diff --git a/api/amendedJurisdictions/index.spec.ts b/api/amendedJurisdictions/index.spec.ts index af2875f027..852377b52f 100644 --- a/api/amendedJurisdictions/index.spec.ts +++ b/api/amendedJurisdictions/index.spec.ts @@ -4,16 +4,13 @@ import 'mocha' import * as sinon from 'sinon' import * as sinonChai from 'sinon-chai' import { mockReq, mockRes } from 'sinon-express-mock' +import { getConfigValue } from '../configuration' +import { SERVICES_CCD_COMPONENT_API_PATH } from '../configuration/references' +import { http } from '../lib/http' +import * as amendedJurisdictions from './index' chai.use(sinonChai) -import {getConfigValue} from '../configuration' -import { - SERVICES_CCD_COMPONENT_API_PATH, -} from '../configuration/references' -import {http} from '../lib/http' -import * as amendedJurisdictions from './index' - describe('Amended Jurisdiction', () => { let next diff --git a/api/documents/DMStore.spec.ts b/api/documents/DMStore.spec.ts index 79d1dace7f..23224fd80d 100644 --- a/api/documents/DMStore.spec.ts +++ b/api/documents/DMStore.spec.ts @@ -1,19 +1,17 @@ import * as chai from 'chai' -import {expect} from 'chai' -import {Fields, File, Files} from 'formidable' +import { expect } from 'chai' +import { Fields, File, Files } from 'formidable' import 'mocha' import * as sinon from 'sinon' import * as sinonChai from 'sinon-chai' -import {getConfigValue} from '../configuration' -import { - SERVICES_DOCUMENTS_API_PATH, -} from '../configuration/references' +import { getConfigValue } from '../configuration' +import { SERVICES_DOCUMENTS_API_PATH } from '../configuration/references' +import { http } from '../lib/http' +import { EnhancedRequest } from '../lib/models' +import * as DMStore from './DMStore' chai.use(sinonChai) -import {http} from '../lib/http' -import * as DMStore from './DMStore' - describe('DMStore', () => { const res = { data: 'okay', @@ -52,13 +50,13 @@ describe('DMStore', () => { it('Should make a http.get call based on the document Id', async () => { - await DMStore.getDocument(documentId) + await DMStore.getDocument(documentId, {} as EnhancedRequest) expect(spy).to.be.calledWith(`${url}/documents/${documentId}`) }) it('Should return the data property of the return of a http.get call', async () => { - expect(await DMStore.getDocument(documentId)).to.equal('okay') + expect(await DMStore.getDocument(documentId, {} as EnhancedRequest)).to.equal('okay') }) }) @@ -69,13 +67,13 @@ describe('DMStore', () => { it('Should make a http.get call based on the document Id', async () => { - await DMStore.getDocumentBinary(documentId) + await DMStore.getDocumentBinary(documentId, {} as EnhancedRequest) expect(spy).to.be.calledWith(`${url}/documents/${documentId}/binary`) }) it('Should return the data property of the return of the http.get call', async () => { - expect(await DMStore.getDocumentBinary(documentId)).to.equal('okay') + expect(await DMStore.getDocumentBinary(documentId, {} as EnhancedRequest)).to.equal('okay') }) }) @@ -96,12 +94,12 @@ describe('DMStore', () => { const files: Files = { file } it('Should make a http.post call', async () => { - await DMStore.postDocuments(fields, files) + await DMStore.postDocuments(fields, files, {} as EnhancedRequest) expect(spyPost).to.be.calledWith(`${url}/documents/`) }) it('Should return the data property of the return of the http.post call', async () => { - expect(await DMStore.postDocuments(fields, files)).to.equal('okay') + expect(await DMStore.postDocuments(fields, files, {} as EnhancedRequest)).to.equal('okay') }) }) diff --git a/api/documents/DMStore.ts b/api/documents/DMStore.ts index 0cb775dd8d..310e07869a 100644 --- a/api/documents/DMStore.ts +++ b/api/documents/DMStore.ts @@ -1,16 +1,15 @@ -import {AxiosResponse} from 'axios' +import { AxiosResponse } from 'axios' import * as FormData from 'form-data' -import {Fields, File, Files} from 'formidable' +import { Fields, File, Files } from 'formidable' import * as fs from 'fs' -import {getConfigValue} from '../configuration' -import { - SERVICES_DOCUMENTS_API_PATH, -} from '../configuration/references' +import { getConfigValue } from '../configuration' +import { SERVICES_DOCUMENTS_API_PATH } from '../configuration/references' import { http } from '../lib/http' import * as log4jui from '../lib/log4jui' -import {JUILogger} from "../lib/models" +import { EnhancedRequest, JUILogger } from "../lib/models" +import { setHeaders } from '../lib/proxy' import { asyncReturnOrError } from '../lib/util' -import {DMDocument, DMDocuments} from './document.interface' +import { DMDocument, DMDocuments } from './document.interface' const url: string = getConfigValue(SERVICES_DOCUMENTS_API_PATH) @@ -21,9 +20,10 @@ const logger: JUILogger = log4jui.getLogger('dm-store') * @param documentId * @returns Promise|null */ -export async function getDocument(documentId: string): Promise { +export async function getDocument(documentId: string, req: EnhancedRequest): Promise { + const headers = setHeaders(req) const response: AxiosResponse = await asyncReturnOrError( - http.get(`${url}/documents/${documentId}`), + http.get(`${url}/documents/${documentId}`, { headers }), `Error getting document ${documentId}`, null, logger, @@ -38,9 +38,10 @@ export async function getDocument(documentId: string): Promise { * @param documentId * @returns Promise */ -export async function getDocumentBinary(documentId: string): Promise { +export async function getDocumentBinary(documentId: string, req: EnhancedRequest): Promise { + const headers = setHeaders(req) const response: AxiosResponse = await asyncReturnOrError( - http.get(`${url}/documents/${documentId}/binary`, { responseType: 'stream' }), + http.get(`${url}/documents/${documentId}/binary`, { responseType: 'stream', headers }), `Error getting Binary for document ${documentId}`, null, logger, @@ -56,7 +57,7 @@ export async function getDocumentBinary(documentId: string): Promise { * @param files * @returns Promise */ -export async function postDocuments(fields: Fields, files: Files): Promise { +export async function postDocuments(fields: Fields, files: Files, req: EnhancedRequest): Promise { const formData: FormData = new FormData() @@ -69,11 +70,13 @@ export async function postDocuments(fields: Fields, files: Files): Promise = await asyncReturnOrError( http.post(`${url}/documents/`, formData, { - headers: formData.getHeaders(), + headers: { ...headers, ...formData.getHeaders() }, maxContentLength: 524300000, }), `Error posting documents`, diff --git a/api/documents/index.ts b/api/documents/index.ts index 1d16f0116b..958373621f 100644 --- a/api/documents/index.ts +++ b/api/documents/index.ts @@ -1,6 +1,6 @@ import * as express from 'express' import * as formidable from 'formidable' -import {EnhancedRequest} from '../lib/models' +import { EnhancedRequest } from '../lib/models' import * as DMStore from './DMStore' /** @@ -10,7 +10,7 @@ import * as DMStore from './DMStore' */ export async function getDocumentRoute(req: express.Request, res: express.Response) { const documentId = req.params.document_id - const document = await DMStore.getDocument(documentId) + const document = await DMStore.getDocument(documentId, req) if (document) { res.status(200).send(document) } else { @@ -24,7 +24,7 @@ export async function getDocumentRoute(req: express.Request, res: express.Respon * @param res */ export async function getDocumentBinaryRoute(req: express.Request, res: express.Response) { - const binary = await DMStore.getDocumentBinary(req.params.document_id) + const binary = await DMStore.getDocumentBinary(req.params.document_id, req) if (binary) { const headers = binary.headers @@ -49,7 +49,7 @@ export async function postDocuments(req: EnhancedRequest, res: express.Response) await form.parse(req, async (err, fields: formidable.Fields, files: formidable.Files) => { - const documents = await DMStore.postDocuments(fields, files) + const documents = await DMStore.postDocuments(fields, files, req) if (documents) { res.status(200).send(documents) diff --git a/api/emAnno/emAnnoService.spec.ts b/api/emAnno/emAnnoService.spec.ts index cd9c050407..8febae510a 100644 --- a/api/emAnno/emAnnoService.spec.ts +++ b/api/emAnno/emAnnoService.spec.ts @@ -47,7 +47,7 @@ describe('enAnnoService', () => { it('should