From ac9041ad7980fc289540934aa3ec8597ed1a7bb8 Mon Sep 17 00:00:00 2001 From: Adam Buckingham Date: Wed, 20 Dec 2023 12:51:46 -0500 Subject: [PATCH 01/11] Working on Login.gov transition --- .gitignore | 4 + package-lock.json | 229 +++++++++++++++++++++++++++++++++++ package.json | 4 + server/app.js | 60 ++++++++- server/config/config.js | 143 +++++++++++++++++++++- server/routes/auth.routes.js | 209 +++++++++++++++++++++++++++++++- server/security/token.js | 17 +-- server/server.js | 8 +- server/utilities.js | 9 ++ 9 files changed, 655 insertions(+), 28 deletions(-) create mode 100644 server/utilities.js diff --git a/.gitignore b/.gitignore index a9c9fd1..1526f08 100644 --- a/.gitignore +++ b/.gitignore @@ -48,3 +48,7 @@ deploy-log* winston.log.json data/ docker/db/scripts/init.sql +docker/certs/private.pem +docker/certs/public.crt +server/config/certs/private.pem +server/config/certs/public.crt diff --git a/package-lock.json b/package-lock.json index 0cb93fb..ef1adc3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -20,13 +20,17 @@ "express-session": "^1.17.3", "express-winston": "^3.4.0", "flatted": "^3.2.7", + "helmet": "^7.1.0", "json2csv": "^5.0.7", "jsonwebtoken": "^8.5.1", "lodash": "^4.17.21", "memorystore": "^1.6.7", "moment": "^2.29.1", "ms": "^2.1.3", + "node-fetch": "^2.7.0", "nodemailer": "^6.9.4", + "openid-client": "^5.6.1", + "passport": "^0.7.0", "pg": "^8.11.3", "pg-hstore": "^2.3.4", "sequelize": "^6.6.5", @@ -5901,6 +5905,14 @@ "node": ">=0.10.0" } }, + "node_modules/helmet": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/helmet/-/helmet-7.1.0.tgz", + "integrity": "sha512-g+HZqgfbpXdCkme/Cd/mZkV0aV3BZZZSugecH03kl38m/Kmdx8jKjBikpDj2cr+Iynv4KpYEviojNdTJActJAg==", + "engines": { + "node": ">=16.0.0" + } + }, "node_modules/hosted-git-info": { "version": "2.8.9", "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", @@ -10072,6 +10084,14 @@ "node": ">= 10.14.2" } }, + "node_modules/jose": { + "version": "4.15.4", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.4.tgz", + "integrity": "sha512-W+oqK4H+r5sITxfxpSU+MMdr/YSWGvgZMQDIsNoBDGGy4i7GBPTtvFKibQzW06n3U3TqHjhvBJsirShsEJ6eeQ==", + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, "node_modules/js-beautify": { "version": "1.14.7", "resolved": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.14.7.tgz", @@ -11139,6 +11159,44 @@ "isarray": "0.0.1" } }, + "node_modules/node-fetch": { + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz", + "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==", + "dependencies": { + "whatwg-url": "^5.0.0" + }, + "engines": { + "node": "4.x || >=6.0.0" + }, + "peerDependencies": { + "encoding": "^0.1.0" + }, + "peerDependenciesMeta": { + "encoding": { + "optional": true + } + } + }, + "node_modules/node-fetch/node_modules/tr46": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", + "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" + }, + "node_modules/node-fetch/node_modules/webidl-conversions": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", + "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" + }, + "node_modules/node-fetch/node_modules/whatwg-url": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", + "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", + "dependencies": { + "tr46": "~0.0.3", + "webidl-conversions": "^3.0.0" + } + }, "node_modules/node-int64": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", @@ -11438,6 +11496,14 @@ "node": ">=0.10.0" } }, + "node_modules/object-hash": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz", + "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==", + "engines": { + "node": ">= 6" + } + }, "node_modules/object-inspect": { "version": "1.12.3", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz", @@ -11664,6 +11730,14 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/oidc-token-hash": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.3.tgz", + "integrity": "sha512-IF4PcGgzAr6XXSff26Sk/+P4KZFJVuHAJZj3wgO3vX2bMdNVp/QXTP3P7CEm9V1IdG8lDLY3HhiqpsE/nOwpPw==", + "engines": { + "node": "^10.13.0 || >=12.0.0" + } + }, "node_modules/on-finished": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz", @@ -11713,6 +11787,36 @@ "node": ">=4" } }, + "node_modules/openid-client": { + "version": "5.6.1", + "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-5.6.1.tgz", + "integrity": "sha512-PtrWsY+dXg6y8mtMPyL/namZSYVz8pjXz3yJiBNZsEdCnu9miHLB4ELVC85WvneMKo2Rg62Ay7NkuCpM0bgiLQ==", + "dependencies": { + "jose": "^4.15.1", + "lru-cache": "^6.0.0", + "object-hash": "^2.2.0", + "oidc-token-hash": "^5.0.3" + }, + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, + "node_modules/openid-client/node_modules/lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/openid-client/node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" + }, "node_modules/optionator": { "version": "0.8.2", "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.2.tgz", @@ -11851,6 +11955,31 @@ "node": ">=0.10.0" } }, + "node_modules/passport": { + "version": "0.7.0", + "resolved": "https://registry.npmjs.org/passport/-/passport-0.7.0.tgz", + "integrity": "sha512-cPLl+qZpSc+ireUvt+IzqbED1cHHkDoVYMo30jbJIdOOjQ1MQYZBPiNvmi8UM6lJuOpTPXJGZQk0DtC4y61MYQ==", + "dependencies": { + "passport-strategy": "1.x.x", + "pause": "0.0.1", + "utils-merge": "^1.0.1" + }, + "engines": { + "node": ">= 0.4.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/jaredhanson" + } + }, + "node_modules/passport-strategy": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz", + "integrity": "sha512-CB97UUvDKJde2V0KDWWB3lyf6PC3FaZP7YxZ2G8OAtn9p4HI9j9JLP9qjOGZFvyl8uwNT8qM+hGnz/n16NI7oA==", + "engines": { + "node": ">= 0.4.0" + } + }, "node_modules/path-exists": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz", @@ -11907,6 +12036,11 @@ "node": ">=4" } }, + "node_modules/pause": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/pause/-/pause-0.0.1.tgz", + "integrity": "sha512-KG8UEiEVkR3wGEb4m5yZkVCzigAD+cVEJck2CzYZO37ZGJfctvVptVO192MwrtPhzONn6go8ylnOdMhKqi4nfg==" + }, "node_modules/pg": { "version": "8.11.3", "resolved": "https://registry.npmjs.org/pg/-/pg-8.11.3.tgz", @@ -19929,6 +20063,11 @@ } } }, + "helmet": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/helmet/-/helmet-7.1.0.tgz", + "integrity": "sha512-g+HZqgfbpXdCkme/Cd/mZkV0aV3BZZZSugecH03kl38m/Kmdx8jKjBikpDj2cr+Iynv4KpYEviojNdTJActJAg==" + }, "hosted-git-info": { "version": "2.8.9", "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", @@ -23202,6 +23341,11 @@ "supports-color": "^7.0.0" } }, + "jose": { + "version": "4.15.4", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.4.tgz", + "integrity": "sha512-W+oqK4H+r5sITxfxpSU+MMdr/YSWGvgZMQDIsNoBDGGy4i7GBPTtvFKibQzW06n3U3TqHjhvBJsirShsEJ6eeQ==" + }, "js-beautify": { "version": "1.14.7", "resolved": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.14.7.tgz", @@ -24079,6 +24223,35 @@ } } }, + "node-fetch": { + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz", + "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==", + "requires": { + "whatwg-url": "^5.0.0" + }, + "dependencies": { + "tr46": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", + "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" + }, + "webidl-conversions": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", + "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" + }, + "whatwg-url": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", + "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", + "requires": { + "tr46": "~0.0.3", + "webidl-conversions": "^3.0.0" + } + } + } + }, "node-int64": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", @@ -24315,6 +24488,11 @@ } } }, + "object-hash": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz", + "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==" + }, "object-inspect": { "version": "1.12.3", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz", @@ -24471,6 +24649,11 @@ } } }, + "oidc-token-hash": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.3.tgz", + "integrity": "sha512-IF4PcGgzAr6XXSff26Sk/+P4KZFJVuHAJZj3wgO3vX2bMdNVp/QXTP3P7CEm9V1IdG8lDLY3HhiqpsE/nOwpPw==" + }, "on-finished": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz", @@ -24511,6 +24694,32 @@ "mimic-fn": "^1.0.0" } }, + "openid-client": { + "version": "5.6.1", + "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-5.6.1.tgz", + "integrity": "sha512-PtrWsY+dXg6y8mtMPyL/namZSYVz8pjXz3yJiBNZsEdCnu9miHLB4ELVC85WvneMKo2Rg62Ay7NkuCpM0bgiLQ==", + "requires": { + "jose": "^4.15.1", + "lru-cache": "^6.0.0", + "object-hash": "^2.2.0", + "oidc-token-hash": "^5.0.3" + }, + "dependencies": { + "lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "requires": { + "yallist": "^4.0.0" + } + }, + "yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" + } + } + }, "optionator": { "version": "0.8.2", "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.2.tgz", @@ -24615,6 +24824,21 @@ "integrity": "sha1-s2PlXoAGym/iF4TS2yK9FdeRfxQ=", "dev": true }, + "passport": { + "version": "0.7.0", + "resolved": "https://registry.npmjs.org/passport/-/passport-0.7.0.tgz", + "integrity": "sha512-cPLl+qZpSc+ireUvt+IzqbED1cHHkDoVYMo30jbJIdOOjQ1MQYZBPiNvmi8UM6lJuOpTPXJGZQk0DtC4y61MYQ==", + "requires": { + "passport-strategy": "1.x.x", + "pause": "0.0.1", + "utils-merge": "^1.0.1" + } + }, + "passport-strategy": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz", + "integrity": "sha512-CB97UUvDKJde2V0KDWWB3lyf6PC3FaZP7YxZ2G8OAtn9p4HI9j9JLP9qjOGZFvyl8uwNT8qM+hGnz/n16NI7oA==" + }, "path-exists": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz", @@ -24659,6 +24883,11 @@ "pify": "^2.0.0" } }, + "pause": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/pause/-/pause-0.0.1.tgz", + "integrity": "sha512-KG8UEiEVkR3wGEb4m5yZkVCzigAD+cVEJck2CzYZO37ZGJfctvVptVO192MwrtPhzONn6go8ylnOdMhKqi4nfg==" + }, "pg": { "version": "8.11.3", "resolved": "https://registry.npmjs.org/pg/-/pg-8.11.3.tgz", diff --git a/package.json b/package.json index 78a808c..37835cf 100644 --- a/package.json +++ b/package.json @@ -38,13 +38,17 @@ "express-session": "^1.17.3", "express-winston": "^3.4.0", "flatted": "^3.2.7", + "helmet": "^7.1.0", "json2csv": "^5.0.7", "jsonwebtoken": "^8.5.1", "lodash": "^4.17.21", "memorystore": "^1.6.7", "moment": "^2.29.1", "ms": "^2.1.3", + "node-fetch": "^2.7.0", "nodemailer": "^6.9.4", + "openid-client": "^5.6.1", + "passport": "^0.7.0", "pg": "^8.11.3", "pg-hstore": "^2.3.4", "sequelize": "^6.6.5", diff --git a/server/app.js b/server/app.js index ccdc8bc..4351a82 100644 --- a/server/app.js +++ b/server/app.js @@ -18,8 +18,14 @@ const {cleanAwardNotices} = require('./cron/noticeAwardCleanup') const {CronJob} = require('cron') const pg = require('pg'); +const { Issuer, Strategy, generators } = require('openid-client'); + const dbConfig = require('./config/dbConfig')[env] +const