From c51ff7a78fe7654700bae5acb4dfdefa16b07df7 Mon Sep 17 00:00:00 2001
From: Rodrigo Rodriguez <me@rodrigorodriguez.com>
Date: Thu, 9 Jan 2020 15:28:11 -0300
Subject: [PATCH] fix(core.gbapp): Security enhancements and fixes.

---
 boot.js                                       |  2 +-
 package.json                                  |  1 -
 .../services/AzureDeployerService.ts          | 32 ++++++++++++-------
 packages/core.gbapp/services/GBMinService.ts  |  2 +-
 packages/default.gbui/src/GBUIApp.js          |  2 +-
 5 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/boot.js b/boot.js
index f3616303..1802247f 100644
--- a/boot.js
+++ b/boot.js
@@ -24,7 +24,7 @@ var now = () => {
 try {
 
     var run = () => {
-        console.log(`[GB Runtime] Now starting General Bots Server...`);
+        console.log(`[GB Runtime] Initializing General Bots Server...`);
         const GBServer = require("./dist/src/app").GBServer
         console.log(`[GB Runtime] ${now()} - Running '${GBServer.name}' on '${__dirname}' directory`);
         process.env.PWD = __dirname;
diff --git a/package.json b/package.json
index 3418e4c6..5c002fdf 100644
--- a/package.json
+++ b/package.json
@@ -106,7 +106,6 @@
     "@types/winston": "2.4.4",
     "ban-sensitive-files": "1.9.2",
     "commitizen": "^4.0.3",
-    "coveralls": "^3.0.9",
     "cz-conventional-changelog": "^3.0.2",
     "dependency-check": "^4.1.0",
     "git-issues": "1.3.1",
diff --git a/packages/azuredeployer.gbapp/services/AzureDeployerService.ts b/packages/azuredeployer.gbapp/services/AzureDeployerService.ts
index f588f868..a66c54f3 100644
--- a/packages/azuredeployer.gbapp/services/AzureDeployerService.ts
+++ b/packages/azuredeployer.gbapp/services/AzureDeployerService.ts
@@ -332,12 +332,21 @@ export class AzureDeployerService implements IGBInstallationDeployer {
     const storageClient = new SqlManagementClient(credentials, subscriptionId);
 
     const ip = await publicIp.v4();
-    const params = {
+    let params = {
       startIpAddress: ip,
       endIpAddress: ip
     };
-
     await storageClient.firewallRules.createOrUpdate(groupName, serverName, 'gb', params);
+       
+    // AllowAllWindowsAzureIps must be created that way, so the Azure Search can 
+    // access SQL Database to index its contents.
+
+    params = {
+      startIpAddress: '0.0.0.0',
+      endIpAddress: '0.0.0.0'
+    };
+    await storageClient.firewallRules.createOrUpdate(groupName, serverName, 'AllowAllWindowsAzureIps', params);
+
   }
 
   public async deployFarm(
@@ -358,6 +367,15 @@ export class AzureDeployerService implements IGBInstallationDeployer {
     GBLog.info(`Deploying Deploy Group (It may take a few minutes)...`);
     await this.createDeployGroup(name, instance.cloudLocation);
 
+    GBLog.info(`Deploying NLP...`);
+    const nlp = await this.createNLP(name, `${name}-nlp`, instance.cloudLocation);
+    keys = await this.cognitiveClient.accounts.listKeys(name, nlp.name);
+    const nlpAppId = await this.createNLPService(name, name, instance.cloudLocation, culture, instance.nlpAuthoringKey);
+
+    instance.nlpEndpoint =  urlJoin(nlp.endpoint, 'apps');
+    instance.nlpKey = keys.key1;
+    instance.nlpAppId = nlpAppId;
+
     GBLog.info(`Deploying Bot Server...`);
     const serverFarm = await this.createHostingPlan(name, `${name}-server-plan`, instance.cloudLocation);
     const serverName = `${name}-server`;
@@ -406,17 +424,9 @@ export class AzureDeployerService implements IGBInstallationDeployer {
 
     instance.textAnalyticsEndpoint = textAnalytics.endpoint.replace(`/text/analytics/v2.0`, '');
     instance.textAnalyticsKey = keys.key1;
-    if (false) {
 
-      GBLog.info(`Deploying NLP...`);
-      const nlp = await this.createNLP(name, `${name}-nlp`, instance.cloudLocation);
-      keys = await this.cognitiveClient.accounts.listKeys(name, nlp.name);
-      const nlpAppId = await this.createNLPService(name, name, instance.cloudLocation, culture, instance.nlpAuthoringKey);
+    // NLP
 
-      instance.nlpEndpoint = nlp.endpoint; // TODO: Add this final URL /apps/a149dae1-5134-4624-96b5-885e9e674c9e
-      instance.nlpKey = keys.key1;
-      instance.nlpAppId = nlpAppId;
-    }
     GBLog.info(`Deploying Bot...`);
     instance.botEndpoint = this.defaultEndPoint;
 
diff --git a/packages/core.gbapp/services/GBMinService.ts b/packages/core.gbapp/services/GBMinService.ts
index 9e900140..5dc154c3 100644
--- a/packages/core.gbapp/services/GBMinService.ts
+++ b/packages/core.gbapp/services/GBMinService.ts
@@ -297,7 +297,7 @@ export class GBMinService {
           instanceId: instance.instanceId,
           botId: botId,
           theme: theme,
-          secret: instance.webchatKey,
+          webchatToken: webchatToken,
           speechToken: speechToken,
           conversationId: webchatToken.conversationId,
           authenticatorTenant: instance.authenticatorTenant,
diff --git a/packages/default.gbui/src/GBUIApp.js b/packages/default.gbui/src/GBUIApp.js
index 5c34056d..cfceb55c 100644
--- a/packages/default.gbui/src/GBUIApp.js
+++ b/packages/default.gbui/src/GBUIApp.js
@@ -173,7 +173,7 @@ class GBUIApp extends React.Component {
     window['botchatDebug'] = true;
 
     const line = new DirectLine({
-      secret: this.state.instanceClient.secret
+      token: this.state.instanceClient.token
     });
 
     line.connectionStatus$.subscribe(connectionStatus => {