make a get request', async () => { spy = sandbox.stub(http, 'get').resolves(res) const emAnnoPath = '/em-anno/12345' - const response = await handleGet(emAnnoPath) + const response = await handleGet(emAnnoPath, req) expect(response).to.equal('ok') }) }) @@ -56,7 +56,7 @@ describe('enAnnoService', () => { it('should make a post request', async () => { spy = sandbox.stub(http, 'post').resolves(res) const emAnnoPath = '/em-anno/12345' - const response = await handlePost(emAnnoPath, dummyAnnotation) + const response = await handlePost(emAnnoPath, dummyAnnotation, req) expect(response).to.equal('ok') }) }) @@ -65,7 +65,7 @@ describe('enAnnoService', () => { it('should make a put request', async () => { spy = sandbox.stub(http, 'put').resolves(res) const emAnnoPath = '/em-anno/12345' - const response = await handlePut(emAnnoPath, dummyAnnotation) + const response = await handlePut(emAnnoPath, dummyAnnotation, req) expect(response).to.equal('ok') }) }) @@ -74,7 +74,7 @@ describe('enAnnoService', () => { it('should make a delete request', async () => { spy = sandbox.stub(http, 'delete').resolves(res) const emAnnoPath = '/em-anno/12345' - const response = await handleDelete(emAnnoPath) + const response = await handleDelete(emAnnoPath, req) expect(response).to.equal('ok') }) }) diff --git a/api/emAnno/emAnnoService.ts b/api/emAnno/emAnnoService.ts index c83850f846..6d862ec105 100644 --- a/api/emAnno/emAnnoService.ts +++ b/api/emAnno/emAnnoService.ts @@ -1,6 +1,7 @@ -import {http} from '../lib/http' +import { http } from '../lib/http' import * as log4jui from '../lib/log4jui' -import {JUILogger} from '../lib/models' +import { EnhancedRequest, JUILogger } from '../lib/models' +import { setHeaders } from '../lib/proxy' import { Annotation, Annotations } from './models' const logger: JUILogger = log4jui.getLogger('em-anno-service') @@ -11,11 +12,12 @@ const logger: JUILogger = log4jui.getLogger('em-anno-service') * @param annotationsPath * @returns {Promise} */ -export async function handleGet(annotationsPath: string): Promise { +export async function handleGet(annotationsPath: string, req: EnhancedRequest): Promise { try { logger.info('getting annotations', annotationsPath) - const response: { data?: Annotations} = await http.get(annotationsPath) + const headers = setHeaders(req) + const response: { data?: Annotations} = await http.get(annotationsPath, { headers }) return response.data } catch (e) { logger.error(e.message) @@ -31,11 +33,12 @@ export async function handleGet(annotationsPath: string): Promise { * @param body * @returns {Promise} */ -export async function handlePost(annotationsPath: string, body: Annotation): Promise { +export async function handlePost(annotationsPath: string, body: Annotation, req: EnhancedRequest): Promise { try { logger.info('posting annotations', annotationsPath) - const response: { data?: Annotation} = await http.post(annotationsPath, body) + const headers = setHeaders(req) + const response: { data?: Annotation} = await http.post(annotationsPath, body, { headers }) return response.data } catch (e) { logger.error(e.message) @@ -51,11 +54,12 @@ export async function handlePost(annotationsPath: string, body: Annotation): Pro * @param body * @returns {Promise} */ -export async function handlePut(annotationsPath: string, body: Annotation): Promise { +export async function handlePut(annotationsPath: string, body: Annotation, req: EnhancedRequest): Promise { try { logger.info('putting annotations', annotationsPath) - const response: { data?: Annotation} = await http.put(annotationsPath, body) + const headers = setHeaders(req) + const response: { data?: Annotation} = await http.put(annotationsPath, body, { headers }) return response.data } catch (e) { logger.error(e.message) @@ -70,11 +74,12 @@ export async function handlePut(annotationsPath: string, body: Annotation): Prom * @param annotationsPath * @returns {Promise} */ -export async function handleDelete(annotationsPath: string): Promise { +export async function handleDelete(annotationsPath: string, req: EnhancedRequest): Promise { try { logger.info('deleting