Fixing security issues

src/configs/app.config.ts

@@ -39,7 +39,6 @@ class AppConfig {
     public app: express.Application;
 
     public apiVersion: string = config.get('App.apiConfig.version') || 'v1';
-    public privateKey: string = '-----BEGIN RSA PRIVATE KEY-----\r\nMIICXAIBAAKBgQDNwqLEe9wgTXCbC7+RPdDbBbeqjdbs4kOPOIGzqLpXvJXlxxW8iMz0EaM4BKUqYsIa+ndv3NAn2RxCd5ubVdJJcX43zO6Ko0TFEZx/65gY3BE0O6syCEmUP4qbSd6exou/F+WTISzbQ5FBVPVmhnYhG/kpwt/cIxK5iUn5hm+4tQIDAQABAoGBAI+8xiPoOrA+KMnG/T4jJsG6TsHQcDHvJi7o1IKC/hnIXha0atTX5AUkRRce95qSfvKFweXdJXSQ0JMGJyfuXgU6dI0TcseFRfewXAa/ssxAC+iUVR6KUMh1PE2wXLitfeI6JLvVtrBYswm2I7CtY0q8n5AGimHWVXJPLfGV7m0BAkEA+fqFt2LXbLtyg6wZyxMA/cnmt5Nt3U2dAu77MzFJvibANUNHE4HPLZxjGNXN+a6m0K6TD4kDdh5HfUYLWWRBYQJBANK3carmulBwqzcDBjsJ0YrIONBpCAsXxk8idXb8jL9aNIg15Wumm2enqqObahDHB5jnGOLmbasizvSVqypfM9UCQCQl8xIqy+YgURXzXCN+kwUgHinrutZms87Jyi+D8Br8NY0+Nlf+zHvXAomD2W5CsEK7C+8SLBr3k/TsnRWHJuECQHFE9RA2OP8WoaLPuGCyFXaxzICThSRZYluVnWkZtxsBhW2W8z1b8PvWUE7kMy7TnkzeJS2LSnaNHoyxi7IaPQUCQCwWU4U+v4lD7uYBw00Ga/xt+7+UqFPlPVdz1yyr4q24Zxaw0LgmuEvgU5dycq8N7JxjTubX0MIRR+G9fmDBBl8=\r\n-----END RSA PRIVATE KEY-----'
     private dbHost: string = config.get('App.dbConfig.host') || 'localhost';
     private dbPort: number = config.get('App.dbConfig.port') || 27017;
     private dbName: string = config.get('App.dbConfig.database') || 'iwa';

src/controllers/site.controller.ts

@@ -76,7 +76,7 @@ export class SiteController {
         let userObj = <SubscribingUser>{};
 
         if (req.body.email !== null) {
-            userObj = jQuery.parseJSON(`
+            userObj = JSON.parse(`
                 {
                     "firstName": "${req.body.first_name}",
                     "lastname": "${req.body.last_name}",

src/index.ts

@@ -33,13 +33,13 @@ const appName: string = config.get('App.name') || "IWA-Express";
 const appPort: number = config.get('App.port') || 8000;
 const apiUrl: string = config.get('App.apiConfig.url') || "http://localhost:3000/api-docs/";
 
-/*app.listen(appPort, () => {
+app.listen(appPort, () => {
     Logger.debug(`Running in directory: ${global.__basedir}`);
     Logger.info(`${appName} API is online at ${apiUrl}`);
-});*/
+});
 
-http.createServer(app).listen(appPort, () => {
+/*http.createServer(app).listen(appPort, () => {
     Logger.debug(`Running in directory: ${global.__basedir}`);
     Logger.info(`${appName} is online at ${apiUrl}`);
-});
+});*/
 

src/utils/encrypt.utils.ts

@@ -31,16 +31,16 @@ export abstract class EncryptUtils {
         var cipher = crypto.createCipher(this.algorithm, this.encryptionKey);
         var mystr = cipher.update(password, 'utf8', 'hex');
         mystr += cipher.final('hex');
-        process.stdout.write("Encrypted password:" + mystr);
+        //process.stdout.write("Encrypted password:" + mystr);
         return mystr;
     }
 
     public static decryptPassword(hashPassword: String): String {
-        process.stdout.write("Decrypting password: " + hashPassword);
+        //process.stdout.write("Decrypting password: " + hashPassword);
         var cipher = crypto.createDecipher(this.algorithm, this.encryptionKey);
         var mystr = cipher.update(hashPassword, 'hex', 'utf8');
         mystr += cipher.final('utf8');
-        process.stdout.write("Decrypted password:" + mystr);
+        //process.stdout.write("Decrypted password:" + mystr);
         return mystr;
     }
 
@@ -49,7 +49,7 @@ export abstract class EncryptUtils {
         var cipher = crypto.createDecipher(this.algorithm, this.encryptionKey);
         var mystr = cipher.update(hashPassword, 'hex', 'utf8');
         mystr += cipher.final('utf8');
-        process.stdout.write("Comparing passwords: " + mystr + " = " + password);
+        //process.stdout.write("Comparing passwords: " + mystr + " = " + password);
         return (password == mystr);
     }