passport = require('passport'); +const helmet = require('helmet'); + + const pgPool = new pg.Pool({ database: dbConfig.database, user: dbConfig.username, @@ -29,6 +35,9 @@ const pgPool = new pg.Pool({ }); + + + if (! jwtSecret) { console.log("No JWT secret defined. Be sure to set JWT_SECRET in the environment before running startup") // allowed output process.exit(1) @@ -47,10 +56,45 @@ function setupCronJobs() { } } +let login_gov_auth_url + +let loginGovClient = Issuer.discover(config['login_gov_oidc']['issuer_url']) + .then(function (oidcIssuer) { + + + const nonce = generators.nonce(); + + const state = generators.state(); + + const params = { + acr_values: 'http://idmanagement.gov/ns/assurance/ial/1', + client_id: config['login_gov_oidc']["client_id"], + prompt:'select_account', + nonce: nonce, + state: state, + //redirect_uris: ["http://localhost:3000/odic/callback"], + redirect_uri: "http://localhost:3000/odic/callback", + scope: "openid email profile", + } + + const client = new oidcIssuer.Client({ + client_id: config['login_gov_oidc']["client_id"], + response_type: 'code', + params + }); + + login_gov_auth_url = client.authorizationUrl(params); + + return client; + + }); + // // Setup ORM // -module.exports = function (db, cas) { +module.exports = { + + app: function (db, cas) { let app = express() app.disable('x-powered-by'); @@ -167,7 +211,8 @@ module.exports = function (db, cas) { sameSite : 'lax', secure: getConfig('sessionCookieSecure', true) } })); - + + // This will prevent express from sending 304 responses. app.use(function (req, res, next) { req.headers['if-none-match'] = 'no-match-for-this' @@ -179,6 +224,12 @@ module.exports = function (db, cas) { app.get('/api/agencyList', token(), agencyRoutes.agencyList) app.post('/api/analytics', token(), admin_only(), analyticsRoutes.analytics) app.post('/api/Analytics', token(), admin_only(), analyticsRoutes.analytics) + app.get("/api/login", (req, res) => { + res.redirect(login_gov_auth_url); + }); + + app.get("/odic/callback", authRoutes.grabToken); + app.post('/api/auth/tokenCheck', authRoutes.tokenCheck) app.get('/api/casLogin', cas.bounce, authRoutes.casStage2) app.post('/api/email', token(), emailRoutes.email) @@ -247,6 +298,7 @@ module.exports = function (db, cas) { setupCronJobs() return app -} - +}, +clientPromise: loginGovClient +}; diff --git a/server/config/config.js b/server/config/config.js index 2154bde..fc21d34 100644 --- a/server/config/config.js +++ b/server/config/config.js @@ -117,7 +117,139 @@ module.exports = { "general services administration": "General Services Administration", "department of defense--military programs": "Department of Defense", "department of defense": "Department of Defense", - "millennium challenge corporation":"Millennium Challenge Corporation" + "millennium challenge corporation":"Millennium Challenge Corporation", + "acf": "Administration for Children and Families", + "ahrq": "Agency for Healthcare Research and Quality", + "ams": "Agricultural Marketing Service", + "amtrak": "Amtrak", + "aphis": "Animal and Plant Health Inspection Service", + "atf": "Bureau of Alcohol, Tobacco, Firearms and Explosives", + "bea": "Bureau of Economic Analysis", + "bep": "Bureau of Engraving and Printing", + "bis": "Bureau of Industry and Security", + "blm": "Bureau of Land Management", + "bop": "Federal Bureau of Prisons", + "cbo": "Congressional Budget Office", + "cdc": "Centers for Disease Control and Prevention", + "centcom": "U.S. Central Command", + "cftc": "U.S. Commodity Futures Trading Commission", + "cia": "Central Intelligence Agency", + "cms": "Medicaid", + "cncs": "Corporation for National and Community Service", + "cnpp": "Center for Nutrition Policy and Promotion", + "cops": "Community Oriented Policing Services", + "cpsc": "Consumer Product Safety Commission", + "darpa": "Defense Advanced Research Projects Agency", + "dea": "Drug Enforcement Administration", + "dfas": "Defense Finance and Accounting Service", + "dhs": "Homeland Security Department", + "dia": "Defense Intelligence Agency", + "disa": "Defense Information Systems Agency", + "dla": "Defense Logistics Agency", + "doc": "Commerce Department", + "dod": "Defense Department", + "doe": "Energy Department", + "doi": "Department of the Interior", + "doj": "Justice Department", + "dol": "U.S. Department of Labor", + "dos": "Department of State", + "dot": "Transportation Department", + "dsca": "Defense Security Cooperation Agency", + "dtic": "Defense Technical Information Center", + "dtra": "Defense Threat Reduction Agency", + "eac": "Election Assistance Commission", + "ebsa": "Employee Benefits Security Administration", + "ed": "U.S. Department of Education", + "eda": "Economic Development Administration", + "eeoc": "Equal Employment Opportunity Commission", + "epa": "Environmental Protection Agency", + "eric": "Information Resources Center", + "faa": "Federal Aviation Administration", + "fbi": "Federal Bureau of Investigation", + "fcc": "Federal Communications Commission", + "fda": "Food and Drug Administration", + "fdic": "Federal Deposit Insurance Corporation", + "fema": "Federal Emergency Management Agency", + "fha": "Federal Housing Administration", + "fheo": "Fair Housing and Equal Opportunity", + "fletc": "Federal Law Enforcement Training Center", + "flra": "Federal Labor Relations Authority", + "fmcsa": "Federal Motor Carrier Safety Administration", + "fra": "Federal Railroad Administration", + "fta": "Federal Transit Administration", + "ftc": "Federal Trade Commission", + "fws": "Fish and Wildlife Service", + "fannie mae": "Federal National Mortgage Association", + "freddie mac": "Federal Home Loan Mortgage Corporation", + "gao": "Government Accountability Office", + "gpo": "Government Publishing Office", + "gsa": "General Services Administration", + "ginnie mae": "Government National Mortgage Association", + "hhs": "U.S. Department of Health and Human Services", + "hud": "Department of Housing and Urban Development", + "helsinki commission": "Commission on Security and Cooperation in Europe", + "ice": "U.S. Immigration and Customs Enforcement", + "irs": "Internal Revenue Service", + "ita": "International Trade Administration", + "loc": "Library of Congress", + "marad": "Maritime Administration", + "mda": "Missile Defense Agency", + "msha": "Mine Safety and Health Administration", + "nara": "Archives, National Archives and Records Administration", + "nasa": "National Aeronautics and Space Administration", + "nci": "National Cancer Institute", + "ncua": "National Credit Union Administration", + "nea": "National Endowment for the Arts", + "nfip": "National Flood Insurance Program", + "nhic": "National Health Information Center", + "nhlbi": "National Heart, Lung, and Blood Institute", + "nhtsa": "National Highway Traffic Safety Administration", + "nih": "National Institutes of Health", + "nimh": "National Institute of Mental Health", + "niosh": "National Institute of Occupational Safety and Health", + "nist": "National Institute of Standards and Technology", + "nlrb": "National Labor Relations Board", + "noaa": "National Oceanic and Atmospheric Administration", + "npic": "National Passport Information Center", + "nps": "National Park Service", + "nrc": "Nuclear Regulatory Commission", + "nsa": "National Security Agency", + "nsc": "National Security Council", + "nsf": "National Science Foundation", + "ntsb": "National Transportation Safety Board", + "occ": "Office of Comptroller of the Currency", + "ocse": "Office of Child Support Enforcement", + "odep": "Office of Disability Employment Policy", + "oge": "Office of Government Ethics", + "omb": "Office of Management and Budget", + "ondcp": "Office of National Drug Control Policy", + "opm": "Office of Personnel Management", + "osers": "Office of Special Education and Rehabilitative Services", + "osha": "Occupational Safety and Health Administration", + "pbgc": "Pension Benefit Guaranty Corporation", + "pclob": "Privacy and Civil Liberties Oversight Board", + "rfa": "Radio Free Asia", + "rfe/rl": "Radio Free Europe and Radio Liberty", + "rrb": "Railroad Retirement Board", + "samhsa": "Substance Abuse and Mental Health Services Administration", + "sba": "Small Business Administration", + "sec": "Securities and Exchange Commission", + "ssa": "Social Security Administration", + "sss": "Selective Service System", + "tsa": "Transportation Security Administration", + "tva": "Tennessee Valley Authority", + "us cert": "Computer Emergency Readiness Team", + "usaid": "U.S. Agency for International Development", + "uscis": "Citizenship and Immigration Services", + "usda": "Department of Agriculture", + "usgs": "Geological Survey", + "usps": "Postal Service", + "va": "Department of Veterans Affairs", + "vba": "Veterans Benefits Administration", + "vets": "Veterans' Employment and Training Service", + "vha": "Veterans Health Administration", + "voa": "Voice of America", + "washington, dc": "District of Columbia" }, // AGENCY_LOOKUP: { @@ -213,12 +345,19 @@ module.exports = { "srtClientUrl": "http://localhost:4200", "logStdOut" : false, "logStdOutLevel" : "debug", + "login_gov_oidc": { + "client_id": "urn:gov:gsa:openidconnect.profiles:sp:sso:office_of_government_wide_policy:srt_app", + "issuer_url": "https://idp.int.identitysandbox.gov/.well-known/openid-configuration", + "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", + "token_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/token", + "user_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo", + }, "maxCas" : { "cas_url" : "https://login.test.max.gov/cas/", "service_url" : "http://localhost:3000", "session_name" : "cas_user", "session_info" : "cas_userinfo", - "is_dev_mode" : true, // adjust to false when you want to test with MAX + "is_dev_mode" : false, // adjust to false when you want to test with MAX "dev_mode_user" : "dev_user", "renew" : true, "renew_query_parameter_name" : "bypassMaxsso", diff --git a/server/routes/auth.routes.js b/server/routes/auth.routes.js index 352ca9b..2f8801a 100644 --- a/server/routes/auth.routes.js +++ b/server/routes/auth.routes.js @@ -1,15 +1,23 @@ /** @module AuthRoutes */ const jwt = require('jsonwebtoken') +const fs = require('fs'); +const path = require("path"); +const util = require('node:util'); +const {jsonToURI} = require('../utilities.js'); + + const logger = require('../config/winston') // noinspection JSUnresolvedVariable const User = require('../models').User const ms = require('ms') - +const fetch = require('node-fetch'); const env = process.env.NODE_ENV || 'development' const config = require('../config/config.js')[env] const {common} = require('../config/config.js') const {getConfig} = require('../config/configuration') +const jwtSecret = common.jwtSecret || undefined + const roles = [ { name: "Administrator", casGroup:"AGY-GSA-SRT-ADMINISTRATORS.ROLEMANAGEMENT", priority: 10}, @@ -32,7 +40,9 @@ const FIVE08_COORDINATOR_ROLE = 2 const CO_ROLE = 3 const EXEC_ROLE = 4 - +// Load your RSA private key +const privateKey = fs.readFileSync(path.resolve(__dirname,'../config/certs/private.pem'), 'utf8'); +const publicKey = fs.readFileSync(path.resolve(__dirname,'../config/certs/public.crt'), 'utf8'); /** * Update a user record in the database to reflect updated info from MAX CAS * @@ -67,6 +77,61 @@ function updateMAXUser(cas_data, user) { } } +function updateUser(login_gov_data, user) { + // Update thhe user value if differing an save value + try { + + //console.log("User Found:", user) + + if (login_gov_data.given_name !