annotations', annotationsPath) - const response: { data?: Annotation} = await http.delete(annotationsPath) + const headers = setHeaders(req) + const response: { data?: Annotation} = await http.delete(annotationsPath, { headers }) return response.data } catch (e) { logger.error(e.message) diff --git a/api/emAnno/index.ts b/api/emAnno/index.ts index 9642139bf3..b61329d987 100644 --- a/api/emAnno/index.ts +++ b/api/emAnno/index.ts @@ -1,10 +1,8 @@ import * as express from 'express' -import {getConfigValue} from '../configuration' -import { - SERVICES_EM_ANNO_API_URL, -} from '../configuration/references' -import {EnhancedRequest} from '../lib/models' -import {handleDelete, handleGet, handlePost, handlePut} from './emAnnoService' +import { getConfigValue } from '../configuration' +import { SERVICES_EM_ANNO_API_URL } from '../configuration/references' +import { EnhancedRequest } from '../lib/models' +import { handleDelete, handleGet, handlePost, handlePut } from './emAnnoService' import { Annotation, Annotations } from './models' const url: string = getConfigValue(SERVICES_EM_ANNO_API_URL) @@ -17,7 +15,7 @@ export async function getAnnotations(req: EnhancedRequest, res: express.Response const annotationsPath: string = url + req.originalUrl.replace('/em-anno/', '/api/') try { - const jsonResponse: Annotations = await handleGet(annotationsPath) + const jsonResponse: Annotations = await handleGet(annotationsPath, req) res.status(200).send(jsonResponse) } catch (error) { res.status(error.status).send({ @@ -36,7 +34,7 @@ export async function postAnnotations(req: EnhancedRequest, res: express.Respons const body: Annotation = req.body try { - const jsonResponse: Annotation = await handlePost(annotationsPath, body) + const jsonResponse: Annotation = await handlePost(annotationsPath, body, req) res.status(200).send(jsonResponse) } catch (error) { res.status(error.status).send({ @@ -55,7 +53,7 @@ export async function putAnnotations(req: EnhancedRequest, res: express.Response const body: Annotation = req.body try { - const jsonResponse: Annotation = await handlePut(annotationsPath, body) + const jsonResponse: Annotation = await handlePut(annotationsPath, body, req) res.status(200).send(jsonResponse) } catch (error) { res.status(error.status).send({ @@ -73,7 +71,7 @@ export async function deleteAnnotations(req: EnhancedRequest, res: express.Respo const annotationsPath: string = url + req.originalUrl.replace('/em-anno/', '/api/') try { - const jsonResponse: Annotation = await handleDelete(annotationsPath) + const jsonResponse: Annotation = await handleDelete(annotationsPath, req) res.status(200).send(jsonResponse) } catch (error) { res.status(error.status).send({ diff --git a/api/lib/middleware/auth.ts b/api/lib/middleware/auth.ts index 8b27e92150..fe2d466c1a 100644 --- a/api/lib/middleware/auth.ts +++ b/api/lib/middleware/auth.ts @@ -1,12 +1,12 @@ -import axios from 'axios' +/** + * Note that authorization headers have been moved from this file to proxy.ts + * to achieve better security. + */ + import * as jwtDecode from 'jwt-decode' import * as auth from '../../auth' -import {getConfigValue} from '../../configuration' -import { - COOKIES_TOKEN, - COOKIES_USER_ID, - SERVICES_IDAM_API_URL, -} from '../../configuration/references' +import { getConfigValue } from '../../configuration' +import { COOKIES_TOKEN, COOKIES_USER_ID, SERVICES_IDAM_API_URL } from '../../configuration/references' import * as log4jui from '../../lib/log4jui' import { getDetails } from '../../services/idam' import { asyncReturnOrError } from '../util' @@ -65,8 +65,13 @@ export default async (req, res, next) => { req.auth.token = jwt req.auth.userId = userId - axios.defaults.headers.common.Authorization = `Bearer ${req.auth.token}` - axios.defaults.headers.common['user-roles'] = req.auth.data.roles.join() + // !!! + // The commented lines below have been moved to proxy.ts, where the information + // is added to the request JIT, instead of setting it as a global default + // to improve security. + + // axios.defaults.headers.common.Authorization = `Bearer ${req.auth.token}` + // axios.defaults.headers.common['user-roles'] = req.auth.data.roles.join() logger.info('Auth