fix validation, docker user, and only use dependabot for security upd… (#18)

* fix validation, docker user, and only use dependabot for security updates * vars
2025-02-17 13:58:26 +00:00 · 2023-01-29 12:40:54 -08:00 · 2023-01-29 12:40:54 -08:00 · 883039e6fa
commit 883039e6fa
parent 9282570f40
4 changed files with 19 additions and 14 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -9,6 +9,8 @@ updates:
    directory: "/" # Location of package manifests
    schedule:
      interval: "weekly"
+    # Disable version updates for npm dependencies, only have security updates
+    open-pull-requests-limit: 0
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
--- a/api.js
+++ b/api.js
@ -273,6 +273,10 @@ async function set_up_api_server(app) {
    */
    app.get(constants.API_BASE_PATH + 'xss-uri', async (req, res) => {
        const user = await Users.findOne({ where: { 'id': req.session.user_id } });
+        if (user === null) {
+            req.session.destroy();
+            res.redirect(302, '/').end();
+        }
        const uri = process.env.XSS_HOSTNAME + "/" + user.path;
        res.status(200).json({
            "success": true,
@ -413,21 +417,21 @@ async function set_up_api_server(app) {
        type: 'object',
        properties: {
            page: {
-                type: 'string',
+                type: "Integer",
                required: false,
-                default: '0',
-                pattern: '[0-9]+',
+                minimum: 1,
+                default: 1,
            },
            limit: {
-                type: 'string',
+                type: "Integer",
                required: false,
-                default: '10',
-                pattern: '[0-9]+',
+                minimum: 1,
+                default: 10,
            },
        }
    }
    app.get(constants.API_BASE_PATH + 'payloadfires', validate({ query: ListPayloadFiresSchema }), async (req, res) => {
-    	const page = (parseInt(req.query.page) - 1);
+        const page = (parseInt(req.query.page) - 1);
    	const limit = parseInt(req.query.limit);
    	const offset = (page * limit);
    	const payload_fires = await PayloadFireResults.findAndCountAll({
@ -469,7 +473,6 @@ async function set_up_api_server(app) {
            }
            return_payloads.push(new_payload);
        }
-        console.log(JSON.stringify(return_payloads));
        res.status(200).json({
            'success': true,
            'result': {
--- a/database.js
+++ b/database.js
@ -6,9 +6,9 @@ const get_hashed_password = require('./utils.js').get_hashed_password;
 const constants = require('./constants.js');

 const sequelize = new Sequelize(
-	process.env.DATABASE_NAME,
-	process.env.DATABASE_USER,
-	process.env.DATABASE_PASSWORD,
+	process.env.POSTGRES_DB,
+	process.env.POSTGRES_USER,
+	process.env.POSTGRES_PASSWORD,
 	{
 		host: process.env.DATABASE_HOST,
 		dialect: 'postgres',
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -16,13 +16,13 @@ services:
  postgresdb:
    image: postgres
    restart: always
-    user: postgres
+    env_file:
+      - dev.env
    environment:
      PGDATA: /var/lib/postgresql/data/pgdata
-      POSTGRES_PASSWORD: postgres
      POSTGRES_HOST_AUTH_METHOD: trust
    healthcheck:
-      test: ["CMD-SHELL", "pg_isready"]
+      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER"]
      interval: 3s
      timeout: 5s
      retries: 5