FIX - Add check to public address of the application when checking if…

… the client is GitHub
Juansecu · Feb 25, 2024 · a3ed3a4 · a3ed3a4
1 parent ed25533
commit a3ed3a4
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 4 deletions.
diff --git a/src/environment-variables.checker.ts b/src/environment-variables.checker.ts
@@ -2,7 +2,9 @@ import { shouldUseHttps } from './utils/get-protocol.util';
 
 export function environmentVariablesChecker(): void {
   if (process.env.PORT) checkPort();
+
   checkHttpsConfig();
+  checkPublicHostAddress();
 }
 
 function checkHttpsConfig(): void {
@@ -19,3 +21,8 @@ function checkPort(): void {
   if (isNaN(Number(process.env.PORT)))
     throw new Error('PORT environment variable must be a number');
 }
+
+function checkPublicHostAddress(): void {
+  if (!process.env.PUBLIC_HOST_ADDRESS)
+    throw new Error('PUBLIC_HOST_ADDRESS environment variable must be set');
+}
diff --git a/src/middlewares/check-whether-client-is-github.middleware.ts b/src/middlewares/check-whether-client-is-github.middleware.ts
@@ -3,6 +3,8 @@ import { Logger } from 'winston';
 
 import { ConsoleLogger } from '../loggers/console.logger';
 
+import { getHostAddress } from '../utils/get-host-address.util';
+
 export function checkIfClientIsGitHub(
   request: Request,
   response: Response,
@@ -17,7 +19,10 @@ export function checkIfClientIsGitHub(
   if (process.env.NODE_ENV === 'production') {
     consoleLogger.info(`Client host: ${request.get('host')}`);
 
-    if (request.get('host') !== 'api.github.com') {
+    if (
+      request.get('host') !== 'api.github.com' &&
+      request.get('host') !== getHostAddress()
+    ) {
       consoleLogger.error('Client is not GitHub');
       response.status(403).send('Forbidden');
       return;
@@ -36,7 +41,7 @@ export function checkIfClientIsGitHub(
     return;
   }
 
-  consoleLogger.verbose('Client is GitHub');
+  consoleLogger.info('Client is GitHub');
 
   next();
 }
diff --git a/src/middlewares/logger.middleware.ts b/src/middlewares/logger.middleware.ts
@@ -1,5 +1,6 @@
 import { NextFunction, Request, Response } from 'express';
 import { Logger } from 'winston';
+
 import { ConsoleLogger } from '../loggers/console.logger';
 
 export function logger(
@@ -9,7 +10,7 @@ export function logger(
 ): void {
   const consoleLogger: Logger = ConsoleLogger.getLogger(logger.name);
 
-  consoleLogger.verbose(
+  consoleLogger.info(
     `Request received: ${request.method} ${request.originalUrl} from ${request.ip}`
   );
 

diff --git a/src/utils/get-host-address.util.ts b/src/utils/get-host-address.util.ts
@@ -1,3 +1,3 @@
 export function getHostAddress(): string {
-  return process.env.PUBLIC_HOST_ADDRESS ?? 'localhost';
+  return process.env.PUBLIC_HOST_ADDRESS!;
 }