From 7ca61001804957e53e5a33dc4f42e91c7baa9905 Mon Sep 17 00:00:00 2001
From: Example man <you@example.com>
Date: Thu, 18 Nov 2021 17:46:47 +0530
Subject: [PATCH 1/4] Secrets changes, config.json

---
 config.json |  4 ++++
 server.js   | 10 ++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 config.json

diff --git a/config.json b/config.json
new file mode 100644
index 00000000..a0bbb240
--- /dev/null
+++ b/config.json
@@ -0,0 +1,4 @@
+{
+    "enableSecretsFeature": false,
+    "secretHeaderValue": "secretvalue"
+}
\ No newline at end of file
diff --git a/server.js b/server.js
index 51384c98..6f22f4a2 100644
--- a/server.js
+++ b/server.js
@@ -6,6 +6,7 @@ var fs = require('fs');
 var port = process.env.PORT || 8092;
 var dbOperations = require('./databaseOperations.js');
 var utils = require('./utils.js');
+var config = JSON.parse(fs.readFileSync('config.json', 'utf8'));
 
 
 var lastTimestamp = 0;
@@ -14,6 +15,15 @@ var server = http.createServer(function (req, res) {
     var method = req.method.toLowerCase();
     
     if(!reqUrl || (!!reqUrl && (reqUrl == "" || reqUrl.toLowerCase() == "index.html"))){
+        if(config.enableSecretsFeature) {
+            console.log(req.headers['x-secret']);
+            console.log(process.env.SECRET_VALUE);
+            if(req.headers['x-secret'] != process.env.SECRET_VALUE) {
+                res.writeHead(403, "Unauthorized");
+                res.end();
+                return;
+            }
+        }
         var data = fs.readFileSync('index.html');
         
         dbOperations.queryCount(function (visitCount){

From ea7fe8152621aec6997c3ed1fd7cc0de60687965 Mon Sep 17 00:00:00 2001
From: Example man <you@example.com>
Date: Thu, 18 Nov 2021 17:50:03 +0530
Subject: [PATCH 2/4] Bugfix

---
 server.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server.js b/server.js
index 6f22f4a2..b2bcfdf1 100644
--- a/server.js
+++ b/server.js
@@ -17,8 +17,8 @@ var server = http.createServer(function (req, res) {
     if(!reqUrl || (!!reqUrl && (reqUrl == "" || reqUrl.toLowerCase() == "index.html"))){
         if(config.enableSecretsFeature) {
             console.log(req.headers['x-secret']);
-            console.log(process.env.SECRET_VALUE);
-            if(req.headers['x-secret'] != process.env.SECRET_VALUE) {
+            console.log(config.secretHeaderValue);
+            if(req.headers['x-secret'] != config.secretHeaderValue) {
                 res.writeHead(403, "Unauthorized");
                 res.end();
                 return;

From 565a2947ef6bb2dfcc0665d85d2e53412abaf688 Mon Sep 17 00:00:00 2001
From: Example man <you@example.com>
Date: Thu, 18 Nov 2021 18:05:29 +0530
Subject: [PATCH 3/4] Review comments

---
 config.json | 2 +-
 server.js   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config.json b/config.json
index a0bbb240..ef7ec377 100644
--- a/config.json
+++ b/config.json
@@ -1,4 +1,4 @@
 {
     "enableSecretsFeature": false,
-    "secretHeaderValue": "secretvalue"
+    "secretHeaderValue": "1797669089"
 }
\ No newline at end of file
diff --git a/server.js b/server.js
index b2bcfdf1..1412653b 100644
--- a/server.js
+++ b/server.js
@@ -19,7 +19,7 @@ var server = http.createServer(function (req, res) {
             console.log(req.headers['x-secret']);
             console.log(config.secretHeaderValue);
             if(req.headers['x-secret'] != config.secretHeaderValue) {
-                res.writeHead(403, "Unauthorized");
+                res.writeHead(401, "Unauthorized");
                 res.end();
                 return;
             }

From 359112f93822b028d3c8d912c71402413af2e618 Mon Sep 17 00:00:00 2001
From: Example man <you@example.com>
Date: Thu, 18 Nov 2021 18:05:59 +0530
Subject: [PATCH 4/4] SampleApp secret

