Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
const installation = await Installation.getForHost(jiraHost)
res.locals.installation = installation
req.addLogFields({
jiraHost: installation.jiraHost,
jiraClientKey: installation.clientKey
})
if (!installation) {
next(new Error('Not Found'))
} else {
try {
// The JWT contains a `qsh` field that can be used to verify
// the request body / query
// See https://bitbucket.org/atlassian/atlassian-connect-express/src/f434e5a9379a41213acf53b9c2689ce5eec55e21/lib/middleware/authentication.js?at=master&fileviewer=file-view-default#authentication.js-227
jwt.decode(token, installation.sharedSecret)
next()
} catch (error) {
next(new Error('Unauthorized'))
}
}
}
type: installation.target_type
})
const hasMemberPermission = installation.permissions.members === 'read'
installationsWithAdmin.push({...installation, admin, hasMemberPermission})
}
return installationsWithAdmin
}
if (req.query.jwt && req.query.xdm_e) {
const { jwt: token, xdm_e: jiraHost } = req.query
const { data: { login } } = await github.users.get()
try {
// we can get the jira client Key from the JWT's `iss` property
// so we'll decode the JWT here and verify it's the right key before continuing
const installation = await Installation.getForHost(jiraHost)
const { iss: clientKey } = JWT.decode(token, installation.sharedSecret)
const { data: { installations } } = (await github.users.getInstallations({}))
const installationsWithAdmin = await getInstallationsWithAdmin({installations, login})
const { data: info } = (await client.apps.get({}))
return res.render('github-configuration.hbs', {
csrfToken: req.csrfToken(),
installations: installationsWithAdmin,
info,
jiraHost,
clientKey
})
} catch (err) {
// If we get here, there was either a problem decoding the JWT
// or getting the data we need from GitHub, so we'll show the user an error.
req.log.error(err)
return next(err)