Skip to content

Commit

Permalink
WIP. Migration ES6: DAOs
Browse files Browse the repository at this point in the history 
Related OWASP#152
  • Loading branch information
@UlisesGascon
UlisesGascon committed Jan 26, 2020
1 parent a8ddafd commit cad7959
Show file tree
Hide file tree
Showing 7 changed files with 71 additions and 97 deletions.
4 changes: 2 additions & 2 deletions app/data/allocations-dao.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ const AllocationsDAO = function(db){
userId: parsedUserId
}, allocations, {
upsert: true
}, (err, result) => {
}, err => {

if (!err) {

Expand Down Expand Up @@ -90,7 +90,7 @@ const AllocationsDAO = function(db){
let doneCounter = 0;
const userAllocations = [];

allocations.forEach( (alloc) => {
allocations.forEach( alloc => {
userDAO.getUserById(alloc.userId, (err, user) => {
if (err) return callback(err, null);

Expand Down
14 changes: 6 additions & 8 deletions app/data/benefits-dao.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,27 +10,25 @@ function BenefitsDAO(db) {
return new BenefitsDAO(db);
}

var usersCol = db.collection("users");
const usersCol = db.collection("users");

this.getAllNonAdminUsers = function(callback) {
this.getAllNonAdminUsers = callback => {
usersCol.find({
"isAdmin": {
$ne: true
}
}).toArray(function(err, users) {
callback(null, users);
});
}).toArray((err, users) => callback(null, users));
};

this.updateBenefits = function(userId, startDate, callback) {
this.updateBenefits = (userId, startDate, callback) => {
usersCol.update({
_id: parseInt(userId)
}, {
$set: {
benefitStartDate: startDate
}
},
function(err, result) {
(err, result) => {
if (!err) {
console.log("Updated benefits");
return callback(null, result);
Expand All @@ -42,4 +40,4 @@ function BenefitsDAO(db) {
};
}

module.exports.BenefitsDAO = BenefitsDAO;
module.exports = { BenefitsDAO };
27 changes: 13 additions & 14 deletions app/data/contributions-dao.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
var UserDAO = require("./user-dao").UserDAO;
const UserDAO = require("./user-dao").UserDAO;

/* The ContributionsDAO must be constructed with a connected database object */
function ContributionsDAO(db) {
Expand All @@ -11,31 +11,31 @@ function ContributionsDAO(db) {
return new ContributionsDAO(db);
}

var contributionsDB = db.collection("contributions");
var userDAO = new UserDAO(db);
const contributionsDB = db.collection("contributions");
const userDAO = new UserDAO(db);

this.update = function(userId, preTax, afterTax, roth, callback) {
var parsedUserId = parseInt(userId);
this.update = (userId, preTax, afterTax, roth, callback) => {
const parsedUserId = parseInt(userId);

// Create contributions document
var contributions = {
const contributions = {
userId: parsedUserId,
preTax: preTax,
afterTax: afterTax,
roth: roth
};

contributionsDB.update({
userId: userId
userId
},
contributions, {
upsert: true
},
function(err, result) {
err => {
if (!err) {
console.log("Updated contributions");
// add user details
userDAO.getUserById(parsedUserId, function(err, user) {
userDAO.getUserById(parsedUserId, (err, user) => {

if (err) return callback(err, null);

Expand All @@ -53,11 +53,11 @@ function ContributionsDAO(db) {
);
};

this.getByUserId = function(userId, callback) {
this.getByUserId = (userId, callback) => {
contributionsDB.findOne({
userId: userId
},
function(err, contributions) {
(err, contributions) => {
if (err) return callback(err, null);

// Set defualt contributions if not set
Expand All @@ -68,10 +68,9 @@ function ContributionsDAO(db) {
};

// add user details
userDAO.getUserById(userId, function(err, user) {
userDAO.getUserById(userId, (err, user) => {

if (err) return callback(err, null);

contributions.userName = user.userName;
contributions.firstName = user.firstName;
contributions.lastName = user.lastName;
Expand All @@ -84,4 +83,4 @@ function ContributionsDAO(db) {
};
}

module.exports.ContributionsDAO = ContributionsDAO;
module.exports = { ContributionsDAO };
25 changes: 8 additions & 17 deletions app/data/memos-dao.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,39 +10,30 @@ function MemosDAO(db) {
return new MemosDAO(db);
}

var memosCol = db.collection("memos");
const memosCol = db.collection("memos");