---
 SampleApp_Secrets.jmx | 176 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 176 insertions(+)
 create mode 100644 SampleApp_Secrets.jmx

diff --git a/SampleApp_Secrets.jmx b/SampleApp_Secrets.jmx
new file mode 100644
index 00000000..bfef649e
--- /dev/null
+++ b/SampleApp_Secrets.jmx
@@ -0,0 +1,176 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<jmeterTestPlan version="1.2" properties="5.0" jmeter="5.4.1">
+  <hashTree>
+    <TestPlan guiclass="TestPlanGui" testclass="TestPlan" testname="Test Plan" enabled="true">
+      <stringProp name="TestPlan.comments"></stringProp>
+      <boolProp name="TestPlan.functional_mode">false</boolProp>
+      <boolProp name="TestPlan.tearDown_on_shutdown">true</boolProp>
+      <boolProp name="TestPlan.serialize_threadgroups">false</boolProp>
+      <elementProp name="TestPlan.user_defined_variables" elementType="Arguments" guiclass="ArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+        <collectionProp name="Arguments.arguments"/>
+      </elementProp>
+      <stringProp name="TestPlan.user_define_classpath"></stringProp>
+    </TestPlan>
+    <hashTree>
+      <Arguments guiclass="ArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+        <collectionProp name="Arguments.arguments">
+          <elementProp name="appToken" elementType="Argument">
+            <stringProp name="Argument.name">appToken</stringProp>
+            <stringProp name="Argument.value">${__GetSecret(appToken)}</stringProp>
+            <stringProp name="Argument.desc">Value for x-secret header </stringProp>
+            <stringProp name="Argument.metadata">=</stringProp>
+          </elementProp>
+        </collectionProp>
+      </Arguments>
+      <hashTree/>
+      <kg.apc.jmeter.threads.UltimateThreadGroup guiclass="kg.apc.jmeter.threads.UltimateThreadGroupGui" testclass="kg.apc.jmeter.threads.UltimateThreadGroup" testname="jp@gc - Ultimate Thread Group" enabled="true">
+        <collectionProp name="ultimatethreadgroupdata">
+          <collectionProp name="1400604752">
+            <stringProp name="1567">10</stringProp>
+            <stringProp name="0">0</stringProp>
+            <stringProp name="48873">180</stringProp>
+            <stringProp name="49710">240</stringProp>
+            <stringProp name="10">10</stringProp>
+          </collectionProp>
+        </collectionProp>
+        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
+          <boolProp name="LoopController.continue_forever">false</boolProp>
+          <intProp name="LoopController.loops">-1</intProp>
+        </elementProp>
+        <stringProp name="ThreadGroup.on_sample_error">continue</stringProp>
+      </kg.apc.jmeter.threads.UltimateThreadGroup>
+      <hashTree>
+        <HeaderManager guiclass="HeaderPanel" testclass="HeaderManager" testname="HTTP Header Manager" enabled="true">
+          <collectionProp name="HeaderManager.headers">
+            <elementProp name="" elementType="Header">
+              <stringProp name="Header.name">x-secret</stringProp>
+              <stringProp name="Header.value">${appToken}</stringProp>
+            </elementProp>
+          </collectionProp>
+        </HeaderManager>
+        <hashTree/>
+        <HTTPSamplerProxy guiclass="HttpTestSampleGui" testclass="HTTPSamplerProxy" testname="lasttimestamp" enabled="true">
+          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+            <collectionProp name="Arguments.arguments"/>
+          </elementProp>
+          <stringProp name="HTTPSampler.domain">isaacnitinwus2.azurewebsites.net</stringProp>
+          <stringProp name="HTTPSampler.port"></stringProp>
+          <stringProp name="HTTPSampler.protocol">https</stringProp>
+          <stringProp name="HTTPSampler.contentEncoding"></stringProp>
+          <stringProp name="HTTPSampler.path">lasttimestamp</stringProp>
+          <stringProp name="HTTPSampler.method">GET</stringProp>
+          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
+          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
+          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
+          <boolProp name="HTTPSampler.DO_MULTIPART_POST">false</boolProp>
+          <stringProp name="HTTPSampler.embedded_url_re"></stringProp>
+          <stringProp name="HTTPSampler.implementation">HttpClient4</stringProp>
+          <stringProp name="HTTPSampler.connect_timeout">60000</stringProp>
+          <stringProp name="HTTPSampler.response_timeout">60000</stringProp>
+        </HTTPSamplerProxy>
+        <hashTree/>
+      </hashTree>
+      <kg.apc.jmeter.threads.UltimateThreadGroup guiclass="kg.apc.jmeter.threads.UltimateThreadGroupGui" testclass="kg.apc.jmeter.threads.UltimateThreadGroup" testname="jp@gc - Ultimate Thread Group" enabled="true">
+        <collectionProp name="ultimatethreadgroupdata">
+          <collectionProp name="1400604752">
+            <stringProp name="1567">10</stringProp>
+            <stringProp name="0">0</stringProp>
+            <stringProp name="48873">180</stringProp>
+            <stringProp name="49710">240</stringProp>
+            <stringProp name="10">10</stringProp>
+          </collectionProp>
+        </collectionProp>
+        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
+          <boolProp name="LoopController.continue_forever">false</boolProp>
