
   const query = UserModel.findOne({ _id: userid });
-  void query.exec()
+  query.exec()
     .then((user: User) => {
       tokens = user.google_tokens;
       if (tokens.expiry_date <= Date.now()) {
@@ -316,7 +316,7 @@ export const events = (user_id: string, timeMin: string, timeMax: string): Promi
 }
 
 function deleteTokens(userid: string) {
-  void UserModel.findOneAndUpdate(
+  UserModel.findOneAndUpdate(
     { _id: userid },
     { $unset: { google_tokens: "" } }
   ).then(res => {
@@ -331,14 +331,18 @@ function deleteTokens(userid: string) {
  * @param {object} token  - The Token Object retrieved from Google
  */
 function saveTokens(user: string, token) {
+  if (!isValidObjectId(user)) {
+    console.error('Invalid user ID');
+    return;
+  }
   const _KEYS = ["access_token", "refresh_token", "scope", "expiry_date"];
   const google_tokens = {};
   _KEYS.forEach(key => {
     if (key in token.tokens && token.tokens[key]) {
       google_tokens[key] = <string>token.tokens[key];
     }
   });
-  void UserModel.findOneAndUpdate({ _id: user }, { google_tokens }, { new: true })
+  UserModel.findOneAndUpdate({ _id: user }, { google_tokens }, { new: true })
     .then(user => {
       console.log('saveTokens: %o', user)
     })

backend/src/test/server.spec.ts

@@ -15,7 +15,7 @@ describe("Server", () => {
   });
 
   it("should start the server", async () => {
-    const res = await request(app).get("/meeting/api/v1/ping");
+    const res = await request(app).get("/api/v1/ping");
     expect(res.status).toEqual(200);
   });
 });

client.inlang/.gitignore

@@ -0,0 +1 @@
+cache

client/cypress.config.js

@@ -1,11 +1,20 @@
 import { defineConfig } from 'cypress'
+import { GenerateCtrfReport } from 'cypress-ctrf-json-reporter'
 
-const PORT = process.env.PORT || 3000;
+const PORT = process.env.PORT || 5173;
 
 export default defineConfig({
-    e2e: {
-        baseUrl: `http://localhost:${PORT}/meeting`,
-        video: true,
-        projectId: "pjkkoc"
+  e2e: {
+    baseUrl: `http://localhost:${PORT}`,
+    video: true,
+    projectId: "pjkkoc",
+    setupNodeEvents(on, config) {
+      // Implement node event listeners here
+      new GenerateCtrfReport({
+        on,
+        outputFile: 'client-report.json',
+        outputDir: '../ctrf',
+      })
     },
-})
+  },
+})