Upgrading STF for security reasons (#813)

* Upgrading STF for security reasons Signed-off-by: Denis barbaron <denis.barbaron@orange.com> * update semaphore files Signed-off-by: Denis barbaron <denis.barbaron@orange.com> * upgrading STF for security reasons v2 Signed-off-by: Denis barbaron <denis.barbaron@orange.com> * update yarn.lock file Signed-off-by: Denis barbaron <denis.barbaron@orange.com> --------- Signed-off-by: Denis barbaron <denis.barbaron@orange.com>
2026-04-18 09:53:21 +02:00 · 2024-11-22 11:41:20 +01:00
parent e204b03661
commit 2f54e40206
48 changed files with 2443 additions and 1167 deletions
--- a/lib/units/api/controllers/user.js
+++ b/lib/units/api/controllers/user.js
@@ -1,5 +1,5 @@
 /**
-* Copyright © 2019,2023 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+* Copyright © 2019-2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
 **/

 var util = require('util')
@@ -7,7 +7,7 @@ var util = require('util')
 var _ = require('lodash')
 var Promise = require('bluebird')
 var uuid = require('uuid')
-var adbkit = require('@devicefarmer/adbkit')
+var adb = require('../../../util/adbutil')()
 var dbapi = require('../../../db/api')
 var logger = require('../../../util/logger')
 var datautil = require('../../../util/datautil')
@@ -434,7 +434,7 @@ function getUserAccessTokens(req, res) {

 function addAdbPublicKey(req, res) {
  var data = req.swagger.params.adb.value
-  adbkit.util.parsePublicKey(data.publickey)
+  adb.util.parsePublicKey(data.publickey)
    .then(function(key) {
      return dbapi.lookupUsersByAdbKey(key.fingerprint)
        .then(function(cursor) {
--- a/lib/units/api/index.js
+++ b/lib/units/api/index.js
@@ -1,5 +1,5 @@
 /**
-* Copyright © 2019,2022 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+* Copyright © 2019-2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
 **/

 var http = require('http')
@@ -136,6 +136,8 @@ module.exports = function(options) {
  , keys: [options.secret]
  }))

+  app.disable('x-powered-by')
+
  lifecycle.observe(function() {
    [push, sub, pushdev, subdev].forEach(function(sock) {
      try {