Fix CodeQL alerts

mnarulabuilds · mnarulabuilds · commit 43a49a89bb3a · 2024-08-20T22:49:11.000+05:30
diff --git a/backend/package-lock.json b/backend/package-lock.json
diff --git a/backend/package.json b/backend/package.json
@@ -51,7 +51,7 @@
     "@babel/preset-env": "^7.15.8",
     "chai": "^4.3.4",
     "cypress": "^9.2.0",
-    "eslint": "^8.57.0",
+    "eslint": "^8.6.0",
     "eslint-config-airbnb-base": "^15.0.0",
     "eslint-plugin-import": "^2.25.3",
     "eslint-plugin-mocha": "^8.0.0",
diff --git a/backend/src/controllers/auth/resetPassword.js b/backend/src/controllers/auth/resetPassword.js
@@ -15,7 +15,7 @@ const resetPassword = async (req, res) => {
       });
     }
     const user = await User.findOne({
-      resetToken: token,
+      resetToken: { $eq: token },
       resetTokenExpiry: { $gt: Date.now() },
     });
     if (!user) {
diff --git a/backend/src/controllers/auth/sso.js b/backend/src/controllers/auth/sso.js
@@ -8,7 +8,7 @@ const googleCallback = async (req, res) => {
 
   try {
     // Check if the user already exists in the database
-    let existingUser = await User.findOne({ email: user.email });
+    let existingUser = await User.findOne({ email: { $eq: user.email } });
 
     if (!existingUser) {
       // Create a new user if not found
@@ -39,7 +39,7 @@ const githubCallback = async (req, res) => {
   const user = req.user;
 
   try {
-    let existingUser = await User.findOne({ email: user.email });
+    let existingUser = await User.findOne({ email: { $eq: user.email } });
 
     if (!existingUser) {
       existingUser = new User({
@@ -67,7 +67,7 @@ const facebookCallback = async (req, res) => {
   const user = req.user;
 
   try {
-    let existingUser = await User.findOne({ email: user.email });
+    let existingUser = await User.findOne({ email: { $eq: user.email } });
 
     if (!existingUser) {
       existingUser = new User({
diff --git a/backend/src/controllers/auth/verifyEmail.js b/backend/src/controllers/auth/verifyEmail.js
@@ -5,7 +5,7 @@ const verifyEmail = async (req, res) => {
   const { token } = req.query;
 
   try {
-    const user = await User.findOne({ verificationToken: token });
+    const user = await User.findOne({ verificationToken: { $eq: token } });
     if (!user) {
       return res.status(400).json({ error: "Invalid verification token" });
     }
diff --git a/backend/src/controllers/summary/generateAudioSummary.js b/backend/src/controllers/summary/generateAudioSummary.js
@@ -1,13 +1,16 @@
 const fs = require("fs");
+const path = require("path");
 const textUtils = require("../../utils/text");
 const audioUtils = require("../../utils/audio");
 
+const ROOT_DIR = "src/utils/audio/audios/";
+
 const generateAudioSummary = async (req, res) => {
   try {
     const { audioData } = req.body;
 
     // check if valid audioData provided
-    if (!audioData || !audioData.audioFilePath || !audioData.format) {
+    if (!audioData || !audioData.audioFileName || !audioData.format) {
       return res.status(400).json({ error: "Invalid audio data provided." });
     }
 
@@ -17,13 +20,13 @@ const generateAudioSummary = async (req, res) => {
     }
 
     // Check if the audio file exists
-    if (!fs.existsSync(audioData.audioFilePath)) {
+    if (!fs.existsSync(path.resolve(ROOT_DIR, audioData.audioFileName))) {
       return res.status(400).json({ error: "Audio file not found." });
     }
 
     // Convert audio to text asynchronously
     const textFromAudio = await audioUtils.convertAudioToText(
-      audioData.audioFilePath,
+      audioData.audioFileName,
       audioData.format
     );
 
diff --git a/backend/src/models/User.js b/backend/src/models/User.js
@@ -56,7 +56,7 @@ userSchema.methods.generateVerificationToken = function () {
 