token: ' + `Bearer ${req.auth.token}`) diff --git a/api/lib/models/index.ts b/api/lib/models/index.ts index 6f49bcf318..358378c0d2 100644 --- a/api/lib/models/index.ts +++ b/api/lib/models/index.ts @@ -25,6 +25,7 @@ export interface EnhancedRequest extends express.Request { token: string userId: string expires: number + data?: any } body, headers diff --git a/api/lib/proxy.ts b/api/lib/proxy.ts index 7b36e69829..7af73bd9ca 100644 --- a/api/lib/proxy.ts +++ b/api/lib/proxy.ts @@ -1,3 +1,9 @@ +/** + * The setHeaders method now also adds the authorization headers when applicable + * for better security. + * When moving to a different proxy middleware, it is important to refactor this as well. + */ + import * as express from 'express' import * as striptags from 'striptags' import {getConfigValue} from '../configuration' @@ -14,14 +20,26 @@ import { EnhancedRequest } from './models' export function setHeaders(req: EnhancedRequest) { const headers: any = {} - headers['content-type'] = req.headers['content-type'] - if (req.headers.accept) { + if (req.headers && req.headers['content-type']) { + headers['content-type'] = req.headers['content-type'] + } + + if (req.headers && req.headers.accept) { headers.accept = req.headers.accept } - if (req.headers.experimental) { + + if (req.headers && req.headers.experimental) { headers.experimental = req.headers.experimental } + if (req.auth && req.auth.token) { + headers.Authorization = `Bearer ${req.auth.token}` + } + + if (req.auth && req.auth.data && req.auth.data.roles && req.auth.data.roles.length > 0) { + headers['user-roles'] = req.auth.data.roles.join() + } + return headers } diff --git a/api/postCodeLookup/index.ts b/api/postCodeLookup/index.ts index 7e2c0e56d4..f74d843ac6 100644 --- a/api/postCodeLookup/index.ts +++ b/api/postCodeLookup/index.ts @@ -1,9 +1,8 @@ import * as express from 'express' -import {getConfigValue} from '../configuration' -import { - SERVICES_CCD_COMPONENT_API_PATH, -} from '../configuration/references' +import { getConfigValue } from '../configuration' +import { SERVICES_CCD_COMPONENT_API_PATH } from '../configuration/references' import { http } from '../lib/http' +import { setHeaders } from '../lib/proxy' export async function doLookup(req: express.Request, res: express.Response) { @@ -12,7 +11,9 @@ export async function doLookup(req: express.Request, res: express.Response) { const url = `${getConfigValue(SERVICES_CCD_COMPONENT_API_PATH)}/addresses?postcode=${postcode}` - const response = await http.get(url) + const headers = setHeaders(req) + + const response = await http.get(url, { headers }) res.send(response.data) } catch (error) { diff --git a/api/print/index.ts b/api/print/index.ts index 3ce0848d31..02e2a43425 100644 --- a/api/print/index.ts +++ b/api/print/index.ts @@ -26,7 +26,7 @@ export async function getPrintout(req: EnhancedRequest, res: express.Response) { const printoutPath = url + req.originalUrl try { - const htmlResponse = await getCcdPrintout(printoutPath) + const htmlResponse = await getCcdPrintout(printoutPath, req) res.status(200).send(htmlResponse) } catch (error) { res.status(error.status).send({ diff --git a/api/print/printService.spec.ts b/api/print/printService.spec.ts index 0ec083fd25..ee7946f164 100644 --- a/api/print/printService.spec.ts +++ b/api/print/printService.spec.ts @@ -6,6 +6,7 @@ import * as sinon from 'sinon' import * as sinonChai from 'sinon-chai' import { mockReq, mockRes } from 'sinon-express-mock' import { http } from '../lib/http' +import { EnhancedRequest } from '../lib/models' import { getCcdPrintout } from './printService' chai.use(sinonChai) @@ -29,7 +30,7 @@ describe('printService - getCcdPrintout', () => { it('should make a get request', async () => { const printPath = '/print/12345' - const response = await getCcdPrintout(printPath) + const response = await getCcdPrintout(printPath, {} as EnhancedRequest) expect(response).to.equal('ok') }) diff --git a/api/print/printService.ts b/api/print/printService.ts index 82296cdc3a..7328371b1c 100644 --- a/api/print/printService.ts +++ b/api/print/printService.ts @@ -1,6 +1,7 @@ -import {http} from '../lib/http' +import { http } from '../lib/http' import * as log4jui from '../lib/log4jui' -import {JUILogger} from '../lib/models' +import { EnhancedRequest, JUILogger } from '../lib/models' +import { setHeaders } from '../lib/proxy' const logger: JUILogger = log4jui.getLogger('print-service') @@ -14,11 +15,12 @@ const logger: JUILogger = log4jui.getLogger('print-service') * @param printPath * @returns {Promise} */ -export async function getCcdPrintout(printPath) { +export async function getCcdPrintout(printPath, req: EnhancedRequest) { try { logger.info('getting print document', printPath) - const response = await http.get(printPath) + const headers = setHeaders(req) + const response = await http.get(printPath, { headers }) return response.data } catch (e) { logger.error(e.message) diff --git a/api/termsAndConditions/index.ts b/api/termsAndConditions/index.ts index df5bfd2f22..a8aebb47cb 100644 --- a/api/termsAndConditions/index.ts +++ b/api/termsAndConditions/index.ts @@ -1,10 +1,8 @@ import * as express from 'express' -import {getConfigValue} from '../configuration' -import { - SERVICES_IDAM_CLIENT_ID, - SERVICES_TERMS_AND_CONDITIONS_URL, -} from '../configuration/references' +import { getConfigValue } from '../configuration' +import { SERVICES_IDAM_CLIENT_ID, SERVICES_TERMS_AND_CONDITIONS_URL } from '../configuration/references' import { http } from '../lib/http' +import { setHeaders } from '../lib/proxy' import { getTermsAndConditionsUrl } from './termsAndConditionsUtil' export async function getTermsAndConditions(req: express.Request, res: express.Response) { @@ -12,7 +10,8 @@ export async function getTermsAndConditions(req: express.Request, res: express.R try { const url = getTermsAndConditionsUrl(getConfigValue(SERVICES_TERMS_AND_CONDITIONS_URL), getConfigValue(SERVICES_IDAM_CLIENT_ID)) - const response = await http.get(url) + const headers = setHeaders(req) + const response = await http.get(url, { headers }) res.send(response.data) } catch (error) { // we get a 404 if the user has not agreed to Terms and conditions diff --git a/api/userTermsAndConditions/index.ts b/api/userTermsAndConditions/index.ts index 5546ac0140..3dab2f8322 100644 --- a/api/userTermsAndConditions/index.ts +++ b/api/userTermsAndConditions/index.ts @@ -1,11 +1,9 @@ import * as express from 'express' -import {getConfigValue} from '../configuration' -import { - SERVICES_IDAM_CLIENT_ID, - SERVICES_TERMS_AND_CONDITIONS_URL, -} from '../configuration/references' +import { getConfigValue } from '../configuration' +import { SERVICES_IDAM_CLIENT_ID, SERVICES_TERMS_AND_CONDITIONS_URL } from '../configuration/references' import { GetUserAcceptTandCResponse, PostUserAcceptTandCResponse } from '../interface/userAcceptTandCResponse' import { http } from '../lib/http' +import { setHeaders } from '../lib/proxy' import { isUserTandCPostSuccessful } from '../lib/util' import { getUserTermsAndConditionsUrl, postUserTermsAndConditionsUrl } from './userTermsAndConditionsUtil' @@ -22,7 +20,8 @@ export async function getUserTermsAndConditions(req: express.Request, res: expre try { const url = getUserTermsAndConditionsUrl(getConfigValue(SERVICES_TERMS_AND_CONDITIONS_URL), req.params.userId, getConfigValue(SERVICES_IDAM_CLIENT_ID)) - const response = await http.get(url) + const headers = setHeaders(req) + const response = await http.get(url, { headers }) const userTandCResponse = response.data as GetUserAcceptTandCResponse res.send(userTandCResponse.accepted) } catch (error) { @@ -54,7 +53,8 @@ export async function postUserTermsAndConditions(req: express.Request, res: expr const data = {userId: req.body.userId} const url = postUserTermsAndConditionsUrl(getConfigValue(SERVICES_TERMS_AND_CONDITIONS_URL), getConfigValue(SERVICES_IDAM_CLIENT_ID)) - const response = await http.post(url, data) + const headers = setHeaders(req) + const response = await http.post(url, data, { headers }) const postResponse = response.data as PostUserAcceptTandCResponse res.send(isUserTandCPostSuccessful(postResponse, req.body.userId)) } catch (error) {