this.insert = function(memo, callback) {
this.insert = (memo, callback) => {

// Create allocations document
var memos = {
memo: memo,
const memos = {
memo,
timestamp: new Date()
};

memosCol.insert(memos, function(err, result) {

if (!err) {
return callback(null, result);
}

return callback(err, null);
});
memosCol.insert(memos, (err, result) => !err ? callback(null, result) : callback(err, null));
};

this.getAllMemos = function(callback) {
this.getAllMemos = (callback) => {

memosCol.find({}).sort({
timestamp: -1
}).toArray(function(err, memos) {
}).toArray((err, memos) => {
if (err) return callback(err, null);
if (!memos) return callback("ERROR: No memos found", null);

callback(null, memos);

});
};

}

module.exports.MemosDAO = MemosDAO;
module.exports = { MemosDAO };
32 changes: 16 additions & 16 deletions app/data/profile-dao.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,36 +10,36 @@ function ProfileDAO(db) {
return new ProfileDAO(db);
}

var users = db.collection("users");
const users = db.collection("users");

/* Fix for A6 - Sensitive Data Exposure
// Use crypto module to save sensitive data such as ssn, dob in encrypted format
var crypto = require("crypto");
var config = require("../../config/config");
const crypto = require("crypto");
const config = require("../../config/config");
/// Helper method create initialization vector
// By default the initialization vector is not secure enough, so we create our own
var createIV = function() {
const createIV = () => {
// create a random salt for the PBKDF2 function - 16 bytes is the minimum length according to NIST
var salt = crypto.randomBytes(16);
const salt = crypto.randomBytes(16);
return crypto.pbkdf2Sync(config.cryptoKey, salt, 100000, 512, "sha512");
};
// Helper methods to encryt / decrypt
var encrypt = function(toEncrypt) {
const encrypt = (toEncrypt) => {
config.iv = createIV();
var cipher = crypto.createCipheriv(config.cryptoAlgo, config.cryptoKey, config.iv);
return cipher.update(toEncrypt, "utf8", "hex") + cipher.final("hex");
const cipher = crypto.createCipheriv(config.cryptoAlgo, config.cryptoKey, config.iv);
return `${cipher.update(toEncrypt, "utf8", "hex")} ${cipher.final("hex")}`;
};
var decrypt = function(toDecrypt) {
var decipher = crypto.createDecipheriv(config.cryptoAlgo, config.cryptoKey, config.iv);
return decipher.update(toDecrypt, "hex", "utf8") + decipher.final("utf8");
const decrypt = (toDecrypt) => {
const decipher = crypto.createDecipheriv(config.cryptoAlgo, config.cryptoKey, config.iv);
return `${decipher.update(toDecrypt, "hex", "utf8")} ${decipher.final("utf8")}`;
};
*/

this.updateUser = function(userId, firstName, lastName, ssn, dob, address, bankAcc, bankRouting, callback) {
this.updateUser = (userId, firstName, lastName, ssn, dob, address, bankAcc, bankRouting, callback) => {

// Create user document
var user = {};
Expand Down Expand Up @@ -80,7 +80,7 @@ function ProfileDAO(db) {
}, {
$set: user
},
function(err, result) {
err => {
if (!err) {
console.log("Updated user profile");
return callback(null, user);
Expand All @@ -91,11 +91,11 @@ function ProfileDAO(db) {
);
};

this.getByUserId = function(userId, callback) {
this.getByUserId = (userId, callback) => {
users.findOne({
_id: parseInt(userId)
},
function(err, user) {
(err, user) => {
if (err) return callback(err, null);
/*
// Fix for A6 - Sensitive Data Exposure
Expand All @@ -110,4 +110,4 @@ function ProfileDAO(db) {
};
}

module.exports.ProfileDAO = ProfileDAO;
module.exports = { ProfileDAO };
6 changes: 3 additions & 3 deletions app/data/research-dao.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ function ResearchDAO(db) {
return new ResearchDAO(db);
}

this.getBySymbol= function(symbol, callback) {
this.getBySymbol = (symbol, callback) => {

function searchCriteria() {
const searchCriteria = () => {

if (symbol) {
console.log("in if symbol");
Expand All @@ -24,4 +24,4 @@ function ResearchDAO(db) {
}
}

module.exports.ResearchDAO = ResearchDAO;
module.exports = { ResearchDAO };
Loading

0 comments on commit cad7959

Please sign in to comment.