 // Static method to find by email
 userSchema.statics.findByEmail = function (email) {
-  return this.findOne({ email });
+  return this.findOne({ email: { $eq: email } });
 };
 
 module.exports = mongoose.model("User", userSchema);
diff --git a/backend/src/utils/audio/convertAudioToText.js b/backend/src/utils/audio/convertAudioToText.js
@@ -1,10 +1,12 @@
 const DeepSpeech = require("deepspeech");
 const convertMP3toWAV = require("./convertMP3toWAV");
 const fs = require("fs");
+const path = require("path");
+const ROOT_DIR = "src/utils/audio/audios/";
 
 const wavOutputPath = "src/utils/audio/audios/output.wav";
 
-async function convertAudioToText(audioFilePath, audioFormat) {
+async function convertAudioToText(audioFileName, audioFormat) {
   let audioData = Buffer.from("");
 
   // Load the DeepSpeech model without specifying model and scorer paths
@@ -13,6 +15,8 @@ async function convertAudioToText(audioFilePath, audioFormat) {
   // Load the language model scorer without specifying scorer path
   model.enableExternalScorer();
 
+  const audioFilePath = path.resolve(ROOT_DIR, audioFileName);
+
   if (audioFormat === "mp3") {
     await convertMP3toWAV(audioFilePath, wavOutputPath);
     audioData = fs.readFileSync(wavOutputPath);
diff --git a/backend/tests/unit/controllers/summaryController.test.js b/backend/tests/unit/controllers/summaryController.test.js
@@ -33,7 +33,7 @@ describe("Summary Controller - Audio Content", () => {
 
     it("should return error if audio file not found", async () => {
       req.body.audioData = {
-        audioFilePath: "invalid/path/to/audio.mp3",
+        audioFileName: "invalid/path/to/audio.mp3",
         format: "mp3",
       };
       sinon.stub(fs, "existsSync").returns(false);
@@ -45,7 +45,7 @@ describe("Summary Controller - Audio Content", () => {
 
     it("should return error if audio format not supported", async () => {
       req.body.audioData = {
-        audioFilePath: "valid/path/to/audio.mp3",
+        audioFileName: "valid/path/to/audio.mp3",
         format: "unsupported_format",
       };
       sinon.stub(fs, "existsSync").returns(true);
@@ -57,7 +57,7 @@ describe("Summary Controller - Audio Content", () => {
 
     it("should return error if no text found in the audio", async () => {
       req.body.audioData = {
-        audioFilePath: "src/utils/audio/audios/no-speech.mp3",
+        audioFileName: "no-speech.mp3",
         format: "mp3",
       };
       sinon.stub(fs, "existsSync").returns(true);
@@ -71,7 +71,7 @@ describe("Summary Controller - Audio Content", () => {
 
     it("should generate summary from text", async () => {
       req.body.audioData = {
-        audioFilePath: "valid/path/to/audio.mp3",
+        audioFileName: "valid/path/to/audio.mp3",
         format: "mp3",
       };
       sinon.stub(fs, "existsSync").returns(true);
@@ -90,7 +90,7 @@ describe("Summary Controller - Audio Content", () => {
 
     it("should handle internal server error", async () => {
       req.body.audioData = {
-        audioFilePath: "valid/path/to/audio.mp3",
+        audioFileName: "valid/path/to/audio.mp3",
         format: "mp3",
       };
       sinon.stub(fs, "existsSync").returns(true);

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ const resetPassword = async (req, res) => {`
`15`	`15`	`});`
`16`	`16`	`}`
`17`	`17`	`const user = await User.findOne({`
`18`		`- resetToken: token,`
	`18`	`+ resetToken: { $eq: token },`
`19`	`19`	`resetTokenExpiry: { $gt: Date.now() },`
`20`	`20`	`});`
`21`	`21`	`if (!user) {`
Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@ const verifyEmail = async (req, res) => {`
`5`	`5`	`const { token } = req.query;`
`6`	`6`
`7`	`7`	`try {`
`8`		`- const user = await User.findOne({ verificationToken: token });`
	`8`	`+ const user = await User.findOne({ verificationToken: { $eq: token } });`
`9`	`9`	`if (!user) {`
`10`	`10`	`return res.status(400).json({ error: "Invalid verification token" });`
`11`	`11`	`}`