feat(strict mode): add strict mode to all services (#258)

* Add strict mode to data service

* Add strict mode to dashboard service

* Add strict mode to api service

* ignore js files

* allow and ignore repack

* Adjust repack

* mmost decl file for bestzip

* mmost decl file for bestzip

* adjust sls repack

* Fix

* add await to a thing

---------

Co-authored-by: Mike Dial <[email protected]>

src/libs/.gitignore

@@ -0,0 +1 @@
+**/*.js

src/libs/opensearch-lib.ts

@@ -23,7 +23,7 @@ function createAwsConnector(credentials: any) {
     buildRequestObject(params: any) {
       const request = super.buildRequestObject(params);
       request.headers = request.headers || {};
-      request.headers["host"] = request.hostname;
+      request.headers["host"] = request.hostname ?? undefined;
 
       return aws4.sign(<any>request, credentials);
     }

src/services/api/.gitignore

@@ -1,2 +1,2 @@
 # git ignore js files built by schema versions
-/layers/**/*.js
+**/*.js

src/services/api/handlers/action.ts

@@ -16,6 +16,19 @@ import {
 } from "./packageActions";
 
 export const handler = async (event: APIGatewayEvent) => {
+  if (!event.pathParameters || !event.pathParameters.actionType) {
+    return response({
+      statusCode: 400,
+      body: { message: "Action type path parameter required" },
+    });
+  }
+  if (!event.body) {
+    return response({
+      statusCode: 400,
+      body: { message: "Event body required" },
+    });
+  }
+
   try {
     const actionType = event.pathParameters.actionType as Action;
     const body = JSON.parse(event.body);

src/services/api/handlers/forms.ts

@@ -49,7 +49,7 @@ export const forms = async (event: APIGatewayEvent) => {
           body: cleanedForm,
         });
       }
-    } catch (importError) {
+    } catch (importError: any) {
       console.error("Error importing module:", importError);
       return response({
         statusCode: 500,
@@ -60,7 +60,7 @@ export const forms = async (event: APIGatewayEvent) => {
         }),
       });
     }
-  } catch (error) {
+  } catch (error: any) {
     console.error("Error:", error);
     return response({
       statusCode: 502,

src/services/api/handlers/getAttachmentUrl.ts

@@ -13,6 +13,19 @@ if (!process.env.osDomain) {
 
 // Handler function to get Seatool data
 export const handler = async (event: APIGatewayEvent) => {
+  if (!event.body) {
+    return response({
+      statusCode: 400,
+      body: { message: "Event body required" },
+    });
+  }
+  if (!process.env.osDomain) {
+    return response({
+      statusCode: 500,
+      body: { message: "Handler is missing process.env.osDomain env var" },
+    });
+  }
+
   try {
     const body = JSON.parse(event.body);
 
@@ -91,7 +104,7 @@ export const handler = async (event: APIGatewayEvent) => {
   }
 };
 
-async function getClient(bucket) {
+async function getClient(bucket: string) {
   if (bucket.startsWith("uploads")) {
     const stsClient = new STSClient({});
 
@@ -106,11 +119,15 @@ async function getClient(bucket) {
     // Extract the assumed role credentials
     const assumedCredentials = assumedRoleResponse.Credentials;
 
+    if (!assumedCredentials) {
+      throw new Error("No assumed redentials");
+    }
+
     // Create S3 client using the assumed role's credentials
     return new S3Client({
       credentials: {
-        accessKeyId: assumedCredentials.AccessKeyId,
-        secretAccessKey: assumedCredentials.SecretAccessKey,
+        accessKeyId: assumedCredentials.AccessKeyId as string,
+        secretAccessKey: assumedCredentials.SecretAccessKey as string,
         sessionToken: assumedCredentials.SessionToken,
       },
     });
@@ -120,10 +137,10 @@ async function getClient(bucket) {
 }
 
 async function generatePresignedUrl(
-  bucket,
-  key,
-  filename,
-  expirationInSeconds
+  bucket: string,
+  key: string,
+  filename: string,
+  expirationInSeconds: number
 ) {
   // Get an S3 client
   const client = await getClient(bucket);

src/services/api/handlers/getPackageActions.ts

@@ -1,6 +1,6 @@
 import { APIGatewayEvent } from "aws-lambda";
 import { Action, CognitoUserAttributes, ItemResult } from "shared-types";
-import { isCmsUser, isCmsWriteUser, getLatestRai } from "shared-utils";
+import { isCmsWriteUser, getLatestRai } from "shared-utils";
 import { isStateUser } from "shared-utils/is-state-user";
 import { getPackage } from "../libs/package/getPackage";
 import {
@@ -69,6 +69,12 @@ export const packageActionsForResult = (
   return actions;
 };
 export const getPackageActions = async (event: APIGatewayEvent) => {
+  if (!event.body) {
+    return response({
+      statusCode: 400,
+      body: { message: "Event body required" },
+    });
+  }
   const body = JSON.parse(event.body) as GetPackageActionsBody;
   try {
     console.log(body);

src/services/api/handlers/getUploadUrl.ts

@@ -37,7 +37,7 @@ export const handler = async () => {
   }
 };
 
