Updates

2025-10-29 18:00:23 +00:00 · 2018-03-14 22:42:19 +01:00
parent a5248f0f39
commit 1abced50ca
3 changed files with 444 additions and 192 deletions
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -28,7 +28,7 @@
  "homepage": "https://github.com/zoff-music/zoff#readme",
  "dependencies": {
    "assert": "^1.4.1",
-    "bad-words": "^1.5.1",
+    "bad-words": "^1.6.1",
    "bcrypt-nodejs": "0.0.3",
    "body-parser": "^1.17.1",
    "color-thief-jimp": "^2.0.2",
@@ -37,7 +37,7 @@
    "cors": "^2.8.4",
    "critical": "^1.1.0",
    "emoji-strip": "^0.0.3",
-    "express": "^4.15.2",
+    "express": "^4.16.3",
    "express-handlebars": "^3.0.0",
    "express-recaptcha": "^3.0.1",
    "express-session": "^1.15.6",
@@ -47,19 +47,20 @@
    "gulp-concat": "^2.6.1",
    "gulp-uglifyjs": "^0.6.2",
    "gulp-util": "^3.0.8",
+    "helmet": "^3.12.0",
    "http2": "^3.3.7",
    "jimp": "^0.2.28",
-    "mobile-detect": "^1.3.7",
-    "mongodb": "^2.0.27",
-    "mongojs": "^2.4.0",
-    "mongoose": "^5.0.3",
+    "mobile-detect": "^1.4.1",
+    "mongodb": "^2.2.35",
+    "mongojs": "^2.5.0",
+    "mongoose": "^5.0.10",
    "mpromise": "^0.5.5",
    "node-cryptojs-aes": "^0.4.0",
-    "nodemailer": "^4.0.1",
+    "nodemailer": "^4.6.3",
    "passport": "^0.4.0",
    "passport-local": "^1.0.0",
    "redis": "^2.8.0",
-    "request": "^2.72.0",
+    "request": "^2.85.0",
    "socket.io": "^2.0.4",
    "socket.io-redis": "^5.2.0",
    "sticky-session": "^1.1.2",
--- a/server/apps/client.js
+++ b/server/apps/client.js
@@ -37,6 +37,8 @@ app.set('views', publicPath);
 var bodyParser = require('body-parser');
 var cookieParser = require("cookie-parser");
 var cookies = require("cookie");
+var helmet = require('helmet')
+app.use(helmet())
 app.use( bodyParser.json() );       // to support JSON-encoded bodies
 app.use(bodyParser.urlencoded({     // to support URL-encoded bodies
 	extended: true
@@ -87,9 +89,19 @@ app.use(function (req, res, next) {
 	var cookie = req.cookies._uI;
 	if (cookie === undefined) {
 		var user_name = Functions.hash_pass(Functions.rndName(uniqid.time(), 15));
-		res.cookie('_uI', user_name, { maxAge: 365 * 10000 * 3600000, httpOnly: true, secure: secure });
+		res.cookie('_uI', user_name, {
+            maxAge: 365 * 10000 * 3600000,
+            httpOnly: true,
+            secure: secure,
+            domain: "zoff.me"
+        });
 	} else {
-		res.cookie('_uI', cookie, { maxAge: 365 * 10000 * 3600000, httpOnly: true, secure: secure });
+		res.cookie('_uI', cookie, {
+            maxAge: 365 * 10000 * 3600000,
+            httpOnly: true,
+            secure: secure,
+            domain: "zoff.me"
+        });
 	}
 	res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");