Updating production, with changes to dependencies and error handling

.github/workflows/deploy.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set environment based on branch
         run: |
@@ -31,7 +31,7 @@ jobs:
           fi
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:22-alpine
+FROM node:25-alpine
 WORKDIR /app
 COPY package*.json ./
 RUN yarn install

auth/auth.js

@@ -3,96 +3,92 @@ const path = require('path')
 // get global database object
 var db = require('../database/pgp_db')
 var pgp = db.$config.pgp
-pgp.pg.types.setTypeParser(20, parseInt);
+pgp.pg.types.setTypeParser(20, parseInt)
 
-function doNothing(req, res, next){
-  next();
+function doNothing (req, res, next) {
+  next()
 }
 
-function authrequired(req, res, next){
-     console.log("request received at "+ new Date().toGMTString());
-     var typeHeaderText = req.get('Content-Type');
-     console.log("typeHeaderText "+typeHeaderText);
-
-    var methodPassed = req.query.method || req.body.method;
+function authrequired (req, res, next) {
+  console.log('request received at ' + new Date().toGMTString())
+  var typeHeaderText = req.get('Content-Type')
+  console.log('typeHeaderText ' + typeHeaderText)
 
-    if (!methodPassed ){
-      next();
-    } else {
+  var methodPassed = req.query.method || req.body.method
 
-      console.log("methodPassed ", methodPassed)
-      var theSchema = methodPassed.split(".")[0];
-      //see if method requires username, pw
-      console.log("schema for methodPassed "+theSchema);
-      var unrestrictedMethods = ["ts.getsteward", "ts.checksteward", "ts.validateusername", "ts.validatesteward"];
-      console.log("method is restricted " +(unrestrictedMethods.indexOf(methodPassed) == -1 && theSchema == "ts" ));
-      if (unrestrictedMethods.indexOf(methodPassed) == -1 && theSchema == "ts" ){
-        console.log("calling parseCredentials");
-        parseCredentials(req, function(err, req){
-          if(err){return next(err);}
-          validateusernamepassword(req, function(err){
-            if(err){return next(err);}
-            next();
-          })
-        });
-      } else {
-        console.log("calling next middleware function with no validation");
-        //no validation needed
-        next();
-      }
+  if (!methodPassed) {
+    next()
+  } else {
+    console.log('methodPassed ', methodPassed)
+    var theSchema = methodPassed.split('.')[0]
+    // see if method requires username, pw
+    console.log('schema for methodPassed ' + theSchema)
+    var unrestrictedMethods = ['ts.getsteward', 'ts.checksteward', 'ts.validateusername', 'ts.validatesteward']
+    console.log('method is restricted ' + (unrestrictedMethods.indexOf(methodPassed) == -1 && theSchema == 'ts'))
+    if (unrestrictedMethods.indexOf(methodPassed) == -1 && theSchema == 'ts') {
+      console.log('calling parseCredentials')
+      parseCredentials(req, function (err, req) {
+        if (err) { return next(err) }
+        validateusernamepassword(req, function (err) {
+          if (err) { return next(err) }
+          next()
+        })
+      })
+    } else {
+      console.log('calling next middleware function with no validation')
+      // no validation needed
+      next()
+    }
   }
 }
 
-function validateusernamepassword(req, callback){
-    var err;
-    //call validateusernamepassword
-        db.query('select * from ts.validatesteward($1, $2)',[req.user.username, req.user.pwd])
-            .then(function (data) {
-                 //return data;
-                 if ( data.length > 0){
-                     callback();
-                 } else {
-                     err = new Error("Error validating steward");
-                     err.tilia = true;
-                     callback(err);
-                 }
-
-            })
-            .catch(function (err) {
-              //present error details
-              err.tilia = true;
-              return err
-            })
-}
-
-function parseCredentials(req, callback) {
-    //read other headers
-      var err
-      //get header with username, pwd
-      console.log("parsing headers pwd and username");
-      //var headerText = req.get('OtherHeaders');
-      var pwdText = req.get('pwd');
-      var usernameText = req.get('username');
-
-      console.log("username and password "+usernameText+":"+pwdText);
-      if(!pwdText || !usernameText){
-        console.log("throwing missing pwd and/or username error");
-        err = new Error('Headers with username and password were not provided');
-        err.tilia = true;
-        callback(err);
+function validateusernamepassword (req, callback) {
+  var err
+  // call validateusernamepassword
+  db.query('select * from ts.validatesteward($1, $2)', [req.user.username, req.user.pwd])
+    .then(function (data) {
+      // return data;
+      if (data.length > 0) {
+        callback()
       } else {
-          var username = usernameText;
-          var pwd = pwdText;
-          var user = {};
-          user.username = username;
-          user.pwd = pwd;
-          req.user = user;
-          callback(null, req);        
+        err = new Error('Error validating steward')
+        err.tilia = true
+        callback(err)
       }
+    })
+    .catch(function (err) {
+      // present error details
+      err.tilia = true
+      return err
+    })
+}
 