== undefined) user['firstName'] = login_gov_data['given_name'] + + if (login_gov_data.family_name !== undefined) user['lastName'] = login_gov_data['family_name'] + + user['maxId'] = user.maxId || login_gov_data.sub + + return user.save() + .then(() => { + return user + }) + .catch(e => { + logger.log('error', 'error in: updateUser', { error:e, tag: 'updateUser' }) + }) + } catch (e) { + logger.log ("error", "caught error in auth.routes.js", {error:e, tag: 'updateUser'}) + } +} + +function createUser(loginGovUser) { + let now = new Date() + let date = (now.getMonth() + 1) + "-" + now.getDate() + "-" + now.getFullYear() + let user_data = { + 'firstName': loginGovUser.given_name || null, + 'lastName': loginGovUser.family_name || null, + 'email': loginGovUser.email, + 'password': null, + 'agency': grabAgencyFromEmail(loginGovUser.email), + 'position': '', + 'userRole': 'Executive User', + 'isRejected': false, + 'isAccepted': true, + 'tempPassword': null, + 'creationDate': date, + 'maxId': loginGovUser.sub + } + return User.create(user_data) + .then( u => { + return u + }) + .catch ( e => { + logger.log("error", 'error in: createUser', {error: e, tag:"createUser"}) + }) +} + +function grabAgencyFromEmail(email) { + let agency_abbreviance = email.split('@')[1].split('.')[0] + + return translateCASAgencyName(agency_abbreviance) +} /** * @typedef {Object} cookie-session @@ -189,6 +254,21 @@ async function createOrUpdateMAXUser(cas_data) { } } +async function createOrUpdateLoginGovUser(login_gov_data) { + try { + let u = await User.findOne({where: {'email': login_gov_data["email"]}}) + if (u) { + return updateUser(login_gov_data, u) + } else { + return createUser(login_gov_data) + } + + } catch (e) { + logger.log("error", "Error caught in create/update MAX User", {error: e, tag: "create/update MAX User"}) + } +} + + /*** * Takes the group list from a CAS login and parses it to find the * proper role for the user. @@ -337,6 +417,25 @@ function userInfoFromReq(req) { return null; } +function getUserInfo(access_token) { + const userEndPoint = config['login_gov_oidc']['user_endpoint'] + + let user = fetch(userEndPoint, { + method: 'get', + cache: "no-cache", + headers: { + "Authorization": `Bearer ${access_token}`, + }}) + .then( (userResponse) => { + let userRsp = userResponse.json().then( (rspJson) => { + return rspJson + }) + return userRsp + }); + + return user; +} + /** * Defines the functions used to process the various authorization and authentication related API routes. */ @@ -346,6 +445,7 @@ module.exports = { renewToken: function (req, res) { let oldToken = req.headers['authorization'].split(' ')[1] + // noinspection JSUnresolvedVariable let user = (jwt.decode(oldToken)).user @@ -358,11 +458,108 @@ module.exports = { user.renewTime = Math.round (new Date().getTime() / 1000) let newToken = jwt.sign({user: user}, common.jwtSecret, { expiresIn: getConfig('renewTokenLife') }) logger.log("debug", "creating a renewal token valid for " + getConfig('renewTokenLife') ) - + //console.log("debug", "creating a renewal token valid for " + getConfig('renewTokenLife') ) return res.status(200).send({token: newToken, token_life_in_seconds: ms(getConfig('renewTokenLife'))/1000 }) }, + grabToken: async function (req, res) { + let accessToken = null + let expiresIn = null + + //console.log("OG URL: ", req.originalUrl) + //console.log("Query", req.query) + const tokenEndPoint = config['login_gov_oidc']['token_endpoint'] + + const client_assertion = () => { + const payload = { + iss: config['login_gov_oidc']['client_id'], + sub: config['login_gov_oidc']['client_id'], + aud: tokenEndPoint, + jti: jwtSecret, + exp: Math.floor(Date.now() / 1000) + (5 * 60) // Current time + 5 minutes + } + + //console.log("payload ", payload) + + return jwt.sign(payload, privateKey, { algorithm: 'RS256' }); + }; + + + body = { + client_assertion: client_assertion(), + client_assertion_type: config['login_gov_oidc']['client_assertion_type'], + code: req.query.code, + grant_type: 'authorization_code', + } + + fetch(tokenEndPoint, { + method: 'post', + cache: "no-cache", + headers: { + "Content-Type": "application/json", + // 'Content-Type': 'application/x-www-form-urlencoded', + }, + body: JSON.stringify(body) + }).then( (tokenResponse) => { + //console.log("tokenResponse ", tokenResponse) + tokenResponse.json().then( (rspJson) => { + accessToken = rspJson.access_token + expiresIn = rspJson.expires_in + idToken = rspJson.id_token + //console.log("rspJson ", rspJson) + + if ( !accessToken ) { + // didn't get a Login Access Token + return res.status(302) + .set('Location', config['srtClientUrl'] + '/auth') // send them back with no token + .send(`Login Failed`) + } + + getUserInfo(accessToken).then( (userInfo) => { + // console.log("user ", userInfo) + userInfo.accessToken = accessToken + + if ( !userInfo.sub ) { + // didn't get a Login.gov UUID + return res.status(302) + .set('Location', config['srtClientUrl'] + '/auth') // send them back with no token + .send(`Login Failed`) + } + + createOrUpdateLoginGovUser(userInfo) + .then( (stored_user) => { + let srt_userinfo = Object.assign({}, stored_user) + srt_userinfo.user = stored_user.dataValues + srt_userinfo.user.sessionEnd = Math.floor ((new Date().getTime() + ms(getConfig('sessionLength')) )/ 1000) + + + + let uri_components = { + token: jwt.sign({access_token: accessToken, user: srt_userinfo.user, sessionEnd: srt_userinfo.sessionEnd, token_life_in_seconds: getConfig('renewTokenLife')}, common.jwtSecret, { expiresIn: getConfig('renewTokenLife') }), + token_life_in_seconds: expiresIn, + email: srt_userinfo.email || userInfo.email, + email_verified: userInfo.email_verified, + agency: srt_userinfo.agency || null, + id: srt_userinfo.id, + userRole: srt_userinfo.userRole, + firstName: srt_userinfo.firstName || userInfo.given_name, + lastName: srt_userinfo.lastName || userInfo.family_name, + } + let location = `${config['srtClientUrl']}/auth?info=${jsonToURI(uri_components)}` + + return res.status(302) + .set('Location', location) + .send(`Preparing login`) + }) + }); + + + }) + }); + + }, + /** * POST /api/auth/tokenCheck

* @@ -382,12 +579,16 @@ module.exports = { * @return {Promise} */ tokenCheck: function (req, res) { + let token = req.body.token + //console.log("token sent in tokenCheck:", token) try { if ( token && jwt.verify(token, common.jwtSecret)) { let tokenInfo = jwt.decode(token) /** @namespace tokenInfo.user */ - + + //console.log('tokenInfo: ', tokenInfo) + if (tokenInfo['user'] && tokenInfo['user']['maxId']) { return res.status(200).send( { diff --git a/server/security/token.js b/server/security/token.js index 19de542..b26188d 100644 --- a/server/security/token.js +++ b/server/security/token.js @@ -18,26 +18,13 @@ module.exports = function () { try { - /* - let cookies = (req) => { - if (req.headers.hasOwnProperty('cookie')) { - return req.headers['cookie'] - } - return [] - } - - if (Array.isArray(cookies)) { - let sessionCookie = cookies.find(cookie => cookie.startsWith('session=')); - let authorization = sessionCookie.split(';')[0].split('=')[1] - // Adjusting it to be in format expected. - req.headers['authorization'] = `Bearer ${authorization}` - } - */ + //console.log("token.js req.headers: ",req.headers) if (req.headers.hasOwnProperty('authorization')) { logger.log('debug', "Begin authentication. ", {tag: 'token check 3', auth_header: req.headers['authorization']}) message += " - authorization header was found" token = req.headers['authorization'].split(' ')[1] + //console.log("token.js token: ",token) if (token && token !== 'null') { jwt.verify(token, common.jwtSecret) // will thrown an error on an invalid token diff --git a/server/server.js b/server/server.js index f4f3db2..62aaf80 100644 --- a/server/server.js +++ b/server/server.js @@ -1,15 +1,17 @@ const env = process.env.NODE_ENV || 'development' const config = require('./config/config.js')[env] -const app = require('./app')() +const { app, clientPromise } = require('./app'); +const appInstance = app(); // If the function requires parameters, pass them here. + const db = require('./models') // noinspection JSUnresolvedVariable const port = config.srt_server.port db.sequelize.sync().then(() => { - app.listen(port, '0.0.0.0',() => { + appInstance.listen(port, '0.0.0.0',() => { console.log(`Started up at port ${port}`) // allowed output }) }); -module.exports = app +module.exports = appInstance diff --git a/server/utilities.js b/server/utilities.js new file mode 100644 index 0000000..d5ed4cc --- /dev/null +++ b/server/utilities.js @@ -0,0 +1,9 @@ +function jsonToURI(json){ return encodeURIComponent(JSON.stringify(json)); } + +function uriToJSON(urijson){ return JSON.parse(decodeURIComponent(urijson)); } + + +module.exports = { + jsonToURI: jsonToURI, + uriToJSON: uriToJSON +} \ No newline at end of file From 867bf23de2d29e0540f26bbd5779e24a5ed21d6b Mon Sep 17 00:00:00 2001 From: Adam Buckingham Date: Fri, 5 Jan 2024 09:18:07 -0500 Subject: [PATCH 02/11] Adding the identity failture route --- server/app.js | 9 +++++++-- server/version.json | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/server/app.js b/server/app.js index 4351a82..70d9024 100644 --- a/server/app.js +++ b/server/app.js @@ -227,9 +227,14 @@ module.exports = { app.get("/api/login", (req, res) => { res.redirect(login_gov_auth_url); }); - + // Login.gov Failure to Proof URL: + // For users who are unable to complete identity proofing and returning to the app + app.get("odic/failure", (req, res) => { + return res.status(302) + .set('Location', config['srtClientUrl'] + '/auth') // send them back with no token + .send(`Identity Login Failure`) + }); app.get("/odic/callback", authRoutes.grabToken); - app.post('/api/auth/tokenCheck', authRoutes.tokenCheck) app.get('/api/casLogin', cas.bounce, authRoutes.casStage2) app.post('/api/email', token(), emailRoutes.email) diff --git a/server/version.json b/server/version.json index a912ef1..101e0ea 100644 --- a/server/version.json +++ b/server/version.json @@ -1 +1 @@ -{ "version" : "v1.2.0dev1" , "build_date" : "2023-09-05.10.30.00" } +{ "version" : "v1.4.0dev1" , "build_date" : "2023-09-05.10.30.00" } From 56c12c6a600b21faa6d87396b938de5211ceb5ca Mon Sep 17 00:00:00 2001 From: Adam Buckingham Date: Tue, 9 Jan 2024 10:05:34 -0500 Subject: [PATCH 03/11] Placing Max.gov user roles in db --- server/routes/auth.routes.