Merge pull request #383 from sasjs/npm_update_20250919

Npm update 20250919
2025-12-10 19:34:34 +00:00 · 2025-09-25 17:53:46 +01:00
parent d47cf15cdb e51b20421a
commit 584ffe9e0e
12 changed files with 11188 additions and 23474 deletions
--- a/api/package-lock.json
+++ b/api/package-lock.json
--- a/api/package.json
+++ b/api/package.json
@@ -49,24 +49,24 @@
  "author": "4GL Ltd",
  "dependencies": {
    "@sasjs/core": "^4.40.1",
-    "@sasjs/utils": "3.2.0",
+    "@sasjs/utils": "^3.5.2",
    "bcryptjs": "^2.4.3",
-    "connect-mongo": "^4.6.0",
+    "connect-mongo": "^5.1.0",
-    "cookie-parser": "^1.4.6",
+    "cookie-parser": "^1.4.7",
    "cors": "^2.8.5",
-    "express": "^4.17.1",
+    "express": "^4.21.2",
-    "express-session": "^1.17.2",
+    "express-session": "^1.18.2",
    "helmet": "^5.0.2",
    "joi": "^17.4.2",
-    "jsonwebtoken": "^8.5.1",
+    "jsonwebtoken": "^9.0.2",
    "ldapjs": "2.3.3",
-    "mongoose": "^6.0.12",
+    "mongoose": "^6.13.8",
-    "morgan": "^1.10.0",
+    "morgan": "^1.10.1",
    "multer": "^1.4.5-lts.1",
    "rate-limiter-flexible": "2.4.1",
    "rotating-file-stream": "^3.0.4",
    "swagger-ui-express": "4.3.0",
-    "unzipper": "^0.10.11",
+    "unzipper": "^0.12.3",
    "url": "^0.10.3"
  },
  "devDependencies": {
@@ -76,32 +76,32 @@
    "@types/cors": "^2.8.12",
    "@types/express": "^4.17.12",
    "@types/express-session": "^1.17.4",
-    "@types/jest": "^26.0.24",
+    "@types/jest": "^29.5.0",
    "@types/jsonwebtoken": "^8.5.5",
    "@types/ldapjs": "^2.2.4",
    "@types/morgan": "^1.9.3",
    "@types/multer": "^1.4.7",
-    "@types/node": "^15.12.2",
+    "@types/node": "^20.0.0",
    "@types/supertest": "^2.0.11",
    "@types/swagger-ui-express": "^4.1.3",
    "@types/unzipper": "^0.10.5",
    "adm-zip": "^0.5.9",
-    "axios": "0.27.2",
+    "axios": "^1.12.2",
    "csrf": "^3.1.0",
    "dotenv": "^16.0.1",
    "http-headers-validation": "^0.0.1",
-    "jest": "^27.0.6",
+    "jest": "^29.7.0",
    "mongodb-memory-server": "8.11.4",
    "nodejs-file-downloader": "4.10.2",
-    "nodemon": "^2.0.7",
+    "nodemon": "^3.0.0",
    "pkg": "5.6.0",
-    "prettier": "^2.3.1",
+    "prettier": "^3.0.0",
    "rimraf": "^3.0.2",
    "supertest": "^6.1.3",
-    "ts-jest": "^27.0.3",
+    "ts-jest": "^29.1.0",
    "ts-node": "^10.0.0",
    "tsoa": "3.14.1",
-    "typescript": "^4.3.2"
+    "typescript": "^5.0.0"
  },
  "nodemonConfig": {
    "ignore": [
--- a/api/src/controllers/auth.ts
+++ b/api/src/controllers/auth.ts
@@ -234,9 +234,10 @@ const verifyAuthCode = async (
    jwt.verify(code, process.secrets.AUTH_CODE_SECRET, (err, data) => {
      if (err) return resolve(undefined)
      const payload = data as InfoJWT
      const clientInfo: InfoJWT = {
-        clientId: data?.clientId,
+        clientId: payload?.clientId,
-        userId: data?.userId
+        userId: payload?.userId
      }
      if (clientInfo.clientId === clientId) {
        return resolve(clientInfo)
--- a/api/src/controllers/web.ts
+++ b/api/src/controllers/web.ts
@@ -106,7 +106,10 @@ const login = async (
  const rateLimiter = RateLimiter.getInstance()
  if (!validPass) {
-    const retrySecs = await rateLimiter.consume(req.ip, user?.username)
+    const retrySecs = await rateLimiter.consume(
      req.ip || 'unknown',
      user?.username
    )
    if (retrySecs > 0) throw errors.tooManyRequests(retrySecs)
  }
@@ -114,7 +117,7 @@ const login = async (
  if (!validPass) throw errors.invalidPassword
