Stack trace cleanup, global rate limit

server.js

@@ -6,11 +6,12 @@ const compression = require("compression");
 const helmet = require("helmet");
 const app = express();
 const cookieParser = require("cookie-parser");
-app.use(cookieParser());
 require("dotenv").config();
 const cors = require("cors");
 app.use(compression());
 app.use(helmet());
+app.use(cookieParser());
+
 app.use(history());
 app.use(serveStatic(__dirname + "/dist/spa"));
 app.use(express.json());
@@ -25,6 +26,8 @@ const allowedOriginsProd = [
   "https://daelso.github.io",
 ];
 
+app.use(lib.getLimiter);
+
 if (process.env.ENV !== "prod") {
   app.use(
     cors({

server/api/favorites.js

@@ -33,9 +33,9 @@ router.route("/add").post(lib.authenticateToken, async (req, res) => {
       updatedAt: Date.now(),
     });
 
-    res.sendStatus(200);
+    return res.sendStatus(200);
   } catch (err) {
-    res.status(403).send(err);
+    return res.status(403).send("Forbidden");
   }
 });
 
@@ -46,9 +46,9 @@ router.route("/remove").post(lib.authenticateToken, async (req, res) => {
         id: req.body.favId,
       },
     });
-    res.sendStatus(200);
+    return res.sendStatus(200);
   } catch (err) {
-    res.status(403).send(err);
+    return res.status(403).send("Forbidden");
   }
 });
 
@@ -67,9 +67,10 @@ router.route("/my").get(lib.authenticateToken, async (req, res) => {
       `SELECT favs.id as favId, favs.game_id, favs.sheet_id, garou.* FROM ey140u9j4rs9xcib.favorites as favs INNER JOIN ey140u9j4rs9xcib.garou garou ON favs.sheet_id = garou.id WHERE favs.game_id = 3 AND favs.favorited_by = ${req.currentUser.id}`
     );
 
-    res.status(200).send([vampires, hunters, garou, req.currentUser]);
+    return res.status(200).send([vampires, hunters, garou, req.currentUser]);
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.sendStatus(500);
   }
 });
 
@@ -81,9 +82,9 @@ router.route("/favCount/:id").get(async (req, res) => {
       },
     });
 
-    res.status(200).send(count);
+    return res.status(200).send(count);
   } catch (err) {
-    res.status(404).send(err);
+    return res.status(404).send("Not found!");
   }
 });
 

server/api/game_finder.js

@@ -16,9 +16,9 @@ router.route("/styles").get(lib.getLimiter, async (req, res) => {
   try {
     const styles = await GameStyles.findAll();
 
-    res.status(200).json(styles);
+    return res.status(200).json(styles);
   } catch (err) {
-    res.status(403).send(err);
+    return res.status(403).send("forbidden");
   }
 });
 

server/api/garou.js

@@ -59,7 +59,7 @@ router.route("/new").post(lib.postLimiter, async (req, res) => {
 
     res.status(200).json(newGarou.id);
   } catch (err) {
-    res.status(403).send(err);
+    res.status(403).send("Forbidden");
   }
 });
 
@@ -103,16 +103,18 @@ router.route("/edit/:id").put(lib.postLimiter, async (req, res) => {
 
     res.status(200).send("Garou updated!");
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 
 router.route("/garou/:id").get(lib.getLimiter, async (req, res) => {
   try {
     const garou = await Garou.findByPk(req.params.id);
-    res.json(garou);
+    return res.json(garou);
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 
@@ -123,9 +125,10 @@ router.route("/myGarou/:id").get(async (req, res) => {
         created_by: req.params.id,
       },
     });
-    res.status(200).send(garou);
+    return res.status(200).send(garou);
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 
@@ -139,27 +142,30 @@ router.route("/tribes").get(lib.getLimiter, async (req, res) => {
         },
       ],
     });
-    res.json(tribes);
+    return res.json(tribes);
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 
 router.route("/auspices").get(lib.getLimiter, async (req, res) => {
   try {
     const auspices = await Auspices.findAll();
-    res.json(auspices);
+    return res.json(auspices);
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 
 router.route("/renown_types").get(lib.getLimiter, async (req, res) => {
   try {
     const renown_types = await RenownTypes.findAll();
-    res.json(renown_types);
+    return res.json(renown_types);
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 
@@ -180,9 +186,10 @@ router
           },
         },
       });
-      res.json(native_gifts);
+      return res.json(native_gifts);
     } catch (err) {
-      res.status(404).send(err);
+      console.log(err);
+      return res.status(404).send("Not found");
     }
   });
 