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/routes/auth.routes.js b/server/routes/auth.routes.js index 2f8801a..4952481 100644 --- a/server/routes/auth.routes.js +++ b/server/routes/auth.routes.js @@ -60,7 +60,7 @@ function updateMAXUser(cas_data, user) { user['password'] = null user['agency'] = cas_data['agency-name'] user['position'] = '' - user['userRole'] = 'Administrator' + user['userRole'] = cas_data['userRole'] user['isRejected'] = false user['isAccepted'] = true user['tempPassword'] = null @@ -210,7 +210,7 @@ function createMAXUser(cas_data) { 'password': null, 'agency': cas_data['agency-name'], 'position': '', - 'userRole': 'Administrator', + 'userRole': cas_data['userRole'], 'isRejected': false, 'isAccepted': true, 'tempPassword': null, From 38c1d8c3aeb8a6f906ccde664457241dcc6bc503 Mon Sep 17 00:00:00 2001 From: Adam Buckingham Date: Tue, 16 Jan 2024 13:04:29 -0500 Subject: [PATCH 04/11] Adding comment for context --- server/routes/auth.routes.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/routes/auth.routes.js b/server/routes/auth.routes.js index 4952481..0f7abf3 100644 --- a/server/routes/auth.routes.js +++ b/server/routes/auth.routes.js @@ -111,7 +111,7 @@ function createUser(loginGovUser) { 'password': null, 'agency': grabAgencyFromEmail(loginGovUser.email), 'position': '', - 'userRole': 'Executive User', + 'userRole': 'Executive User', // If we need to handle user roles, we should set it to lowest setting and adjust 'isRejected': false, 'isAccepted': true, 'tempPassword': null, @@ -632,7 +632,7 @@ module.exports = { logger.log('info', req.session.cas_userinfo['email-address'] + ' authenticated with MAX CAS ID ' + req.session.cas_userinfo['max-id'], {cas_userinfo: req.session.cas_userinfo, tag: 'casStage2'}) let responseJson = await tokenJsonFromCasInfo(req.session.cas_userinfo, common.jwtSecret) - let location = `${config['srtClientUrl']}/auth?token=${responseJson}` + let location = `${config['srtClientUrl']}/auth?info=${responseJson}` let rollList = roles.map( (x) => x.name) let decoded_user_role = JSON.parse(responseJson).userRole From 0e8855a4af79d933db42df28e527db2dfbcc9f31 Mon Sep 17 00:00:00 2001 From: Adam Buckingham Date: Wed, 17 Jan 2024 10:52:35 -0500 Subject: [PATCH 05/11] Want to include a default Agency if we cannot translate the email domain to an agency. --- server/config/config.js | 12 ++++++------ server/routes/auth.routes.js | 9 ++++++++- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/server/config/config.js b/server/config/config.js index fc21d34..89cf35b 100644 --- a/server/config/config.js +++ b/server/config/config.js @@ -179,15 +179,15 @@ module.exports = { "fta": "Federal Transit Administration", "ftc": "Federal Trade Commission", "fws": "Fish and Wildlife Service", - "fannie mae": "Federal National Mortgage Association", - "freddie mac": "Federal Home Loan Mortgage Corporation", + "fanniemae": "Federal National Mortgage Association", + "freddiemac": "Federal Home Loan Mortgage Corporation", "gao": "Government Accountability Office", "gpo": "Government Publishing Office", "gsa": "General Services Administration", - "ginnie mae": "Government National Mortgage Association", + "ginniemae": "Government National Mortgage Association", "hhs": "U.S. Department of Health and Human Services", "hud": "Department of Housing and Urban Development", - "helsinki commission": "Commission on Security and Cooperation in Europe", + "csce": "Commission on Security and Cooperation in Europe", "ice": "U.S. Immigration and Customs Enforcement", "irs": "Internal Revenue Service", "ita": "International Trade Administration", @@ -229,7 +229,7 @@ module.exports = { "pbgc": "Pension Benefit Guaranty Corporation", "pclob": "Privacy and Civil Liberties Oversight Board", "rfa": "Radio Free Asia", - "rfe/rl": "Radio Free Europe and Radio Liberty", + "rferl": "Radio Free Europe and Radio Liberty", "rrb": "Railroad Retirement Board", "samhsa": "Substance Abuse and Mental Health Services Administration", "sba": "Small Business Administration", @@ -238,7 +238,7 @@ module.exports = { "sss": "Selective Service System", "tsa": "Transportation Security Administration", "tva": "Tennessee Valley Authority", - "us cert": "Computer Emergency Readiness Team", + "uscert": "Computer Emergency Readiness Team", "usaid": "U.S. Agency for International Development", "uscis": "Citizenship and Immigration Services", "usda": "Department of Agriculture", diff --git a/server/routes/auth.routes.js b/server/routes/auth.routes.js index 0f7abf3..5905950 100644 --- a/server/routes/auth.routes.js +++ b/server/routes/auth.routes.js @@ -130,7 +130,14 @@ function createUser(loginGovUser) { function grabAgencyFromEmail(email) { let agency_abbreviance = email.split('@')[1].split('.')[0] - return translateCASAgencyName(agency_abbreviance) + var agencyName = translateCASAgencyName(agency_abbreviance) + + if (!agencyName) { + logger.log("error", 'Agency name not found, update with User Admin Site', {tag:"grabAgencyFromEmail"}) + agencyName = "No Agency Found"; // replace with your default value + } + + return agencyName; } /** From 903d3f7597ba3cba95e9cb719e5b788b25c79a69 Mon Sep 17 00:00:00 2001 From: Adam Buckingham Date: Mon, 22 Jan 2024 08:41:12 -0500 Subject: [PATCH 06/11] Adding Login.gov config for other environments --- server/config/config.js | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/server/config/config.js b/server/config/config.js index 89cf35b..9c52148 100644 --- a/server/config/config.js +++ b/server/config/config.js @@ -386,6 +386,13 @@ module.exports = { "srtClientUrl": "https://srt-client-dev.app.cloud.gov", "logStdOut" : true, "logStdOutLevel" : "error", + "login_gov_oidc": { + "client_id": "urn:gov:gsa:openidconnect.profiles:sp:sso:office_of_government_wide_policy:srt_app", + "issuer_url": "https://idp.int.identitysandbox.gov/.well-known/openid-configuration", + "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", + "token_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/token", + "user_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo", + }, "maxCas" : { "cas_url" : "https://login.test.max.gov/cas/", "service_url" : "http://localhost:3000", @@ -417,6 +424,13 @@ module.exports = { "srtClientUrl": "https://srt-client-dev.app.cloud.gov", "logStdOut" : true, "logStdOutLevel" : "debug", + "login_gov_oidc": { + "client_id": "urn:gov:gsa:openidconnect.profiles:sp:sso:office_of_government_wide_policy:srt_app", + "issuer_url": "https://idp.int.identitysandbox.gov/.well-known/openid-configuration", + "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", + "token_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/token", + "user_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo", + }, "maxCas" : { "cas_url" : "https://login.test.max.gov/cas/", "service_url" : "https://srt-server-dev.app.cloud.gov", @@ -449,6 +463,14 @@ module.exports = { "srtClientUrl": "https://srt-client-staging.app.cloud.gov", "logStdOut" : true, "logStdOutLevel" : "debug", + // TODO: May need to make staging Login.gov App (Using as Placeholder for now) + "login_gov_oidc": { + "client_id": "urn:gov:gsa:openidconnect.profiles:sp:sso:office_of_government_wide_policy:srt_app", + "issuer_url": "https://idp.int.identitysandbox.gov/.well-known/openid-configuration", + "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", + "token_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/token", + "user_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo", + }, "maxCas" : { "cas_url" : "https://login.test.max.gov/cas/", "service_url" : "https://srt-server-staging.app.cloud.gov", @@ -481,6 +503,13 @@ module.exports = { "srtClientUrl": "https://srt-client-dev.app.cloud.gov", "logStdOut" : true, "logStdOutLevel" : "debug", + "login_gov_oidc": { + "client_id": "urn:gov:gsa:openidconnect.profiles:sp:sso:office_of_government_wide_policy:srt_app", + "issuer_url": "https://idp.int.identitysandbox.gov/.well-known/openid-configuration", + "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", + "token_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/token", + "user_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo", + }, "maxCas" : { "cas_url" : "https://login.test.max.gov/cas/", "service_url" : "https://srt-server-test.app.cloud.gov", @@ -512,6 +541,14 @@ module.exports = { "srtClientUrl": "https://srt.app.cloud.gov", "logStdOut" : true, "logStdOutLevel" : "debug", + // TODO: Will need to make production Login.gov App (Using as Placeholder for now) + "login_gov_oidc": { + "client_id": "urn:gov:gsa:openidconnect.profiles:sp:sso:office_of_government_wide_policy:srt_app", + "issuer_url": "https://idp.int.identitysandbox.gov/.well-known/openid-configuration", + "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", + "token_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/token", + "user_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo", + }, "maxCas" : { "cas_url" : "https://login.max.gov/cas/", "service_url" : "https://srt-server.app.cloud.gov", From 4092e30764f5b5572d3830ffb68400e79e5f7079 Mon Sep 17 00:00:00 2001 From: Adam Buckingham Date: Mon, 22 Jan 2024 09:05:05 -0500 Subject: [PATCH 07/11] Removed unnecessary packaged and fix critical security issue --- package-lock.json | 901 ++++++++++++++++++++-------------------------- package.json | 2 - server/app.js | 3 - 3 files changed, 386 insertions(+), 520 deletions(-) diff --git a/package-lock.json b/package-lock.json index ef1adc3..8d0e022 100644 --- a/package-lock.json +++ b/package-lock.json @@ -20,7 +20,6 @@ "express-session": "^1.17.3", "express-winston": "^3.4.0", "flatted": "^3.2.7", - "helmet": "^7.1.0", "json2csv": "^5.0.7", "jsonwebtoken": "^8.5.1", "lodash": "^4.17.21", @@ -30,7 +29,6 @@ "node-fetch": "^2.7.0", "nodemailer": "^6.9.4", "openid-client": "^5.6.1", - "passport": "^0.7.0", "pg": "^8.11.3", "pg-hstore": "^2.3.4", "sequelize": "^6.6.5", @@ -129,12 +127,16 @@ } }, "node_modules/@babel/code-frame": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.0.0.tgz", - "integrity": "sha1-BuKrGb21NThVWaq7W6WXKUgoAPg=", + "version": "7.23.5", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.23.5.tgz", + "integrity": "sha512-CgH3s1a96LipHCmSUmYFPwY7MNx8C3avkq7i4Wl3cfa662ldtUe4VM1TPXX70pfmrlWTb6jLqTYrZyT2ZTJBgA==", "dev": true, "dependencies": { - "@babel/highlight": "^7.0.0" + "@babel/highlight": "^7.23.4", + "chalk": "^2.4.2" + }, + "engines": { + "node": ">=6.9.0" } }, "node_modules/@babel/core": { @@ -167,38 +169,6 @@ "url": "https://opencollective.com/babel" } }, - "node_modules/@babel/core/node_modules/@babel/code-frame": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", - "integrity": "sha512-Zt1yodBx1UcyiePMSkWnU4hPqhwq7hGi2nFL1LeA3EUl+q2LQx16MISgJ0+z7dnmgvP9QtIleuETGOiOH1RcIw==", - "dev": true, - "dependencies": { - "@babel/highlight": "^7.10.4" - } - }, - "node_modules/@babel/core/node_modules/@babel/highlight": { - "version": "7.10.4", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.10.4.tgz", - "integrity": "sha512-i6rgnR/YgPEQzZZnbTHHuZdlE8qyoBNalD6F+q4vAFlcMEcqmkoG+mPqJYJCo63qPf74+Y1UZsl3l6f7/RIkmA==", - "dev": true, - "dependencies": { - "@babel/helper-validator-identifier": "^7.10.4", - "chalk": "^2.0.0", - "js-tokens": "^4.0.0" - } - }, - "node_modules/@babel/core/node_modules/@babel/parser": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.12.11.tgz", - "integrity": "sha512-N3UxG+uuF4CMYoNj8AhnbAcJF0PiuJ9KHuy1lQmkYsxTer/MAH9UBNHsBoAX/4s6NvlDD047No8mYVGGzLL4hg==", - "dev": true, - "bin": { - "parser": "bin/babel-parser.js" - }, - "engines": { - "node": ">=6.0.0" - } - }, "node_modules/@babel/core/node_modules/debug": { "version": "4.3.1", "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz", @@ -235,34 +205,52 @@ } }, "node_modules/@babel/generator": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.12.11.tgz", - "integrity": "sha512-Ggg6WPOJtSi8yYQvLVjG8F/TlpWDlKx0OpS4Kt+xMQPs5OaGYWy+v1A+1TvxI6sAMGZpKWWoAQ1DaeQbImlItA==", + "version": "7.23.6", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.23.6.tgz", + "integrity": "sha512-qrSfCYxYQB5owCmGLbl8XRpX1ytXlpueOb0N0UmQwA073KZxejgQTzAmJezxvpwQD9uGtK2shHdi55QT+MbjIw==", "dev": true, "dependencies": { - "@babel/types": "^7.12.11", - "jsesc": "^2.5.1", - "source-map": "^0.5.0" + "@babel/types": "^7.23.6", + "@jridgewell/gen-mapping": "^0.3.2", + "@jridgewell/trace-mapping": "^0.3.17", + "jsesc": "^2.5.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-environment-visitor": { + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "integrity": "sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA==", + "dev": true, + "engines": { + "node": ">=6.9.0" } }, "node_modules/@babel/helper-function-name": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.12.11.tgz", - "integrity": "sha512-AtQKjtYNolKNi6nNNVLQ27CP6D9oFR6bq/HPYSizlzbp7uC1M59XJe8L+0uXjbIaZaUJF99ruHqVGiKXU/7ybA==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "integrity": "sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw==", "dev": true, "dependencies": { - "@babel/helper-get-function-arity": "^7.12.10", - "@babel/template": "^7.12.7", - "@babel/types": "^7.12.11" + "@babel/template": "^7.22.15", + "@babel/types": "^7.23.0" + }, + "engines": { + "node": ">=6.9.0" } }, - "node_modules/@babel/helper-get-function-arity": { - "version": "7.12.10", - "resolved": "https://registry.npmjs.org/@babel/helper-get-function-arity/-/helper-get-function-arity-7.12.10.tgz", - "integrity": "sha512-mm0n5BPjR06wh9mPQaDdXWDoll/j5UpCAPl1x8fS71GHm7HA6Ua2V4ylG1Ju8lvcTOietbPNNPaSilKj+pj+Ag==", + "node_modules/@babel/helper-hoist-variables": { + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "integrity": "sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==", "dev": true, "dependencies": { - "@babel/types": "^7.12.10" + "@babel/types": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" } }, "node_modules/@babel/helper-member-expression-to-functions": { @@ -337,19 +325,34 @@ } }, "node_modules/@babel/helper-split-export-declaration": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.12.11.tgz", - "integrity": "sha512-LsIVN8j48gHgwzfocYUSkO/hjYAOJqlpJEc7tGXcIm4cubjVUf8LGW6eWRyxEu7gA25q02p0rQUWoCI33HNS5g==", + "version": "7.22.6", + "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "integrity": "sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g==", "dev": true, "dependencies": { - "@babel/types": "^7.12.11" + "@babel/types": "^7.22.5" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-string-parser": { + "version": "7.23.4", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.23.4.tgz", + "integrity": "sha512-803gmbQdqwdf4olxrX4AJyFBV/RTr3rSmOj0rKwesmzlfhYNDEs+/iOcznzpNWlJlIlTJC2QfPFcHB6DlzdVLQ==", + "dev": true, + "engines": { + "node": ">=6.9.0" } }, "node_modules/@babel/helper-validator-identifier": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.12.11.tgz", - "integrity": "sha512-np/lG3uARFybkoHokJUmf1QfEvRVCPbmQeUQpKow5cQ3xWrV9i3rUHodKDJPQfTVX61qKi+UdYk8kik84n7XOw==", - "dev": true + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==", + "dev": true, + "engines": { + "node": ">=6.9.0" + } }, "node_modules/@babel/helpers": { "version": "7.12.5", @@ -363,20 +366,23 @@ } }, "node_modules/@babel/highlight": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.0.0.tgz", - "integrity": "sha1-9xDDjI1Fjm3ZogGvtjf8t4HOmeQ=", + "version": "7.23.4", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.23.4.tgz", + "integrity": "sha512-acGdbYSfp2WheJoJm/EBBBLh/ID8KDc64ISZ9DYtBmC8/Q204PZJLHyzeB5qMzJ5trcOkybd78M4x2KWsUq++A==", "dev": true, "dependencies": { - "chalk": "^2.0.0", - "esutils": "^2.0.2", + "@babel/helper-validator-identifier": "^7.22.20", + "chalk": "^2.4.2", "js-tokens": "^4.0.0" + }, + "engines": { + "node": ">=6.9.0" } }, "node_modules/@babel/parser": { - "version": "7.11.4", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.11.4.tgz", - "integrity": "sha512-MggwidiH+E9j5Sh8pbrX5sJvMcsqS5o+7iB42M9/k0CD63MjYbdP4nhSh7uB5wnv2/RVzTZFTxzF/kIa5mrCqA==", + "version": "7.23.6", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.23.6.tgz", + "integrity": "sha512-Z2uID7YJ7oNvAI20O9X0bblw7Qqs8Q2hFy0R9tAfnfLkp5MW0UH9eUvnDSnFwKZ0AvgS1ucqR4KzvVHgnke1VQ==", "dev": true, "bin": { "parser": "bin/babel-parser.js" @@ -530,95 +536,38 @@ } }, "node_modules/@babel/template": { - "version": "7.12.7", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.12.7.tgz", - "integrity": "sha512-GkDzmHS6GV7ZeXfJZ0tLRBhZcMcY0/Lnb+eEbXDBfCAcZCjrZKe6p3J4we/D24O9Y8enxWAg1cWwof59yLh2ow==", + "version": "7.22.15", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.15.tgz", + "integrity": "sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w==", "dev": true, "dependencies": { - "@babel/code-frame": "^7.10.4", - "@babel/parser": "^7.12.7", - "@babel/types": "^7.12.7" - } - }, - "node_modules/@babel/template/node_modules/@babel/code-frame": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", - "integrity": "sha512-Zt1yodBx1UcyiePMSkWnU4hPqhwq7hGi2nFL1LeA3EUl+q2LQx16MISgJ0+z7dnmgvP9QtIleuETGOiOH1RcIw==", - "dev": true, - "dependencies": { - "@babel/highlight": "^7.10.4" - } - }, - "node_modules/@babel/template/node_modules/@babel/highlight": { - "version": "7.10.4", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.10.4.tgz", - "integrity": "sha512-i6rgnR/YgPEQzZZnbTHHuZdlE8qyoBNalD6F+q4vAFlcMEcqmkoG+mPqJYJCo63qPf74+Y1UZsl3l6f7/RIkmA==", - "dev": true, - "dependencies": { - "@babel/helper-validator-identifier": "^7.10.4", - "chalk": "^2.0.0", - "js-tokens": "^4.0.0" - } - }, - "node_modules/@babel/template/node_modules/@babel/parser": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.12.11.tgz", - "integrity": "sha512-N3UxG+uuF4CMYoNj8AhnbAcJF0PiuJ9KHuy1lQmkYsxTer/MAH9UBNHsBoAX/4s6NvlDD047No8mYVGGzLL4hg==", - "dev": true, - "bin": { - "parser": "bin/babel-parser.js" + "@babel/code-frame": "^7.22.13", + "@babel/parser": "^7.22.15", + "@babel/types": "^7.22.15" }, "engines": { - "node": ">=6.0.0" + "node": ">=6.9.0" } }, "node_modules/@babel/traverse": { - "version": "7.12.12", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.12.12.tgz", - "integrity": "sha512-s88i0X0lPy45RrLM8b9mz8RPH5FqO9G9p7ti59cToE44xFm1Q+Pjh5Gq4SXBbtb88X7Uy7pexeqRIQDDMNkL0w==", - "dev": true, - "dependencies": { - "@babel/code-frame": "^7.12.11", - "@babel/generator": "^7.12.11", - "@babel/helper-function-name": "^7.12.11", - "@babel/helper-split-export-declaration": "^7.12.11", - "@babel/parser": "^7.12.11", - "@babel/types": "^7.12.12", - "debug": "^4.1.0", - "globals": "^11.1.0", - "lodash": "^4.17.19" - } - }, - "node_modules/@babel/traverse/node_modules/@babel/code-frame": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", - "integrity": "sha512-Zt1yodBx1UcyiePMSkWnU4hPqhwq7hGi2nFL1LeA3EUl+q2LQx16MISgJ0+z7dnmgvP9QtIleuETGOiOH1RcIw==", - "dev": true, - "dependencies": { - "@babel/highlight": "^7.10.4" - } - }, - "node_modules/@babel/traverse/node_modules/@babel/highlight": { - "version": "7.10.4", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.10.4.tgz", - "integrity": "sha512-i6rgnR/YgPEQzZZnbTHHuZdlE8qyoBNalD6F+q4vAFlcMEcqmkoG+mPqJYJCo63qPf74+Y1UZsl3l6f7/RIkmA==", + "version": "7.23.7", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.7.tgz", + "integrity": "sha512-tY3mM8rH9jM0YHFGyfC0/xf+SB5eKUu7HPj7/k3fpi9dAlsMc5YbQvDi0Sh2QTPXqMhyaAtzAr807TIyfQrmyg==", "dev": true, "dependencies": { - "@babel/helper-validator-identifier": "^7.10.4", - "chalk": "^2.0.0", - "js-tokens": "^4.0.0" - } - }, - "node_modules/@babel/traverse/node_modules/@babel/parser": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.12.11.tgz", - "integrity": "sha512-N3UxG+uuF4CMYoNj8AhnbAcJF0PiuJ9KHuy1lQmkYsxTer/MAH9UBNHsBoAX/4s6NvlDD047No8mYVGGzLL4hg==", - "dev": true, - "bin": { - "parser": "bin/babel-parser.js" + "@babel/code-frame": "^7.23.5", + "@babel/generator": "^7.23.6", + "@babel/helper-environment-visitor": "^7.22.20", + "@babel/helper-function-name": "^7.23.0", + "@babel/helper-hoist-variables": "^7.22.5", + "@babel/helper-split-export-declaration": "^7.22.6", + "@babel/parser": "^7.23.6", + "@babel/types": "^7.23.6", + "debug": "^4.3.1", + "globals": "^11.1.0" }, "engines": { - "node": ">=6.0.0" + "node": ">=6.9.0" } }, "node_modules/@babel/traverse/node_modules/debug": { @@ -645,14 +594,17 @@ "dev": true }, "node_modules/@babel/types": { - "version": "7.12.12", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.12.12.tgz", - "integrity": "sha512-lnIX7piTxOH22xE7fDXDbSHg9MM1/6ORnafpJmov5rs0kX5g4BZxeXNJLXsMRiO0U5Rb8/FvMS6xlTnTHvxonQ==", + "version": "7.23.6", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.6.tgz", + "integrity": "sha512-+uarb83brBzPKN38NX1MkB6vb6+mwvR6amUulqAE7ccQw1pEl+bCia9TbdG1lsnFP7lZySvUn37CHyXQdfTwzg==", "dev": true, "dependencies": { - "@babel/helper-validator-identifier": "^7.12.11", - "lodash": "^4.17.19", + "@babel/helper-string-parser": "^7.23.4", + "@babel/helper-validator-identifier": "^7.22.20", "to-fast-properties": "^2.0.0" + }, + "engines": { + "node": ">=6.9.0" } }, "node_modules/@bcoe/v8-coverage": { @@ -1930,6 +1882,54 @@ "node": ">= 