References to ports of services centralised

[dave-shanahan]

Overview

My machine would complain when running the NPM server due to Linux requiring root permissions when listening on a port below 1024. To resolve this, I had to alter the project code to change the port number that ExpressJS leveraged. This ticket aims to make this resolution easier for future users by extracting and centralising the ports defined for the following three services: ExpressJS, XML RPC, and GraphQL.

Implementation Details

• The .env file was updated to contain three entries for the ports of the three services.
• I updated the references from the hardcoded values to the ones stored within .env

Replication Steps

• Alter the port numbers to values of your choosing
• Execute npm start and confirm:
  • The output from the command reflects the ports you chose.
  • The services are listening on the ports you chose.

Questions/Issues

• It could be worth standardising the command output for the three services?
  • For instance, choose the following to uniform all three: 🚀 XYZ server listening on port XYZ
  • Additionally, the ExpressJS line says API, is this correct? I thought it also hosted the app?
• The config.xml file references a hardcoded value for XML RPC. I couldn't alter this as it's not a JavaScript file. I can't think of a way to make this dynamic off my head. Would be worth brainstorming...

[snoopysecurity]

PR looks good, approved 👍 thanks for contributing to dvws

regarding your questions

• Yes, you are right, currently the express framework is used to host the app, as well as provide an API, i have plans to use express backend as just an api in the future and use another frontend framework, initially when i ported the vulns from https://github.com/snoopysecurity/dvws i didn't have the time properly write a fully fledged API
• config.xml is dummy file used for the XPath Injection vulnerability, it doesn't have any other impact https://github.com/snoopysecurity/dvws-node/wiki/XPath-Injection