From a3ed3a4f76919cd8932f041d2bbaa8f87d0100c6 Mon Sep 17 00:00:00 2001
From: Juansecu <juansecoder@hotmail.com>
Date: Sun, 25 Feb 2024 01:28:57 -0500
Subject: [PATCH] FIX - Add check to public address of the application when
 checking if the client is GitHub

---
 src/environment-variables.checker.ts                     | 7 +++++++
 .../check-whether-client-is-github.middleware.ts         | 9 +++++++--
 src/middlewares/logger.middleware.ts                     | 3 ++-
 src/utils/get-host-address.util.ts                       | 2 +-
 4 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/environment-variables.checker.ts b/src/environment-variables.checker.ts
index bf26f8d..7baa39e 100644
--- a/src/environment-variables.checker.ts
+++ b/src/environment-variables.checker.ts
@@ -2,7 +2,9 @@ import { shouldUseHttps } from './utils/get-protocol.util';
 
 export function environmentVariablesChecker(): void {
   if (process.env.PORT) checkPort();
+
   checkHttpsConfig();
+  checkPublicHostAddress();
 }
 
 function checkHttpsConfig(): void {
@@ -19,3 +21,8 @@ function checkPort(): void {
   if (isNaN(Number(process.env.PORT)))
     throw new Error('PORT environment variable must be a number');
 }
+
+function checkPublicHostAddress(): void {
+  if (!process.env.PUBLIC_HOST_ADDRESS)
+    throw new Error('PUBLIC_HOST_ADDRESS environment variable must be set');
+}
diff --git a/src/middlewares/check-whether-client-is-github.middleware.ts b/src/middlewares/check-whether-client-is-github.middleware.ts
index 354e7f2..06eec0e 100644
--- a/src/middlewares/check-whether-client-is-github.middleware.ts
+++ b/src/middlewares/check-whether-client-is-github.middleware.ts
@@ -3,6 +3,8 @@ import { Logger } from 'winston';
 
 import { ConsoleLogger } from '../loggers/console.logger';
 
+import { getHostAddress } from '../utils/get-host-address.util';
+
 export function checkIfClientIsGitHub(
   request: Request,
   response: Response,
@@ -17,7 +19,10 @@ export function checkIfClientIsGitHub(
   if (process.env.NODE_ENV === 'production') {
     consoleLogger.info(`Client host: ${request.get('host')}`);
 
-    if (request.get('host') !== 'api.github.com') {
+    if (
+      request.get('host') !== 'api.github.com' &&
+      request.get('host') !== getHostAddress()
+    ) {
       consoleLogger.error('Client is not GitHub');
       response.status(403).send('Forbidden');
       return;
@@ -36,7 +41,7 @@ export function checkIfClientIsGitHub(
     return;
   }
 
-  consoleLogger.verbose('Client is GitHub');
+  consoleLogger.info('Client is GitHub');
 
   next();
 }
diff --git a/src/middlewares/logger.middleware.ts b/src/middlewares/logger.middleware.ts
index c3de467..b50c1eb 100644
--- a/src/middlewares/logger.middleware.ts
+++ b/src/middlewares/logger.middleware.ts
@@ -1,5 +1,6 @@
 import { NextFunction, Request, Response } from 'express';
 import { Logger } from 'winston';
+
 import { ConsoleLogger } from '../loggers/console.logger';
 
 export function logger(
@@ -9,7 +10,7 @@ export function logger(
 ): void {
   const consoleLogger: Logger = ConsoleLogger.getLogger(logger.name);
 
-  consoleLogger.verbose(
+  consoleLogger.info(
     `Request received: ${request.method} ${request.originalUrl} from ${request.ip}`
   );
 
diff --git a/src/utils/get-host-address.util.ts b/src/utils/get-host-address.util.ts
index 413f3dd..ae0c4ec 100644
--- a/src/utils/get-host-address.util.ts
+++ b/src/utils/get-host-address.util.ts
@@ -1,3 +1,3 @@
 export function getHostAddress(): string {
-  return process.env.PUBLIC_HOST_ADDRESS ?? 'localhost';
+  return process.env.PUBLIC_HOST_ADDRESS!;
 }