-    }
+function parseCredentials (req, callback) {
+  // read other headers
+  var err
+  // get header with username, pwd
+  console.log('parsing headers pwd and username')
+  // var headerText = req.get('OtherHeaders');
+  var pwdText = req.get('pwd')
+  var usernameText = req.get('username')
 
+  console.log('username and password ' + usernameText + ':' + pwdText)
+  if (!pwdText || !usernameText) {
+    console.log('throwing missing pwd and/or username error')
+    err = new Error('Headers with username and password were not provided')
+    err.tilia = true
+    callback(err)
+  } else {
+    var username = usernameText
+    var pwd = pwdText
+    var user = {}
+    user.username = username
+    user.pwd = pwd
+    req.user = user
+    callback(null, req)
+  }
+}
 
 module.exports = {
-    authRequired: authrequired
-}
+  authRequired: authrequired
+}

database/pgp_db.js

@@ -1,8 +1,8 @@
-const promise = require('bluebird')
+const pgPromise = require('pg-promise')
 
 const options = {
   // Initialization Options
-  promiseLib: promise,
+  promiseLib: pgPromise.promise,
   capSQL: true,
   query (e) {
     var date = new Date()

handlers/data_handlers.js

@@ -1,13 +1,6 @@
 // get global database object
 const readLastLines = require('read-last-lines')
-
-function handleGetUpdate (req, res, next) {
-  // This just redirects to the all function output.
-  // var date = new Date()
-  // console.log(date.toISOString + ' calling handleGetUpdate')
-  var pgFunk = require('../pgfunctions/pgfunction.js')
-  pgFunk.allFunctions(req, res, next)
-}
+const pgFunk = require('../pgfunctions/pgfunction.js')
 
 function handleDelete (req, res, next) {
   var data = {
@@ -19,7 +12,6 @@ function handleDelete (req, res, next) {
       data: data,
       message: 'Called DELETE api/update'
     })
-
 }
 
 function returnLog (req, res, next) {
@@ -102,41 +94,29 @@ function handlePostMultiUpdate (req, res, next) {
   // 1. validate method name
   db.func('ti.getprocedureinputparams', [methodSubmitted])
     .then(function (data) {
-      // returns array of object
-      //  { 'name': '_units', 'type': 'character varying', 'isdefault': false, 'paramorder': 1 }
-      // console.log('handlePostMultiRequest data: ' + JSON.stringify(data))
 
       var arrOfPgParams = []
 
       // process key|value for parameter inputs
       if (data.length > 0) {
-        console.log(functionInputs)
         // process array with one collection for each method call
         functionInputs.forEach(function (d, i) {
-          // console.log('parameter collection ' + i + ' is: ' + JSON.stringify(d))
           var pgParamArray = []
           data.forEach(function (e, i) {
-            // console.log('Input ' + e.name + ' has value ' + d[e.name])
             pgParamArray.push(d[e.name])
           })
-          // add array of input values to batch collection
           arrOfPgParams.push(pgParamArray)
         })
       }
 
-      // console.log('Collection input parameters is: ' + JSON.stringify(arrOfPgParams))
       var numOfCalls = arrOfPgParams.length
 
-      // console.log('Number of function calls to make: ' + numOfCalls)
-
       requestFactory(methodSubmitted, arrOfPgParams, req, function (arrOfCalls) {
         var dbb = req.app.locals.db
         dbb.task(function (t) {
           return t.batch(arrOfCalls)
         })
           .then(function (theResult) {
-            // console.log('batch result ' + JSON.stringify(theResult))
-            // have array of arrays containing object key|newid
             var batchData = []
             theResult.forEach(function (r) {
               if (r[0]) {
@@ -171,12 +151,13 @@ function handlePostMultiUpdate (req, res, next) {
 module.exports = {
   allfunctions: function (req, res, next) {
     /* This is returning the block query that is used to list the available functions. */
-    var pgFunk = require('../pgfunctions/pgfunction.js')
     pgFunk.allFunctions(req, res, next)
   },
   // handlePostUpdate: handlePostUpdate,
+  handleGetUpdate: function (req, res, next) {
+    pgFunk.allFunctions(req, res, next)
+  },
   handlePostMultiUpdate: handlePostMultiUpdate,
-  handleGetUpdate: handleGetUpdate,
   handleDelete: handleDelete,
   handleLogs: returnLog
 }

