Merge pull request #16 from inwx/15-security-vulnerability-because-of…

…-deprecated-request-npm-dependency Replace deprecated request to native fetch
inwx · Jul 5, 2023 · 17b7c59 · 17b7c59
2 parents 4b5ad07 + b6c7e85
commit 17b7c59
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 46 deletions.
diff --git a/.eslintrc b/.eslintrc
@@ -0,0 +1,22 @@
+{
+  "parser": "@typescript-eslint/parser",
+  "parserOptions": {
+    "ecmaVersion": "latest",
+    "sourceType": "script"
+  },
+  "env": {
+    "es2021": true,
+    "node": true
+  },
+  "plugins": [
+    "@typescript-eslint"
+  ],
+  "extends": [
+    "eslint:recommended",
+    "prettier"
+  ],
+  "rules": {
+    "no-console": 0,
+    "no-unused-vars": 0
+  }
+}
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "domrobot-client",
-  "version": "3.0.2",
+  "version": "3.1.0",
   "description": "INWX Domrobot Node.JS Client",
   "author": "INWX Developer <[email protected]> (https://inwx.com)",
   "main": "lib/index.js",
@@ -21,24 +21,24 @@
   ],
   "scripts": {
     "build": "tsc",
-    "format": "prettier --write \"src/**/*.ts\" \"src/**/*.js\"",
-    "lint": "tslint -p tsconfig.json",
+    "format": "prettier --write \"src/**/*.ts\"",
+    "lint": "eslint \"src/**/*.ts\"",
     "prepare": "npm run build"
   },
   "dependencies": {
-    "otplib": "^12.0.1",
-    "request": "^2.88.0",
-    "request-promise-native": "^1.0.7"
+    "otplib": "^12.0.1"
   },
   "devDependencies": {
-    "@types/node": "^15.12.4",
+    "@types/node": "^20.3.3",
     "@types/otplib": "^7.0.0",
-    "@types/request": "^2.48.5",
-    "@types/request-promise-native": "^1.0.17",
+    "@typescript-eslint/eslint-plugin": "^5.60.1",
     "browserify": "^17.0.0",
+    "eslint": "^8.44.0",
+    "eslint-config-prettier": "^8.8.0",
     "prettier": "^2.3.1",
-    "tslint": "^5.20.1",
-    "tslint-config-prettier": "^1.18.0",
-    "typescript": "^4.3.4"
+    "typescript": "^5.1.6"
+  },
+  "engines": {
+    "node": ">=18"
   }
 }
diff --git a/src/domrobot.ts b/src/domrobot.ts
@@ -1,6 +1,4 @@
 import * as otplib from 'otplib';
-import { CookieJar } from 'request';
-import * as request from 'request-promise-native';
 
 export class ApiClient {
     public static readonly CLIENT_VERSION = '3.0.2';
@@ -12,11 +10,11 @@ export class ApiClient {
         return 'DomRobot-' + Math.round(Math.random() * 1000000000);
     }
 
-    private apiUrl: string;
+    private readonly apiUrl: string;
     private language: string;
     private debugMode: boolean;
 
-    private cookieJar: CookieJar;
+    private cookie: string;
 
     /**
      * @param apiUrl url of the API.
@@ -27,7 +25,7 @@ export class ApiClient {
         this.apiUrl = apiUrl;
         this.language = language;
         this.debugMode = debugMode;
-        this.cookieJar = request.jar();
+        this.cookie = null;
     }
 
     /**
@@ -56,23 +54,27 @@ export class ApiClient {
             params: methodParams,
         });
 
-        return request
-            .post(this.apiUrl, {
-                body: requestBody,
-                headers: {
-                    'Content-Type': 'application/json',
-                    'User-Agent': `DomRobot/${ApiClient.CLIENT_VERSION} (Node ${process.version})`,
-                },
-                jar: this.cookieJar,
-            })
-            .then(response => {
-                if (this.debugMode) {
-                    console.log(`Request (${apiMethod}): ${requestBody}`);
-                    console.log(`Response (${apiMethod}): ${response}`);
-                }
-                return response;
-            })
-            .then(response => JSON.parse(response));
+        const response = await fetch(this.apiUrl, {
+            method: 'POST',
+            headers: new Headers({
+                'Content-Type': 'application/json',
+                Cookie: this.cookie,
+                'User-Agent': `DomRobot/${ApiClient.CLIENT_VERSION} (Node ${process.version})`,
+            }),
+            body: requestBody,
+        });
+
+        if (apiMethod === 'account.login') {
+            this.cookie = response.headers.get('set-cookie');
+        }
+
+        const data = await response.json()
+        if (this.debugMode) {
+            console.info(`Request (${apiMethod}): ${requestBody}`);
+            console.info(`Response (${apiMethod}): ${data}`);
+        }
+
+        return data;
     }
 
     /**
@@ -102,7 +104,7 @@ export class ApiClient {
      * Performs a logout at the API and destroys the current session.
      */
     public async logout(): Promise<any> {
-        return await this.callApi('account.logout').then(() => (this.cookieJar = request.jar()));
+        return await this.callApi('account.logout').then(() => (this.cookie = null));
     }
 
     public getApiUrl(): string {

diff --git a/src/examples/domaincheck.ts b/src/examples/domaincheck.ts
@@ -6,7 +6,7 @@ const sharedSecret = ''; // only needed for 2FA.
 const domain = 'my-test-domain-' + Math.round(Math.random() * 1e8) + '.com'; // the domain which will be checked.
 
 const asyncFunc = async () => {
-    // By default your ApiClient uses the test api (OT&E). If you want to use the production/live api
+    // By default, your ApiClient uses the test api (OT&E). If you want to use the production/live api
     // we have a constant named API_URL_LIVE in the ApiClient class. Just set apiUrl=ApiClient.API_URL_LIVE and you're good.
     const apiClient = new ApiClient(ApiClient.API_URL_OTE, Language.EN, true);
 
@@ -35,4 +35,4 @@ const asyncFunc = async () => {
 };
 
 // call the async function
-asyncFunc();
+asyncFunc().catch(console.error);
diff --git a/tslint.json b/tslint.json