Release build updates

.dockerignore

@@ -0,0 +1,2 @@
+.gitignore
+.env

Dockerfile

@@ -20,11 +20,11 @@ RUN npm install
 # RUN npm ci --only=production
 
 # Bundle app source
-ADD src ./
+ADD dist ./
 COPY config ./config/
 
-# Make port 8080 available to the world outside this container
-EXPOSE 8080
+# Make port 3000 available to the world outside this container
+EXPOSE 3000
 
 CMD [ "node", "index.js" ]
 

docker-compose.yml

@@ -0,0 +1,49 @@
+services:
+  mongodb:
+    image: mongo
+    container_name: mongodb
+    restart: unless-stopped
+    env_file: .env
+      MONGO_INITDB_ROOT_USERNAME: $MONGO_USERNAME
+      MONGO_INITDB_ROOT_PASSWORD: $MONGO_PASSWORD
+    ports:
+      - "27017:27017"
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: iwa
+      MONGO_INITDB_ROOT_PASSWORD: iwa
+    volumes:
+      - db:/data/db
+    networks:
+      - iwa-api_net
+
+  nodejs:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: nodejs
+    container_name: nodejs
+    restart: unless-stopped
+    env_file: .env
+    environment:
+      - MONGO_USERNAME=$MONGO_USERNAME
+      - MONGO_PASSWORD=$MONGO_PASSWORD
+      - MONGO_HOSTNAME=mongodb
+      - MONGO_PORT=$MONGO_PORT
+      - MONGO_DB=$MONGO_DB
+    ports:
+      - "3000:3000"
+    volumes:
+      - dist:/home/node/app
+      - node_modules:/home/node/app/node_modules
+    networks:
+      - iwa-api_net
+    command: ./wait-for.sh db:27017 -- NODE_ENV=production && cd /home/node/app/ && node dist/index.js
+
+networks:
+  iwa-api_net:
+    driver: bridge
+
+volumes:
+  db:
+  dist:
+  node_modules:

package.json

@@ -1,7 +1,7 @@
 {
-  "name": "express-api",
+  "name": "iwa-api",
   "version": "1.0.0",
-  "description": "IWA-ExpressAPI is An insecure Node/Express REST API for use in Fortify demonstrations",
+  "description": "IWA-API is an insecure Node/Express REST API for use in Fortify demonstrations",
   "main": "index.ys",
   "scripts": {
     "build": "NODE_ENV=production && npx tsc",

src/middleware/authorization.handler.ts

@@ -58,17 +58,13 @@ export class AuthorizationHandler {
     */
 
     public static requirePermission(permissions: string | string[]) {
-        try {
             const jwtAuth = jwtAuthz([permissions], {
                 customScopeKey: "permissions",
                 customUserKey: "auth",
                 checkAllScopes: true,
                 failWithError: false // should be true and catch with custom error handler
             });
             return jwtAuth;
-        } catch (error: any) {
-            unauthorised(error.message, res);
-        }
     };
 
     public static requireAccessToken(req: Request, res: Response, next: NextFunction) {
@@ -99,7 +95,7 @@ export class AuthorizationHandler {
             }
 
             next();
-        } catch (error) {
+        } catch (error: any) {
             unauthorised(error.message, res);
         }
     };

wait-for.sh

@@ -0,0 +1,81 @@
+#!/bin/sh
+
+# original script: https://github.com/eficode/wait-for/blob/master/wait-for
+
+TIMEOUT=15
+QUIET=0
+
+echoerr() {
+  if [ "$QUIET" -ne 1 ]; then printf "%s\n" "$*" 1>&2; fi
+}
+
+usage() {
+  exitcode="$1"
+  cat << USAGE >&2
+Usage:
+  $cmdname host:port [-t timeout] [-- command args]
+  -q | --quiet                        Do not output any status messages
+  -t TIMEOUT | --timeout=timeout      Timeout in seconds, zero for no timeout
+  -- COMMAND ARGS                     Execute command with args after the test finishes
+USAGE
+  exit "$exitcode"
+}
+
+wait_for() {
+  for i in `seq $TIMEOUT` ; do
+    nc -z "$HOST" "$PORT" > /dev/null 2>&1
+
+    result=$?
+    if [ $result -eq 0 ] ; then
+      if [ $# -gt 0 ] ; then
+        exec "$@"
+      fi
+      exit 0
+    fi
+    sleep 1
+  done
+  echo "Operation timed out" >&2
+  exit 1
+}
+
+while [ $# -gt 0 ]
+do
+  case "$1" in
+    *:* )
+    HOST=$(printf "%s\n" "$1"| cut -d : -f 1)
+    PORT=$(printf "%s\n" "$1"| cut -d : -f 2)
+    shift 1
+    ;;
+    -q | --quiet)
+    QUIET=1
+    shift 1
+    ;;
+    -t)
+    TIMEOUT="$2"
+    if [ "$TIMEOUT" = "" ]; then break; fi
+    shift 2
+    ;;
+    --timeout=*)
+    TIMEOUT="${1#*=}"
+    shift 1
+    ;;
+    --)
+    shift
+    break
+    ;;
+    --help)
+    usage 0
+    ;;
+    *)
+    echoerr "Unknown argument: $1"
+    usage 1
+    ;;
+  esac
+done
+
+if [ "$HOST" = "" -o "$PORT" = "" ]; then
+  echoerr "Error: you need to provide a host and port to test."
+  usage 2
+fi
+
+wait_for "$@"