From 129820d081e67afb13d8d8480d0dae251b7db43d Mon Sep 17 00:00:00 2001
From: virgilchiriac <17074330+virgilchiriac@users.noreply.github.com>
Date: Mon, 26 Aug 2024 14:24:31 +0200
Subject: [PATCH] BC-7804 - prevent logging of headers (#3508)

---
 app.js                  | 22 ++++++++---
 controllers/files.js    | 87 ++++++++++++++++++++++-------------------
 controllers/homework.js |  2 +
 helpers/logger.js       |  2 +-
 4 files changed, 66 insertions(+), 47 deletions(-)

diff --git a/app.js b/app.js
index c1be5b614a..bb60c1e2ab 100644
--- a/app.js
+++ b/app.js
@@ -238,19 +238,25 @@ const isTimeoutError = (err) => err && err.message && (
 	|| err.message.includes('ETIMEDOUT')
 );
 
-app.use((err, req, res, next) => {
+const errorHandler = (err) => {
 	const error = err.error || err;
 	const status = error.status || error.statusCode || 500;
 	error.statusCode = status;
 
-	if (!error.options) {
-		error.options = {};
+	// prevent logging jwts and x-api-keys
+	if (error.options && error.options.headers) {
+		delete error.options.headers;
 	}
+
+	return { error, status };
+};
+
+app.use((err, req, res, next) => {
+	const { error, status } = errorHandler(err);
+
 	if (!res.locals) {
 		res.locals = {};
 	}
-	// prevent logging jwts and x-api-keys
-	delete error.options.headers;
 
 	if (Configuration.get('FEATURE_LOG_REQUEST') === true) {
 		const reqInfo = {
@@ -303,4 +309,10 @@ app.use((err, req, res, next) => {
 	});
 });
 
+process.on('unhandledRejection', (err) => {
+	const { error } = errorHandler(err);
+	error.message = `unhandledRejection: ${error.message}`;
+	logger.error(error);
+});
+
 module.exports = app;
diff --git a/controllers/files.js b/controllers/files.js
index b7f758fc17..b87fab3285 100644
--- a/controllers/files.js
+++ b/controllers/files.js
@@ -672,52 +672,57 @@ router.get('/courses/', (req, res, next) => {
 
 router.get('/courses/:courseId/:folderId?', FileGetter, async (req, res, next) => {
 	const basePath = '/files/courses/';
-	const record = await api(req).get(`/courses/${req.params.courseId}`);
-	res.locals.files.files = res.locals.files.files.map(addThumbnails);
-	let canCreateFile = true;
+	try {
+		const record = await api(req).get(`/courses/${req.params.courseId}`);
 
-	let breadcrumbs = [{
-		title: res.$t('files.label.filesFromMyCourse'),
-		url: basePath,
-		dataTestId: 'navigate-to-my-courses-files',
-	}, {
-		title: record.name,
-		url: basePath + record._id,
-		dataTestId: 'navigate-to-my-files-in-course',
-	}];
+		res.locals.files.files = res.locals.files.files.map(addThumbnails);
+		let canCreateFile = true;
 
-	if (req.params.folderId) {
-		const folderBreadcrumbs = (await getBreadcrumbs(req, req.params.folderId)).map((crumb) => {
-			crumb.url = `${basePath}${record._id}/${crumb.id}`;
-			return crumb;
-		});
-		breadcrumbs = [...breadcrumbs, ...folderBreadcrumbs];
-	}
+		let breadcrumbs = [{
+			title: res.$t('files.label.filesFromMyCourse'),
+			url: basePath,
+			dataTestId: 'navigate-to-my-courses-files',
+		}, {
+			title: record.name,
+			url: basePath + record._id,
+			dataTestId: 'navigate-to-my-files-in-course',
+		}];
 
-	if (['Schüler'].includes(res.locals.currentRole)) {
-		canCreateFile = false;
-	}
+		if (req.params.folderId) {
+			const folderBreadcrumbs = (await getBreadcrumbs(req, req.params.folderId)).map((crumb) => {
+				crumb.url = `${basePath}${record._id}/${crumb.id}`;
+				return crumb;
+			});
+			breadcrumbs = [...breadcrumbs, ...folderBreadcrumbs];
+		}
 
-	res.locals.files.files = getFilesWithSaveName(res.locals.files.files);
+		if (['Schüler'].includes(res.locals.currentRole)) {
+			canCreateFile = false;
+		}
 
-	res.render('files/files', {
-		title: res.$t('files.headline.courseFiles'),
-		canUploadFile: true,
-		canCreateDir: true,
-		canCreateFile,
-		path: res.locals.files.path,
-		inline: req.query.inline || req.query.CKEditor,
-		CKEditor: req.query.CKEditor,
-		breadcrumbs,
-		showSearch: false,
-		courseId: req.params.courseId,
-		ownerId: req.params.courseId,
-		toCourseText: res.$t('global.button.toCourse'),
-		courseUrl: `/rooms/${req.params.courseId}`,
-		canEditPermissions: true,
-		parentId: req.params.folderId,
-		...res.locals.files,
-	});
+		res.locals.files.files = getFilesWithSaveName(res.locals.files.files);
+
+		res.render('files/files', {
+			title: res.$t('files.headline.courseFiles'),
+			canUploadFile: true,
+			canCreateDir: true,
+			canCreateFile,
+			path: res.locals.files.path,
+			inline: req.query.inline || req.query.CKEditor,
+			CKEditor: req.query.CKEditor,
+			breadcrumbs,
+			showSearch: false,
+			courseId: req.params.courseId,
+			ownerId: req.params.courseId,
+			toCourseText: res.$t('global.button.toCourse'),
+			courseUrl: `/rooms/${req.params.courseId}`,
+			canEditPermissions: true,
+			parentId: req.params.folderId,
+			...res.locals.files,
+		});
+	} catch (error) {
+		next(error);
+	}
 });
 
 router.get('/teams/', (req, res, next) => {
diff --git a/controllers/homework.js b/controllers/homework.js
index bb07fd522c..d31ff675fd 100644
--- a/controllers/homework.js
+++ b/controllers/homework.js
@@ -186,6 +186,8 @@ const getCreateHandler = (service) => (req, res, next) => {
 						req,
 						`${base}/${referrer}`,
 					);
+				}).catch((err) => {
+					next(err);
 				});
 		}
 
diff --git a/helpers/logger.js b/helpers/logger.js
index 11b56eb6f1..665ff10ae2 100644
--- a/helpers/logger.js
+++ b/helpers/logger.js
@@ -34,7 +34,7 @@ const logger = createLogger({
 			level: logLevel,
 			format: formatter,
 			handleExceptions: true,
-			handleRejections: true,
+			handleRejections: false,
 		}),
 	],
 });