Testing feature-police

2025-10-29 18:00:23 +00:00 · 2019-03-21 20:11:42 +01:00
parent dfc49156f5
commit c8614bef52
3 changed files with 99 additions and 79 deletions
--- a/server/apps/admin.js
+++ b/server/apps/admin.js
@@ -48,15 +48,21 @@ var bodyParser = require('body-parser');
 var cookieParser = require("cookie-parser");
 var referrerPolicy = require('referrer-policy');
 var helmet = require('helmet');
+var featurePolicy = require('feature-policy');
+app.use(featurePolicy({
+    features: {
+        fullscreen: ["'*'"],
+        vibrate: ["'none'"],
+        payment: ["'none'"],
+        microphone: ["'none'"],
+        camera: ["'none'"],
+        speaker: ["*"],
+        syncXhr: ["'self'"],
+        notifications: ["'self'"]
+    }
+}));
 app.use(helmet({
  frameguard: false,
-  features: {
-    fullscreen: ["'self'"],
-    vibrate: ["'none'"],
-    payment: ['none'],
-    syncXhr: ["'*'"],
-	notifications: ["'self'"]
-  }
 }));
 app.use(referrerPolicy({ policy: 'origin-when-cross-origin' }));
 app.enable('view cache');
--- a/server/apps/client.js
+++ b/server/apps/client.js
@@ -2,17 +2,17 @@ VERSION = require(pathThumbnails + '/VERSION.js');
 var secure = false;
 var path = require('path');
 try {
-	var cert_config = require(path.join(path.join(__dirname, '../config/'), 'cert_config.js'));
-	var fs = require('fs');
-	var privateKey  = fs.readFileSync(cert_config.privateKey).toString();
-	var certificate = fs.readFileSync(cert_config.certificate).toString();
-	var ca          = fs.readFileSync(cert_config.ca).toString();
-	var credentials = {
-		key: privateKey,
-		cert: certificate,
-		ca: ca
-	};
-	secure = true;
+    var cert_config = require(path.join(path.join(__dirname, '../config/'), 'cert_config.js'));
+    var fs = require('fs');
+    var privateKey  = fs.readFileSync(cert_config.privateKey).toString();
+    var certificate = fs.readFileSync(cert_config.certificate).toString();
+    var ca          = fs.readFileSync(cert_config.ca).toString();
+    var credentials = {
+        key: privateKey,
+        cert: certificate,
+        ca: ca
+    };
+    secure = true;
 } catch(err){}

 var add = "";
@@ -24,10 +24,10 @@ var cors = require('cors');
 var Functions = require(pathThumbnails + '/handlers/functions.js');

 var hbs = exphbs.create({
-	defaultLayout: publicPath + '/layouts/client/main',
-	layoutsDir: publicPath + '/layouts/client',
-	partialsDir: publicPath + '/partials',
-	helpers: {
+    defaultLayout: publicPath + '/layouts/client/main',
+    layoutsDir: publicPath + '/layouts/client',
+    partialsDir: publicPath + '/partials',
+    helpers: {
        if_equal: function(a, b, opts) {
            if (a == b) {
                return opts.fn(this)
@@ -36,7 +36,7 @@ var hbs = exphbs.create({
            }
        },
        decodeString: function(s) {
-			if(s == undefined) return s;
+            if(s == undefined) return s;
            return Functions.decodeChannelName(s);
        }

@@ -46,13 +46,13 @@ var uniqid = require('uniqid');
 app.use(compression({filter: shouldCompress}))

 function shouldCompress (req, res) {
-  if (req.headers['x-no-compression']) {
-    // don't compress responses with this request header
-    return false;
-  }
+    if (req.headers['x-no-compression']) {
+        // don't compress responses with this request header
+        return false;
+    }

-  // fallback to standard filter function
-  return compression.filter(req, res);
+    // fallback to standard filter function
+    return compression.filter(req, res);
 }

 app.engine('handlebars', hbs.engine);
@@ -65,21 +65,34 @@ var bodyParser = require('body-parser');
 var cookieParser = require("cookie-parser");
 var referrerPolicy = require('referrer-policy');
 var helmet = require('helmet');
+var featurePolicy = require('feature-policy');
+app.use(featurePolicy({
+    features: {
+        fullscreen: ["'*'"],
+        vibrate: ["'none'"],
+        payment: ["'none'"],
+        microphone: ["'none'"],
+        camera: ["'none'"],
+        speaker: ["*"],
+        syncXhr: ["'self'"],
+        notifications: ["'self'"]
+    }
+}));
 app.use(helmet({
-  frameguard: false
+    frameguard: false,
 }));
 app.use(referrerPolicy({ policy: 'origin-when-cross-origin' }));
 app.use( bodyParser.json() );       // to support JSON-encoded bodies
 app.use(bodyParser.urlencoded({     // to support URL-encoded bodies
-	extended: true
+    extended: true
 }));
 app.use(cookieParser());
 //app.set('json spaces', 2);