@@ -214,9 +221,10 @@ router
           },
         },
       });
-      res.json(gifts);
+      return res.json(gifts);
     } catch (err) {
-      res.status(404).send(err);
+      console.log(err);
+      return res.status(404).send("Not found");
     }
   });
 
@@ -244,18 +252,20 @@ router
         },
       });
 
-      res.status(200).json(gifts);
+      return res.status(200).json(gifts);
     } catch (err) {
-      res.status(404).send(err);
+      console.log(err);
+      return res.status(404).send("Not found");
     }
   });
 
 router.route("/rites").get(lib.getLimiter, async (req, res) => {
   try {
     const rites = await Rites.findAll();
-    res.json(rites);
+    return res.json(rites);
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 
@@ -265,9 +275,10 @@ router.route("/card").get(async (req, res) => {
       limit: 3,
       order: [["createdAt", "DESC"]],
     });
-    res.json(garou);
+    return res.json(garou);
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 
@@ -281,9 +292,10 @@ router.route("/delete/:id").delete(lib.postLimiter, async (req, res) => {
       return;
     }
     garou.destroy();
-    res.status(200).send("Deletion successful");
+    return res.status(200).send("Deletion successful");
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 

server/api/hunters.js

@@ -46,18 +46,20 @@ router.route("/new").post(async (req, res) => {
       updatedAt: Date.now(),
     });
 
-    res.status(200).json(newHunter.id);
+    return res.status(200).json(newHunter.id);
   } catch (err) {
-    res.status(403).send(err);
+    console.log(err);
+    return res.status(403).send("Forbidden");
   }
 });
 
 router.route("/hunter/:id").get(async (req, res) => {
   try {
     const hunter = await Hunters.findByPk(req.params.id);
-    res.send(hunter.dataValues);
+    return res.send(hunter.dataValues);
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 
@@ -68,9 +70,10 @@ router.route("/myHunter/:id").get(async (req, res) => {
         created_by: req.params.id,
       },
     });
-    res.status(200).send(hunter);
+    return res.status(200).send(hunter);
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 
@@ -80,9 +83,10 @@ router.route("/card").get(async (req, res) => {
       limit: 3,
       order: [["createdAt", "DESC"]],
     });
-    res.send(hunter);
+    return res.send(hunter);
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 
@@ -93,8 +97,7 @@ router.route("/hunter/edit/:id").put(lib.postLimiter, async (req, res) => {
     const hunter = await Hunters.findByPk(req.params.id);
 
     if (currentUser.id !== hunter.created_by) {
-      res.status(403).send("Access Denied");
-      return;
+      return res.status(403).send("Access Denied");
     }
 
     await hunter.update({
@@ -123,9 +126,10 @@ router.route("/hunter/edit/:id").put(lib.postLimiter, async (req, res) => {
       updatedAt: Date.now(),
     });
 
-    res.status(200).send("Hunter updated!");
+    return res.status(200).send("Hunter updated!");
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 
@@ -139,9 +143,10 @@ router.route("/delete/:id").delete(lib.limiter, async (req, res) => {
       return;
     }
     hunter.destroy();
-    res.status(200).send("Deletion successful");
+    return res.status(200).send("Deletion successful");
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 

server/api/search.js

@@ -26,9 +26,10 @@ router.route("/vampires").post(async (req, res) => {
     }
     const [results, metadata] = await sequelize.sequelize.query(baseQuery);
 
-    res.status(200).send(results);
+    return res.status(200).send(results);
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 
@@ -48,9 +49,10 @@ router.route("/hunters").post(async (req, res) => {
 
     const [results, metadata] = await sequelize.sequelize.query(baseQuery);
 
-    res.status(200).send(results);
+    return res.status(200).send(results);
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });
 
@@ -70,9 +72,10 @@ router.route("/garou").post(async (req, res) => {
 
     const [results, metadata] = await sequelize.sequelize.query(baseQuery);
 
-    res.status(200).send(results);
+    return res.status(200).send(results);
   } catch (err) {
-    res.status(404).send(err);
+    console.log(err);
+    return res.status(404).send("Not found");
   }
 });