  // Reset on successful authorization
-  rateLimiter.resetOnSuccess(req.ip, user.username)
+  rateLimiter.resetOnSuccess(req.ip || 'unknown', user.username)
  req.session.loggedIn = true
  req.session.user = {
--- a/api/src/middlewares/authenticateToken.ts
+++ b/api/src/middlewares/authenticateToken.ts
@@ -37,10 +37,10 @@ export const authenticateAccessToken: RequestHandler = async (
        if (user.isActive) {
          req.user = user
          return csrfProtection(req, res, nextFunction)
-        } else return res.sendStatus(401)
+        } else return res.status(401).send('Unauthorized')
      }
    }
-    return res.sendStatus(401)
+    return res.status(401).send('Unauthorized')
  }
  await authenticateToken(
@@ -118,6 +118,6 @@ const authenticateToken = async (
      return next()
    }
-    res.sendStatus(401)
+    res.status(401).send('Unauthorized')
  }
 }
--- a/api/src/middlewares/bruteForceProtection.ts
+++ b/api/src/middlewares/bruteForceProtection.ts
@@ -3,7 +3,7 @@ import { convertSecondsToHms } from '@sasjs/utils'
 import { RateLimiter } from '../utils'
 export const bruteForceProtection: RequestHandler = async (req, res, next) => {
-  const ip = req.ip
+  const ip = req.ip || 'unknown'
  const username = req.body.username
  const rateLimiter = RateLimiter.getInstance()
--- a/api/src/model/Group.ts
+++ b/api/src/model/Group.ts
@@ -76,7 +76,7 @@ groupSchema.post('save', function (group: IGroup, next: Function) {
 })
 // pre remove hook to remove all references of group from users
-groupSchema.pre('remove', async function () {
+groupSchema.pre('remove', async function (this: IGroupDocument) {
  const userIds = this.users
  await Promise.all(
    userIds.map(async (userId) => {
--- a/api/src/routes/api/spec/web.spec.ts
+++ b/api/src/routes/api/spec/web.spec.ts
@@ -277,7 +277,10 @@ const performLogin = async (
    .set('x-xsrf-token', csrfToken)
    .send(credentials)
-  return { authCookies: header['set-cookie'].join() }
+  return {
    authCookies:
      (header['set-cookie'] as unknown as string[] | undefined)?.join() || ''
  }
 }
 const extractCSRF = (text: string) =>
--- a/api/src/utils/getTokensFromDB.ts
+++ b/api/src/utils/getTokensFromDB.ts
@@ -1,5 +1,6 @@
 import jwt from 'jsonwebtoken'
 import User from '../model/User'
 import { InfoJWT } from '../types/InfoJWT'
 const isValidToken = async (
  token: string,
@@ -11,7 +12,8 @@ const isValidToken = async (
    jwt.verify(token, key, (err, decoded) => {
      if (err) return reject(false)
-      if (decoded?.userId === userId && decoded?.clientId === clientId) {
+      const payload = decoded as InfoJWT
      if (payload?.userId === userId && payload?.clientId === clientId) {
        return resolve(true)
      }
--- a/package-lock.json
+++ b/package-lock.json
--- a/web/package-lock.json
+++ b/web/package-lock.json
--- a/web/package.json
+++ b/web/package.json
@@ -19,9 +19,8 @@
    "@types/jest": "^26.0.24",
    "@types/node": "^12.20.28",
    "@types/react": "^17.0.27",
-    "axios": "^0.24.0",
+    "axios": "^1.12.2",
    "monaco-editor": "^0.33.0",
    "monaco-editor-webpack-plugin": "^7.0.1",
    "react": "^17.0.2",
    "react-copy-to-clipboard": "^5.1.0",
    "react-dom": "^17.0.2",
@@ -54,6 +53,7 @@
    "eslint-webpack-plugin": "^3.1.1",
    "file-loader": "^6.2.0",
    "html-webpack-plugin": "5.5.0",
    "monaco-editor-webpack-plugin": "^7.0.1",
    "path": "0.12.7",
    "prettier": "^2.4.1",
    "sass": "^1.44.0",