6" } }, + "node_modules/@jridgewell/gen-mapping": { + "version": "0.3.3", + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.3.tgz", + "integrity": "sha512-HLhSWOLRi875zjjMG/r+Nv0oCW8umGb0BgEhyX3dDX3egwZtB8PqLnjz3yedt8R5StBrzcg4aBpnh8UA9D1BoQ==", + "dev": true, + "dependencies": { + "@jridgewell/set-array": "^1.0.1", + "@jridgewell/sourcemap-codec": "^1.4.10", + "@jridgewell/trace-mapping": "^0.3.9" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz", + "integrity": "sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA==", + "dev": true, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/set-array": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz", + "integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==", + "dev": true, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.4.15", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==", + "dev": true + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.22", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.22.tgz", + "integrity": "sha512-Wf963MzWtA2sjrNt+g18IAln9lKnlRp+K2eH4jjIoF1wYeq3aMREpG09xhlhdzS0EjwU7qmUJYangWa+151vZw==", + "dev": true, + "dependencies": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + }, "node_modules/@sentry-internal/tracing": { "version": "7.50.0", "resolved": "https://registry.npmjs.org/@sentry-internal/tracing/-/tracing-7.50.0.tgz", @@ -3446,9 +3446,9 @@ } }, "node_modules/chalk": { - "version": "2.4.1", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.1.tgz", - "integrity": "sha512-ObN6h1v2fTJSmUXoS3nMQ92LbDK9be4TV+6G+omQlGJFdcUX5heKi1LZ1YnRMIgwTLEj3E24bT6tYni50rlCfQ==", + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", "dependencies": { "ansi-styles": "^3.2.1", "escape-string-regexp": "^1.0.5", @@ -4722,15 +4722,28 @@ } }, "node_modules/eslint/node_modules/debug": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", - "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", - "deprecated": "Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)", + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", "dev": true, "dependencies": { - "ms": "^2.1.1" + "ms": "2.1.2" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } } }, + "node_modules/eslint/node_modules/ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + }, "node_modules/espree": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/espree/-/espree-5.0.1.tgz", @@ -5771,9 +5784,9 @@ } }, "node_modules/global-agent/node_modules/semver": { - "version": "7.5.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.0.tgz", - "integrity": "sha512-+XC0AD/R7Q2mPSRuy2Id0+CGTZ98+8f+KvwirxOKIEyid+XSx6HbC63p+O4IndTHuX5Z+JxQ0TghCkO5Cg/2HA==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "dev": true, "dependencies": { "lru-cache": "^6.0.0" @@ -5905,14 +5918,6 @@ "node": ">=0.10.0" } }, - "node_modules/helmet": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/helmet/-/helmet-7.1.0.tgz", - "integrity": "sha512-g+HZqgfbpXdCkme/Cd/mZkV0aV3BZZZSugecH03kl38m/Kmdx8jKjBikpDj2cr+Iynv4KpYEviojNdTJActJAg==", - "engines": { - "node": ">=16.0.0" - } - }, "node_modules/hosted-git-info": { "version": "2.8.9", "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", @@ -6251,29 +6256,6 @@ "node": ">=6" } }, - "node_modules/inquirer/node_modules/chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "dev": true, - "dependencies": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/inquirer/node_modules/has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", - "dev": true, - "engines": { - "node": ">=4" - } - }, "node_modules/inquirer/node_modules/strip-ansi": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", @@ -6286,18 +6268,6 @@ "node": ">=6" } }, - "node_modules/inquirer/node_modules/supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "dev": true, - "dependencies": { - "has-flag": "^3.0.0" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/ipaddr.js": { "version": "1.9.1", "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", @@ -6749,9 +6719,9 @@ } }, "node_modules/istanbul-lib-instrument/node_modules/semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", "dev": true, "bin": { "semver": "bin/semver.js" @@ -9484,9 +9454,9 @@ } }, "node_modules/jest-snapshot/node_modules/semver": { - "version": "7.3.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.4.tgz", - "integrity": "sha512-tCfb2WLjqFAtXn4KEdxIhalnRtoKFN7nAwj0B3ZXCbQloV2tq5eDbcTmT68JJD3nRJq24/XgxtQKFIpQdtvmVw==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "dev": true, "dependencies": { "lru-cache": "^6.0.0" @@ -10682,9 +10652,9 @@ } }, "node_modules/make-dir/node_modules/semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", "dev": true, "bin": { "semver": "bin/semver.js" @@ -11241,9 +11211,9 @@ } }, "node_modules/node-notifier/node_modules/semver": { - "version": "7.3.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.4.tgz", - "integrity": "sha512-tCfb2WLjqFAtXn4KEdxIhalnRtoKFN7nAwj0B3ZXCbQloV2tq5eDbcTmT68JJD3nRJq24/XgxtQKFIpQdtvmVw==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "dev": true, "optional": true, "dependencies": { @@ -11310,25 +11280,38 @@ } }, "node_modules/nodemailer-mock": { - "version": "1.5.3", - "resolved": "https://registry.npmjs.org/nodemailer-mock/-/nodemailer-mock-1.5.3.tgz", - "integrity": "sha512-Y0JYLFjx+HMNB1Y55uYj+6Vk7ZkJyMKH6GY85UgaSsaaWdH7BE7j0pH7Tp8H4qvQkWSycDh/76iWlHb4dEiWtg==", + "version": "1.5.12", + "resolved": "https://registry.npmjs.org/nodemailer-mock/-/nodemailer-mock-1.5.12.tgz", + "integrity": "sha512-Muymd+qvTswEExCys01D11JW2ugHN2mzDaq3dfct546hmmk+Wro3sK3lVSoUZP7x53cOHv1iX3C51mL9IlY8KA==", "dev": true, "dependencies": { - "debug": "4.1.1", - "nodemailer": "6.x" + "debug": "^4.3.4", + "nodemailer": "^6.x" } }, "node_modules/nodemailer-mock/node_modules/debug": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", - "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", - "deprecated": "Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)", + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", "dev": true, "dependencies": { - "ms": "^2.1.1" + "ms": "2.1.2" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } } }, + "node_modules/nodemailer-mock/node_modules/ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + }, "node_modules/nodemon": { "version": "2.0.22", "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-2.0.22.tgz", @@ -11375,15 +11358,6 @@ "node": ">=4" } }, - "node_modules/nodemon/node_modules/semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", - "dev": true, - "bin": { - "semver": "bin/semver" - } - }, "node_modules/nodemon/node_modules/supports-color": { "version": "5.5.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", @@ -11955,31 +11929,6 @@ "node": ">=0.10.0" } }, - "node_modules/passport": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/passport/-/passport-0.7.0.tgz", - "integrity": "sha512-cPLl+qZpSc+ireUvt+IzqbED1cHHkDoVYMo30jbJIdOOjQ1MQYZBPiNvmi8UM6lJuOpTPXJGZQk0DtC4y61MYQ==", - "dependencies": { - "passport-strategy": "1.x.x", - "pause": "0.0.1", - "utils-merge": "^1.0.1" - }, - "engines": { - "node": ">= 0.4.0" - }, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/jaredhanson" - } - }, - "node_modules/passport-strategy": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz", - "integrity": "sha512-CB97UUvDKJde2V0KDWWB3lyf6PC3FaZP7YxZ2G8OAtn9p4HI9j9JLP9qjOGZFvyl8uwNT8qM+hGnz/n16NI7oA==", - "engines": { - "node": ">= 0.4.0" - } - }, "node_modules/path-exists": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz", @@ -12036,11 +11985,6 @@ "node": ">=4" } }, - "node_modules/pause": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/pause/-/pause-0.0.1.tgz", - "integrity": "sha512-KG8UEiEVkR3wGEb4m5yZkVCzigAD+cVEJck2CzYZO37ZGJfctvVptVO192MwrtPhzONn6go8ylnOdMhKqi4nfg==" - }, "node_modules/pg": { "version": "8.11.3", "resolved": "https://registry.npmjs.org/pg/-/pg-8.11.3.tgz", @@ -12950,9 +12894,9 @@ "dev": true }, "node_modules/semver": { - "version": "5.6.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.6.0.tgz", - "integrity": "sha512-RS9R6R35NYgQn++fkDWaOmqGoj4Ek9gGs+DPxNUZKuwE183xjJroKvyo1IzVFeXvUrvmALy6FWD5xrdJT25gMg==", + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==", "bin": { "semver": "bin/semver" } @@ -14069,10 +14013,9 @@ } }, "node_modules/superagent/node_modules/debug": { - "version": "3.2.6", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz", - "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==", - "deprecated": "Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)", + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", + "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", "dev": true, "dependencies": { "ms": "^2.1.1" @@ -14401,9 +14344,9 @@ } }, "node_modules/tough-cookie": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.2.tgz", - "integrity": "sha512-G9fqXWoYFZgTc2z8Q5zaHy/vJMjm+WV0AkAeHxVCQiEB1b+dGvWzFW6QV07cY5jQ5gRkeid2qIkzkxUnmoQZUQ==", + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz", + "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==", "dev": true, "dependencies": { "psl": "^1.1.33", @@ -15451,12 +15394,13 @@ } }, "@babel/code-frame": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.0.0.tgz", - "integrity": "sha1-BuKrGb21NThVWaq7W6WXKUgoAPg=", + "version": "7.23.5", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.23.5.tgz", + "integrity": "sha512-CgH3s1a96LipHCmSUmYFPwY7MNx8C3avkq7i4Wl3cfa662ldtUe4VM1TPXX70pfmrlWTb6jLqTYrZyT2ZTJBgA==", "dev": true, "requires": { - "@babel/highlight": "^7.0.0" + "@babel/highlight": "^7.23.4", + "chalk": "^2.4.2" } }, "@babel/core": { @@ -15482,32 +15426,6 @@ "source-map": "^0.5.0" }, "dependencies": { - "@babel/code-frame": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", - "integrity": "sha512-Zt1yodBx1UcyiePMSkWnU4hPqhwq7hGi2nFL1LeA3EUl+q2LQx16MISgJ0+z7dnmgvP9QtIleuETGOiOH1RcIw==", - "dev": true, - "requires": { - "@babel/highlight": "^7.10.4" - } - }, - "@babel/highlight": { - "version": "7.10.4", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.10.4.tgz", - "integrity": "sha512-i6rgnR/YgPEQzZZnbTHHuZdlE8qyoBNalD6F+q4vAFlcMEcqmkoG+mPqJYJCo63qPf74+Y1UZsl3l6f7/RIkmA==", - "dev": true, - "requires": { - "@babel/helper-validator-identifier": "^7.10.4", - "chalk": "^2.0.0", - "js-tokens": "^4.0.0" - } - }, - "@babel/parser": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.12.11.tgz", - "integrity": "sha512-N3UxG+uuF4CMYoNj8AhnbAcJF0PiuJ9KHuy1lQmkYsxTer/MAH9UBNHsBoAX/4s6NvlDD047No8mYVGGzLL4hg==", - "dev": true - }, "debug": { "version": "4.3.1", "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz", @@ -15534,34 +15452,40 @@ } }, "@babel/generator": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.12.11.tgz", - "integrity": "sha512-Ggg6WPOJtSi8yYQvLVjG8F/TlpWDlKx0OpS4Kt+xMQPs5OaGYWy+v1A+1TvxI6sAMGZpKWWoAQ1DaeQbImlItA==", + "version": "7.23.6", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.23.6.tgz", + "integrity": "sha512-qrSfCYxYQB5owCmGLbl8XRpX1ytXlpueOb0N0UmQwA073KZxejgQTzAmJezxvpwQD9uGtK2shHdi55QT+MbjIw==", "dev": true, "requires": { - "@babel/types": "^7.12.11", - "jsesc": "^2.5.1", - "source-map": "^0.5.0" + "@babel/types": "^7.23.6", + "@jridgewell/gen-mapping": "^0.3.2", + "@jridgewell/trace-mapping": "^0.3.17", + "jsesc": "^2.5.1" } }, + "@babel/helper-environment-visitor": { + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "integrity": "sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA==", + "dev": true + }, "@babel/helper-function-name": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.12.11.tgz", - "integrity": "sha512-AtQKjtYNolKNi6nNNVLQ27CP6D9oFR6bq/HPYSizlzbp7uC1M59XJe8L+0uXjbIaZaUJF99ruHqVGiKXU/7ybA==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "integrity": "sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw==", "dev": true, "requires": { - "@babel/helper-get-function-arity": "^7.12.10", - "@babel/template": "^7.12.7", - "@babel/types": "^7.12.11" + "@babel/template": "^7.22.15", + "@babel/types": "^7.23.0" } }, - "@babel/helper-get-function-arity": { - "version": "7.12.10", - "resolved": "https://registry.npmjs.org/@babel/helper-get-function-arity/-/helper-get-function-arity-7.12.10.tgz", - "integrity": "sha512-mm0n5BPjR06wh9mPQaDdXWDoll/j5UpCAPl1x8fS71GHm7HA6Ua2V4ylG1Ju8lvcTOietbPNNPaSilKj+pj+Ag==", + "@babel/helper-hoist-variables": { + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "integrity": "sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==", "dev": true, "requires": { - "@babel/types": "^7.12.10" + "@babel/types": "^7.22.5" } }, "@babel/helper-member-expression-to-functions": { @@ -15636,18 +15560,24 @@ } }, "@babel/helper-split-export-declaration": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.12.11.tgz", - "integrity": "sha512-LsIVN8j48gHgwzfocYUSkO/hjYAOJqlpJEc7tGXcIm4cubjVUf8LGW6eWRyxEu7gA25q02p0rQUWoCI33HNS5g==", + "version": "7.22.6", + "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "integrity": "sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g==", "dev": true, "requires": { - "@babel/types": "^7.12.11" + "@babel/types": "^7.22.5" } }, + "@babel/helper-string-parser": { + "version": "7.23.4", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.23.4.tgz", + "integrity": "sha512-803gmbQdqwdf4olxrX4AJyFBV/RTr3rSmOj0rKwesmzlfhYNDEs+/iOcznzpNWlJlIlTJC2QfPFcHB6DlzdVLQ==", + "dev": true + }, "@babel/helper-validator-identifier": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.12.11.tgz", - "integrity": "sha512-np/lG3uARFybkoHokJUmf1QfEvRVCPbmQeUQpKow5cQ3xWrV9i3rUHodKDJPQfTVX61qKi+UdYk8kik84n7XOw==", + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==", "dev": true }, "@babel/helpers": { @@ -15662,20 +15592,20 @@ } }, "@babel/highlight": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.0.0.tgz", - "integrity": "sha1-9xDDjI1Fjm3ZogGvtjf8t4HOmeQ=", + "version": "7.23.4", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.23.4.tgz", + "integrity": "sha512-acGdbYSfp2WheJoJm/EBBBLh/ID8KDc64ISZ9DYtBmC8/Q204PZJLHyzeB5qMzJ5trcOkybd78M4x2KWsUq++A==", "dev": true, "requires": { - "chalk": "^2.0.0", - "esutils": "^2.0.2", + "@babel/helper-validator-identifier": "^7.22.20", + "chalk": "^2.4.2", "js-tokens": "^4.0.0" } }, "@babel/parser": { - "version": "7.11.4", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.11.4.tgz", - "integrity": "sha512-MggwidiH+E9j5Sh8pbrX5sJvMcsqS5o+7iB42M9/k0CD63MjYbdP4nhSh7uB5wnv2/RVzTZFTxzF/kIa5mrCqA==", + "version": "7.23.6", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.23.6.tgz", + "integrity": "sha512-Z2uID7YJ7oNvAI20O9X0bblw7Qqs8Q2hFy0R9tAfnfLkp5MW0UH9eUvnDSnFwKZ0AvgS1ucqR4KzvVHgnke1VQ==", "dev": true }, "@babel/plugin-syntax-async-generators": { @@ -15787,87 +15717,34 @@ } }, "@babel/template": { - "version": "7.12.7", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.12.7.tgz", - "integrity": "sha512-GkDzmHS6GV7ZeXfJZ0tLRBhZcMcY0/Lnb+eEbXDBfCAcZCjrZKe6p3J4we/D24O9Y8enxWAg1cWwof59yLh2ow==", + "version": "7.22.15", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.15.tgz", + "integrity": "sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w==", "dev": true, "requires": { - "@babel/code-frame": "^7.10.4", - "@babel/parser": "^7.12.7", - "@babel/types": "^7.12.7" - }, - "dependencies": { - "@babel/code-frame": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", - "integrity": "sha512-Zt1yodBx1UcyiePMSkWnU4hPqhwq7hGi2nFL1LeA3EUl+q2LQx16MISgJ0+z7dnmgvP9QtIleuETGOiOH1RcIw==", - "dev": true, - "requires": { - "@babel/highlight": "^7.10.4" - } - }, - "@babel/highlight": { - "version": "7.10.4", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.10.4.tgz", - "integrity": "sha512-i6rgnR/YgPEQzZZnbTHHuZdlE8qyoBNalD6F+q4vAFlcMEcqmkoG+mPqJYJCo63qPf74+Y1UZsl3l6f7/RIkmA==", - "dev": true, - "requires": { - "@babel/helper-validator-identifier": "^7.10.4", - "chalk": "^2.0.0", - "js-tokens": "^4.0.0" - } - }, - "@babel/parser": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.12.11.tgz", - "integrity": "sha512-N3UxG+uuF4CMYoNj8AhnbAcJF0PiuJ9KHuy1lQmkYsxTer/MAH9UBNHsBoAX/4s6NvlDD047No8mYVGGzLL4hg==", - "dev": true - } + "@babel/code-frame": "^7.22.13", + "@babel/parser": "^7.22.15", + "@babel/types": "^7.22.15" } }, "@babel/traverse": { - "version": "7.12.12", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.12.12.tgz", - "integrity": "sha512-s88i0X0lPy45RrLM8b9mz8RPH5FqO9G9p7ti59cToE44xFm1Q+Pjh5Gq4SXBbtb88X7Uy7pexeqRIQDDMNkL0w==", + "version": "7.23.7", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.7.tgz", + "integrity": "sha512-tY3mM8rH9jM0YHFGyfC0/xf+SB5eKUu7HPj7/k3fpi9dAlsMc5YbQvDi0Sh2QTPXqMhyaAtzAr807TIyfQrmyg==", "dev": true, "requires": { - "@babel/code-frame": "^7.12.11", - "@babel/generator": "^7.12.11", - "@babel/helper-function-name": "^7.12.11", - "@babel/helper-split-export-declaration": "^7.12.11", - "@babel/parser": "^7.12.11", - "@babel/types": "^7.12.12", - "debug": "^4.1.0", - "globals": "^11.1.0", - "lodash": "^4.17.19" + "@babel/code-frame": "^7.23.5", + "@babel/generator": "^7.23.6", + "@babel/helper-environment-visitor": "^7.22.20", + "@babel/helper-function-name": "^7.23.0", + "@babel/helper-hoist-variables": "^7.22.5", + "@babel/helper-split-export-declaration": "^7.22.6", + "@babel/parser": "^7.23.6", + "@babel/types": "^7.23.6", + "debug": "^4.3.1", + "globals": "^11.1.0" }, "dependencies": { - "@babel/code-frame": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", - "integrity": "sha512-Zt1yodBx1UcyiePMSkWnU4hPqhwq7hGi2nFL1LeA3EUl+q2LQx16MISgJ0+z7dnmgvP9QtIleuETGOiOH1RcIw==", - "dev": true, - "requires": { - "@babel/highlight": "^7.10.4" - } - }, - "@babel/highlight": { - "version": "7.10.4", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.10.4.tgz", - "integrity": "sha512-i6rgnR/YgPEQzZZnbTHHuZdlE8qyoBNalD6F+q4vAFlcMEcqmkoG+mPqJYJCo63qPf74+Y1UZsl3l6f7/RIkmA==", - "dev": true, - "requires": { - "@babel/helper-validator-identifier": "^7.10.4", - "chalk": "^2.0.0", - "js-tokens": "^4.0.0" - } - }, - "@babel/parser": { - "version": "7.12.11", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.12.11.tgz", - "integrity": "sha512-N3UxG+uuF4CMYoNj8AhnbAcJF0PiuJ9KHuy1lQmkYsxTer/MAH9UBNHsBoAX/4s6NvlDD047No8mYVGGzLL4hg==", - "dev": true - }, "debug": { "version": "4.3.1", "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz", @@ -15888,13 +15765,13 @@ } }, "@babel/types": { - "version": "7.12.12", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.12.12.tgz", - "integrity": "sha512-lnIX7piTxOH22xE7fDXDbSHg9MM1/6ORnafpJmov5rs0kX5g4BZxeXNJLXsMRiO0U5Rb8/FvMS6xlTnTHvxonQ==", + "version": "7.23.6", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.6.tgz", + "integrity": "sha512-+uarb83brBzPKN38NX1MkB6vb6+mwvR6amUulqAE7ccQw1pEl+bCia9TbdG1lsnFP7lZySvUn37CHyXQdfTwzg==", "dev": true, "requires": { - "@babel/helper-validator-identifier": "^7.12.11", - "lodash": "^4.17.19", + "@babel/helper-string-parser": "^7.23.4", + "@babel/helper-validator-identifier": "^7.22.20", "to-fast-properties": "^2.0.0" } }, @@ -16923,6 +16800,45 @@ "@types/yargs": "^13.0.0" } }, + "@jridgewell/gen-mapping": { + "version": "0.3.3", + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.3.tgz", + "integrity": "sha512-HLhSWOLRi875zjjMG/r+Nv0oCW8umGb0BgEhyX3dDX3egwZtB8PqLnjz3yedt8R5StBrzcg4aBpnh8UA9D1BoQ==", + "dev": true, + "requires": { + "@jridgewell/set-array": "^1.0.1", + "@jridgewell/sourcemap-codec": "^1.4.10", + "@jridgewell/trace-mapping": "^0.3.9" + } + }, + "@jridgewell/resolve-uri": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz", + "integrity": "sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA==", + "dev": true + }, + "@jridgewell/set-array": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz", + "integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==", + "dev": true + }, + "@jridgewell/sourcemap-codec": { + "version": "1.4.15", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==", + "dev": true + }, + "@jridgewell/trace-mapping": { + "version": "0.3.22", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.22.tgz", + "integrity": "sha512-Wf963MzWtA2sjrNt+g18IAln9lKnlRp+K2eH4jjIoF1wYeq3aMREpG09xhlhdzS0EjwU7qmUJYangWa+151vZw==", + "dev": true, + "requires": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + }, "@sentry-internal/tracing": { "version": "7.50.0", "resolved": "https://registry.npmjs.org/@sentry-internal/tracing/-/tracing-7.50.0.tgz", @@ -18121,9 +18037,9 @@ } }, "chalk": { - "version": "2.4.1", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.1.tgz", - "integrity": "sha512-ObN6h1v2fTJSmUXoS3nMQ92LbDK9be4TV+6G+omQlGJFdcUX5heKi1LZ1YnRMIgwTLEj3E24bT6tYni50rlCfQ==", + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", "requires": { "ansi-styles": "^3.2.1", "escape-string-regexp": "^1.0.5", @@ -19007,13 +18923,19 @@ }, "dependencies": { "debug": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", - "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", "dev": true, "requires": { - "ms": "^2.1.1" + "ms": "2.1.2" } + }, + "ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true } } }, @@ -19961,9 +19883,9 @@ } }, "semver": { - "version": "7.5.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.0.tgz", - "integrity": "sha512-+XC0AD/R7Q2mPSRuy2Id0+CGTZ98+8f+KvwirxOKIEyid+XSx6HbC63p+O4IndTHuX5Z+JxQ0TghCkO5Cg/2HA==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "dev": true, "requires": { "lru-cache": "^6.0.0" @@ -20063,11 +19985,6 @@ } } }, - "helmet": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/helmet/-/helmet-7.1.0.tgz", - "integrity": "sha512-g+HZqgfbpXdCkme/Cd/mZkV0aV3BZZZSugecH03kl38m/Kmdx8jKjBikpDj2cr+Iynv4KpYEviojNdTJActJAg==" - }, "hosted-git-info": { "version": "2.8.9", "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", @@ -20327,23 +20244,6 @@ "integrity": "sha512-ILlv4k/3f6vfQ4OoP2AGvirOktlQ98ZEL1k9FaQjxa3L1abBgbuTDAdPOpvbGncC0BTVQrl+OM8xZGK6tWXt7g==", "dev": true }, - "chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "dev": true, - "requires": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - } - }, - "has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", - "dev": true - }, "strip-ansi": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", @@ -20352,15 +20252,6 @@ "requires": { "ansi-regex": "^4.1.0" } - }, - "supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "dev": true, - "requires": { - "has-flag": "^3.0.0" - } } } }, @@ -20703,9 +20594,9 @@ }, "dependencies": { "semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", "dev": true } } @@ -22983,9 +22874,9 @@ } }, "semver": { - "version": "7.3.