+          <intProp name="LoopController.loops">-1</intProp>
+        </elementProp>
+        <stringProp name="ThreadGroup.on_sample_error">continue</stringProp>
+      </kg.apc.jmeter.threads.UltimateThreadGroup>
+      <hashTree>
+        <HeaderManager guiclass="HeaderPanel" testclass="HeaderManager" testname="HTTP Header Manager" enabled="true">
+          <collectionProp name="HeaderManager.headers">
+            <elementProp name="" elementType="Header">
+              <stringProp name="Header.name">x-secret</stringProp>
+              <stringProp name="Header.value">${appToken}</stringProp>
+            </elementProp>
+          </collectionProp>
+        </HeaderManager>
+        <hashTree/>
+        <HTTPSamplerProxy guiclass="HttpTestSampleGui" testclass="HTTPSamplerProxy" testname="add" enabled="true">
+          <boolProp name="HTTPSampler.postBodyRaw">true</boolProp>
+          <elementProp name="HTTPsampler.Arguments" elementType="Arguments">
+            <collectionProp name="Arguments.arguments">
+              <elementProp name="" elementType="HTTPArgument">
+                <boolProp name="HTTPArgument.always_encode">false</boolProp>
+                <stringProp name="Argument.value">2</stringProp>
+                <stringProp name="Argument.metadata">=</stringProp>
+              </elementProp>
+            </collectionProp>
+          </elementProp>
+          <stringProp name="HTTPSampler.domain">isaacnitinwus2.azurewebsites.net</stringProp>
+          <stringProp name="HTTPSampler.port"></stringProp>
+          <stringProp name="HTTPSampler.protocol">https</stringProp>
+          <stringProp name="HTTPSampler.contentEncoding"></stringProp>
+          <stringProp name="HTTPSampler.path">add</stringProp>
+          <stringProp name="HTTPSampler.method">POST</stringProp>
+          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
+          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
+          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
+          <boolProp name="HTTPSampler.DO_MULTIPART_POST">false</boolProp>
+          <stringProp name="HTTPSampler.embedded_url_re"></stringProp>
+          <stringProp name="HTTPSampler.implementation">HttpClient4</stringProp>
+          <stringProp name="HTTPSampler.connect_timeout">60000</stringProp>
+          <stringProp name="HTTPSampler.response_timeout">60000</stringProp>
+        </HTTPSamplerProxy>
+        <hashTree/>
+      </hashTree>
+      <kg.apc.jmeter.threads.UltimateThreadGroup guiclass="kg.apc.jmeter.threads.UltimateThreadGroupGui" testclass="kg.apc.jmeter.threads.UltimateThreadGroup" testname="jp@gc - Ultimate Thread Group" enabled="true">
+        <collectionProp name="ultimatethreadgroupdata">
+          <collectionProp name="1400604752">
+            <stringProp name="1567">10</stringProp>
+            <stringProp name="0">0</stringProp>
+            <stringProp name="48873">180</stringProp>
+            <stringProp name="49710">240</stringProp>
+            <stringProp name="10">10</stringProp>
+          </collectionProp>
+        </collectionProp>
+        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
+          <boolProp name="LoopController.continue_forever">false</boolProp>
+          <intProp name="LoopController.loops">-1</intProp>
+        </elementProp>
+        <stringProp name="ThreadGroup.on_sample_error">continue</stringProp>
+      </kg.apc.jmeter.threads.UltimateThreadGroup>
+      <hashTree>
+        <HeaderManager guiclass="HeaderPanel" testclass="HeaderManager" testname="HTTP Header Manager" enabled="true">
+          <collectionProp name="HeaderManager.headers">
+            <elementProp name="" elementType="Header">
+              <stringProp name="Header.name">x-secret</stringProp>
+              <stringProp name="Header.value">${appToken}</stringProp>
+            </elementProp>
+          </collectionProp>
+        </HeaderManager>
+        <hashTree/>
+        <HTTPSamplerProxy guiclass="HttpTestSampleGui" testclass="HTTPSamplerProxy" testname="get" enabled="true">
+          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+            <collectionProp name="Arguments.arguments"/>
+          </elementProp>
+          <stringProp name="HTTPSampler.domain">isaacnitinwus2.azurewebsites.net</stringProp>
+          <stringProp name="HTTPSampler.port"></stringProp>
+          <stringProp name="HTTPSampler.protocol">https</stringProp>
+          <stringProp name="HTTPSampler.contentEncoding"></stringProp>
+          <stringProp name="HTTPSampler.path">get</stringProp>
+          <stringProp name="HTTPSampler.method">GET</stringProp>
+          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
+          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
+          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
+          <boolProp name="HTTPSampler.DO_MULTIPART_POST">false</boolProp>
+          <stringProp name="HTTPSampler.embedded_url_re"></stringProp>
+          <stringProp name="HTTPSampler.implementation">HttpClient4</stringProp>
+          <stringProp name="HTTPSampler.connect_timeout">60000</stringProp>
+          <stringProp name="HTTPSampler.response_timeout">60000</stringProp>
+        </HTTPSamplerProxy>
+        <hashTree/>
+      </hashTree>
+    </hashTree>
+  </hashTree>
+</jmeterTestPlan>