Fix for some JWT checks done as well as adding a new field to the SFDC payments report needed for handling cancelled payments #34
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| cl."name" AS customer, | ||
| cl."codeName" AS client_codename, | ||
| COALESCE( | ||
| NULLIF(TRIM(proj.details::jsonb #>> '{taasDefinition,oppurtunityDetails,customerName}'), ''), |
There was a problem hiding this comment.
[❗❗ correctness]
The JSON path '{taasDefinition,oppurtunityDetails,customerName}' contains a typo in oppurtunityDetails. It should likely be opportunityDetails. This could lead to incorrect data retrieval if the JSON structure is not as expected.
| ba.id::text AS billing_account_id, | ||
| ba."name" AS billing_account_name, | ||
| COALESCE( | ||
| NULLIF(TRIM(proj.details::jsonb #>> '{taasDefinition,oppurtunityDetails,customerName}'), ''), |
There was a problem hiding this comment.
[❗❗ correctness]
The JSON path '{taasDefinition,oppurtunityDetails,customerName}' contains a typo in oppurtunityDetails. It should likely be opportunityDetails. This could lead to incorrect data retrieval if the JSON structure is not as expected.
| NULLIF(TRIM(proj.details::jsonb #>> '{taasDefinition,oppurtunityDetails,customerName}'), ''), | ||
| NULLIF(TRIM(proj.details::jsonb #>> '{project_data,group_customer_name}'), ''), | ||
| ba."name" | ||
| ) AS customer_name, |
There was a problem hiding this comment.
[maintainability]
The field customer_name is being selected twice in the query. This could lead to confusion or errors in the result set. Consider removing the duplicate selection.
|
|
||
| const logger = new Logger("AuthMiddleware"); | ||
|
|
||
| function decodeTokenPayload(token: string): Record<string, unknown> | null { |
There was a problem hiding this comment.
[❗❗ security]
The decodeTokenPayload function manually decodes the JWT payload without verifying the token's signature. This could lead to security issues if the payload is trusted without verification. Consider using a library like jsonwebtoken to decode and verify the token securely.
| if (err) { | ||
| const token = req.headers.authorization?.replace(/^Bearer\s+/i, ""); | ||
| const payload = token ? decodeTokenPayload(token) : null; | ||
| logger.warn({ |
There was a problem hiding this comment.
[❗❗ security]
Logging the decoded JWT payload, even partially, can expose sensitive information. Ensure that sensitive data is not logged or consider redacting sensitive fields before logging.
No description provided.