diff --git a/app/routes/allocations.js b/app/routes/allocations.js index b45f1ab..4c2276e 100644 --- a/app/routes/allocations.js +++ b/app/routes/allocations.js @@ -1,6 +1,9 @@ const AllocationsDAO = require("../data/allocations-dao").AllocationsDAO; +const { + environmentalScripts +} = require("../../config/config"); -function AllocationsHandler (db) { +function AllocationsHandler(db) { "use strict"; const allocationsDAO = new AllocationsDAO(db); @@ -10,12 +13,20 @@ function AllocationsHandler (db) { // Fix for A4 Insecure DOR - take user id from session instead of from URL param const { userId } = req.session; */ - const {userId} = req.params; - const { threshold } = req.query + const { + userId + } = req.params; + const { + threshold + } = req.query allocationsDAO.getByUserIdAndThreshold(userId, threshold, (err, allocations) => { if (err) return next(err); - return res.render("allocations", { userId, allocations }); + return res.render("allocations", { + userId, + allocations, + environmentalScripts + }); }); }; } diff --git a/app/routes/benefits.js b/app/routes/benefits.js index 1e81895..edde31b 100644 --- a/app/routes/benefits.js +++ b/app/routes/benefits.js @@ -1,6 +1,11 @@ -const { BenefitsDAO } = require("../data/benefits-dao"); - -function BenefitsHandler (db) { +const { + BenefitsDAO +} = require("../data/benefits-dao"); +const { + environmentalScripts +} = require("../../config/config"); + +function BenefitsHandler(db) { "use strict"; const benefitsDAO = new BenefitsDAO(db); @@ -15,13 +20,17 @@ function BenefitsHandler (db) { users, user: { isAdmin: true - } + }, + environmentalScripts }); }); }; this.updateBenefits = (req, res, next) => { - const { userId, benefitStartDate } = req.body; + const { + userId, + benefitStartDate + } = req.body; benefitsDAO.updateBenefits(userId, benefitStartDate, (error) => { @@ -35,7 +44,8 @@ function BenefitsHandler (db) { user: { isAdmin: true }, - updateSuccess: true + updateSuccess: true, + environmentalScripts }; return res.render("benefits", data); diff --git a/app/routes/contributions.js b/app/routes/contributions.js index 14327c9..4808f06 100644 --- a/app/routes/contributions.js +++ b/app/routes/contributions.js @@ -1,19 +1,27 @@ const ContributionsDAO = require("../data/contributions-dao").ContributionsDAO; +const { + environmentalScripts +} = require("../../config/config"); /* The ContributionsHandler must be constructed with a connected db */ -function ContributionsHandler (db) { +function ContributionsHandler(db) { "use strict"; const contributionsDAO = new ContributionsDAO(db); this.displayContributions = (req, res, next) => { - const { userId } = req.session; + const { + userId + } = req.session; contributionsDAO.getByUserId(userId, (error, contrib) => { if (error) return next(error); contrib.userId = userId; //set for nav menu items - return res.render("contributions", contrib); + return res.render("contributions", { + ...contrib, + environmentalScripts + }); }); }; @@ -31,7 +39,9 @@ function ContributionsHandler (db) { const afterTax = parseInt(req.body.afterTax); const roth = parseInt(req.body.roth); */ - const { userId } = req.session; + const { + userId + } = req.session; //validate contributions const validations = [isNaN(preTax), isNaN(afterTax), isNaN(roth), preTax < 0, afterTax < 0, roth < 0] @@ -39,14 +49,16 @@ function ContributionsHandler (db) { if (isInvalid) { return res.render("contributions", { updateError: "Invalid contribution percentages", - userId + userId, + environmentalScripts }); } // Prevent more than 30% contributions if (preTax + afterTax + roth > 30) { return res.render("contributions", { updateError: "Contribution percentages cannot exceed 30 %", - userId + userId, + environmentalScripts }); } @@ -55,7 +67,10 @@ function ContributionsHandler (db) { if (err) return next(err); contributions.updateSuccess = true; - return res.render("contributions", contributions); + return res.render("contributions", { + ...contributions, + environmentalScripts + }); }); }; diff --git a/app/routes/index.js b/app/routes/index.js index 62ca639..48c888d 100644 --- a/app/routes/index.js +++ b/app/routes/index.js @@ -5,7 +5,9 @@ const ContributionsHandler = require("./contributions"); const AllocationsHandler = require("./allocations"); const MemosHandler = require("./memos"); const ResearchHandler = require("./research"); - +const { + environmentalScripts +} = require("../../config/config"); const ErrorHandler = require("./error").errorHandler; const index = (app, db) => { @@ -74,12 +76,18 @@ const index = (app, db) => { // Handle redirect for learning resources link app.get("/tutorial", (req, res) => { - return res.render("tutorial/a1"); + return res.render("tutorial/a1", { + environmentalScripts + }); }); - + app.get("/tutorial/:page", (req, res) => { - const { page } = req.params - return res.render(`tutorial/${page}`); + const { + page + } = req.params + return res.render(`tutorial/${page}`, { + environmentalScripts + }); }); // Research Page diff --git a/app/routes/memos.js b/app/routes/memos.js index c70af0b..0bdc344 100644 --- a/app/routes/memos.js +++ b/app/routes/memos.js @@ -1,6 +1,9 @@ const MemosDAO = require("../data/memos-dao").MemosDAO; +const { + environmentalScripts +} = require("../../config/config"); -function MemosHandler (db) { +function MemosHandler(db) { "use strict"; const memosDAO = new MemosDAO(db); @@ -15,13 +18,16 @@ function MemosHandler (db) { this.displayMemos = (req, res, next) => { - const { userId } = req.session; + const { + userId + } = req.session; memosDAO.getAllMemos((err, docs) => { if (err) return next(err); return res.render("memos", { memosList: docs, - userId: userId + userId: userId, + environmentalScripts }); }); }; diff --git a/app/routes/profile.js b/app/routes/profile.js index ea73b1d..9d2f924 100644 --- a/app/routes/profile.js +++ b/app/routes/profile.js @@ -1,14 +1,19 @@ const ProfileDAO = require("../data/profile-dao").ProfileDAO; const ESAPI = require('node-esapi') +const { + environmentalScripts +} = require("../../config/config"); /* The ProfileHandler must be constructed with a connected db */ -function ProfileHandler (db) { +function ProfileHandler(db) { "use strict"; const profile = new ProfileDAO(db); this.displayProfile = (req, res, next) => { - const { userId } = req.session; + const { + userId + } = req.session; @@ -25,13 +30,24 @@ function ProfileHandler (db) { // the context of a URL in a link header // doc.website = ESAPI.encoder().encodeForURL(doc.website) - return res.render("profile", doc); + return res.render("profile", { + ...doc, + environmentalScripts + }); }); }; this.handleProfileUpdate = (req, res, next) => { - const {firstName, lastName, ssn, dob, address, bankAcc, bankRouting} = req.body; + const { + firstName, + lastName, + ssn, + dob, + address, + bankAcc, + bankRouting + } = req.body; // Fix for Section: ReDoS attack // The following regexPattern that is used to validate the bankRouting number is insecure and vulnerable to @@ -54,11 +70,14 @@ function ProfileHandler (db) { dob, address, bankAcc, - bankRouting + bankRouting, + environmentalScripts }); } - const { userId } = req.session; + const { + userId + } = req.session; profile.updateUser( parseInt(userId), @@ -78,7 +97,10 @@ function ProfileHandler (db) { user.updateSuccess = true; user.userId = userId; - return res.render("profile", user); + return res.render("profile", { + ...user, + environmentalScripts + }); } ); diff --git a/app/routes/research.js b/app/routes/research.js index 6923256..0645487 100644 --- a/app/routes/research.js +++ b/app/routes/research.js @@ -1,26 +1,33 @@ const ResearchDAO = require("../data/research-dao").ResearchDAO; const needle = require('needle'); +const { + environmentalScripts +} = require("../../config/config"); -function ResearchHandler (db) { +function ResearchHandler(db) { "use strict"; const researchDAO = new ResearchDAO(db); this.displayResearch = (req, res) => { - + if (req.query.symbol) { - const url = req.query.url+req.query.symbol; + const url = req.query.url + req.query.symbol; return needle.get(url, (error, newResponse) => { if (!error && newResponse.statusCode == 200) - res.writeHead(200, {'Content-Type': 'text/html'}); - res.write('