fix: integration api call security issue

[bartoszherba]

Description

During debugging another issue with CT env, I found out that it's pretty easy to take down our middleware.e.g. let's get a real endpoint like: POST https://sapcc-dev.europe-west1.gcp.storefrontcloud.io/api/sapcc/addCartEntry . Wheresapcc is the integration of our middleware but let's send a request to some not existing integration, replace sapcc with something and the request will take down the node.js app

K8s will restart the app fastly but it shouldn’t work like that.

Here is a code responsible for the issue:

  app.post('/:integrationName/:functionName', async (req: Request, res: Response) => {
    const { integrationName, functionName } = req.params as any as RequestParams;
    const { apiClient, configuration, extensions, customQueries, initConfig } = integrations[integrationName];
    const middlewareContext: MiddlewareContext = { req, res, extensions, customQueries };
    const createApiClient = apiClient.createApiClient.bind({ middleware: middlewareContext });
    const apiClientInstance = createApiClient({ ...configuration, ...initConfig });
    const apiFunction = apiClientInstance.api[functionName];
    try {
      const platformResponse = await apiFunction(...req.body);
      res.send(platformResponse);
    } catch (error) {
      res.status(getAgnosticStatusCode(error));
      res.send(error);
    }
  });

We are looking for properties in integrations[integrationName] but they might be undefined. We have to add an additional check for that.

The bug happens only if middleware is deployed separately from the Nuxt app. E.g. run it via node middleware.js. I can kill e.g. sapcc-dev instance this way.

Related Issue

Motivation and Context

How Has This Been Tested?

Screenshots:

Types of changes

• [x] Bug fix (non-breaking change which fixes an issue)
• [ ] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• [x] I have read the CONTRIBUTING document.

Changelog

• [ ] I have updated the Changelog (V1) v2 and mentioned all breaking changes in the public API.
• [ ] I have documented all new public APIs and made changes to existing docs mentioning the parts I've changed so they're up to date.

Tests

• [ ] I have written test cases for my code
• [x] I have tested my Pull Request on production build and (to my knowledge) it works without any issues
• [ ] I have added tests to cover my changes.
• [x] All new and existing tests passed.

  I tested manually my code, and it works well with both:

• [ ] Default Theme
• [ ] Capybara Theme

Code standards

• [ ] My code follows the code style of this project.
• [x] I have followed naming conventions

Docs

• [ ] My change requires a change to the documentation.
• [ ] I have updated the documentation accordingly.