package.json

@@ -13,34 +13,34 @@
   "dependencies": {
     "@terraformer/wkt": "^2.2.0",
     "bluebird": "^3.7.2",
-    "body-parser": "^1.20.2",
+    "body-parser": "^2.2.1",
     "child_process": "^1.0.2",
     "compression": "^1.7.4",
     "cookie-parser": "^1.4.5",
     "cors": "^2.8.5",
     "debug": "^4.3.1",
-    "dotenv": "^8.2.0",
+    "dotenv": "^17.2.3",
     "ejs": "^3.1.8",
-    "express": "~4.21.0",
-    "express-rate-limit": "^6.9.0",
-    "helmet": "^7.1.0",
+    "express": "~5.2.1",
+    "express-rate-limit": "^8.2.1",
+    "helmet": "^8.1.0",
     "json5": "^2.2.3",
     "morgan": "~1.10.0",
     "node-postgres": "^0.6.2",
-    "passport": "^0.6.0",
-    "pg-monitor": "^1.4.1",
-    "pg-promise": "^11.5.5",
+    "passport": "^0.7.0",
+    "pg-monitor": "^3.1.0",
+    "pg-promise": "^11.15.0",
     "read-last-lines": "^1.8.0",
-    "rotating-file-stream": "^2.1.3",
+    "rotating-file-stream": "^3.2.7",
     "serve-favicon": "~2.5.0"
   },
   "devDependencies": {
-    "eslint": "^5.16.0",
+    "eslint": "^9.39.2",
     "eslint-config-standard": "^12.0.0",
     "eslint-plugin-import": "^2.22.1",
-    "eslint-plugin-node": "^7.0.1",
+    "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-promise": "^4.2.1",
-    "eslint-plugin-standard": "^4.1.0",
+    "eslint-plugin-standard": "^5.0.0",
     "pre-commit": "^1.2.2"
   },
   "description": "A repository for the implementation of the Tilia/uploader API.  This API is intended to replace the current [Tilia API](https://tilia.neotomadb.org) which uses the SQL Server database and a .NET front end.",

pgfunctions/pgfunction.js

@@ -25,6 +25,7 @@ function allFunctions (req, res, next) {
     // Get the input parameters:
     var outobj = resultset
   }
+
   var noParam = Object.keys(outobj).length === 0
 
   var pgp = db.$config.pgp
@@ -36,12 +37,13 @@ function allFunctions (req, res, next) {
   pgp.pg.types.setTypeParser(1700, function (val) {
     return parseInt(val)
   })
+  const schemFunc = sql('../pgfunctions/get_schema.sql', pgp)
+  const queryFunc = sql('../pgfunctions/fun_query.sql', pgp)
 
   // The call to the documentation JSON object occurs if the user either
   // enters no parameters, or the term 'method' fails to appear in the
   // user query string.
   if (noParam | !outobj.method) {
-    let queryFunc = sql('../pgfunctions/fun_query.sql', pgp)
     // We're passing in the raw "/api/" endoint, which requests the set of all functions.
     db.any(queryFunc)
       .then(data => {
@@ -72,7 +74,6 @@ function allFunctions (req, res, next) {
     // Here we wind up with the different schema.
     // First validate that the method is in the accepted set for GET calls:
     if (funcSchema !== 'ts' || ['validateusername', 'validatesteward', 'checksteward'].includes(funcName)) {
-      let queryFunc = sql('../pgfunctions/fun_query.sql', pgp)
       var schema = db.any(queryFunc)
         .then(function (data) {
           // Check that outobj.method is in the set of data[name]:
@@ -82,7 +83,6 @@ function allFunctions (req, res, next) {
         .then(function (data) {
           if (data.includes(outobj.method)) {
             // If the function called by the user is in the set of existing Postgres functions:
-            let schemFunc = sql('../pgfunctions/get_schema.sql', pgp)
             db.any(schemFunc, [funcName])
               .then(function (data) {
                 let dbFunction = funcSchema + '.' + funcName
@@ -92,7 +92,6 @@ function allFunctions (req, res, next) {
                   QueryParams = {}
                 } else {
                   for (let a in QueryArgs) {
-                    console.log(typeof outobj[QueryArgs[a]])
                     if (typeof outobj[QueryArgs[a]] === 'string' || outobj[QueryArgs[a]] instanceof String) {
                       var replaced = outobj[QueryArgs[a]]
                       replaced = replaced.replace(/^"(.*)"$/g, '$1')