From 6e687613376dae81ca76bf0f23c47ad7c3a63ea6 Mon Sep 17 00:00:00 2001
From: Matt Gibson <mgibson@bitwarden.com>
Date: Thu, 11 Aug 2022 08:00:27 -0600
Subject: [PATCH] PS-1230 PS-1152 Fix/improve null origin message (#3280)

* Improve message if Origin header value is empty

* PS-1230 Remove serve feature flag
---
 apps/cli/config/development.json       |  4 +-
 apps/cli/config/production.json        |  4 +-
 apps/cli/src/commands/serve.command.ts |  9 +++-
 apps/cli/src/flags.ts                  |  6 +--
 apps/cli/src/program.ts                | 58 +++++++++++++-------------
 5 files changed, 41 insertions(+), 40 deletions(-)

diff --git a/apps/cli/config/development.json b/apps/cli/config/development.json
index d8e5c04e7e..b04d1531a2 100644
--- a/apps/cli/config/development.json
+++ b/apps/cli/config/development.json
@@ -1,5 +1,3 @@
 {
-  "flags": {
-    "serve": true
-  }
+  "flags": {}
 }
diff --git a/apps/cli/config/production.json b/apps/cli/config/production.json
index d8e5c04e7e..b04d1531a2 100644
--- a/apps/cli/config/production.json
+++ b/apps/cli/config/production.json
@@ -1,5 +1,3 @@
 {
-  "flags": {
-    "serve": true
-  }
+  "flags": {}
 }
diff --git a/apps/cli/src/commands/serve.command.ts b/apps/cli/src/commands/serve.command.ts
index 99cd43a2db..ec1cebb717 100644
--- a/apps/cli/src/commands/serve.command.ts
+++ b/apps/cli/src/commands/serve.command.ts
@@ -6,6 +6,7 @@ import * as koaBodyParser from "koa-bodyparser";
 import * as koaJson from "koa-json";
 
 import { KeySuffixOptions } from "@bitwarden/common/enums/keySuffixOptions";
+import { Utils } from "@bitwarden/common/misc/utils";
 import { Response } from "@bitwarden/node/cli/models/response";
 import { FileResponse } from "@bitwarden/node/cli/models/response/fileResponse";
 
@@ -167,7 +168,13 @@ export class ServeCommand {
       .use(async (ctx, next) => {
         if (protectOrigin && ctx.headers.origin != undefined) {
           ctx.status = 403;
-          this.main.logService.warning(`Blocking request from ${ctx.headers.origin}`);
+          this.main.logService.warning(
+            `Blocking request from "${
+              Utils.isNullOrEmpty(ctx.headers.origin)
+                ? "(Origin header value missing)"
+                : ctx.headers.origin
+            }"`
+          );
           return;
         }
         await next();
diff --git a/apps/cli/src/flags.ts b/apps/cli/src/flags.ts
index b0db46132d..5cb83ad0ce 100644
--- a/apps/cli/src/flags.ts
+++ b/apps/cli/src/flags.ts
@@ -1,5 +1,5 @@
-export type Flags = {
-  serve?: boolean;
-};
+// Remove this linter hint if any flags exist
+// eslint-disable-next-line @typescript-eslint/ban-types
+export type Flags = {};
 
 export type FlagName = keyof Flags;
diff --git a/apps/cli/src/program.ts b/apps/cli/src/program.ts
index 7182d1acd1..80eddf0c5e 100644
--- a/apps/cli/src/program.ts
+++ b/apps/cli/src/program.ts
@@ -470,36 +470,34 @@ export class Program extends BaseProgram {
         this.processResponse(response);
       });
 
-    if (CliUtils.flagEnabled("serve")) {
-      program
-        .command("serve")
-        .description("Start a RESTful API webserver.")
-        .option("--hostname <hostname>", "The hostname to bind your API webserver to.")
-        .option("--port <port>", "The port to run your API webserver on.")
-        .option(
-          "--disable-origin-protection",
-          "If set, allows requests with origin header. Not recommended!"
-        )
-        .on("--help", () => {
-          writeLn("\n  Notes:");
-          writeLn("");
-          writeLn("    Default hostname is `localhost`.");
-          writeLn("    Use hostname `all` for no hostname binding.");
-          writeLn("    Default port is `8087`.");
-          writeLn("");
-          writeLn("  Examples:");
-          writeLn("");
-          writeLn("    bw serve");
-          writeLn("    bw serve --port 8080");
-          writeLn("    bw serve --hostname bwapi.mydomain.com --port 80");
-          writeLn("", true);
-        })
-        .action(async (cmd) => {
-          await this.exitIfNotAuthed();
-          const command = new ServeCommand(this.main);
-          await command.run(cmd);
-        });
-    }
+    program
+      .command("serve")
+      .description("Start a RESTful API webserver.")
+      .option("--hostname <hostname>", "The hostname to bind your API webserver to.")
+      .option("--port <port>", "The port to run your API webserver on.")
+      .option(
+        "--disable-origin-protection",
+        "If set, allows requests with origin header. Not recommended!"
+      )
+      .on("--help", () => {
+        writeLn("\n  Notes:");
+        writeLn("");
+        writeLn("    Default hostname is `localhost`.");
+        writeLn("    Use hostname `all` for no hostname binding.");
+        writeLn("    Default port is `8087`.");
+        writeLn("");
+        writeLn("  Examples:");
+        writeLn("");
+        writeLn("    bw serve");
+        writeLn("    bw serve --port 8080");
+        writeLn("    bw serve --hostname bwapi.mydomain.com --port 80");
+        writeLn("", true);
+      })
+      .action(async (cmd) => {
+        await this.exitIfNotAuthed();
+        const command = new ServeCommand(this.main);
+        await command.run(cmd);
+      });
   }
 
   protected processResponse(response: Response, exitImmediately = false) {