Skip to content

Improve nutrition service error handling for unsupported pets #185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Improve nutrition service error handling for unsupported pets #185

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion pet-nutrition-service/server.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,20 @@
app.use(express.json());

// GET: Find a NutritionFact by pet_type
app.get('/nutrition/:pet_type', async (req, res) => {
try {
const { pet_type } = req.params;
const fact = await NutritionFact.findOne({ pet_type });
if (!fact) {
return res.status(404).json({ message: 'nutrition fact not found for the given pet_type' });
// Get list of supported pet types for better error response
const supportedPets = await NutritionFact.distinct('pet_type');
return res.status(404).json({
error: 'Pet type not supported',
message: `Nutrition information not available for '${pet_type}'`,
pet_type: pet_type,
supported_pets: supportedPets,
suggestion: `Try one of these supported pets: ${supportedPets.join(', ')}`

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a database access
Loading
, but is not rate-limited.

Copilot Autofix

AI 17 days ago

The best way to fix this issue is to add a rate limiting middleware to the Express app, so that routes which access the database are protected against excessive requests. The most well-known package for this in the Express ecosystem is express-rate-limit. To address the vulnerability, we should:

  • Add express-rate-limit as a dependency (if not already present).
  • Import express-rate-limit in pet-nutrition-service/server.js.
  • Set up a reasonable limit—for example, 100 requests per 15 minutes per IP, as recommended—via a limiter instance.
  • Mount the middleware globally using app.use(limiter) after other middleware setup lines and before the route handlers.

All changes are within the file pet-nutrition-service/server.js, according to the shown code and requirements. We will only add the import and the rate limiting middleware as described, ensuring existing functionality is unchanged.

Suggested changeset 2
pet-nutrition-service/server.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/pet-nutrition-service/server.js b/pet-nutrition-service/server.js
--- a/pet-nutrition-service/server.js
+++ b/pet-nutrition-service/server.js
@@ -3,7 +3,8 @@
 const express = require('express');
 const mongoose = require('mongoose');
 const logger = require('pino-http');
-const NutritionFact = require('./nutrition-fact')
+const NutritionFact = require('./nutrition-fact');
+const rateLimit = require('express-rate-limit');
 
 main().catch(err => console.log(err));
 
@@ -14,6 +15,13 @@
   app.use(logger());
   app.use(express.json());
 
+  // Rate limiter middleware: max 100 requests per 15 minutes per IP
+  const limiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // limit each IP to 100 requests per windowMs
+  });
+  app.use(limiter);
+
   // GET: Find a NutritionFact by pet_type
   app.get('/nutrition/:pet_type', async (req, res) => {
     try {
EOF
@@ -3,7 +3,8 @@
const express = require('express');
const mongoose = require('mongoose');
const logger = require('pino-http');
const NutritionFact = require('./nutrition-fact')
const NutritionFact = require('./nutrition-fact');
const rateLimit = require('express-rate-limit');

main().catch(err => console.log(err));

@@ -14,6 +15,13 @@
app.use(logger());
app.use(express.json());

// Rate limiter middleware: max 100 requests per 15 minutes per IP
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});
app.use(limiter);

// GET: Find a NutritionFact by pet_type
app.get('/nutrition/:pet_type', async (req, res) => {
try {
pet-nutrition-service/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/pet-nutrition-service/package.json b/pet-nutrition-service/package.json
--- a/pet-nutrition-service/package.json
+++ b/pet-nutrition-service/package.json
@@ -17,6 +17,7 @@
     "ip": "^2.0.1",
     "mongoose": "^8.5.3",
     "pino": "^9.3.2",
-    "pino-http": "^10.2.0"
+    "pino-http": "^10.2.0",
+    "express-rate-limit": "^8.2.0"
   }
 }
EOF
@@ -17,6 +17,7 @@
"ip": "^2.0.1",
"mongoose": "^8.5.3",
"pino": "^9.3.2",
"pino-http": "^10.2.0"
"pino-http": "^10.2.0",
"express-rate-limit": "^8.2.0"
}
}
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 8.2.0 None
Copilot is powered by AI and may make mistakes. Always verify output.
});
}
res.status(200).json(fact);
} catch (error) {
Expand Down