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.4.tgz", - "integrity": "sha512-tCfb2WLjqFAtXn4KEdxIhalnRtoKFN7nAwj0B3ZXCbQloV2tq5eDbcTmT68JJD3nRJq24/XgxtQKFIpQdtvmVw==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "dev": true, "requires": { "lru-cache": "^6.0.0" @@ -23823,9 +23714,9 @@ }, "dependencies": { "semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", "dev": true } } @@ -24290,9 +24181,9 @@ } }, "semver": { - "version": "7.3.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.4.tgz", - "integrity": "sha512-tCfb2WLjqFAtXn4KEdxIhalnRtoKFN7nAwj0B3ZXCbQloV2tq5eDbcTmT68JJD3nRJq24/XgxtQKFIpQdtvmVw==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "dev": true, "optional": true, "requires": { @@ -24340,23 +24231,29 @@ "integrity": "sha512-CXjQvrQZV4+6X5wP6ZIgdehJamI63MFoYFGGPtHudWym9qaEHDNdPzaj5bfMCvxG1vhAileSWW90q7nL0N36mA==" }, "nodemailer-mock": { - "version": "1.5.3", - "resolved": "https://registry.npmjs.org/nodemailer-mock/-/nodemailer-mock-1.5.3.tgz", - "integrity": "sha512-Y0JYLFjx+HMNB1Y55uYj+6Vk7ZkJyMKH6GY85UgaSsaaWdH7BE7j0pH7Tp8H4qvQkWSycDh/76iWlHb4dEiWtg==", + "version": "1.5.12", + "resolved": "https://registry.npmjs.org/nodemailer-mock/-/nodemailer-mock-1.5.12.tgz", + "integrity": "sha512-Muymd+qvTswEExCys01D11JW2ugHN2mzDaq3dfct546hmmk+Wro3sK3lVSoUZP7x53cOHv1iX3C51mL9IlY8KA==", "dev": true, "requires": { - "debug": "4.1.1", - "nodemailer": "6.x" + "debug": "^4.3.4", + "nodemailer": "^6.x" }, "dependencies": { "debug": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", - "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", "dev": true, "requires": { - "ms": "^2.1.1" + "ms": "2.1.2" } + }, + "ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true } } }, @@ -24393,12 +24290,6 @@ "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", "dev": true }, - "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", - "dev": true - }, "supports-color": { "version": "5.5.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", @@ -24824,21 +24715,6 @@ "integrity": "sha1-s2PlXoAGym/iF4TS2yK9FdeRfxQ=", "dev": true }, - "passport": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/passport/-/passport-0.7.0.tgz", - "integrity": "sha512-cPLl+qZpSc+ireUvt+IzqbED1cHHkDoVYMo30jbJIdOOjQ1MQYZBPiNvmi8UM6lJuOpTPXJGZQk0DtC4y61MYQ==", - "requires": { - "passport-strategy": "1.x.x", - "pause": "0.0.1", - "utils-merge": "^1.0.1" - } - }, - "passport-strategy": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz", - "integrity": "sha512-CB97UUvDKJde2V0KDWWB3lyf6PC3FaZP7YxZ2G8OAtn9p4HI9j9JLP9qjOGZFvyl8uwNT8qM+hGnz/n16NI7oA==" - }, "path-exists": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz", @@ -24883,11 +24759,6 @@ "pify": "^2.0.0" } }, - "pause": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/pause/-/pause-0.0.1.tgz", - "integrity": "sha512-KG8UEiEVkR3wGEb4m5yZkVCzigAD+cVEJck2CzYZO37ZGJfctvVptVO192MwrtPhzONn6go8ylnOdMhKqi4nfg==" - }, "pg": { "version": "8.11.3", "resolved": "https://registry.npmjs.org/pg/-/pg-8.11.3.tgz", @@ -25611,9 +25482,9 @@ "dev": true }, "semver": { - "version": "5.6.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.6.0.tgz", - "integrity": "sha512-RS9R6R35NYgQn++fkDWaOmqGoj4Ek9gGs+DPxNUZKuwE183xjJroKvyo1IzVFeXvUrvmALy6FWD5xrdJT25gMg==" + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==" }, "semver-compare": { "version": "1.0.0", @@ -26472,9 +26343,9 @@ }, "dependencies": { "debug": { - "version": "3.2.6", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz", - "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==", + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", + "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", "dev": true, "requires": { "ms": "^2.1.1" @@ -26746,9 +26617,9 @@ } }, "tough-cookie": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.2.tgz", - "integrity": "sha512-G9fqXWoYFZgTc2z8Q5zaHy/vJMjm+WV0AkAeHxVCQiEB1b+dGvWzFW6QV07cY5jQ5gRkeid2qIkzkxUnmoQZUQ==", + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz", + "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==", "dev": true, "requires": { "psl": "^1.1.33", diff --git a/package.json b/package.json index 37835cf..e277da9 100644 --- a/package.json +++ b/package.json @@ -38,7 +38,6 @@ "express-session": "^1.17.3", "express-winston": "^3.4.0", "flatted": "^3.2.7", - "helmet": "^7.1.0", "json2csv": "^5.0.7", "jsonwebtoken": "^8.5.1", "lodash": "^4.17.21", @@ -48,7 +47,6 @@ "node-fetch": "^2.7.0", "nodemailer": "^6.9.4", "openid-client": "^5.6.1", - "passport": "^0.7.0", "pg": "^8.11.3", "pg-hstore": "^2.3.4", "sequelize": "^6.6.5", diff --git a/server/app.js b/server/app.js index 70d9024..af22867 100644 --- a/server/app.js +++ b/server/app.js @@ -22,9 +22,6 @@ const { Issuer, Strategy, generators } = require('openid-client'); const dbConfig = require('./config/dbConfig')[env] -const passport = require('passport'); -const helmet = require('helmet'); - const pgPool = new pg.Pool({ database: dbConfig.database, From 83ce2d2d5c0f0f867e620096922df908c42ea348 Mon Sep 17 00:00:00 2001 From: Adam Buckingham Date: Tue, 30 Jan 2024 13:06:45 -0500 Subject: [PATCH 08/11] Different certs for different Login.gov apps --- .gitignore | 4 ++-- Dockerfile | 6 ++++++ bin/copy_certs.sh | 9 +++++++++ certs/dev/dev_cert_location.txt | 3 +++ certs/staging/staging_cert_location.txt | 3 +++ 5 files changed, 23 insertions(+), 2 deletions(-) create mode 100755 bin/copy_certs.sh create mode 100644 certs/dev/dev_cert_location.txt create mode 100644 certs/staging/staging_cert_location.txt diff --git a/.gitignore b/.gitignore index 1526f08..1f2f9b3 100644 --- a/.gitignore +++ b/.gitignore @@ -50,5 +50,5 @@ data/ docker/db/scripts/init.sql docker/certs/private.pem docker/certs/public.crt -server/config/certs/private.pem -server/config/certs/public.crt +private.pem +public.crt diff --git a/Dockerfile b/Dockerfile index b317fef..8550910 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,6 +39,12 @@ RUN npm install # Bundle app source COPY server/ ./server + +# Get Login.gov Certs +COPY bin/copy_certs.sh ./ + +RUN /opt/api/copy_certs.sh + #see https://docs.cloudfoundry.org/devguide/deploy-apps/push-docker.html COPY docker/conf/passwd /etc/passwd diff --git a/bin/copy_certs.sh b/bin/copy_certs.sh new file mode 100755 index 0000000..8b8fa9c --- /dev/null +++ b/bin/copy_certs.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +if [ "$NODE_ENV" = "production" ]; then + cp /app/certs/prod/* /app/server/certs/ +elif [ "$NODE_ENV" = "staging" ]; then + cp /app/certs/staging/* /app/server/certs/ +else + cp /app/certs/dev/* /app/server/certs/ +fi \ No newline at end of file diff --git a/certs/dev/dev_cert_location.txt b/certs/dev/dev_cert_location.txt new file mode 100644 index 0000000..1cd8606 --- /dev/null +++ b/certs/dev/dev_cert_location.txt @@ -0,0 +1,3 @@ +Place your Login.gov RSA certification in here for the dev environment before deploying. + +Find certs on g-drive. \ No newline at end of file diff --git a/certs/staging/staging_cert_location.txt b/certs/staging/staging_cert_location.txt new file mode 100644 index 0000000..0cdd22b --- /dev/null +++ b/certs/staging/staging_cert_location.txt @@ -0,0 +1,3 @@ +Place your Login.gov RSA certification in here for the staging environment before deploying. + +Find certs on g-drive. \ No newline at end of file From 3d796f787a39ffe278462821bc62d70c5f2a6716 Mon Sep 17 00:00:00 2001 From: Adam Buckingham Date: Tue, 30 Jan 2024 13:11:39 -0500 Subject: [PATCH 09/11] Add staging config for login.gov --- server/config/config.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/server/config/config.js b/server/config/config.js index 9c52148..af5bd83 100644 --- a/server/config/config.js +++ b/server/config/config.js @@ -351,6 +351,7 @@ module.exports = { "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", "token_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/token", "user_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo", + "redirect_uri": "http://localhost:3000/odic/callback" }, "maxCas" : { "cas_url" : "https://login.test.max.gov/cas/", @@ -430,6 +431,7 @@ module.exports = { "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", "token_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/token", "user_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo", + "redirect_uri": "http://srt-server-dev.app.cloud.gov/odic/callback" }, "maxCas" : { "cas_url" : "https://login.test.max.gov/cas/", @@ -465,11 +467,12 @@ module.exports = { "logStdOutLevel" : "debug", // TODO: May need to make staging Login.gov App (Using as Placeholder for now) "login_gov_oidc": { - "client_id": "urn:gov:gsa:openidconnect.profiles:sp:sso:office_of_government_wide_policy:srt_app", + "client_id": "urn:gov:gsa:openidconnect.profiles:sp:sso:office_of_government_wide_policy:srt_app_staging", "issuer_url": "https://idp.int.identitysandbox.gov/.well-known/openid-configuration", "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", "token_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/token", "user_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo", + "redirect_uri": "http://srt-server-staging.app.cloud.gov/odic/callback" }, "maxCas" : { "cas_url" : "https://login.test.max.gov/cas/", From 3b6279ac463e264d67e07449027917446069e535 Mon Sep 17 00:00:00 2001 From: Adam Buckingham Date: Tue, 30 Jan 2024 13:11:53 -0500 Subject: [PATCH 10/11] Get redirect uri from config --- server/app.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/server/app.js b/server/app.js index af22867..775771f 100644 --- a/server/app.js +++ b/server/app.js @@ -69,8 +69,7 @@ let loginGovClient = Issuer.discover(config['login_gov_oidc']['issuer_url']) prompt:'select_account', nonce: nonce, state: state, - //redirect_uris: ["http://localhost:3000/odic/callback"], - redirect_uri: "http://localhost:3000/odic/callback", + redirect_uri: config['login_gov_oidc']["redirect_uri"], scope: "openid email profile", } From 5077d6038f6c77e3a3f723d1f01a12512c3b1d74 Mon Sep 17 00:00:00 2001 From: Adam Buckingham Date: Thu, 1 Feb 2024 09:20:08 -0500 Subject: [PATCH 11/11] Adding posgres15 service to prod config --- cf/manifest.prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cf/manifest.prod.yml b/cf/manifest.prod.yml index aafcd49..2d495da 100644 --- a/cf/manifest.prod.yml +++ b/cf/manifest.prod.yml @@ -11,5 +11,5 @@ applications: - route: http://srt-server-prod.app.cloud.gov - route: http://srt-server.app.cloud.gov services: - - srt-postgres-prod + - srt-postgresql15-prod