-function checkEnvVariables(requiredEnvVariables) {
+function checkEnvVariables(requiredEnvVariables: string[]) {
   const missingVariables = requiredEnvVariables.filter(
     (envVar) => !process.env[envVar]
   );

src/services/api/handlers/item.ts

@@ -8,16 +8,23 @@ if (!process.env.osDomain) {
 }
 
 export const getItemData = async (event: APIGatewayEvent) => {
+  if (!event.body) {
+    return response({
+      statusCode: 400,
+      body: { message: "Event body required" },
+    });
+  }
   try {
     const body = JSON.parse(event.body);
     const stateFilter = await getStateFilter(event);
     const result = await getPackage(body.id);
 
     if (
       stateFilter &&
-      !stateFilter.terms.state.includes(
-        result._source.state.toLocaleLowerCase()
-      )
+      (!result._source.state ||
+        !stateFilter.terms.state.includes(
+          result._source.state.toLocaleLowerCase()
+        ))
     ) {
       return response({
         statusCode: 401,

src/services/api/handlers/packageActions.ts

@@ -3,14 +3,14 @@ import * as sql from "mssql";
 const user = process.env.dbUser;
 const password = process.env.dbPassword;
 const server = process.env.dbIp;
-const port = parseInt(process.env.dbPort);
+const port = parseInt(process.env.dbPort as string);
 const config = {
   user: user,
   password: password,
   server: server,
   port: port,
   database: "SEA",
-};
+} as sql.config;
 
 import {
   Action,
@@ -26,7 +26,7 @@ import { response } from "../libs/handler";
 import { SEATOOL_STATUS } from "shared-types/statusHelper";
 import { getLatestRai } from "shared-utils";
 
-const TOPIC_NAME = process.env.topicName;
+const TOPIC_NAME = process.env.topicName as string;
 
 export async function issueRai(body: RaiIssue) {
   console.log("CMS issuing a new RAI");
@@ -83,7 +83,7 @@ export async function issueRai(body: RaiIssue) {
 }
 
 export async function withdrawRai(body: RaiWithdraw, rais: any) {
-  const activeKey = getLatestRai(rais).key;
+  const activeKey = getLatestRai(rais)?.key;
   const result = raiWithdrawSchema.safeParse({
     ...body,
     requestedDate: activeKey,
@@ -212,11 +212,11 @@ export async function respondToRai(body: RaiResponse, rais: any) {
   console.log("heyo");
 }
 
-export async function withdrawPackage(id, timestamp) {
+export async function withdrawPackage() {
   console.log("State withdrawing a package.");
 }
 
-export async function toggleRaiResponseWithdraw(body, toggle: boolean) {
+export async function toggleRaiResponseWithdraw(body: any, toggle: boolean) {
   const { id, authority, origin } = body;
   try {
     await produceMessage(

src/services/api/handlers/search.ts

@@ -29,6 +29,13 @@ export const getSearchData = async (event: APIGatewayEvent) => {
     console.log("Sending query, built as follow:");
     console.log(JSON.stringify(query, null, 2));
 
+    if (!process.env.osDomain) {
+      return response({
+        statusCode: 500,
+        body: { message: "Handler is missing process.env.osDomain env var" },
+      });
+    }
+
     const results = await os.search(process.env.osDomain, "main", query);
 
     return response<unknown>({

src/services/api/handlers/submit.ts

@@ -6,21 +6,21 @@ import { isAuthorized } from "../libs/auth/user";
 const user = process.env.dbUser;
 const password = process.env.dbPassword;
 const server = process.env.dbIp;
-const port = parseInt(process.env.dbPort);
+const port = parseInt(process.env.dbPort as string);
 const config = {
   user: user,
   password: password,
   server: server,
   port: port,
   database: "SEA",
-};
+} as sql.config;
 
 import { Kafka, Message } from "kafkajs";
 import { Authority, onemacSchema, transformOnemac } from "shared-types";
 
 const kafka = new Kafka({
   clientId: "submit",
-  brokers: process.env.brokerString.split(","),
+  brokers: process.env.brokerString?.split(",") as string[],
   retry: {
     initialRetryTime: 300,
     retries: 8,
@@ -34,6 +34,12 @@ const producer = kafka.producer();
 
 export const submit = async (event: APIGatewayEvent) => {
   try {
+    if (!event.body) {
+      return response({
+        statusCode: 400,
+        body: "Event body required",
+      });
+    }
     const body = JSON.parse(event.body);
     console.log(body);
 
@@ -91,7 +97,7 @@ export const submit = async (event: APIGatewayEvent) => {
     } else {
       console.log(eventBody);
       await produceMessage(
-        process.env.topicName,
+        process.env.topicName as string,
         body.id,
         JSON.stringify(eventBody.data)
       );
@@ -110,7 +116,7 @@ export const submit = async (event: APIGatewayEvent) => {
   }
 };
 
-async function produceMessage(topic, key, value) {
+async function produceMessage(topic: string, key: string, value: string) {
   console.log("about to connect");
   await producer.connect();
   console.log("connected");

src/services/api/handlers/tests/forms.test.ts

@@ -39,7 +39,6 @@ describe("Forms Lambda Tests", () => {
     const result = await forms(event);
 
     expect(result?.statusCode).toBe(200);
-    expect(result?.headers["Content-Type"]).toBe("application/json");
   });
 
   it("should return 500 with a custom error message for other internal errors", async () => {