From 12e011019fe39c5fde0272cb3ac571ddadfdb860 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nuno=20Gon=C3=A7alves?= Date: Thu, 25 Jan 2024 12:21:40 +0000 Subject: [PATCH] Prevent error stack exposure in responses with status code 500 --- backend/src/index.js | 5 +++-- backend/src/middleware/error.js | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/backend/src/index.js b/backend/src/index.js index 52b721d..0d5ae04 100644 --- a/backend/src/index.js +++ b/backend/src/index.js @@ -8,7 +8,7 @@ const morgan = require("morgan"); require("./auth/fenixOAuth2"); require("./auth/demoLocal"); const isLoggedIn = require("./middleware/isLoggedIn"); -const { logger } = require("./modules/logging"); +const { logger, logInfo } = require("./modules/logging"); const app = express(); @@ -49,13 +49,14 @@ app.use("/transactions", isLoggedIn, require("./routes/transactionRoutes")); app.use("/users", isLoggedIn, require("./routes/userRoutes")); app.use("/auth", require("./routes/authRoutes")); app.use("/logs", isLoggedIn, require("./routes/logRoutes")); +app.use(require("./middleware/error").errorHandler); app.get("/health", (req, res) => { res.status(200).send("OK"); }); app.listen(process.env.PORT, () => { - console.log(`Server listening on port ${process.env.PORT}`); + logInfo("index", `Server listening on port ${process.env.PORT}`); }); require("./cron/weeklyBackup"); diff --git a/backend/src/middleware/error.js b/backend/src/middleware/error.js index 4b603ab..fe06bd4 100644 --- a/backend/src/middleware/error.js +++ b/backend/src/middleware/error.js @@ -4,7 +4,7 @@ const errorHandler = (err, req, res, next) => { if (!err) return next(); res.sendStatus(500); - logError("middleware/error", `${err}`); + logError("middleware/error", `${err.stack}`); }; const asyncHandler = (fn) => (req, res, next) =>