security

.github/workflows/continuous_integration.yml

@@ -38,21 +38,11 @@ jobs:
           node-version: ${{ steps.nvm.outputs.NODE_VERSION }}
       - name: Install dependencies
         run: npm ci
-      # - name: Execute test
-      #   run: npm test
-      #   env:
-      #     APP_NAME: auth-plus-authentication
       - name: SonarCloud Scan
-        uses: sonarsource/sonarcloud-github-action@master
+        uses: SonarSource/sonarqube-scan-action@v6
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      - name: Code Climate Scan
-        uses: paambaati/codeclimate-action@v9.0.0
-        env:
-          CC_TEST_REPORTER_ID: ${{ secrets.CODECLIMATE_TOKEN }}
-        with:
-          coverageLocations: ${{github.workspace}}/coverage/lcov.info:lcov
       - name: Codacy Scan
         uses: codacy/codacy-coverage-reporter-action@v1.3.0
         with:

Dockerfile

@@ -1,15 +1,15 @@
-FROM node:22.12.0-slim AS dependency
+FROM node:24.10.0-slim AS dependency
 WORKDIR /app
 COPY . .
 RUN npm ci
 
-FROM node:22.12.0-slim AS builder
+FROM node:24.10.0-slim AS builder
 WORKDIR /app
 COPY . .
 COPY --from=dependency /app/node_modules ./node_modules
 RUN npm run build
 
-FROM node:22.12.0-slim AS deploy
+FROM node:24.10.0-slim AS deploy
 WORKDIR /app
 COPY --from=dependency /app/node_modules ./node_modules
 COPY --from=builder /app/build ./build

README.md

@@ -2,9 +2,7 @@
 
 [![Coverage](https://sonarcloud.io/api/project_badges/measure?project=auth-plus_auth-plus-authentication&metric=coverage)](https://sonarcloud.io/summary/new_code?id=auth-plus_auth-plus-authentication)
 
-[![Test Coverage](https://api.codeclimate.com/v1/badges/01f194165a4526cd5001/test_coverage)](https://codeclimate.com/github/auth-plus/auth-plus-authentication/test_coverage)
-
-[![Codacy Badge](https://app.codacy.com/project/badge/Coverage/b8c826b4250b4000945bd3e305e3e443)](https://www.codacy.com/gh/auth-plus/auth-plus-authentication/dashboard?utm_source=github.com&utm_medium=referral&utm_content=auth-plus/auth-plus-authentication&utm_campaign=Badge_Coverage)
+[![Codacy Badge](https://app.codacy.com/project/badge/Coverage/b8c826b4250b4000945bd3e305e3e443)](https://app.codacy.com/gh/auth-plus/auth-plus-authentication/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_coverage)
 
 This project it's a sample for authentication system. It use a hexagonal architeture with layer for dependency manager.
 

src/presentation/http/routes/login.route.ts

@@ -32,6 +32,7 @@ loginRoute.post('/', (async (
     const { email, password }: LoginInput = await schema.validateAsync(req.body)
     const core = await getCore()
     const resp = await core.login.login(email, password)
+    res.writeHead(200, { 'Content-Type': 'application/json' })
     res.status(200).send(resp)
   } catch (error) {
     next(error)
@@ -47,6 +48,7 @@ loginRoute.get('/refresh/:token', jwtMiddleware, (async (
     const { token } = req.params
     const core = await getCore()
     const resp = await core.token.refresh(token)
+    res.writeHead(200, { 'Content-Type': 'application/json' })
     res.status(200).send(resp)
   } catch (error) {
     next(error)

src/presentation/http/routes/mfa.route.ts

@@ -91,6 +91,7 @@ mfaRoute.post('/code', (async (
     )
     const core = await getCore()
     const credential = await core.mFACode.find(hash, code)
+    res.writeHead(200, { 'Content-Type': 'application/json' })
     res.status(200).send(credential)
   } catch (error) {
     next(error)

src/presentation/http/routes/reset_password.route.ts

@@ -28,8 +28,8 @@ resetPasswordRoute.post('/forget', (async (
   try {
     const { email }: ForgetPasswordInput = await schema.validateAsync(req.body)
     const core = await getCore()
-    const resp = await core.reset.forget(email)
-    res.status(200).send(resp)
+    await core.reset.forget(email)
+    res.status(200).send()
   } catch (error) {
     next(error)
   }
@@ -54,8 +54,8 @@ resetPasswordRoute.post('/recover', (async (
     const { password, hash }: RecoverPasswordInput =
       await schema2.validateAsync(req.body)
     const core = await getCore()
-    const resp = await core.reset.recover(password, hash)
-    res.status(200).send(resp)
+    await core.reset.recover(password, hash)
+    res.status(200).send()
   } catch (error) {
     next(error)
   }

test/loading/k6.js

@@ -1,3 +1,4 @@
+import { hash, randomUUID } from 'crypto'
 import { check, sleep } from 'k6'
 import http from 'k6/http'
 
@@ -15,32 +16,32 @@ export const options = {
 }
 
 const BASE_URL = 'http://172.17.0.1:5000'
-
+const password = hash('sha512', randomUUID())
 const USERS = [
   {
     name: 'administratorA',
     email: 'adminA@authplus.com',
-    password: '7061651770d7b3ad8fa96e7a8bc6144724',
+    password,
   },
   {
     name: 'administratorB',
     email: 'adminB@authplus.com',
-    password: '7061651770d7b3ad8fa96e7a8bc6144724',
+    password,
   },
   {
     name: 'administratorC',
     email: 'adminC@authplus.com',
-    password: '7061651770d7b3ad8fa96e7a8bc6144724',
+    password,
   },
   {
     name: 'administratorD',
     email: 'adminD@authplus.com',
-    password: '7061651770d7b3ad8fa96e7a8bc6144724',
+    password,
   },
   {
     name: 'administratorE',
     email: 'adminE@authplus.com',
-    password: '7061651770d7b3ad8fa96e7a8bc6144724',
+    password,
   },
 ]
 
@@ -49,7 +50,7 @@ export async function setup() {
     `${BASE_URL}/login`,
     JSON.stringify({
       email: 'admin@authplus.com',
-      password: '7061651770d7b3ad8fa96e7a8bc61447',
+      password,
     }),
     {
       headers: {