 io = require('socket.io')({
-	pingTimeout: 25000,
-	//path: '/zoff',
-	//"origins": ("https://zoff.me:443*,https://zoff.me:8080*,zoff.me:8080*,https://remote.zoff.me:443*,https://remote.zoff.me:8080*,https://fb.zoff.me:443*,https://fb.zoff.me:8080*,https://admin.zoff.me:443*,https://admin.zoff.me:8080*, http://localhost:8080*")});
+    pingTimeout: 25000,
+    //path: '/zoff',
+    //"origins": ("https://zoff.me:443*,https://zoff.me:8080*,zoff.me:8080*,https://remote.zoff.me:443*,https://remote.zoff.me:8080*,https://fb.zoff.me:443*,https://fb.zoff.me:8080*,https://admin.zoff.me:443*,https://admin.zoff.me:8080*, http://localhost:8080*")});
 });

 var socketIO = require(pathThumbnails +'/handlers/io.js');
@@ -96,56 +109,56 @@ api_file.sIO = app.socketIO;
 var ico_router = require(pathThumbnails + '/routing/client/icons_routing.js');

 app.get('/robots.txt', function (req, res) {
-	res.type('text/plain');
-	res.send("User-agent: *\nAllow: /$\nDisallow: /");
+    res.type('text/plain');
+    res.send("User-agent: *\nAllow: /$\nDisallow: /");
 });

 app.use(function (req, res, next) {
-	var cookie = req.cookies._uI;
-	var skipElements = ["/_embed", "/assets/manifest.json", "/apple-touch-icon.png"];
-	if(skipElements.indexOf(req.originalUrl) > -1) {
-		res.header("Access-Control-Allow-Origin", "*");
-	    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
-		next();
-	} else {
-		if(req.originalUrl.split("/").length > 3) {
-			res.header("Access-Control-Allow-Origin", "*");
-		    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
-			next();
-		} else {
-			if (cookie === undefined) {
-	            try {
-					//console.error((new Date), "originalUrl", req.originalUrl);
-		            //console.error((new Date), "couldn't fetch cookie for some reason, maybe no cookie exists?", req.get('origin'), "couldn't fetch cookie for some reason, maybe no cookie exists?");
+    var cookie = req.cookies._uI;
+    var skipElements = ["/_embed", "/assets/manifest.json", "/apple-touch-icon.png"];
+    if(skipElements.indexOf(req.originalUrl) > -1) {
+        res.header("Access-Control-Allow-Origin", "*");
+        res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
+        next();
+    } else {
+        if(req.originalUrl.split("/").length > 3) {
+            res.header("Access-Control-Allow-Origin", "*");
+            res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
+            next();
+        } else {
+            if (cookie === undefined) {
+                try {
+                    //console.error((new Date), "originalUrl", req.originalUrl);
+                    //console.error((new Date), "couldn't fetch cookie for some reason, maybe no cookie exists?", req.get('origin'), "couldn't fetch cookie for some reason, maybe no cookie exists?");

-				} catch(e) {
-	                //console.error((new Date), "couldn't fetch origin");
-	            }
-	            var user_name = Functions.hash_pass(Functions.rndName(uniqid.time(), 15));
-				res.cookie('_uI', user_name, {
-		            maxAge: 365 * 10000 * 3600000,
-		            httpOnly: true,
-		            secure: secure,
-		            //sameSite: true,
-		        });
-			} else {
-				//process.stderr.write((new Date), "couldn't fetch cookie for some reason, maybe no cookie exists?", req, "couldn't fetch cookie for some reason, maybe no cookie exists?");
-				res.cookie('_uI', cookie, {
-		            maxAge: 365 * 10000 * 3600000,
-		            httpOnly: true,
-		            secure: secure,
-		            //sameSite: true,
-		        });
-			}
-			res.header("Access-Control-Allow-Origin", "*");
-		    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
-			next();
-		}
-	}
+                } catch(e) {
+                    //console.error((new Date), "couldn't fetch origin");
+                }
+                var user_name = Functions.hash_pass(Functions.rndName(uniqid.time(), 15));
+                res.cookie('_uI', user_name, {
+                    maxAge: 365 * 10000 * 3600000,
+                    httpOnly: true,
+                    secure: secure,
+                    //sameSite: true,
+                });
+            } else {
+                //process.stderr.write((new Date), "couldn't fetch cookie for some reason, maybe no cookie exists?", req, "couldn't fetch cookie for some reason, maybe no cookie exists?");
+                res.cookie('_uI', cookie, {
+                    maxAge: 365 * 10000 * 3600000,
+                    httpOnly: true,
+                    secure: secure,
+                    //sameSite: true,
+                });
+            }
+            res.header("Access-Control-Allow-Origin", "*");
+            res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
+            next();
+        }
+    }
 });

 app.use('/service-worker.js', function(req, res) {
-	res.sendFile(publicPath + '/service-worker.js');
+    res.sendFile(publicPath + '/service-worker.js');
 });

 app.use('/', ico_router);
@@ -165,8 +178,8 @@ app.use('/assets/admin', function(req, res, next) {
 app.use('/assets', express.static(publicPath + '/assets'));

 app.use(function (req, res, next) {
-  res.status(404);
-  res.redirect("/404");
+    res.status(404);
+    res.redirect("/404");
 })

 module.exports = app;